Introduction
Auditors need to rely on sampling to some degree because it’s not always possible to analyze the entire population:
1. Many control processes require human involvement.
2. Many testing procedures require the auditor to physically examine an asset.
3. In many cases auditors are required to obtain and evaluate evidence from third parties.
LO# 1
8-2

Definitions and Key Concepts
LO# 1 and 2
1.
2.
3.
4.
8-3

Audit Sampling
• Here are at least two ways (there are more) to define Audit Sampling:
• Analysis of part of a population, instead of the entire population
• Using inferential statistics in an audit
LO# 1
Why is this phrase “Audit Sampling” (which confuses some people) used?
Custom and tradition.
8-4

LO# 2
Sampling risk is part of inferential statistics. There are two types of sampling risk. The easy way to remember this is that
Type II risk is what can cause an audit failure because it can cause the auditor to not be effective .
Risk of incorrect rejection (Type I) – in a test of internal controls , it is the risk that the sample indicates the control is not operating effectively when, in fact, it is operating effectively. In substantive testing , it is the risk that the sample indicates that the recorded balance is materially misstated when, in fact, it is not.
Risk of incorrect acceptance (Type II) – in a test of internal controls , it is the risk that the sample indicates the control is operating effectively when, in fact, it is not operating effectively. In substantive testing , it is the risk that the sample indicates the recorded balance is correct when it is, in fact, materially misstated.
8-5



Sampling risk is always present. The auditor must decide how much to expose himself to.
The auditor would like to avoid any significant sampling risk, but that would cost him a huge amount of time and effort
– He’d have to draw huge samples
– He’d lose the benefit of small samples
– Bottom line: this is a cost/benefit decision

LO# 2
Factors to Determine right Sample Size in Attribute
(ACL calls it “Record”) Sampling
1.Confidence level or risk of incorrect acceptance
ACL calls this “Confidence”
2.Tolerable deviation rate
ACL calls this “Upper Error Limit %”
3.Expected population deviation rate
ACL calls this “Expected Error Rate %”
8-7

Evaluation of Results of Attribute (“Record” in
ACL) Sampling

– ACL calls this “Confidence”

– ACL calls this “Sample Size”

– ACL calls this “Number of Errors”

– ACL: “Upper Error Limit Frequency”

Confidence Level
5%
95%
LO# 2
8-9

Sampling Situations
Inspection of tangible assets . Auditors typically attend the client ’ s year-end inventory count. When there are a large number of items in inventory, the auditor will select a sample to physically inspect and count.
Inspection of records or documents .
Certain controls may require the matching of documents. The procedure may take place many times a day. The auditor may gather evidence on the effectiveness of the control by testing a sample of the document packages.
LO# 3
8-10

LO# 3
More Sampling Situations
 Reperformance .
To comply with PCAOB standards, publicly traded clients must document and test controls over important assertions for significant accounts. The auditor may reperform a sample of the tests performed by the client.
 Confirmation .
Rather than confirm all customer account receivable balances, the auditor may select a sample of customers.
8-11

LO# 3
When an account or class of transactions is made up of a few large items , the auditor may examine all the items in the account or class of transaction.
When a small number of large transactions make up a relatively large percent of an account or class of transactions, auditors will typically test all the transactions greater than a particular dollar amount.
Statisticians call this “Stratification”
8-12

LO# 4
Statistical sampling versus nonstatistical sampling.
Statistical sampling uses the laws of probability to
1) compute sample size and
2) evaluate results.
In nonstatistical sampling, the auditor does not use the laws of probability in one or both of these tasks
8-13

Statistical Sampling
Advantages of statistical sampling:
1.
Design most efficient sample.
2.
Measure the sufficiency of evidence obtained.
3.
Quantify sampling risk.
Disadvantage of statistical sampling:
It has been found in litigation for it to be harder for the
CPA firm to defend itself, if it used statistical sampling rather than nonstatistical sampling.
LO# 4
8-14

Statistical Sampling Techniques
LO# 4
1.Attribute Sampling (used to test IC operating effectiveness – Ch. 8).
2.Monetary-Unit Sampling (used to decide if auditor can accept as materially correct $$ in a Balance
Sheet or IS account – Ch. 9).
3.Classical Variables Sampling (also
Ch. 9)

LO#
5, 6, & 7
Plan
In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly plan , perform , and evaluate the sampling application and to adequately document each phase of the sampling application.
Perform Evaluate Document
8-16

Planning
Planning
1. Determine the test objectives.
2. Define the population characteristics:
• Define the sampling population.
• Define the sampling unit.
• Define the control deviation conditions.
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
LO#
5, 6, & 7
The objective of attribute sampling when used for tests of controls is to evaluate the operating effectiveness of the internal control.
8-17

Planning
Planning
2. Define the population characteristics:
• Define the sampling population.
• Define the sampling unit.
• Define the control deviation conditions.
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
LO#
5, 6, & 7
All of the items that constitute the class of transactions make up the sampling population.
8-18

LO#
5, 6, & 7
Planning
Planning
2. Define the population characteristics:
• Define the sampling population.
• Define the sampling unit.
• Define the control deviation conditions.
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
Each sampling unit makes up one item in the population. The sampling unit will vary depending on the specific control being tested.
Often the sampling unit is the document or documents that provide support for the IC procedure having been performed properly.
8-19

Planning
Planning
2. Define the population characteristics:
• Define the sampling population.
• Define the sampling unit.
• Define the control deviation conditions.
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
LO#
5, 6, & 7
A deviation is a departure from adequate performance of the internal control.
8-20

Planning
Planning
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
LO#
5, 6, & 7
Confidence level is the level of assurance that the sample results support a conclusion that the control is functioning effectively. When the auditor has decided to rely on controls, the confidence level is traditionally set at 90% or
95%. This is another way of saying that the auditor takes a 10% or 5% risk of accepting the control as effective when it is not effective.
8-21

Planning
Planning
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
LO#
5, 6, & 7
The tolerable deviation rate is the maximum deviation rate from a prescribed control that the auditor is willing to accept and still consider the control effective.
Example Suggested Tolerable Deviation Rates:
Assessed Importance of a
Control
Highly important
Tolerable
Deviation
Rate
3–5%
Moderately important 6–10%
8-22

LO#
5, 6, & 7
Planning
Planning
3. Determine the sample size, using the following inputs:
• The desired confidence level or risk of incorrect acceptance.
• The tolerable deviation rate.
• The expected population deviation rate.
The expected population deviation rate is the rate the auditor expects to exist in the population. The larger the expected population deviation rate, the larger the sample size must be, all else equal.
EXAMPLE: Assume a desired confidence level of
95%, and a large population, the effect of the expected population deviation rate on sample size is shown right:
Expected Population
Deviation Rate
1.0%
1.5%
2.0%
3.0%
Sample
Size
93
124
181
‡
‡ Sample size too large to be cost-effective.
8-23

LO#
5, 6, & 7
Population size is not often important in determining sample sizes for attributes sampling, so we ignore it in this course. Below are shown the 3 factors that always matter.
Factor
Desired confidence level
Tolerable deviation rate
Expected population deviation rate
Relationship to
Sample Size
Direct
Inverse
Direct
Examples
Change in Effect on
Factor
Lower
Higher
Sample Size
Decrease
Increase
Lower
Higher
Lower
Higher
Increase
Decrease
Decrease
Increase
8-24

Performance
Performance and Evaluation
4. Select sample items:
• Random-Number Selection.
5. Perform the Audit Procedures:
• Voided documents.
• Unused or inapplicable documents.
• Inability to examine a sample item.
• Stopping the test before completion.
6. Calculate the Sample Deviation and Upper Deviation Rates.
7. Draw Final Conclusions.
LO#
5, 6, & 7
This is the preferred method. Every item in the population has the same probability of being selected as every other item.
8-25

Performance
Performance and Evaluation
5. Perform the Audit Procedures:
• Voided documents.
• Unused or inapplicable documents.
• Inability to examine a sample item.
• Stopping the test before completion.
6. Calculate the Sample Deviation and Upper Deviation Rates.
7. Draw Final Conclusions.
LO#
5, 6, & 7
For example, assume a sales invoice should not be prepared unless there is a related shipping document. If the shipping document is present, there is evidence the control is working properly. If the shipping document is not present, a control deviation exists.
8-26

Performance
Performance and Evaluation
5. Perform the Audit Procedures:
• Voided documents.
• Unused or inapplicable documents.
• Inability to examine a sample item.
• Stopping the test before completion.
6. Calculate the Sample Deviation and Upper Deviation Rates.
7. Draw Final Conclusions.
LO#
5, 6, & 7
Usually the auditor replaces them with a new sample item.
8-27

Performance
Performance and Evaluation
5. Perform the Audit Procedures:
• Voided documents.
• Unused or inapplicable documents.
• Inability to examine a sample item.
• Stopping the test before completion.
6. Calculate the Sample Deviation and Upper Deviation Rates.
7. Draw Final Conclusions.
LO#
5, 6, & 7
If the auditor is unable to examine a document usually the auditor calls this a deviation for purposes of evaluating the sample results.
8-28

Performance
Performance and Evaluation
5. Perform the Audit Procedures:
• Voided documents.
• Unused or inapplicable documents.
• Inability to examine a sample item.
• Stopping the test before completion.
6. Calculate the Sample Deviation and Upper Deviation Rates.
7. Draw Final Conclusions.
LO#
5, 6, & 7
If a large number of deviations are detected early, the auditor may as well stop the test, if it is clear the results of the test will not support the planned assessed level of control risk.
8-29

LO#
5, 6, & 7
Evaluation
Evaluation
6. Calculate the Computed Upper Deviation Rate.
7. Draw Final Conclusions.
The auditor summarizes the deviations and evaluates the results. For example, if the auditor discovered two deviations in a sample of 50, the sample deviation rate is 4% (2 ÷ 50).
But what matters for making a decision is the computed upper deviation rate (CUDR), the sum of the sample deviation rate plus an allowance for sampling risk. You get this from
ACL or text Table 8-8 on page 292.
8-30

Evaluation
Evaluation
6. Calculate the Sample Deviation and Upper Deviation Rates.
7. Make a decision.
LO#
5, 6, & 7
The auditor compares the computed upper deviation rate (CUDR) to the tolerable deviation rate (TDR).
If the CUDR > TDR the results indicate IC is not as effective as planned and cannot be relied upon to the extent planned.
If the CUDR <= TDR the results indicate IC is as effective as planned and can be relied upon to the extent planned.
8-31

Attribute Sampling Example
LO#
5, 6, & 7
The auditor has decided to test a control at Calabro
Wireless Services. The test is to determine that the sales and service contracts are properly authorized for credit approval. A deviation in this test is defined as the failure of the credit department personnel to follow proper credit approval procedures for new and existing customers. Here is information relating to the test:
Desired confidence level
Tolerable deviation rate
95%
6%
Expected population deviation rate 1%
Sample size 78
8-32

LO#
Attribute Sampling Example
Part of the table used to determine sample size when the auditor specifies a 95% desired confidence level.
5, 6, & 7
If there are 125,000 items in the population numbered from 1 to 125,000, the auditor can use Excel to generate random selections from the population for testing.
8-33

Attribute Sampling Example
LO#
5, 6, & 7
The auditor examines each selected contract for credit approval and determines the following:
Number of deviations
Sample size
Sample deviation rate
Computed upper deviation rate
Tolerable deviation rate
2
78
2.6%
8.2%
6.0%
Let ’ s see how we get the computed upper deviation rate.
8-34

Attribute Sampling Example
LO#
5, 6, & 7
Part of the table used to determine the computed upper deviation rate at 95% desired confidence level:
Sample
Size
25
30
35
40
45
50
55
60
65
70
75
80
Actual Number of Deviations Found
0 1 2 3
11.3
9.5
17.6
14.9
-
19.6
-
-
8.3
7.3
6.5
5.9
12.9
11.4
10.2
9.2
17.0
15.0
13.4
12.1
-
18.3
16.4
14.8
5.4
4.9
4.6
4.2
4.0
3.7
8.4
7.7
7.1
6.6
6.2
5.8
11.1
10.2
9.4
8.8
8.2
7.7
13.5
12.5
11.5
10.8
10.1
9.5
8-35

Attribute Sampling Example
LO#
5, 6, & 7
Computed
Upper Deviation
Rate (8.2%)
>
Tolerable Deviation
Rate (6%)
Auditor ’ s Decision:
Does not support reliance on the control.
8-36

End of Chapter 8
8-37