Rittenberg/Schwieger/Johnstone
Auditing: A Business Risk Approach
Sixth Edition
Chapter 10
Audit Sampling
Copyright © 2008 Thomson South-Western, a part of the Thomson Corporation. Thomson, the Star logo,
and South-Western are trademarks used herein under license.
1
Overview
Audit sampling is defined as applying audit
procedures to less than 100 percent of a
population in order to estimate some
characteristic about that population
Typically, auditors sample to determine whether
A control procedure is operating effectively (test of
controls)
An account balance is presented fairly (substantive
test)
Fraud exists
2
Overview (continued)
In some cases, sampling may not be the best approach
Some audit procedures do not provide sufficient evidence when applied
on a sample basis
 Example: auditors read minutes of all BOD meetings to identify related
party transactions
 Reading the minutes of a sample of BOD meetings would not be
sufficient
Audit procedures that provide high quality evidence at low cost may be
applied more extensively simply because its cheaper to test all items
rather than sampling
 Example: auditors typically confirm all bank account balances
Account balances that are immaterial (or where the potential
misstatement is immaterial) may not be worth sampling
 Such accounts may be audited more efficiently with analytics
3
Overview (continued)
From the results of sampling, the auditor makes an
inference about the underlying population
For this inference to be valid, the sampling units tested
must be representative of the underlying population
The auditor needs to make four important decisions to
ensure the sample is representative and to control
against making an incorrect inference:
 Which population should be tested and for what characteristics?
(population)
 Sample size?
 Which items should be included in the sample? (selection)
 What inferences can be made from the sample? (evaluation)
4
What is non-sampling and
sampling risk?
When auditors draw an erroneous inference from sampling,
the cause is either non-sampling or sampling risk
Non-sampling Risk
 Occurs when auditor does not appropriately carry out audit
procedures or misinterprets results
 Results from human error
 Cannot be quantified
 CPA firms try to minimize through quality control practices
Sampling Risk
 Occurs when sample is not representative of the underlying
population
 Can be controlled through sample size - as sample size
increases, sampling risk decreases
 If the sample is 100% of the population, sampling risk is zero;
however, this is often not practical
5
Sampling Risks Related to Tests
of Controls
If the sample is not representative of the population, the
auditor may draw an incorrect conclusion about the
effectiveness of a control:
Auditor assesses control risk too high:
 Sample indicates control is worse than it really is
 As a result, the auditor does not rely on the control and does more
substantive testing than necessary
 Assessing control risk too high does not directly affect audit
quality, but does lead to audit inefficiencies
Auditor assesses control risk too low:
 Sample indicates control is better than it really is
 As a result, the auditor relies on an ineffective control (without realizing
it's unreliable) and substantive testing is not rigorous as it should be
 This increases the risk that material misstatements are not found and an
incorrect audit opinion issued
6
Sampling Risks Related to
Substantive Testing
If the sample is not representative of the
population, the auditor may draw an incorrect
conclusion about whether an account balance is
presented fairly:
Incorrect acceptance
Sample indicates account balance is not materially
misstated when it is
Auditor may issue unqualified opinion on materially
misstated statements
Because of the potential costs associated with
incorrect acceptance, auditors control for this risk
7
Sampling Risks Related to
Substantive Testing (continued)
Incorrect rejection
Sample indicates account balance is materially
misstated when it isn't
There are things that reduce this risk
Before telling client to adjust its books, auditor usually
performs additional tests
If client believes account balance is correct, client will ask
auditor to perform more tests
These increase probability that incorrect rejection will be
discovered
Incorrect rejection affects the efficiency of the audit,
but does not affect the fairness of the audited financial
statements
8
Selecting a Sampling Approach
Auditors use both statistical and non-statistical
sampling techniques
Non-statistical sampling
Auditor judgment used to determine sample size,
sample selection, and evaluate sample results
Does not provide objective way to control and
measure sampling risk
Because its subjective, results are less defendable in
legal proceedings
takes less time to perform
Frequently used in audits of small clients
9
Selecting a Sampling Approach
(continued)
Statistical sampling
Allows auditor to statistically design an efficient
sample, measure sufficiency of evidence, and
evaluate sample results
Provides quantified measures of control procedure
failure rates, amount of error in account balances,
and sampling risk
Requires precise definitions of acceptable risk and
sample objectives
Requires knowledge of statistical sampling methods
Efficient method for testing large populations
10
Testing Controls and
Compliance
If an auditor believes a control is effective and plans to rely
on that control, s/he must test the control to see if it is
operating effectively
Attribute estimation sampling and discovery sampling are
the statistical methods frequently used to test controls
In this context, an attribute is the characteristic that
indicates the control is working effectively
 Example: the organization requires all sales on account be
approved by the credit manager
 Approval is evidenced by the manager's initials on the sales
invoice
 The manager's initials are the attribute
 The auditor would examine sales invoices and look for the initials
11
Attribute Estimation Sampling
The appropriate sample size depends on a
number of factors including:
Statistical Risk (Risk of assessing control
risk too low)
Risk of concluding controls are effective
when, in fact, they are not
Means auditor relies on an ineffective control
without realizing it
The lower the risk, the larger the sample size
12
Attribute Estimation Sampling
(continued)
Tolerable failure rate
Failure rate at which auditor will determine the control
is not operating effectively
Based on the importance of the control
If a control is crucial, the tolerable failure rate is set at low
level
The lower the tolerable failure rate, the larger the
sample size
Expected failure rate
Based on auditor's experience with the client
The higher the expected failure rate, the larger the
sample size
13
Attribute Estimation Sampling as
an Audit Objective
The steps to implement an attribute estimation
sampling plan are:
Identify the attribute to be tested and define
conditions of failure
Define the population to be tested including the period
covered by the test, sampling unit, and ensuring
population is complete
Determine appropriate sample size
Determine effective and efficient method of selecting
the sample
Select and audit sample items
Evaluate sample results and reach conclusion on
audit objectives
Document all phases of the sampling plan
14
Attribute Estimation Sampling:
Sample Size
The appropriate sample size depends on a number of factors
including statistical risk, and the tolerable and expected failure
rates
Other issues:
Multiple Attributes
 Auditors frequently test several attributes using the same set of
source documents
 While the sampling risk should be the same, the tolerable and
expected failure rates may differ between controls
 The result is a different sample size for each control
 There are several approaches to select items for the sample
Small Populations (Appendix)
 - If the sample is a large portion of the population, auditor may
be able to reduce the sample size
 - Use a finite adjustment factor
15
Attribute Estimation Sampling:
Sample Selection
Once the appropriate sample size has been
determined, the auditor must decide how to
select sample
Random-based methods eliminate the possibility
of unintentional bias in the selection process and
help ensure the sample is representative
- Random number - efficient selection method if there
is an easy way to relate random numbers to the
population
Examples: sales invoice number, purchase order number
Computer programs typically used to generate random
numbers
16
Attribute Estimation Sampling:
Sample Selection (continued)
 Systematic selection - selects every nth item in the
population from a randomly selected starting point
 Sampling interval (n) is determined by dividing population size by
desired sample size
 To use this method, auditor must be sure there is not a
systematic pattern of failures in the population
 Haphazard selection (non-statistical method)
 Arbitrary selection
 Not random based
 Judgmental sampling (non-statistical method)
 Auditor may use judgment to select sample
 Not random based
17
Attribute Estimation Sampling:
Evaluate Sample Results
The auditor projects the results of sampling to the population
before drawing a conclusion
If the sample failure rate is no greater than the expected failure
rate, the auditor can conclude the control is as effective as
expected
If the sample failure rate exceeds the expected failure rate, the
auditor must determine whether the projected maximum
failure rate is likely to exceed the tolerable failure rate
 To do this, the auditor must determine the upper limit of the
potential failure rate in the population
 The upper limit is based on the sample failure rate and sample
size and is adjusted upward for sampling error
18
Attribute Estimation Sampling Evaluate Sample Results (continued)
If the upper limit exceeds the tolerable failure rate,
the internal control process has deficiencies
The auditor should either
Test a compensating control (if available)
Increase the rigor of the subsequent substantive
testing
The auditor should also evaluate
The nature of the control procedure failures (pattern
of error)
The effect of such failures on potential financial
statement misstatement
19
Attribute Estimation Sampling:
Evaluate Sample Results (continued)
When control failures are found, they should
be analyzed qualitatively as well as
quantitatively
Auditor should try to determine whether the
failures
Were intentional or unintentional
Were random or systematic
Had a direct dollar effect
20
Searching for Fraud
Discovery sampling may be used to help
identify potential fraud
Tolerable rate is set very low and expected
rate is set at zero percent
Results in large sample size
At any point, if evidence of just one potential
fraud is found, the auditor stops sampling
and starting investigating to determine if
fraud actually occurred
21
Sampling to Test for Account Balance
Misstatements (Substantive Testing)
Basic steps:
Specify audit
objective of the test
Define misstatement
Define population
(and sampling units)
Choose sampling
method
Determine sample
size
Select sample
Audit selected items
Evaluate sample
results
Perform follow-up
work as necessary
Document sampling
procedure and results
22
Specifying the Audit Objective
Sampling always relates to one specific procedure
usually testing one specific assertion
Specifying the audit objective determines the
population to test
For example:
If objective is to determine existence, the sample
should be selected from recorded information
- On the other hand, if the objective is to determine
completeness, the sample should be selected from a
complementary population such as source documents
23
Define Misstatements
Misstatements should be defined before
sampling to
Preclude auditor from rationalizing away
misstatements as isolated events
Provide guidance to the audit team
Misstatement is usually defined as a
difference that affects the correctness of
the overall account balance
24
Define the Population
Group of items in an account balance that the
auditor wants to test
Does not include:
Items the auditor has decided to examine 100%
 Items that will be tested separately
Important to properly define the population:
Sample results can be projected only to the group
from which the sample is selected
The population must be directly related to the audit
objective
25
Define the Sampling Unit
Sampling units are the individual auditable
elements that make up the population
Example: sampling units for confirming
accounts receivable could be the
individual customer's balance or individual
unpaid invoices
26
Identify Individually Significant
Items
Many account balances are comprised of a few
large dollar items and many smaller items
Dividing a population into two or more subgroups
based on dollar amount can increase audit
efficiency
Items in excess of a specified dollar amount (top
stratum items) are examined 100%
Items less than the specified amount (lower stratum
items) are sampled
This process (stratification) allows the auditor to
examine a significant portion of an account
balance even though s/he examines a relatively
few items
27
Choosing a Sampling Method
There are a number of sampling methods an
auditor may use
Non-statistical
Probability proportional to size (PPS)
Classical sampling methods (not covered in this
text)
Mean-per-unit
Ratio estimation
Difference estimation
28
Choosing a Sampling Method
(continued)
The sampling methods differ in a number of ways:
Measure of sampling risk
 Statistical methods provide an objective measure of sampling risk
 Non-statistical methods do not provide such a measure
Tests for account balance
 PPS is designed to test for overstatement of an account balance
 Classical methods test for both overstatement and understatement
Statistical estimates
 PPS provides an estimate of the amount of misstatement in the account
 Classical methods provide an estimated range of the account balance
Sample selection
 PPS is a dollar-based approach; each dollar is a sampling unit
 Classical samples are selected using a variety of sampling units
29
Choosing a Sampling Method
(continued)
Use of PPS would be appropriate if
 Auditor is testing for overstatements in an account balance
A dollar-based sampling approach increases the probability
of selecting overstated items
 Few or no misstatements expected
 Individual book values (like a subsidiary ledger) are available
One of the classical methods would be appropriate if
the auditor
 Is concerned about understatements in an account balance
 Expects numerous misstatements
 Is examining an account balance based on estimates rather than
a total of individual items
 Is trying to estimate an account balance
30
Determining Sample Size, Selecting
Sample, Evaluating Results
Sample size, method of selecting the sample, and the
approach to evaluating sample results all depend on the
sampling method used
Whichever sampling method is used, consideration must
be given to the risk of misstatement, sampling risk, and
the auditor's assessment of tolerable and expected
misstatement
 Tolerable misstatement
Maximum misstatement an auditor will accept before
deciding the recorded account balance is materially
misstated
 Expected misstatement
Based on results of other substantive tests and auditor's prior
 experience with the client
Expected misstatement should be less than tolerable
misstatement
31
What is non-statistical
sampling?
Determine sample size
All significant items should be tested
No way to mathematically control sampling risk
Select the sample
Sample must be representative of population
Could use random-based method or haphazard
selection
Evaluate sample results
Project misstatements to the population
Consider sampling error
Make judgment as to whether account is likely to be
materially misstated
32
Probability Proportional to Size
(PPS) Sampling
Dollar-based sampling approach where the
population is the number of dollars in the
account balance examined
Using dollars as sampling units means larger
dollar items in the account balance are more
likely to be selected in the sample
PPS is an effective sampling approach when the
auditor is testing for overstatements
Appropriate when few misstatements are
expected and individual book values are
available
33
What is probability proportional
to size (PPS) sampling - TD risk?
 To use PPS, the auditor must determine the allowable risk of the
sample failing to detect a material misstatement (test of details risk)
and tolerable and expected misstatements for the account balance
 Test of Details Risk
 Detection risk is the risk that the substantive audit procedures will fail
to detect material misstatements
 There are two types of substantive audit procedures - those that use
sampling, and other (non-sampling) substantive procedures
 Test of details (TD) risk is the part of detection risk related to sampling;
the risk that substantive sampling procedures will fail to detect a
material misstatement
 Other substantive procedures risk (OSPR) is the risk that the nonsampling procedures will fail to detect a material misstatement
34
Probability Proportional to Size
Sampling (continued)
The relation between TD risk and inherent and control risks and OSPR
is inverse
 High inherent risk means the auditor is examining transactions that are
susceptible to misstatement
 High control risk means the client controls are weak
 High OPSR means the non-sampling audit procedures are not effective
in detecting material misstatements
In each of these situations, the auditor would want to be more careful
with his/her sampling procedures
 The auditor would want lower TD risk; less chance of failing to detect
material misstatements with sampling procedures
Lower TD risk means the auditor wants a lower risk of sampling
procedures failing to detect material misstatements
To achieve this lower risk of failing to detect, the sample size must
increase
35
Probability Proportional to Size
Sampling: Sample Size
 PPS samples are usually selected using a fixed interval sampling
approach
 The sampling interval (I) is calculated as
I = TM - (EM x EEF)
RF
TM = Tolerable misstatement
EM = Expected misstatement
EEF = Error expansion factor
RF = Reliability factor
 Error expansion and reliability factors are based on TD risk
 Sample size (n) is computed by dividing the account book value by
the sampling interval
n = Population Book Value
Sampling Interval
36
Probability Proportional to Size
Sampling: Sample Selection
Sample items are often selected using a fixed interval approach
 Every Ith dollar after a random start
 A random start is required to give every dollar in the population an
equal chance to be included in the sample
The first sample item is the one that first causes the cumulative total
(cumulative book value + random start) to equal or exceed the
sampling interval
Successive sample items are those first causing the cumulative total
to equal or exceed multiples of the interval
Sample composition:
 All top stratum items will be included in the sample
 Lower stratum items will be sampled
37
Probability Proportional to Size:
Zero or Negative Balances
Items with zero balances have no chance of
being selected using PPS
If evaluation is necessary, zero balance items
should be audited as a different population
Two approaches to deal with population
items with negative balances:
Exclude them from the selection process and
test them as a separate population
Include them in the selection process and
ignore the negative sign
38
Probability Proportional to Size:
Sample Evaluation
Based on sample results, the auditor computes the
upper misstatement limit
Upper misstatement limit (UML)
Maximum dollar overstatement that might exist in the
population
Given the misstatements detected in the sample
At the specified TD risk level
UML is the sum of three components:
Basic precision
Most likely misstatement
 Incremental allowance for sampling error.
39
Review Probability Proportional
to Size - Sample Evaluation
Evaluation:
If the UML is less than the tolerable
misstatement, the account balance is
considered fairly presented
If the UML exceeds the tolerable
misstatement, the account balance is not
fairly presented
40