Chapter 3

Audit Sampling(ISA-530)
Chapter Objectives
 To describe the meaning and the two major purposes of audit sampling
 To identify activities considered as audit sampling from those that are not
 To explain similarities and differences between statistical and non statistical
sampling
 To explain the concept of representative sampling.
 To distinguish between probabilistic and non-probabilistic sample selection.
 To explain the effects of changes in various population characteristics and changes in
sampling risk on required sample size
 To describe the 14 steps used in the application of non-statistical sampling and
attribute sampling in tests of controls and substantive tests of transactions.

The chapter is presented in three parts: Part I is about the concept of audit sampling, part II is for
the application of audit sampling in tests of control and part III is for the application of audit
sampling in tests of details of balances

Part I: THE CONCEPT OF AUDIT SAMPLING

Definition of Audit Sampling

GAAS define audit sampling as the application of an audit procedure to less than 100% of
the items within an account balance or class of transactions for the purpose of evaluating
some characteristics of the balance or class (SAS 39, AU 350).

Why don’t auditors test 100% of transactions or account balances?

Auditors usually do not test 100% of transactions or items in account balances because:
1. The cost of doing so would be high
2. Auditors seek only reasonable assurance
3. The nature and materiality of the items (balance or classes of transaction may not
demand
a 100% audit)
4. Auditors take sample when the audit objective is to reach a conclusion about a
balance or
class of transactions.
Activities not considered as audit sampling
 Complete or 100% audit of all elements in a balance/class of transaction

Page 1
  Analytical procedures performed for overall comparison and ratio calculation not
applied on a sample basis
 A walk-through performed following one or a few transaction through the accounting
and control system to obtain a general understanding of the client‘s system since the
objective is not to reach a conclusion about a balance or class of transactions and
 A procedure for which audit sampling is not appropriate: eg. Inquiry of employees,
obtaining written representations observation of personnel and procedures, obtaining
answers for internal control questionnaires, scanning accounting records for unusual
items and the like

Why do auditors use sampling?

The following are the two major purposes for which auditors use sampling:

1. Auditing control compliance (Tests of Controls) and substantive tests of transactions

(to checks whether transaction amounts are materially misstated/not)

 The purpose of sampling in tests of controls and substantive tests of transactions

is to estimate the frequency of deviations/exceptions from the prescribed internal
control procedure.
 Tests of controls (compliance tests) are used for assessing control risk (to draw
conclusion about the effectiveness of client‘s internal control)

2. Auditing account balances: It is a substantive test whose purpose is to check

whether balances are materially misstated or not. (to draw conclusion about the
fairness of the amounts stated in financial statement )

In general, auditors use sampling whenever they want to draw a conclusion about an entire
class of transactions or account balance based on the results of a (representative) sample
from the class or the balance.

Comparison of audit sampling tests

Compliance tests (Tests of Substantive tests of details of

Control) Substantive tests of balances
transactions
Focus To obtain evidence that the client To obtain evidence to support
complies with the internal control management‘s assertions
procedures designed and regarding account balances
implemented to achieve specific
control objectives

Page 2
Population from Class of transactions Items in an account balance
which asample is
drawn
Example Testing control procedures relating Auditing the existence of
to the Sales and Collection cycle ● Accounts receivable
for ● valuation of inventory
●Approval of credit (expressed at cost)
●Approved selling prices are used
●Evidence that the extensions on
invoices were checked
Sample Sample of sales invoices from the Sample from customers with
sales journal outstanding accounts
(random sample of sales invoices) receivable balances
The auditor would obtain The auditor would support
supporting existence by choosing a sample
documentation for each sales from the customers with
invoice and test for appropriate outstanding balances and
controls, such as the existence of an obtain confirmations directly
approved selling price matched to from those customers.
the invoice, a supervisor‘s initials
on the invoice to authorize the
credit sale, and so on.

Which aspect of auditing (nature, timing, extent) is addressed by audit

sampling?
The three aspects of auditing procedures are their nature, timing and extent.

 Nature refers to the audit procedures performed (physical examination, confirmation,

vouching, tracing, analytical review etc).

 Timing refers to when the procedures are performed

 Extent refers to the amount of work done when the procedures are performed

Nature and timing are more related to the competence of the evidence. Extent relates to
sufficiency/sample size of the evidence

Audit sampling addresses the sufficiency aspect of evidence as required under GAAS,
insofar as it relates to the extent (the amount of work done when the procedures are
performed) of audit procedures used.

Page 3
Sampling Design: Statistical and non-statistical sampling
The two sampling designs used by auditors are (1) Statistical (2) Non statistical
(judgmental)

GAAS permit auditors to use either statistical or non-statistical sampling methods.

However, it is essential that either method be applied with due care. All steps of the process
must be followed carefully. The auditor is not required by GAAS to base evaluations on
statistically-based tests, but only to apply professional judgment. As a result, both statistical
and non-statistical sampling are used in public practice.

Procedures are common for both categories of sampling (statistical/non-statistical)

1. Planning the sample –eg. involves the decision that sample size eg. 100
2. Selecting the sample and performing the tests –involves which 100 to take and
deciding for eg. 3 exceptions/deviations exist
3. Evaluating the results –involves reaching to a conclusion that the 3
exception/deviation rate estimated from sample are equals to the exception/deviation
rate from population

Points of difference
Statistical Non statistical
Nature Statistical sampling uses the laws Non-statistical sampling is
of probability when selecting the audit sampling not based on
sample and extrapolates the sample statistical calculations.
result to the population.
Sample selection Sample must be randomly selected. No requirement for random
selection
When to use? Statistical sampling is used when Non-statistical samples can be
random numbers can be assigned to used:
population items and an objectively -When the auditor has
defensible result is desired. additional knowledge about the
population, -When strictly
defensible results are not
required, and
-When assignment of random
numbers to population items is
difficult or impossible.
Quantification of Requires the auditor to quantify the No quantification of sampling
sampling risk sampling risk that influences the risk.
testing decision in determining the

Page 4
 sample size.
Provides means of quantifying
sampling risk (it measures the Provides no means of
possibility that the actual amount of quantifying sampling risk
error in the population is
significantly greater/smaller than
that indicated by the results of the
sample)
 Sampling risk can be
specified in advance
 Enables the computation of
sample size that controls the
sampling risk at the desired
level
 Doesn‘t eliminate the use of
professional judgment
Documentation More extensive documentation of Auditors would be wise to
decision process because of the fully document the audit work
greater to provide background for
rigour of statistical sampling. review, planning, and
Auditors evidence.
provide a better source for review, (The importance of
planning, and evidence should the documentation cannot be too
audit work be called into question. strongly emphasized; if the
audit
work is called into question
when
non-statistical sampling is
used, only good documentation
can provide proof of the
soundness of the auditor‘s
judgment.)
Inference of The measurement of the sample With a non-statistical sample, the
Results (Whether using results inference must be made
statistical or non- must be based on statistical methods informally (that is, the auditor
statistical (permits statistical evaluation). With a must use judgment to estimate the
sampling, the auditor statistical sample, the inference is population balance or error).
infers the results of formalized mathematically (that is, a
the sample to the point estimate is calculated and the
population.) confidence interval is constructed).
Advantage The advantage of statistical The advantage of non-
sampling is that the sampling risk is statistical sampling is that it
known. permits the auditor to use

Page 5
 Statistical sampling may assist greater judgment.
auditors in:
-Designing efficient samples Non-statistical sampling
-Measuring the sufficiency of the methods are widely used by
evidences obtained auditors especially for tests of
-Objectively evaluating sample relatively small population.
results (Relatively less complex to
apply)
Limitation Requires additional costs of Since there is no measurement
training audit staff, designing for error, auditors may take
sampling plans and selecting items larger or more costly samples
for examination or unknowingly accept higher
than acceptable level of
sampling error

The Concept of a representative sample

A representative sample is a sample that mirrors the characteristics of the population. A
representative sample has all the important characteristics of the population from which it is
drawn; this means that the sampled items are similar to the items not sampled. A
representative sample will reduce sampling risk that lead auditors to incorrect conclusion.

How do auditors obtain a representative sample?

Care in designing the sampling process, sample selection, and evaluation of sample results
can increase the likelihood of a sample being representative. Auditors try to avoid biasness
and maintain representativeness of the sample by applying random selection method, which
give equal chance to each item being included in the sample. However, auditors cannot
guarantee representativeness; this is what sampling risk is all about, ‗the probability that the
sample may not mirror the characteristics of the population‘. Thus, even under random
sample, a risk exists that the sample may not be representative, eg it could be when the
sampling frame is not complete

Eg. Auditors use a printout consisting list of A/R ledger of 1000. The actual population in
1,800 (there was omission on the printout). The audit of A/R was conducted on a sample
taken from the printout, 1,000 to conclude about the population of A/R of about 1,800. This
makes the sample not to be representative.

Sampling and non-sampling error

Page 6
Eg. An auditor selected 100 sales invoices for an audit and no errors and irregularities were
found on them. Does this mean that the entire population of sales invoices is free from
error and irregularities? The answer is No, because, the sample might not reflect the actual
condition of the population, due to sampling or non sampling risk.

Whenever auditors make inferences about a population based on a sample drawn from that
population, they hope the sample will be truly representative of that population. However,
whenever a sample is selected from a population, it may or may not be representative. The
risk of the sample not being representative is called sampling risk. The error that results
from sampling risk is called sampling error.

Sampling Risk and Sampling error

Sampling Risk
What is it? -It is the risk that the sample is not representative
-It is the probability that the sample may not mirror the characteristics of the
population, or
-It is the probability that an auditor‘s conclusion based on a sample may differ
from the conclusion that may be reached if an entire population was audited.
-Sampling risk is an inherent part of sampling that result from testing less than
the entire population.
Can it be Sampling risk can be reduced in two ways:
reduced? 1. By increasing the sample size (which means that more of the population is
being examined). A sample size that equals 100% of the population is perfectly
representative and simple risk is entirely eliminated from it (zero sampling risk),

2. By using appropriate method of selecting sample items from the population.

Using an appropriate sample selection method increases the likelihood of
representativeness. This does not eliminate or even reduce sampling risk, but it
does allow the auditor to measure the risk associated with a given sample size if
statistical methods of sample selection and evaluation are used
Can it be When statistical sampling methods are used, sampling risk can be quantified — it
quantified is the probability that the sample is not an accurate reflection of the population.
(eg 5% error, 95% confidence level)

How many  Sampling risk for tests of control (risks related to control procedures):
types of -Risk of over reliance on client‘s internal control
sampling -Risk of under reliance on client‘s internal control
risks are  Sampling risk of substantive tests (risks related to transactions and
there? balances:
-Risk of incorrect rejection (alpha risk-Type I error)-this is the possibility
that sample result will indicate that population is materially misstated

Page 7
 when in fact it is not materially misstated
-Risk of incorrect acceptance (beta risk-Type II error)-this is the
possibility that sample result will indicate that population is not
materially misstated when in fact it is materially misstated

Sampling error
What is it? Sampling error: The difference between the actual rate or amount in the
population and that of the sample.
Eg. The actual but unknown deviation rate in the population is 3% but the
deviation rate in the sample is 2%. This difference of 1% is known as sampling
error.
How does it Sampling error result from sampling risk. Sampling error occurs because the
occur? auditor has examined less than 100% of the population.
How many The two types of errors, Type I error and Type II error mentioned above are
types of caused by sampling risk
sampling .
errors are
there?

Activity:
Testing for a specific control procedure
Auditor D, is interested in testing transactions for a specific control procedure. He finds that
out of a population of 5,000 transactions, only four population units are missing the control;
that is, the deviation rate for the population is 0.08% (4/5,000).

Type I error (alpha risk)

Suppose D chooses a sample of 20 units from this population, and that sample turns out to
contain all four population units with the missing control. What population deviation rate do
you think D would estimate based on the sample results? What would D be likely to
conclude?

Solution: D would estimate that the population deviation rate is 20% (4/20) and conclude
that the control is not effective , when, in fact, it is. In this case, D would conclude that the
population is not valid when, in fact, it is. This is called Type I error.

Page 8
 Type II error (Beta risk)
Suppose that in D‘s situation, the true deviation is 20%; that is, the population of 5,000
transactions contains 1,000 population units with the missing control. What if D‘s sample of
20 contains none of the units with the missing control? What do you think D‘s conclusion
will be based on the sample results?
 Solution: D would estimate that the population deviation rate is 0% (0/20). D would
likely conclude that the control is effective, when, in fact, it is not. In this situation, D
would conclude that a population is valid when, in fact, it is not. This is called Type
II error

Which one is more risky for auditor D, Type I error, the risk of under reliance or Type
II error, the risk of over reliance?

In the case of a Type I error (alpha risk) when using sampling for test of controls, the
greatest risk is of performing an inefficient audit. For example, if an auditor concludes that
controls are ineffective when they are effective, the auditor might decide to reassess control
risk at maximum and perform additional substantive procedures.

For the risk of a Type II error (beta risk), however, the auditor would not be motivated to do
additional work beyond what has already been planned. Unless other planned procedures or
analysis reveal a deviation or misstatement that was not detected in sampling, the deviation
or misstatement will go uncorrected, and wrong decisions will be made regarding
adjustments and the audit opinion.

Consequently, the auditor is very concerned about beta risk; therefore, when deciding on an
acceptable sampling risk for audit purposes, the focus is on beta risk, not alpha risk.

How do sampling risks affect efficiency and effectiveness of audit?

Risk of under reliance on client‘s internal control and risk of incorrect rejection (alpha risk)
affects audit efficiency since both make the auditor to perform additional audit procedures
that will finally reveal that no material weakness in control procedure (in the case of test of
control) and the account is not materially misstated (in the case of substantive test)

Risk of over reliance on client‘s internal control and risk of incorrect acceptance (beta risk)
affects audit effectiveness in detecting material errors. If audit is ineffective there is a failure

Page 9
of detecting material weakness in control procedure (in the case of test of control) and
materially misstated account balances will not be detected (in the case of substantive test)

Risk of over reliance and risk of incorrect acceptance (beta risk) have significant effect on
the fairness of the financial statement, so they are of primary concern to auditors. If not
reduced, these risks will expose auditors to negligence that will lead to legal liability.
Auditors should use a representative sample to reduce such risk

In summary:

 Type II risk/error, or Beta risk is worse because it results in too little audit
work being done to support audit opinion
 Type I risk/error, or Alpha risk is not as beta, just less efficient. By definition it
pushes the auditor to do more audit work.

Non-Sampling risk and Non-Sampling error

Non-Sampling risk
What are
they? Non sampling risk include all risks other than sampling risk
Non-sampling error is an error that arises from non-sampling risk
Examples 1. Failure to recognize errors in documents or transactions examined due to
exhaustion, boredom, or lack of understanding of what to look for.
 Assume 3 shipping documents were not attached to duplicate sales
invoices in a sample of 100. If the auditor concluded that no exceptions
existed, that is a non-sampling error.
2. Use of an inappropriate/ineffective audit procedure, eg. when the auditor has
done the test in the wrong direction
Non-Sampling risk occurs when there is an incorrect judgment about inherent
risk, control risk and detection risk, which causes the audit risk

Incorrect This is when auditors do not have proper understanding of the

judgment about nature of the client's operation and the auditable areas; they
inherent risk may wrongly believe that few errors and irregularities exist.
This will lead them to do less work and fail to detect the
problem (samples taken in such situations may not be
How does representative)
Non-

Page 10
 Sampling Incorrect This is when auditors are too optimist about the ability of
risk occur? judgment about control systems to prevent, detect and correct errors and
control risk irregularities, they tend to do less work, ie they assume control
system to be effective and take few sample which may not be
representative

Auditors poorAuditors may select inappropriate procedures for the audit

choice of
objective.
procedures and  Eg audit objective is to find unrecorded A/R. If the
mistakes in procedure used to achieve this audit objective is sending
applying confirmation letter for recorded A/R, it is an incorrect
procedures procedure
(related to
In this case, the sample of receivable balances confirmed do
detection risk)
not represent the unrecorded A/R. (if the sample is taken from
this group, the sample will not be representative)
How can a Non-sampling risk can be minimized through effective planning including
Non-  Careful design of audit procedures,
Sampling  Proper instruction,
risk be  Effective supervision of the audit engagement, and through
reduced?  Appropriately designed quality control procedures within the CPA
firms.

Thus, auditors are also concerned about non-sampling error since a non sampling error may
also make the sample not representative of the population. Causes of non-sampling
risk/error can be summarized as follows:

o The auditor is not careful in examining the sample and fails to identify an
exception or error in a selected sample item
o The audit test is not appropriate (for example, the sample was selected from
an inappropriate population for the purposes of the assertion being tested)
o The auditor has misjudged the relevant risks (that is, the inherent risk and/or
control risk)
o The auditor has made an error in the evaluation of the sampling results
Any or all of the above audit or auditor weaknesses could lead the auditor to perform less
work than is required to adequately support a conclusion.
Similarities and Differences between Sampling risk and Non-Sampling risk

Similarities

Page 11
  Both exist in statistical and non statistical method of sampling

 Both sampling and non sampling risk can be controlled (can be reduced)

 Both sampling and non sampling risk are basic to audit sampling because their
presence result in a non-representative sample, and makes the auditors conclusion
based on a sample to be different from the conclusion they would reach if they
examined every item in the entire population. So auditors should try to reduce both

Differences

Sampling risk Non-Sampling risk

With statistical sampling, sampling risk can be measured, Non sampling risk cannot be measured
specified in advance (eg 5% error,95% accuracy etc); it
can be controlled/reduced by auditing sufficiently large Non sampling risk can be reduced through
samples adequate planning, supervision of audit
engagement and personnel, by having
With non-statistical sampling, sampling risk can be policies and procedures for quality control
considered but cannot be measured. Considering of the audit practice
sampling risk without measuring needs experience and
expertise

Activity:
Auditor L forgets to look at the signatures on a sample of cheques to test for controls over
disbursements, and as a result, she fails to reassess control risk if there were incorrect
signatures in the sample. Is this an example of a sampling error? How can it be reduced?

Solution: This is an example of non-sampling error. The incorrect control risk assessment
would lead the auditor to perform fewer audit procedures than required by the
circumstances. Through proper instructions and supervision and by careful design of audit
procedures, the auditor can reduce the chance of nonsampling error. The general standard of
GAAS requires adequate technical training and proficiency in auditing, while the first
examination standard requires proper supervision and adequate planning. In short,
nonsampling risk should be of relatively little concern to a competent auditor.

Random and Non Random Sample

Random Sample
 A random sample is a set of sampling units chosen so that each population item has an

Page 12
 equal likelihood of being selected in the sample.
 A random sample can also be used in ―non statistical sampling‖ design
 Random sampling should not be equated to statistical sampling. It is simply a method
of selecting items to be included in the sample.
 Random selection is a part of statistical sampling, but not limited to statistical
sampling design. It can be used even without drawing statistical conclusions (with
non-statistical sampling method). However, it is inappropriate to draw a statistical
conclusion if the sample were not randomly selected.
 An estimate of a sample size can be made using statistical models. However,
statistical calculation of sample size is not mandatory for a method to be considered as
statistical sampling, any sample size can be used (some books states that it has to be
greater than 30).
 The mandatory procedures are, (1) The sample must be random (2) Statistical
computations are needed to interpret the result/ to conclude about the result
Non Random Sample
 It is also known as judgmental sample selection method. -It is used with non statistical
sampling design
 Non-random sampling includes directed, block (or cluster) and haphazard sample
selection that will be discussed under non probability method of sample selection.

Risks with the use of Non Random Sample

 A non-random sample can contain biases;
 The auditor is naturally attracted to non-routine transactions and, therefore, might be
biased in choosing only unusual items.
 Even though a randomly selected sample may not be representative, at least the
probability of this happening (sampling risk) is measured and controlled.

Page 13
Sampling Procedures: Probabilistic versus non-probabilistic sample selection
Regardless of the sampling design used, (statistical/non statistical), when selecting a sample
from a population, the auditor strives to obtain a representative sample by applying different
procedures. Auditors may use probabilistic or non-probabilistic sample selection procedures
to achieve this purpose

Probabilistic sample selection Non-probabilistic sample selection

 It is based on statistical rules  Here, the auditor selects sample items

using professional judgment
 Every individual (element) in the defined
source of population may be selected into the  The procedure is used with non
sample with a known (non-zero) probability. statistical plans since it is not based
upon the statistical principles which
 If sampling frame = N and sample size = n, govern probability sampling.
every individual has a known chance of n/N
being selected.  Usually used when a sampling frame
does not exist/not complete
 Involves random selection procedures

 Each population item has a known probability

of being included in the sample.

Non Probabilistic (judgmental) sample selection: It is used with non-statistical sampling design

1. Directed sample selection 2. Block/cluster sample selection 3. Haphazard sample

selection

1.Directed sample selection

Under these methods, auditors deliberately select each item in the sample based on their own
judgmental criteria. Random selection is not used. It is applied in the following ways:

1. Selection of items Most Likely to Contain Misstatements

Eg. Accounts receivable outstanding for a long time,
Purchases from and sales to officers and affiliated companies,
- Unusually large or complex transactions.
Conclusion: if these items are not materially misstated, the F/S will not be materially
misstated

2.Selection of items Containing Selected Population Characteristics

Eg. Selecting a sample of cash disbursements that includes some from each month, each bank

Page 14
account or location, and each major type of acquisition.

3.Large Dollar Coverage –This involves selection of items with Large Dollar value

Advantages and limitations: It is more logical but difficult to avoid bias

2. Block sample selection

 It is a practice of choosing segments of continuous transactions.
 Block or cluster sampling occurs when the auditor selects a number of blocks of
consecutive transactions rather than selecting transactions individually
 A block sample consists of all items in the selected time period, numerical sequence,
or alphabetical sequence. Usually sampling unit are time period such as transaction
date and months; and numerical sequence such as invoice number.
Block sample with a transaction date used as sampling unit
Eg. Choosing sales invoices processed on randomly chosen days, say, February 3, July
17, and September 29. Thus all sales invoices processed on the randomly selected
dates are included in the sample.
Block sample with months used as sampling unit
Eg auditors want to test internal control over cash disbursement and decide to check all cash
disbursement vouchers of April and December. Here, the sampling unit is month rather than
individual transaction. The sample consists two blocks selected from a population of 12
months When sampling unit is individual transaction, auditors select the first item in a block,
and the remainder of the block is chosen in sequence.
Issues related to the number of blocks
Eg. assume the block sample will be a sequence of 100 sales transactions from the sales
journal for the third week of March. Auditors can select the total sample of 100 by taking 5
blocks of 20 items, 10 blocks of 10, 50 blocks of 2 or one block of 100.

Advantages and Limitations:

Block samples cannot be representative unless a reasonable number/large number of blocks is
used. If few blocks are used, the probability of obtaining a non-representative sample is too
great

Page 15
  Eg. sampling 10 blocks of 10 from the third week of March is far less
appropriate than selecting 10 blocks of 10 from 10 different months.
This method can be used to supplement other samples when there is a high likelihood of
misstatement for a known period.
 Eg. the auditor might select all 100 cash receipts from the third week of March
if that is the period when the accounting clerk was on vacation and an
inexperienced temporary employee processed the cash receipt transactions.

3.Haphazard sample selection

It refers to any unsystematic way of selecting sample units, for example, closing eyes and
putting hands in drawers to pick sales invoices. The problem is:

Only those that are suitable for picking may be picked; It is also very difficult to describe the
method, to replicate the method and get the same sample units

Haphazard sample selection is also described as a method for selecting items without any
conscious bias by the auditor; without any special reason for including/excluding items, i.e. the
auditor selects population items without regard to their size, source, or other distinguishing
characteristics.

Probabilistic sample selection: This method of sample selection is used with statistical sampling
design. Statistical sampling plans apply probabilistic sample selection method to measure
sampling risk

1. Simple random sample selection 2. Systematic sample selection 3. Probability

proportional to size sample selection 4. Stratified sample selection

1. Simple random sample selection

Nature A sample is random if each unit in the population has an equal

probability/chance of being included in the sample. When a sample is
random, the test result can be generalized to the population from which
the sample is taken.

Page 16
When to use? Auditors use simple random sampling to sample populations when
there is no need to emphasize one or more types of population items.

How to apply? Auditors use random numbers in applying simple random selection
method. Random numbers are a series of digits having no identifiable
pattern and equal probabilities of occurring over long runs. Auditors
usually generate random numbers by using the following techniques:

1. Electronic spreadsheets, 2. Random number generators, and

3. Generalized audit software.

Since computer programs offer advantages such as time savings, reduced likelihood of
auditor error in selecting the numbers, and automatic documentation, auditors usually prefer
to use computer generation of random numbers, such as the one shown in Figure 15-1
below: Figure 15-1 shows how the auditor randomly selected 50 invoices from a total of
5,763 invoices (from Invoice No. 3689 up to 945=5,763 ) using a random number
generator.

2. Systematic sample selection

Nature It requires auditors to know the population size and a predetermined

Page 17
 sample size

How to apply? 1. Obtain a random starting place in the physical representation (eg. List
of sales invoices recorded in sales journal) and select the unit

2. Count through the file and select every kth unit, where k is the sampling
interval (standard distance between individuals), which is obtained by
dividing the number in the frame by the desired sample size

k, the interval = population size/sample size

Example Eg 1. Assume the auditor wants to examine 200 paid checks from a
population of 10,000 checks.

 The interval = 10,000/200 = 50, this implies the auditor will select
every 50th check
 As a starting point the auditor will select one of the first 50 checks
 Assume from the first 50 checks, check # 37 is selected randomly,
then
 CK# 37; CK# 87 i.e 37 + 50; CK# 137 i.e 87 + 50 are among
those that are included in the sample
Advantages and Advantages: It is easier to use, sample can be drawn quickly, it
limitations automatically puts the numbers in sequence, making it easy to develop the
appropriate documentation, Very good when the population from which
sample is to be drawn is homogeneous

Limitations: Systematic sampling involves a danger if the list of

individuals has some periodicity or some pattern, thus there is a possibility
of bias

 Eg. if a control deviation occurred at a certain time of the month or

only with certain types of documents due to turnover etc, a
systematic sample can fail to select a representative sample.

3. Probability proportional to size (PPS) sample selection

Nature Under this method, a sample is taken where the probability of selecting any
individual population item is proportional to its recorded amount. For

Page 18
 example, when this method is used in the audit of account balances such as AR
balance, accounts with larger balances have higher probability of being included
in the sample.

When to use? This method of sample selection is used with monetary unit statistical
sampling (MUS) which is similar to non statistical sampling.

4. Stratified sample selection

Nature Stratification is a technique of dividing the population into relatively

homogenous subgroups called strata. Auditors stratify the population before
computing the sample size and selecting the sample. Auditors usually use dollar
size to stratify the population.

How to apply? Sample is taken from each strata separately; larger sample is taken from the
subpopulations with larger sizes. Sample results may be evaluated separately or
combined to provide an estimate of the characteristics of the population. This
method of sample selection is used in non-statistical sampling or variables
statistical sampling.

Part APPLICATION OF NON-STATISTICAL AUDIT SAMPLING and

II:
ATTRIBUTE AUDIT SAMPLING (STATISTICAL METHOD) FOR TESTS OF
CONTROL

The application of sampling in test of controls auditing (both in non-statistical and

statistical/attribute sampling) is a structured, formal approach involving the following 14
steps categorized in 3 phases:

Phase 1: Plan the Sample Phase 2: Select Phase 3: Evaluate the

the Sample and Results
1. State the objectives of the audit test. Perform the Audit
2. Decide whether audit sampling applies. Procedures 12. Generalize from the
3.Define attributes and exception sample to the
conditions 10. Select the population.
4. Define the population. sample. 13. Analyze exceptions.
5. Define the sampling unit. 11.Perform the 14. Decide the acceptability
6. Specify the tolerable exception rate audit of
(TER). procedures. the population
7.Specify acceptable risk of assessing
control risk too low (ARACR).

Page 19
8. Estimate the population exception rate.
9. Determine the initial sample size.

Basic concepts and terminologies related to audit sampling for tests of control

1. Attribute: An attribute is a characteristic in which the auditor is interested, and the

attribute of interest in testing controls is whether or not a deviation from the specified
controls has occurred. An attribute supporting the control objective of occurrence/existence,
for example, is the existence of a matching shipping document for each sales invoice. Other
examples of attributes include the department supervisor‘s initials on each invoice payable
(authorization) and correct account coding on each invoice (classification).

2. Deviation rate/exception rate- rate of failure from prescribed procedure. The three types
of exceptions/deviations in accounting data in which auditors are interested in and evaluate
are:

1. Deviations from client‘s established control

2. Monetary misstatements in populations of transaction data
3. Monetary misstatements in populations of account balance details

How deviation rate relates to control risk? There is a direct relationship between deviation
rate and the level of control risk. Low deviation rate is associated with low control risk; high
deviation rate is associated with high control risk. Low control risk implies higher reliance
on client's internal control system; which means client‘s internal control is assumed to be
effective so the deviation rate is also low.

The need to clearly define conditions for deviations/exceptions: A clear understanding of

what constitutes a deviation is important. Deviations need to be defined in advance so that
they can be recognized and treated consistently, and so that they relate to the objectives of
the test of control. Auditors must also fully understand the attributes being tested in order to
know when a deviation occurs. Normally, the absence of an attribute constitutes a deviation,
but that is not always the case. In certain situations, there will be justifiable reasons for the
absence of an attribute.

From which source do auditors refer about attributes and conditions for
deviations/exceptions?

Attributes of interest and exception conditions for audit sampling are taken directly from the
auditor‘s audit procedures. Eg Eight attributes are used for tests of control of the billing
function of HH Co. Samples of sales invoices will be used to verify these attributes.

Page 20
Eg. Attribute 1: Existence of sales invoice No. in sales journal

Attribute 2: Details on sales invoice are correct…………….Attribute 8: Credit approved

How to evaluate the attributes

Eg. For an audit question that asks ―Is credit approved?‖ the answer can be yes or no.
Auditors will count the number of deviations and use the count in evaluating the evidence.

Deviation/exception/error rate depends on how the auditor interpret/define deviation

Eg. If deviation is defined to include every departure from prescribed procedures, no

matter how trivial, the population should contain relatively high deviation rate
without significantly increasing control risk

If deviation is defined to include only fictitious transactions recorded in accounting records,

even a very low deviation rate has implications. Auditors may combine several types of
deviations in their definition of deviations/exceptions. It is important if deviations are of
similar audit significance. If both serious and minor deviations/exceptions are combined in
the definition, the significance of the deviation/exception rate to the auditors‘ assessment of
control risk will be obscured.

Issues regarding missing documents/attributes

The absence of the attribute for any sample item will be an exception for that attribute,
which means, if the document selected for testing cannot be located, the auditors will not be
able to apply alternative audit procedures to determine whether the control procedure is
applied. Selecting another item in place of the missing one is not appropriate, thus the
misplaced document should be treated as a deviation/exception for evaluation purpose. In
general, both missing documents and immaterial misstatements result in exceptions unless
the auditor specifically states otherwise in the exception conditions. However, regarding the
missing documents auditors should carefully see the case as the reason could range from
unintentional missing due to misfiling to material irregularities.

3. Population- When conducting a test of controls, the auditor aims to support control risk
assessments assertion by assertion. This means that the population from which the sample is
drawn must lend itself to testing the controls that will support a given assertion, either
directly or indirectly through a control objective relevant to the assertion. When studying
the direction of a test, it is clear that sources of evidence would be used in different ways
(different directions) to test for different assertions. The auditor must ensure that the
population that he/she selected has attributes consistent with the assertions he/she wishes to

Page 21
test. In some cases, it may be necessary to define separate populations for different audit
procedures.

Eg. In sales and collection cycle, evidence from a sample of recorded sales invoice cannot
be used as a population to conclude about completeness. Controls related to completeness
objective can only be audited by sampling from a population representing goods shipped
from shipping order file

When defining the population from which to draw a sample, there are factors auditors
should be aware of:
1. The timing of the audit work
2. Physical Representation (Physical proximity and Physical characteristics) of the
population

The timing of the audit work

Ideally, tests of control audit procedure should be applied to transactions executed

throughout the period under audit because auditors want to reach a conclusion about control
risk during the entire period. Sometimes auditors perform tests of control procedures at
interim period (some weeks/months before the end of the client‘s year end date); during
these times the entire population, eg. recorded sales invoice, will not be available.
Auditors can perform the work during the interim period, but they should not ignore the
remaining period.

Activity
Auditor P is performing an audit for a client whose year end is December 31. She is
planning to conduct tests of controls at an interim date, commencing October 1. What are
the implications for P and on her audit work?

Solution: Depending on the type and volume of transactions that occur between October 1
and December 31, P must consider that a significant portion of the population may not yet
exist. For a control to be relied on, it must be consistently applied throughout the period
under audit. Thus, P may need to perform additional tests at year-end to determine if the
control assessment made during the interim audit continues to be valid for the balance of the
year. An auditor must also be aware of the completeness of the population at the time the
samples are selected.

Page 22
In general, auditors may do the following to solve the problem of performing tests of
control in interim period:

1. Stop the work if the conclusion at interim is that control is deficient, control risk is
high and other procedures will not be restricted

2. Extend the attribute sample in to the remaining period and continue the work later,

3. Evaluate the specific circumstances and decide whether other procedures will
produce enough evidence about the maintenance of control so that detailed test of
controls auditing need not be continued. (Note: The length of the remaining period,
whether it is 3 weeks or 3 months makes a difference)

Physical Representation (Physical proximity and Physical characteristics) of the

population

Physical representation of the population /sampling frame/ is the auditor‘s frame of

reference for selecting a sample. Eg. It can be a journal list of recorded sales invoice, a
drawer full of invoices, etc The physical representation should be easily to visualizable such
as journal listings, and it must be complete, accurately recorded.

Activity:
What is the auditor‘s concern when documentation defined as the intended population is
kept in a remote off-site location? What if the identified population exists in the form of
data stored in machine-readable form only?

Solution:
If the population is kept in a remote off-site location, it could be difficult or may be even
impossible to select a sample from this population. The same holds true for a population
that lacks physical characteristics (that is, in a computerized environment) that allow the
auditor to sample from it. Thus, the auditor must ensure that a sample can actually be drawn
from the population and that the chosen population must have physical characteristics that
allow an auditor to sample from it.

In general, when auditors select the sample:

 It must be selected from the entire population;

 The auditor should test the population for completeness and detail tie-in before a
sample is selected to ensure that all population items are subjected to sample
selection.

Page 23
  For example, when performing tests of controls and substantive tests of sales
transactions, the auditor generally defines the population as all recorded sales
invoices for the year. In this case, if auditors samples from only one month‘s
transactions, it is invalid to draw conclusions about the invoices for the entire year.
4. Tolerable Exception Rate (TER)- Tolerable exception/deviation rate represents the
maximum population rate of deviations from a prescribed control procedure that the auditor
will tolerate without modifying the planned reliance on internal control assessment of
control risk OR

TER represents the highest exception rate the auditor will permit in the control being tested
and still be willing to conclude the control is operating effectively (and/or the rate of
monetary misstatements in the transactions is acceptable). Establishing the tolerable
exception rate (TER) for each attribute requires an auditor‘s professional judgment.

Eg. assume that the auditor decides that TER for attribute 8 ―Credit sales Approved‖ is 9%.
That means that the auditor has decided that even if 9% of the duplicate sales invoices are
not approved for credit, the credit approval control is still effective in terms of the assessed
control risk included in the audit plan.

Auditors should ask questions such as what rate of deviation in the population signals
control risk of 10%? 20%/ 30%? etc up to 100%?
Eg $90,000 of sales invoices could be exposed to control deviations without causing a minimum material
misstatement in the sales and accounts receivable balance. If total gross sales is $9,000,000, the
judgment implies a tolerable exception/deviation rate of $90,000/9,000,000 = 1%

How the tolerable exception/deviation rate (TER) relates to sample size? The tolerable
exception/deviation rate (TER) is inversely related to sample size. Low tolerable rate
requires higher accuracy so relatively larger sample size is needed; when the tolerable rate
is larger (relaxed) relatively smaller sample size can satisfy the requirement

Thus, an auditor who wants to assess control risk at 10%, with tolerable rate 1% will need to
audit a large sample of sales invoice than an auditor who is willing to assess a control risk at
40%, with tolerable rate 6%

In general, TER can have a significant impact on sample size. Larger sample size is needed
for a low TER than for a high TER. For example, a larger sample size is needed for the test
of credit approval (one of the attributes) if the TER is decreased from 9 % to 6 %. Since a
lower TER is used for significant account balances, the auditor requires a larger sample size
to gather sufficient evidence about the effectiveness of the control or absence of monetary
misstatements. The tolerable rate is not a fixed rate until the auditor decides what control

Page 24
risk assessment suits the audit plan, then it becomes a decision criterion involved in the
sampling application

The suitable TER is a question of materiality and is therefore affected by both the definition
and the importance of the attribute in the audit plan. If only one internal control is used to
support a low control risk assessment for an objective, TER will be lower for the attribute
than if multiple controls are used to support a low control risk assessment for the same
objective.

5. Estimated population exception rate (EPER) – EPER is an estimate of the ratio of the
number of expected deviations to population size. Auditors should make an advance
estimate of the population exception rate to plan the appropriate sample size.

 What information can help auditors to estimate EPER? Information about client‘s
personnel, working condition, and the general control environment collected from
sources such as last year audit experience with the client, and information from the
predecessor auditor will help auditors to know or suspect some control performance
conditions
 Auditors often use the preceding year‘s audit results to estimate EPER. What if
prior-year results are not available, or if they are not reliable? the auditor can take a
small preliminary sample of the current year‘s population for this purpose.
 Assume the expected population exception rate (EPER) of last year is 1%, auditors
can take the same 1% in the current year. Auditors may also take 0% for EPER
which will result in a minimum sample size for the audit (no expected deviation
means no need to take larger sample since the control is effective)
 What does EPER imply? If auditors have reason to expect more deviation than they
could tolerate, there would be no reason to perform any test of controls audit
procedure. Thus, the expected rate must be less than the tolerable rate. The closer the
expected rate is to the tolerable rate, the larger will be the sample that is needed to
reach a conclusion that deviations do not exceed the tolerable size. Thus sample size
varies directly with the expected deviation rate (especially in terms of larger samples
when the expected rate nears the tolerable rate)
 In general, if the estimated population exception rate (EPER) is low, a relatively
small sample size will satisfy the auditor‘s tolerable exception rate, because a less
precise estimate is required. It is not critical that the estimate be precise because the
current year‘s sample exception rate is ultimately used to estimate the population
characteristics. If a preliminary sample is used, it can be included in the total sample,
as long as appropriate sample selection procedures are followed.

Page 25
6. Sample Exception Rate (SER)- Sample Exception Rate (SER) is actual sample
deviations ÷ sample size. The following table shows how tests of controls are documented
and SER is computed. (Note: 7 attributes are tested, x represents deviation; sample size is
not uniform, it varies)

HH Co: Tests of control over recorded sales as of 31-Dec-09

Attributes
2.Credit 5.Arithme 7.Posted
Invoice 1. Bill of Approve 3.Approve 4.Quantiti tic 6.Dates to
No. Date Amount Lading d d Price es match Accurate Match customer
3773 5-Jan 5,000 x
3787 8-Jan 9,000 x
3876 18-Feb 45,000 x x x x

9371 23-Mar Missing x x x x x

9402 27-Mar 7,000 x
1,397,00
0 0 2 10 4 1 0 12
Sample size 75 100 100 60 70 50 100

Computation of Sample exception rate (SER)

Sample exception rate (SER)= actual sample deviations ÷ sample size

Eg. SER For attribute 1; 0÷75, = 0

SER For attribute 2; 2÷100, = 2%. For all attributes it is computed in this way

Two possible results that auditors may obtain:

1. The actual deviation rate or sample exception rate (SER) is equal to or less than the
expected rate
2. The actual deviation rate or sample exception rate (SER) is more than the expected
rate
Remember, the true population deviation rate is unknown and is to be generalized from the
sample. The above two conditions are interpreted as follows:

(1) If the actual deviation rate or sample exception rate (SER) is equal to or less than the
expected rate

Page 26
 It shows the sample results supports auditors‘ preliminary assessed control risk and their
planned reliance on control. Auditors are likely to conclude that the risk of reliance on
client’s control system is acceptable (the true population deviation rate doesn’t exceed the
tolerable rate, so it is acceptable).

(2). When the actual deviation rate or sample exception rate (SER) is greater than the
expected rate

When SER exceeds the EPER used in designing the sample, auditors usually conclude
that the sample results do not support the preliminary assessed control risk i.e, auditors are
likely to conclude that there is an unacceptably high risk that the true deviation rate in the
population exceeds TER.

7. Acceptable Risk of Assessing Control Risk too low (ARACR)- Whenever auditors use
sample to measure deviations, the sample results may not exactly represent the deviation in
the population. As a result auditors may wrongly conclude that the control system is
effective (over reliance on control system), and wrongly accept a misstated balance (risk of
incorrect acceptance). Unless 100 percent of the population is tested, sampling risk cannot
be avoided in both non-statistical and statistical sampling. For audit sampling in tests of
controls and substantive tests of transactions, that risk is called the acceptable risk of
assessing control risk too low (ARACR).

ARACR measures the risk the auditor is willing to take of accepting a control as effective
(or a rate of misstatements as tolerable) when the true population exception rate is greater
than TER. ARACR represents the auditor‘s measure of sampling risk in tests of controls and
substantive tests of transactions; it represents auditor‘s risk of incorrectly accepting the
control as effective.

Though sampling risk includes the risk that the control risk assessment will be too low, as
well as
the risk that the control risk assessment will be too high, the auditor is concerned with the
former, not the latter.

Two aspects of sampling risk in tests of control

1. The risk of under reliance on internal control: This is a possibility that sample results
will cause the auditors to rely too little on a control procedure, thus auditors will assess
control risk too high

Page 27
2. The risk of over reliance on internal control: This is a possibility that sample results
will cause the auditors to erroneously place more reliance upon an internal control
procedure, than is justified by the true effectiveness of that control. Thus auditors will
assess control risk too low

The risk of under reliance relates to the efficiency of the audit process. It will make
auditors to perform more substantive test than required. However, it will not reduce the
effectiveness of the audit procedure to detect material misstatements in the financial
statement. Auditors do not attempt to directly control the risk of under reliance

The risk of over reliance relates to the effectiveness of the audit process. It is auditors
utmost concern, very important to them than the risk of under reliance. If auditors assess
control risk to be lower than what actually is, they will inappropriately reduce the intensity
of their substantive tests. Inappropriate reduction of substantive test lessens the overall
effectiveness of the audit as a means of detecting material errors in the client‘s financial
statement.

Though audit efficiency is needed, audit effectiveness is more important, thus, in designing
tests of controls, auditors should carefully control the risk of overreliance up on internal
control procedures.

How do auditors state ARACR? In non-statistical sampling, auditors commonly use

qualitative expressions such as ARACR of high, medium, or low instead of a percentage.
In statistical sampling, auditors use a percent, such as 5% or 10%.

What does low/high ARACR imply? A low ARACR implies that the tests of controls have
important implication on the financial statement, so higher accuracy is needed. The
ARACR of high means that the tests of controls are not that much important (have less
impact on the fairness of the financial statement) the auditor is willing to take a fairly
substantial risk of concluding that the control is effective after all testing is completed, even
when it is ineffective.

How do auditors choose appropriate ARACR for each attribute? In choosing the
appropriate ARACR for each attribute, auditors must use their best judgment. The auditor
can establish different TER and ARACR levels for different attributes of an audit test,
depending on the importance of the attribute and related control.

 For example, auditors commonly use higher TER and ARACR levels for tests of
credit approval than for tests of the occurrence of duplicate sales invoices and bills of

Page 28
 lading. This makes sense because the exceptions for the latter are likely to have a
more direct impact on the correctness of the financial statements than the former.

Eg which of the following attributes/conditions have more important implication on the

fairness of financial statement?

A. Sales invoice is not approved but the amount is correctly stated

B. Sales invoice is approved but the amount is materially misstated

ARACR can be higher/relaxed for A; but should be lower for B, because of its significance
for the fairness of the F/S. (B needs higher accuracy )

How does ARACR relate to internal control? When client‘s internal control is effective,
assessed control risk is low, sampling error (ARACR) is assumed to be low and substantive
tests of details of balances will also reduce. Thus low ARACR can also be related to low
assessed control risk

When client‘s internal control is not effective, assessed control risk is high, sampling error
(ARACR) is assumed to be higher and substantive tests of details of balances will also
increase. Thus higher ARACR can also be related to high assessed control risk

In sum, for audits where there is extensive reliance on internal control, control risk will be
assessed at low and therefore ARACR will also be as low. Conversely, if the auditor plans
to rely on internal controls only to a limited extent, control risk will be assessed as high and
so will ARACR.

 Eg. Assume that TER is 6%, ARACR is high, and the true population exception rate
is 8%. The control in this case is not acceptable because the true exception rate of 8
% exceeds TER.

 If the control were said to be effective in this illustration, the auditor would have over
relied on the system of internal control (used a lower assessed control risk than was
justified).

How does ARACR relates to sample size? Low ARACR relates to higher accuracy so
larger sample size is needed. Like for TER, there is an inverse relationship between
ARACR and planned sample size. If the auditor reduces ARACR from high to low,
planned sample size must be increased. ARACR represents the auditor‘s risk of incorrectly
accepting the control as effective, and a larger sample size is required to lower this risk.

In general, the level of ARACR is affected by the following 3 factors:

Page 29
 1. The importance of the -For more important attribute, lower ARACR
attribute and related control
implications to the fairness of -For less important attribute, higher ARACR
financial statements

2. The degree of reliance on -For high degree of reliance on IC or lower assessed

client‘s internal control control risk, lower ARACR
system (assessed control risk) -For low degree of reliance on IC or higher assessed
control risk, higher ARACR

3. Type of the organization For public companies that report on effectiveness of IC,
less ARACR
-For those that are not required to report on IC, higher
ARACR

8. Sensitivity of Sample Size to a Change in the Factors

A combination of two factors has the greatest effect on sample size: TER minus EPER. The
difference between the two factors is the precision of the initial sample estimate.

 A smaller precision, which is called a more precise estimate, requires a larger

sample.

 Assume TER is 4% and EPER is 3%. In this case, precision is 1%, higher
accuracy is needed, which will result in a large sample size.

 Assume TER is 8% and EPER is zero. In this case, precision is 8%, so the
sample size can be small and still give the auditor confidence that the actual
exception rate is less than 8%.

Different sample sizes can be used to test different attributes. For those attributes, the
difference between TER and EPER is smallest, a larger sample size is required. Although
the difference between TER and EPER (the precision) is the same for two attributes, the
sample size may be lower for the attribute for which the estimated population exception
rate is zero.

9. Attribute sampling: Attribute sampling is another name for tests of control audit
sampling that uses statistical measures. Attribute sampling is a statistical audit sampling
applied to attributes to look for the presence or absence of a control deviation. Attribute
sampling enable auditors to estimate the frequency with which specified characteristics
occur within a population. For example, for questions like ‗is sales invoice approved?‘, the
yes or no answers will be counted and used for evaluation. Attribute sampling does not

Page 30
provide dollar value information, ie it doesn‘t indicate the dollar amount of the deviations; it
provides information such as failures to comply with certain procedure.

Attributes sampling is based on the binomial distribution, in which each possible sample in
the population has one of two possible values, such as yes/no, black/white, or control
deviation/no control deviation. Each population exception rate and sample size has a unique
sampling distribution. For example, the sampling distribution of sample size of 100 and
exception rate of 5% is different from the sampling distribution of sample size of 50 and
exception rate of 5%. It is also different from the sampling distribution of sample size of 50
and exception rate of 3%. Knowledge about sampling distributions enables auditors to make
statistically valid statements about the population

10. Computed Upper Exception Rate (CUER) for a given ARACR. This is used with
statistical/attribute sampling in tests of controls.
The Computed Upper Exception Rate (CUER) is a statistical calculation that factors in
sampling error, and is used to estimate the population deviation rate. The sample deviation
rate (actual sample deviations ÷ sample size) may be lower or higher than the actual
population deviation rate. Because auditors are mainly concerned with the risk of assessing
CR too low, the higher/upper limit is calculated to estimate how high the estimated
population deviation rate might be. CUER is used to evaluate the results of the test in a
statistical context; table 15-9 is used. Table 15-9 computes the Computed Upper Exception
Rate (CUER) or upper deviation or error limit for a given ARACR, sample size, and
number of deviations found in tests of controls.

The following steps are involved to evaluate the acceptability of the population/the control
risk assessment:
 Using the four steps of locating CUER from table 15-9, locate the CUER for the
given ARACR, TER, EPER, sample size and deviation in the sample. (see the
illustration)
 Compare CUER with TER
 If CUER is less than or equal to TER, the population (the Control risk assessment) is
considered acceptable. The auditor will conclude that the results of the test supports
the preliminary control risk assessment.
 If CUER is greater than TER, the auditor could decide to increase the sample size
and do more testing to see if the deviations persist, or the auditor would conclude
that the test does not support the preliminary control risk assessment, and therefore
would reassess control risk as high or very high and design substantive audit
procedures accordingly.

Page 31
14 steps in applications non-statistical and statistical (attribute) sampling for
tests of controls

Steps in application of audit Non-statistical Attribute Similarity/di

sampling method sampling/Statistical fferences
method
Phase 1: Plan the Sample

1. State the objectives of the Eg. To test control effectiveness of sales and The same
audit test. receipts (tests of control);
(objectives are stated in audit To test monetary misstatements in transactions
program) (substantive test)
2. Decide whether audit Sampling may not be applied to all types of The same
sampling applies. (sampling is audit procedures. Audit procedures involving
needed to estimate the documentation normally can be performed
frequency of
using sampling, whereas procedures involving
deviations/exceptions from the
prescribed internal control observation, inquiry of the client, and analytical
procedure) procedures are not suited to audit sampling; so
for these procedures sampling is not applicable

3. Define attributes and Attributes of interest and exception conditions The same
exception conditions. should be clearly stated
( Attributes are characteristics
that auditors will test; Attributes of interest and exception conditions
deviations/departures are for audit sampling are taken directly from the
auditor‘s audit procedures
exceptions, both should be
clearly defined)

4. Define the population. Separate population can be used for different The same
(proper definition of population audit objective; eg. population for completeness
is essential so that sample can objective, population for existence objective
be taken from the right
population; eg to check The timing and physical representation aspect
existence objective the right of the population should be appropriate.
population is the recorded sales
invoice; for completeness Population should be checked for
objective the right population is completeness; so that sample will be taken from
the shipment. This imply the the entire period.
need for defining separate
Page 32
populations for different audit
procedures) .

5. Define the sampling unit. definition of the sample unit depends on the The same
definition of the population and the objective of
the test)
eg. Documents identified by a number are used

Eg. Sales invoice No.; Shipping order No. etc

6. Specify the tolerable Establishing TER requires the consideration of The same
exception rate (TER). materiality and professional judgment
(the maximum population rate
of deviations from a prescribed
control procedure that the
auditor will tolerate, permit and
still rely on internal controls
and conclude that the control
system is effective)
7. Specify acceptable risk of Attribute
assessing control risk too low. Non-statistical method sampling/Statistical
(ARACR) method
Under this method, Under this method, Sampling
(ARACR represents the sampling risk is sampling risk can be risk exists
auditor‘s measure of sampling considered but not measured. under both
risk). measured. methods, and
the concept
ARACR measures the risk the Auditors state Auditors use a of specifying
auditor is willing to take of ARACR qualitatively percent, such as 5% or ARACR is
accepting a control as effective as high, medium, or 10%. the same
(or a rate of misstatements as low instead of a under both
tolerable) when the true percentage. methods, but
population exception rate is the way it is
greater than TER). stated is
different.
The auditor can establish
different TER and ARACR
levels for different attributes of
an audit test, depending on the
importance of the attribute and
related control.

Eg. Higher TER and ARACR

Page 33
for credit approval; lower TER
and ARACR for
duplicate/fictitious sales invoice,
the later has more damaging
effect on the fairness of financial
statement (Lower TER and
ARACR represent more
accuracy)

The same
8. Estimate the population
exception rate (EPER) Before testing begins, auditors estimate EPER
(is an estimate of the ratio of based on information from various source
the number of expected (client‘s personnel, working condition, ,the
deviations to population size) general control environment and last year
audit).

EPER is needed for determining the sample

size.

If EPER is expected to be closer to TER, larger

sample is needed to conclude that control
system is effective.

9. Determine the initial Non-statistical method Attribute

sample size. sampling/Statistical
In both cases, four factors method
affect the initial sample size Auditors determine Auditors determine There is a
 Population size, (minor sample size using sample size by using difference
effect) professional judgment computer programs or on the
 TER, rather than using a tables developed from determining
 ARACR, statistical formula.
statistical formulas sample size
 and EPER. (the AICPA Audit as the
Usually, auditors base Sampling Guide.) statistical
The relationships between the their judgment on the method uses
factors and sample size are the difference The use of these tables statistical
between help to determine table to
same regardless of whether
TER and EPER sample sizes that determine
non-statistical or
statistical/attribute sampling is When TER-EPER is enable to control the initial
used. sampling risk at sample size
low, higher precision
predetermined level

Page 34
But when auditors use is needed so larger In non-
statistical sampling, they must sample is required (look at the illustration statistical
quantify sampling risk on page 32 of this method the
(ARACR) to enable them to When TER-EPER is material for the four difference
use statistical tables for large, less precision is between
steps involved in using
determining sample size. needed so few sample TER and
is required ARACR table, (table EPER is
15-8) to determine usually
initial sample size) considered

Phase 2: Select the Sample and Perform the Audit Procedures

10. Select the sample. Non-statistical method Attribute
Once the auditor has Sampling/Statistical There is a
determined the sample size, the method difference
next step is to select the Non probability Probability method in the method
sample. method of sampling of sampling is used used to select
such as directed (eg. for attribute sample items of
Sampling risk is reduced by sample selection, sampling auditors the specified
increasing sample size and block sample usually use simple size
increasing the ―randomness‖ of selection, haphazard random, and
the selection process sample selection are systematic *Random
used to select sample sampling method) selection is
items. common to
Each method can both
apply random
selection
11. Perform the audit On the basis of the attributes defined earlier, The same
procedures. auditors will examine each sampled sales
invoice to determine whether it is consistent
This step enables the auditor to with the attributes/characteristics defined and
obtain evidence about the they also maintain records for
effectiveness of the control deviations/exceptions found.
procedure
Attribute
Phase 3: Evaluate the Results Non-statistical sampling/Statistical
method method
12. Generalize from sample -The auditor bases Using table 15-9, the
to the population. professional auditor calculates an
judgment by looking upper precision limit There is a
The results of the test will SER and TER. (CUER) at a specified difference in
either support or refute the ARACR the way
auditor‘s preliminary -When SER is less generalization

Page 35
assessment of control risk. than TER, the If CUER is less than is reached
population will be the TER, the
The number of deviations accepted population will be In Non
found in the sample (SER) will accepted (preliminary statistical
help the auditor decide whether -If TER less SER is assessment of control method,
the controls are reliable by large, (the interval is risk is supported by professional
inferring the proportion of the large), it is more the sample) judgment is
population that contains likely that the true used based on
deviations. population If CUER is larger the difference
exception/deviation than the TER, between SER
rate is less than or (preliminary and TER
equal to the tolerable assessment of control
exception/deviation risk is not supported In Statistical
rate by the sample). method, CUER
and vice versa Reassess control risk is used
high or increase
sample size or design
substantive test
13. Analyze exceptions. Auditors must analyze individual exceptions The same
to know the cause for the breakdown in the
internal controls that allowed them to happen

14. Decide the acceptability Auditors base If CUER is less Basically the
of the population professional judgment than TER the process is the
by considering the population will be same
difference between accepted
SER and TER

When SER is less than

TER, the sample
supports the
preliminary risk
assessment, so the
population is accepted
But if SER or CUER are greater than TER auditors should perform one of the
following:

1. Revise TER or ARACR

This alternative should be followed only when the auditor has concluded that the

Page 36
original specifications were too conservative. Relaxing either TER or ARACR may
be difficult to defend if the auditor is ever subject to review by a court or a
commission. Auditors should change these requirements only after careful
consideration.

2. Expand the Sample Size

An increase in the sample size has the effect of decreasing the sampling error if the
actual sample exception rate does not increase. Of course, SER may also increase or
decrease if additional items are selected. Increasing the sample size is appropriate if
the auditor believes the initial sample was not representative, or if it is important to
obtain evidence that the control is operating effectively. This is likely if the auditor is
reporting on internal control, or if the control relates to highly significant account
balances such as receivables or inventory.

3. Revise Assessed Control Risk If the results of the tests of controls and substantive
tests of transactions do not support the preliminary assessed control risk, the auditor
should revise assessed control risk upward. This will likely result in the auditor
increasing substantive tests of transactions and tests of details of balances. For
example, if tests of controls of internal verification procedures for verifying prices,
extensions, and quantities on sales invoices indicate that those procedures are not
being followed, the auditor should increase substantive tests of transactions for the
accuracy of sales. If the substantive tests of transactions results are unacceptable, the
auditor must increase tests of details of balances for accounts receivable.
Illustration of determining the initial sample size (audit sampling step 9) in tests of
control using statistical/attribute sampling

In attribute/statistical sampling, the initial sample size is determined from tables, based on
values for the tolerable exception rate, acceptable risk of assessing control risk too low (5%
or 10% as given in table 15-8), and the estimated exception rate.

The two tables in Table 15-8 come from the AICPA Audit Sampling Guide. The top one
shows sample sizes for a sampling risk set at 5%, (a 5% ARACR), while the bottom one is
for a sampling risk set at 10%, (a 10 % ARACR). The tables are developed using sampling
(probability) distributions and allows auditors to estimate the probability of
representativeness (sampling risk) of a sample. The table at the top depicts the sample sizes
for a sampling risk set at 5%. The percentage figures down the left side of the table
represent EPER, while those across the top represent TER. The numbers in the table are the
sample sizes required for each combination of TER and EPER.

Page 37
(Note: The table assumes a large population. Sample size is too large to be cost-effective for
most audit applications).

Four Steps in using tables to determine initial sample size

Step 1: Select the table corresponding to the ARACR

Step 2: Locate the TER at the top of the table.
Step 3: Locate the EPER in the far left column.
Step 4: Read down the appropriate TER column until it intersects with the
appropriate
EPER row. The number at the intersection is the initial sample size.
Activity 1:
Suppose an auditor chooses a sampling risk of 5% and has assessed preliminary control risk
at medium (about 30%). On the basis of this preliminary control risk assessment, the auditor
feels comfortable with a TER of 7%. Based on the prior year's experience, the auditor also
determines that EPER is about 1%.
(In other words, the auditor is willing to take a 5% risk of concluding that the control is
effective when it is not. The auditor will tolerate deviations of up to 7% and still assess CR
at 30%, even though the auditor only expects 1% deviations in the population.)
Using these figures and the table in 15-8, what sample size would the auditor choose?

Solution:
 ARACR is 5%; TER is 7%; EPER is1%
Therefore, the auditor would choose a sample size of 66.

Activity 2:
Suppose an auditor chooses a sampling risk of 5% and has assessed preliminary control risk
at medium (about 35%). On the basis of this preliminary control risk assessment, the auditor
feels comfortable with a TER of 7%. Based on the prior year's experience, the auditor also
determines that EPER is about 2%. (In other words, the auditor is willing to take a 5% risk
of concluding that the control is effective when it is not. The auditor will tolerate deviations
of up to 7% and still assess CR at 35%, even though the auditor only expects 2% deviations
in the population.)

Using these figures and the table in 15-8, what sample size would the auditor choose?

Solution:
 ARACR is 5%; TER is 7%; EPER is 2%

Page 38
 Therefore, the auditor would choose a sample size of 88.

Activity 3:
 Assume preliminary control risk is 20%; ARACR is 5%; TER is 4%; and EPER is
1%, what sample size would the auditor choose? (use table in 15-8)

Solution: The auditor would choose a sample size of 156.

Note: These sample sizes (66, 88 and 156) are initial sample sizes. The sufficiency of these
sample sizes for respective audit is determined after evaluation takes place (in phase 3),
when the computed upper exception limit (CUEL) is computed based on sample evaluation
table (table 15-9) and compared with TER.

Page 39
Page 40
Illustration of evaluating sample results (Phase 3) in tests of control using
statistical/attribute sampling

One way to evaluate the results of the test in a statistical context is to use a table like the one
shown in table 15-9.

This table computes the Computed Upper Exception Rate (CUER) or upper deviation or
error limit for a given ARACR, sample size, and number of deviations found in tests of
controls.
The Computed Upper Exception Rate (CUER) is a statistical calculation that factors in
sampling error, and is used to estimate the population deviation rate. The sample deviation
rate (actual sample deviations ÷ sample size) may be lower or higher than the actual
population deviation rate. Because auditors are mainly concerned with the risk of assessing
CR too low, the higher/upper limit is calculated to estimate how high the estimated
population deviation rate might be.

Activity: Computing Computed Upper Exception Rate (CUER)

1. Remember in earlier activity using a sampling risk or ARACR of 5%, TER of 7%,
and EPER of 2%, it was determined that the sample size would be 88. Assume the
auditor found one deviation in the sample. 1a) What would be the CUER? 1b) What
would be auditors conclusion?

Note: the following steps are used in using the sample evaluation table to compute
CUER, and it involves four steps: (Use table 15-9)

1. Select the table corresponding to the auditor‘s ARACR. This ARACR should be the
same as the ARACR used for determining the initial sample size.
2. Locate the actual number of exceptions found in the audit tests at the top of the table.
3. Locate the actual sample size in the far left column.
4. Read down the appropriate actual number of exceptions column until it intersects
with the appropriate sample size row. The number at the intersection is the CUER.

Note: for step 3, if the actual sample size is a figure that is not equal to those provided for in
the attributes sampling evaluation tables, auditors use the closest sample size in the table for
evaluation.

Solution:
1a) Therefore, using table 15-9, at the 5% ARACR and a sample size of 90 (which is the
closest to 88 in the table), one deviation gives a CUER of 5.2%.

Page 41
Evaluation criteria:
 Compare CUER with TER (CUER=5.2%; TER=7%)
 In order for the population (the Control risk assessment) to be considered acceptable,
the CUER must be less than or equal to TER.
Auditor’s conclusion:
 Because this CUER of 5.2% is less than the auditor‘s TER of 7%, the auditor would
conclude that the results of the test supports the preliminary control risk assessment.

How is this interpreted, does it mean that if 100% of the population were tested, the
true exception rate will be 5.2%?

No, the true exception rate remains unknown. But it means, if the auditor concludes that the
true exception rate does not exceed 5.2%, there is a 95 % probability that the conclusion is
right and a 5 % chance that it is wrong. (the conclusion that there is no risk of overreliance
is 95% true with a 5 % chance that it is wrong. )

Activity 2: Suppose the auditor encounters three deviations instead of one. What would be
the CUER in this case? What would the auditor conclude?

Solution

Using table 15-9, at the 5% ARACR and a sample size of 90 (which is the closest to 88 in
the table), three deviations gives a CUER of 8.4%.

Auditor’s conclusion:
 Because this CUER of 8.4 % is greater than the auditor‘s TER of 7%, the auditor
could decide to increase the sample size and do more testing to see if the deviations
persist, or the auditor would conclude that the test does not support the preliminary
control risk assessment, and therefore would reassess control risk as high or very
high and design substantive audit procedures accordingly.

Activity 3: Acceptable risk of assessing control risk too low (ARACR)= 5%; Actual
Number of exception in attribute 6 = 1; Actual sample size = 70. What would be the CUER
in this case? What would the auditor conclude?

Solution: Using table 15-9, at the 5% ARACR and a sample size of 70, one deviation gives
a CUER of 6.6%.

Auditor’s conclusion:

Page 42
  Because this CUER of 6.6%. % is less than the auditor‘s TER of 7%, the auditor
would conclude that the results of the test supports the preliminary control risk
assessment.

Interpretation: The true exception rate remains unknown. But if the auditor concludes that
the true exception rate does not exceed 6.6%, there is a 95 % probability that the conclusion
is right and a 5 % chance that it is wrong. (the conclusion that there is no risk of
overreliance is 95% true with a 5 % chance that it is wrong. )

Page 43
Summary points on how to evaluate sample result of tests of control under Non
statistical and statistical method:
Non statistical sampling method:
 When using non-statistical sampling for the evaluation of tests of controls, the
auditor does not quantify the calculation of CUER using statistical tables. Instead,
the auditor uses professional judgment to consider sample error and generalize from

Page 44
 the sample deviation rate to the population deviation rate. (the auditor considers the
gap between SER and TER).
Statistical/attribute sampling method:
 Statistical sampling for the evaluation of tests of controls enables the auditor to
compute CUER (and sampling risk), given the sample size and number of deviations
found. For example, at the 5% ARACR and a sample size of 90, if deviations are
known (eg. 0, 1, 3 given in the following table), the sampling risk will be computed
as follows: (Use sample evaluation table (table 15-9).

Assume sample size=90 Number of deviations found

0 1 3
Sample deviation or exception rate
Which is 0/90=0% 1/90=1.1% 3/90=3.3%
SER=No. of deviations found ÷ sample
size
CUER 3.3% 5.2% 8.4%

Sampling risk=CUER-SER 3.3% 4.1% 5.1%

Auditor’s Decision For these two cases, For this case, sampling
sampling risk is within risk is not within the
the acceptable 5% level, acceptable 5% level
population accepted since it is 5.1%, so the
(sample results support population will not be
preliminary control risk accepted (sample results
assessment that control do not support
risk is low) preliminary control risk
assessment that control
risk is low)
The auditor may
reassess control risk as
high and design
substantive test
procedures

What if sample tests do not support auditor’s preliminary control risk assessment (if
tests of control show that internal control is not effective)?

Communicate with the Audit Committee or Management

When the auditor determines that the internal controls are not operating effectively,
management should be informed in a timely manner. If the tests were performed prior to

Page 45
year-end, this may allow management to correct the deficiency before year-end. The auditor
is required to communicate in writing to those charged with governance, such as the audit
committee, regarding significant deficiencies and material weaknesses in internal control. In
some instances, it may be acceptable to limit the action to writing a letter to management
when TER – SER is too small. This occurs if the auditor has no intention of reducing the
assessed control risk or has already carried out sufficient procedures to his or her own
satisfaction as a part of substantive tests of transactions.

Part III: APPLICATION OF AUDIT SAMPLING FOR TESTS OF DETAILS OF

BALANCES

Tests of details of balance are part of substantive procedure. Substantive procedures

include the following:

 Substantive tests of transactions

 Substantive tests of balances
 Analytical procedures

In substantive tests of transactions, the auditor is concerned about both the effectiveness of
internal controls and the monetary correctness of transactions in the accounting system. In
tests of details of balances, the concern is determining whether the dollar amount of an
account balance is materially misstated.

Analytical procedures include comparisons of reported amounts with, comparable periods,

financial relationships, nonfinancial information, budgets and expected outcomes calculated
by auditor. Analytical procedures are more efficient, and place greater reliance on client‘s
accounting records. When control risk is lower, auditor can rely more on analytical
procedures and less on detailed Substantive tests of transactions and balances.

Examples of substantive tests of balance: Examples of Analytical procedures:

 Confirmation from debtors for  Estimate depreciation expense by
amount owed (existence assertion) multiplying average depreciation
 Confirmation from client‘s bank rate by asset balance (accuracy
regarding interest rates on assertion)
borrowings (tests accuracy assertion  Compare inventory balances for this
for interest expense) year and last year (existence,
 Recalculate interest expense completeness, valuation and
(accuracy assertion) allocation assertions)
 Inspecting documents to verify date
of transactions posted around year-

Page 46
 end (cut-off assertion).
 Inspecting suppliers invoices to
verify amounts recorded as
purchases (completeness assertion)
 Recalculating wages payable
(valuation and allocation assertion)

As mentioned above, substantive procedures include both analysis and tests of details of
balances. Analysis is not subject to sampling because analytical procedures are applied to
overall balances and financial relationships (to 100% of the items on financial statement).
Therefore, this topic on audit sampling for substantive testing will focus only on tests of
details of account balances.

Tests of Details of Balance

Details of an account balance are the items and transactions that make up the account
balance. For example, three customers, Mr. A, Ms. B, and Mrs. C owe the company
$50,000, $80,000, and $150,000 respectively, and make up the total accounts receivable
balance of $280,000. A test of details for accounts receivable could consist of verifying
(testing) the individual customer balances (details making up the total balance). (Note,
however, that testing 100% of the accounts
does not constitute audit sampling.)

What is the purpose of Audit Sampling for Tests of Details of Balance?

Comparison of audit sampling for tests of control and substantive tests of transactions with
that of the tests of details of balance is helpful to understand the purpose of Audit Sampling
for Tests of Details of Balance

Audit sampling for tests of Audit sampling for tests of control

details of balances and substantive tests of
transaction
Purpose Designed to detect material Tests of controls focus on testing the
misstatements at the assertion effectiveness of internal controls
level, which includes: It is designed to ensure if controls
work effectively to prevent or detect
 Measuring whether dollar and correct material misstatements

Page 47
 amounts of account at the assertion level, which
balances are materially includes,
misstated or not.
OR  Determining whether the
 Detecting material exception rate in the
misstatement in an population is sufficiently low
account balance.
 Reducing assessed control
risk and thereby reduce tests
of details of balances

In addition to the above, for larger

public companies, tests of control
helps to conclude that the control is
operating effectively for purposes of
auditing internal control over
financial reporting
Nature of the The test provides results in dollar The test do not provide results in
test terms dollar terms, it provides in terms of
whether or not a deviation from the
So in tests of details of balances, specified controls has occurred
it is not common for auditors to Eg. Credit is not approved, etc
use rate of occurrence tests that
applies to tests of controls and
substantive tests of transactions.
Sampling risks Two types of sampling risk
exists in substantive audit: There are two types of sampling
1. Risk of Inappropriate risks related to tests of control,
Acceptance (RIA), which is risk 1. Risk of over reliance
that tests of details procedures (ineffective audit) and
will fail to detect material error 2. Risk of under reliance
and exposes auditor to risk of (inefficient audit),
inappropriate audit opinion. RIA
results in ineffective audit, The auditor is more
which is the most concerned concerned with risk of over
about reliance since it is related to
2. Risk of Incorrect Rejection audit risk
(RIR), is risk that decisions will
be made that item is materially
misstated when it is not. This
risk leads to too much audit
work being done or inefficient
audit.

Page 48
 Here the auditor‘s concern is on
RIA, risk of incorrect acceptance
which leads to ineffective audit.

Which risk is more related to audit risk?

Audit sampling for substantive procedures is much more related to audit risk (that is, the
risk that the auditor will issue an unqualified opinion when the financial statements are
materially misstated) than is audit sampling for tests of controls. This is because substantive
testing provides direct evidence about the financial statement assertions, and it is on those
assertions that the audit opinion is based.

In substantive testing, sampling risk refers to the probability that the auditor will form an
incorrect conclusion about an account balance based on the results of a sample from the
population of items that make up the account balance. In other words, it is the probability
that the auditor accepts an account balance based on the results of the sample, when in fact,
the account balance is materially misstated. This would occur because the sample selected
was not representative of the population.

Sampling error will still be Type I or Type II and arise from alpha risk and beta risk
respectively, as was the case for attribute sampling for tests of controls.

In substantive testing, the auditor tests whether or not an account balance is materially
misstated. But how many dollars constitute an error? This is where materiality enters into
the audit sampling process. More specifically, the auditor considers tolerable misstatement,
which is usually the same as overall materiality.

Following are three primary types of sampling methods used for calculating dollar
misstatements in account balances:
1. Non-statistical sampling
2. Monetary unit sampling (MUS), and

Page 49
 3. Variables sampling
In the interest of time, this material will cover the Non-statistical sampling application for
tests of details of balance.

Illustration for the application of non-statistical sampling

Table 17-1, contains the population of 40 accounts receivable totaling $207,295.

Non-statistical Sampling procedures for substantive testing of details of balance

As mentioned earlier, the main objective of substantive testing of details of balance is to
detect a material misstatement in an account balance. To achieve this objective, the auditor

Page 50
 performs audit sampling within the 14 step framework similar to the one described in the
topics for tests of controls.

The application of non-statistical sampling for tests of details of balance will be illustrated
using Table 17-1, which contains the population of 40 accounts receivable totaling
$207,295.

Steps in application of audit sampling for tests of details of balances (Non Statistical method)
Phase 1: Plan the Sample Explanations
1. State the objectives of the The objective is to determine whether the account balance being
audit test. audited is fairly stated or not (not materially
(objectives are stated in audit overstated/understated ie.. balances are not materially misstated).
program)
Thus, in this example, the auditor will do tests of details of
balances to determine whether the balance of $207,295 is
materially misstated.

Typically, tolerable misstatement defines a material misstatement

2. Decide whether audit It is evident that audit sampling applies whenever the auditor plans
sampling applies. to reach conclusions about a population based on a sample.

However, sampling may not apply in testing some accounts

(smaller balances may be ignored); Eg. For the population in Table
17-1, the auditor may decide to audit only items over $5,000 and
ignore all others because the total of the smaller items is
immaterial.

On the other hand, 100% of accounts with larger amounts can be

tested separately (sample is not needed here, since all are taken).
In either case, the auditor has not sampled.

Eg. Assume the auditor is verifying fixed asset additions and finds
many small additions and one extremely large purchase of a
building, and decided to ignore the small items entirely. In this
case also, the auditor has not sampled.

Because audit sampling for tests of details of balances measures

3. Define Misstatement monetary misstatements, a misstatement exists whenever a sample
conditions. item is misstated. Thus, any sample that contains a misstated
balance is considered as misstatement. In auditing AR, any client
misstatement in a customer balance included in the auditor‘s

Page 51
 sample is a misstatement.

*Note: Step 3 for tests of control and substantive tests of transaction would be ‘Define
attributes and exception conditions’
4. Define the population. Population is defined as the items making up the recorded
dollar population. Eg. the recorded population of AR in Table
17-1 consists of 40 accounts totaling $207,295
Population size=40 customer accounts
Auditors stratify the population based on dollar amounts to
emphasize certain population items and deemphasize others.
Such stratum help auditors to emphasize the larger recorded
dollar values, eg In most audit sampling situations, including
confirming accounts receivable emphasis is given for larger
recorded dollar values

The auditor will evaluate whether the recorded population is

overstated or understated.

In testing for existence objective, the recorded dollar

population (account balances) constitute the population.
In testing for completeness objective, the sample should be
selected from a different source (eg customers with zero
balance)
 For tests of control the sample is drawn from entire financial period
 For substantive testing, population from which sample is drawn must be defined according to
assertion being tested, eg.,
- Existence of AR-by drawing sample from list of customers balance
-Existence of inventory-by drawing sample from inventory records
-Completeness of inventory- by drawing sample from physical inventory items
5. Define the sampling unit. The sampling unit is the items making up the account balance.
Eg. for the AR in Table 17-1 the sampling unit will be the customer
number. Auditors can use the items making up the recorded
population as the sampling unit for testing all audit objectives
except completeness.

If auditors are concerned about the completeness objective they

should select the sample from a different source, such as customers
or vendors with zero balances. Accordingly, the sampling unit for
a completeness test for AR will be customers with zero balances.

Page 52
 6. Specify the tolerable misstatement
Auditors use tolerable misstatement, for determining sample size and evaluating results in non-
statistical sampling.
 The auditor starts with a preliminary judgment about materiality and uses that total in deciding
tolerable misstatement for each account.
 The required sample size increases as the auditor‘s tolerable misstatement decreases for the
account balance or class of transactions
Determining tolerable misstatement is subject to the auditor‘s professional judgment,
 But in some cases, the auditor may choose to systematically allocate materiality among balance
sheet accounts.
For example:
-Overall materiality estimated based on estimated after-tax income: $177,000
-Accounts receivable, to be tested, amount to $235,000.
Total assets are $3,550,000,
Calculate tolerable misstatement for accounts receivable:

 However, in many cases, such a systematic approach will not be appropriate, and the auditor
will have to rely more on qualitative factors to arrive at tolerable misstatement for each
balance. The primary basis for materiality decisions is always the auditor‘s judgment.
*Note: Step 6 for tests of control and substantive tests of transaction would be ‘Specify the
tolerable exception rate (TER)’.
7. Specify acceptable risk of incorrect acceptance (ARIA)
(*Note: Step 7 for tests of control and substantive tests of transaction would be
Specify
acceptable risk of assessing control risk too low, (ARACR) )
In both statistical and non-statistical sampling, there is a risk of making incorrect quantitative
conclusions about the population; this is always true unless the auditor tests 100% of the population.

 Acceptable risk of incorrect acceptance (ARIA) is the amount of risk an auditor is willing to
take of accepting a balance as correct when the true misstatement in the balance exceeds
tolerable misstatement. ARIA is sampling risk (risk of making incorrect acceptance or risk of
making incorrect rejection of an account balance)
 (Note that ARIA is the equivalent term to ARACR (acceptable risk of assessing control risk
too low) for tests of controls and substantive tests of transactions.)
 ARIA measures the auditor‘s desired assurance for an account balance; for greater assurance in
auditing a balance, auditors will set ARIA lower. Like for ARACR, ARIA can be set
quantitatively (such as 5% or 10%), or qualitatively (such as low, medium or high).

How ARIA Relates to Sample Size?

 There is an inverse relationship between ARIA and required sample size. If, for example, an

Page 53
 auditor decides to reduce ARIA from 10% to 5%, the required sample size will increase. Stated
differently, if the auditor is less willing to take risk, a larger sample size is needed.

How ARIA interacts with Assessed Control Risk and ARACR?

 The major factor that affects auditor's decision regarding the level of ARIA is the assessed
control risk in the audit risk model.
 If the auditor concludes that internal controls are likely to be effective, preliminary control risk
can be reduced.
 Reduced preliminary control risk requires a lower ARACR in testing the controls, which
requires a larger sample size.
 If controls are found to be effective, control risk can remain low, which permits the auditor to
increase/relax ARIA (through use of the audit risk model), thereby requiring a smaller sample
size in the related substantive tests of details of balances.

 Thus, the interaction of ARACR and ARIA affect evidence accumulation. Tests of details of
balances for monetary misstatements can be reduced if auditors find internal controls effective
after assessing control risk and performing tests of controls.
See Figure 17-1 for the effect of ARACR and ARIA on substantive testing when controls are
not considered effective and when they are considered effective.
How ARIA relates with analytical procedures?
 If analytical procedures indicate that the account balance is likely to be fairly stated, ARIA can
be increased/relaxed. In other words, analytical procedures are evidence supporting the account
balance, meaning auditors require smaller sample sizes in tests of details of balances to achieve
the desired acceptable audit risk.
 The same conclusion is appropriate for the relationship among substantive tests of transactions,
ARIA, and sample size for tests of details of balances. The various relationships affecting
ARIA are summarized in Table 17-2.
 Figure 17-1 shows the effect of ARACR and ARIA on substantive testing when controls are
not considered effective and when they are considered

Page 54
 effective.

8. Estimate Misstatements in the The auditor makes this estimate based on the following:
Population  Prior experience with the client and
(Estimate Expected Dollar  by assessing inherent risk,

Page 55
Misstatements in the Population)  By considering the results of tests of controls,
substantive tests of transactions, and analytical
procedures already performed.

How does an estimated misstatement in the

population affect sample size?

A direct relationship exists between the two. The higher

the expected misstatement, the higher the planned sample
size must be. (The planned sample size increases as the
amount of misstatements expected in the population
approaches tolerable misstatement).
*Note: Step 8 for tests of control and substantive tests of transaction would be ‘Estimate the
population exception rate (EPER)’

9. Determine the initial sample size.

When using non-statistical sampling, auditors determine the initial sample size by considering various
factors and using their judgment
 Table 17-3 summarizes these factors, including the effect of changing each factor on sample
size. Considering all of these factors requires considerable judgment. To help auditors make
the sample size decision, they often follow guidelines provided by their firm or some other
source. Figure 17-2 presents a grid for combining these factors and a formula for computing
sample size based on the AICPA Audit Sampling Auditing Guide.

Page 56
Thus the auditor should consider the following in determining sample size:
 ARACR: Lower ARACR increases sample size
 Results of other substantive procedures (eg analytical procedure): Unsatisfactory result in
these procedures make auditors to increase sample size
 Acceptable audit risk: High acceptable audit risk leads to the reduction of sample size
 Tolerable misstatement for a specific account: Larger tolerable misstatement leads to the
reduction of sample size
 Inherent risk: High inherent risk assessment leads to increase in sample size
 Excepted size and frequency of misstatement: Existence of larger misstatement and higher
frequency leads to increase in sample size
 Dollar amount of population: Existence of larger account balances leads to increase in
sample size
 Number of items in the population: Will have effect on sample size in small population; but
no effect on sample size if population is large

Illustration of determining the initial sample size (audit sampling step 9) in tests of details of
balance using non statistical sampling

Illustration on how to determine sample size:

 No. of A/R accounts 40; Recorded amount $207,295; Accounts are classified in to three
strata:
Formula from Figure 17-2: Sample size=Population recorded amount x assurance factor
Tolerable misstatement
Strata:

Page 57
Stratum 1 : >15,000; ………3 accounts totaling $88,955
Stratum 2 : 5000- 15,000; 10 accounts totaling 71,235
Stratum 3 : <5,000; …….27 accounts totaling 47,105
Total ………. 40 accounts totaling $207,295
 Tolerable misstatement =$15,000
Assumptions about auditor‘s decision:
 Assume the auditor decided to eliminate the 3 account balances that exceed the tolerable
amounts of $15,000 to test these three individually material accounts separately.
(Note: because of materiality, auditor will segregate material amounts and will audit all of
them (100% audit)
 The remaining population to be sampled is $118,340, which is the combined amount of
stratum 2 and 3. Further, assume that:
-the combined assessed inherent and control risk is moderate
-the risk that other substantive procedures will fail detect a material misstatement is
also moderate.
Based on figure 17-2, the required assurance factor is 1.6, (where both risks are moderate,
moderate)
Sample size= Population recorded amount/tolerable misstatement x assurance factor
Thus, sample size= $118,340/$15,000 x 1.6= 13;
Assume also that auditors decide to take 7 account balances from stratum 2 and 6 account balances
from stratum 3.
 When auditors use stratified sampling, they must allocate sample size among the strata,
typically allocating a higher portion of the sample items to larger population items.

Accordingly:
 All items in stratum 1 will be tested (this is not audit sampling, since it is a 100% audit).
 They decided to allocate the sample size of 13 to seven from stratum 2 and six from stratum 3.

Page 58
Phase 2: Select the Sample and Perform the
Audit Procedures

10. Select the sample

 When auditors use stratified sampling, they must allocate sample size among the strata,
typically allocating a higher portion of the sample items to larger population items.
 For non-statistical sampling, auditing standards permit the auditor to use any of the selection
methods discussed earlier.
 The auditor will make the decision after considering the advantages and disadvantages of each
method, including cost considerations.
 For stratified sampling, the auditor selects samples independently from each stratum.
 In our example from Table 17-1, the auditor will select seven sample items from the 10
population items in stratum 2 and six of the 27 items in stratum 3.
 Note: In selecting the sample, auditors consider variability with in population. They attempt to assess
representativeness of sample. Population with high degree of skewness should be stratified to make
sample population as homogenous as possible.

11. Perform the audit procedures.

 The auditor applies the appropriate audit procedures to each item in the sample to determine
whether it contains a misstatement.
 It is assumed that auditors send the sample of positive confirmations and determine the amount
of misstatement in each account confirmed; for non-responses, they use alternative procedures

Page 59
 to determine the misstatements.
 The assumption is that the auditor sends first and second requests for confirmations and
performs alternative procedures.

Dollars Audited
Stratu Sampl Recorded Audited Client
m e Size Value Value Misstatement
1 3 $88,955 $91,695 ($2,740)
2 7 43,995 43,024 971
3 6 13,105 10,947 2,158
16 $146,055 $145,666 $389

Phase 3: Evaluate the Results

(Step 12 & 14 ) Generalize from the Sample to the Population and Decide the Acceptability of
the Population
Generalize from the Sample to the Population
The auditor must generalize from the sample to the population by :
1. Projecting misstatements from the sample results to the population and
2. Considering sampling error and sampling risk (ARIA).
In this example, will the auditor conclude that accounts receivable is overstated by $389?
No, the auditor is interested in the population results, not those of the sample. It is therefore
necessary to project from the sample to the population to estimate the population misstatement.

Decide the Acceptability of the Population

The process of deciding the acceptability of the population begins with the computation of the point
estimate.
Calculating a point estimate.
 The point estimate can be calculated in different ways, but a common approach is to assume
that misstatements in the unaudited population are proportional to the misstatements in the
sample.
 That calculation must be done for each stratum and then totaled, rather than combining the total

Page 60
 misstatements in the sample.
 In our example, the point estimate of the misstatement is calculated by using a weighted-
average method, as shown below:
Stratum Client Misstatement ÷ x Recorded = Point estimate of
Recorded Misstatement
Value for the
Value of the Sample stratum

1 $ (2,740 )/$88,955 x $ 88,955 = $ (2,740)

2 $ 971 /$43,995 x 71,235 = 1,572

3 $ 2,158 /$13,105 x 47,105 = 7,757

$ 6,589

• The point estimate of the misstatement in the population is $6,589, indicating an

overstatement.
• The point estimate is based on sample; due to sampling error, the point estimate, by
itself, may not be an adequate measure of the population misstatement (it may not
exactly measure the misstatement in the population; it may be closer to the
misstatement in the population)

Decision Rule: Whenever the point estimate ($6,589 in the example) is less than tolerable
misstatement ($15,000 in the example), the auditor must consider the possibility that the true
population misstatement is greater than the amount of misstatement that is tolerable in the
circumstances. This must be done for both statistical and non-statistical samples.

 An auditor using non-statistical sampling cannot formally measure sampling error and
therefore must subjectively consider the possibility that the true population misstatement
exceeds a tolerable amount.
Auditors do this by considering:
1. The difference between the point estimate and tolerable misstatement (this is called calculated
sampling error)
2. The extent to which items in the population have been audited 100 %
3. Whether misstatements tend to be offsetting or in only one direction
4. The amounts of individual misstatements
5. The sample size
Consideration of the difference between the point estimate and tolerable misstatement

Page 61
(calculated sampling error)
 In our example, suppose that tolerable misstatement is $40,000. In that case, the auditor may
conclude it is unlikely, given the point estimate of $6,589, that the true population misstatement
exceeds the tolerable amount (calculated sampling error is $33,411).
 Suppose that tolerable misstatement is $15,000 as before, only $8,411 greater than the point
estimate. In that case, the auditor will consider other factors
Consideration of the extent to which items in the population have been audited 100 %
 If the larger items in the population were audited 100% (if 100% of the accounts with larger
balances are audited) any unidentified misstatements will be restricted to smaller items.
Consideration of whether misstatements tend to be offsetting or in only one direction
 If the misstatements tend to be offsetting and are relatively small in size, the auditor may
conclude that the true population misstatement is likely to be less than the tolerable amount.
Consideration of sample size and individual misstatement amount
 Also, the larger the sample size, the more confident the auditor can be that the point estimate is
close to the true population value. In this example, when sample size is considered large,
auditors will be more willing to accept that the true population misstatement is less than
tolerable misstatement.
 However, if one or more of these other conditions differs, auditors may judge the chance of a
misstatement in excess of the tolerable amount to be high and the recorded population
unacceptable.
 Even if the amount of likely misstatement is not considered material, the auditor must wait to
make a final evaluation until the entire audit is completed.
 The estimated total misstatement and estimated sampling error in accounts receivable must be
combined with estimates of misstatements in all other parts of the audit to evaluate the effect of
all misstatements on the financial statements as a whole.

13. Analyze exceptions

Qualitative analysis: Assess whether the error arose from:
 Misunderstanding of accounting principles
 Simple mistakes or carelessness
 Intentional irregularity
 Management override of internal controls
 Consider if error suggests undiscovered errors

Auditors should evaluate the nature and cause of each misstatement found in tests of details of

Page 62
balances.

Assume when the auditor confirmed accounts receivable, all misstatements are resulted from the
client‘s failure to record returned goods. The auditor will determine:
 Why that type of misstatement occurred so often?
 The implications of the misstatements on other audit areas,
 The potential impact on the financial statements, and its effect on company operations.
The same approach is followed for all misstatements.
 The auditor must analyze misstatements to decide whether any modification of the audit risk
model is needed.
 In the previous example, if the auditor concluded that the failure to record the returns resulted
from a breakdown of internal controls, it might be necessary to reassess control risk. That in
turn will probably cause the auditor to reduce ARIA, which will increase planned sample size.
 As discussed earlier, revisions of the audit risk model must be done with extreme care because
the model is intended primarily for planning, not evaluating results.
Final decision: When the auditor concludes that the misstatement in a population may be larger than
tolerable misstatement after considering sampling error, the population is not considered acceptable

Action When a Population is Rejected

 When the auditor concludes that the misstatement in a population may be larger than tolerable
misstatement after considering sampling error, the population is not considered acceptable. At
that point, an auditor has several possible courses of action.
1. Take no action until tests of other audit areas are completed
 Ultimately, the auditor must evaluate whether the financial statements taken as a whole are
materially misstated.
 If offsetting misstatements are found in other parts of the audit, such as in inventory, the
auditor may conclude that the estimated misstatements in AR are acceptable.
 However, before the audit is finalized, the auditor must evaluate whether a misstatement in one
account may make the financial statements misleading even if there are offsetting
misstatements.
2. Perform expanded audit tests in specific areas
 If an analysis of the misstatements indicates that most of the misstatements are of a specific
type, it may be desirable to restrict the additional audit effort to the problem area.

For example, if an analysis of the misstatements in confirmations indicates that most of the
misstatements result from failure to record sales returns, the auditor can make an extended

Page 63
 search of returned goods to make sure that they have been recorded.
 However, considering problems in specific area as the only causes of misstatements and
limiting the test to this area may make auditors not to see problems that may exist in other area.
 When auditors analyze a problem area and correct it by proposing an adjustment to the client‘s
records, the sample items that led to isolating the problem area can then be shown as ―correct.‖
 The point estimate can now be recalculated without the misstatements that have been
―corrected.‖ (This is only true when the error can be isolated to a specific area. Errors must
generally be projected to the population being sampled, even if the client adjusts for the error.)
With the new facts in hand, the auditor will also have to reconsider sampling error and the
acceptability of the population.
.3. Increase the Sample Size
 When the auditor increases the sample size, sampling error is reduced if the rate of
misstatements in the expanded sample, their dollar amounts, and their direction are similar to
those in the original sample.
 Therefore, increasing the sample size may satisfy the auditor‘s tolerable misstatement
requirements.
 Increasing the sample size enough to satisfy the auditor‘s tolerable misstatement standards is
often costly, especially when the difference between tolerable misstatement and projected
misstatement is small.
 Moreover, an increased sample size does not guarantee a satisfactory result. If the number,
amount, and direction of the misstatements in the extended sample are proportionately greater
or more variable than in the original sample, the results are still likely to be unacceptable.
 For tests such as AR confirmation and inventory observation, it is often difficult to increase the
sample size because of the practical problem of ―reopening‖ those procedures once the initial
work is done.
 By the time the auditor discovers that the sample was not large enough, several weeks have
usually passed.
 Despite these difficulties, sometimes the auditor must increase the sample size after the original
testing is completed.
 It is much more common to increase sample size in audit areas other than confirmations and
inventory observation, but it is occasionally necessary to do so even for these two areas.
 When stratified sampling is used, increased samples usually focus on the strata containing
larger amounts, unless misstatements appear to be concentrated in some other strata.
4. Adjust the Account Balance
 When the auditor concludes that an account balance is materially misstated, the client may be
willing to adjust the book value based on the sample results.

Page 64
  In the preceding example, assume the client is willing to reduce book value by the amount of
the point estimate ($6,589) to adjust for the estimate of the misstatement. The auditor‘s
estimate of the misstatement is now zero, but it is still necessary to consider sampling error.
 Again, assuming a tolerable misstatement of $15,000, the auditor must now assess whether
sampling error exceeds $15,000, not the $15,000-$6,589= $8,411 originally considered.
 If the auditor believes sampling error is $15,000 or less, AR is acceptable after the adjustment.
If the auditor believes it is more than $15,000, adjusting the account balance is not a practical
option.
5. Request the Client to Correct the Population
 In some cases, the client‘s records are so inadequate that a correction of the entire population
is required before the audit can be completed.
 For example, in AR, the client may be asked to correct the AR records and prepare the AR
listing again if the auditor concludes that it has significant misstatements.
 When the client changes the valuation of some items in the population, the results must be
audited again.
6. Refuse to Give an Unqualified Opinion
 If the auditor believes that the recorded amount in an account is not fairly stated, it is necessary
to follow at least one of the preceding alternatives or to qualify the audit report in an
appropriate manner.
 If the auditor believes that there is a reasonable chance that the financial statements are
materially misstated, it would be a serious breach of auditing standards to issue an unqualified
opinion.
 For purposes of reporting on internal control, the material misstatement should be considered a
potential indicator of a material weakness in internal control over financial reporting.

Page 65
Annex

Page 66
Activity:
Testing for a specific control procedure
Auditor D, is interested in testing transactions for a specific control procedure. He finds that out of
a population of 5,000 transactions, only four population units are missing the control; that is, the
deviation rate for the population is 0.08% (4/5,000).

Type I error (alpha risk)

Suppose D chooses a sample of 20 units from this population, and that sample turns out to contain
all four population units with the missing control. What population deviation rate do you think D
would estimate based on the sample results? What would D be likely to conclude?

Solution: D would estimate that the population deviation rate is 20% (4/20) and conclude that the
control is not effective , when, in fact, it is. In this case, D would conclude that the population is not
valid when, in fact, it is. This is called Type I error.

Type II error (Beta risk)

Suppose that in D‘s situation, the true deviation is 20%; that is, the population of 5,000 transactions
contains 1,000 population units with the missing control. What if D‘s sample of 20 contains none of
the units with the missing control? What do you think D‘s conclusion will be based on the sample
results?
 Solution: D would estimate that the population deviation rate is 0% (0/20). D would likely
conclude that the control is effective, when, in fact, it is not. In this situation, D would
conclude that a population is valid when, in fact, it is not. This is called Type II error

Which one is more risky for auditor D, Type I error, the risk of under reliance or Type II
error, the risk of over reliance?

In the case of a Type I error (alpha risk) when using sampling for test of controls, the greatest risk is
of performing an inefficient audit. For example, if an auditor concludes that controls are ineffective
when they are effective, the auditor might decide to reassess control risk at maximum and perform
additional substantive procedures.

For the risk of a Type II error (beta risk), however, the auditor would not be motivated to do
additional work beyond what has already been planned. Unless other planned procedures or
analysis reveal a deviation or misstatement that was not detected in sampling, the deviation or
misstatement will go uncorrected, and wrong decisions will be made regarding adjustments and the
audit opinion.

Consequently, the auditor is very concerned about beta risk; therefore, when deciding on an
acceptable sampling risk for audit purposes, the focus is on beta risk, not alpha risk.

Page 67
How do sampling risks affect efficiency and effectiveness of audit?

Risk of under reliance on client‘s internal control and risk of incorrect rejection (alpha risk) affects
audit efficiency since both make the auditor to perform additional audit procedures that will finally
reveal that no material weakness in control procedure (in the case of test of control) and the account
is not materially misstated (in the case of substantive test)

Risk of over reliance on client‘s internal control and risk of incorrect acceptance (beta risk) affects
audit effectiveness in detecting material errors. If audit is ineffective there is a failure of detecting
material weakness in control procedure (in the case of test of control) and materially misstated
account balances will not be detected (in the case of substantive test)

Risk of over reliance and risk of incorrect acceptance (beta risk) have significant effect on the
fairness of the financial statement, so they are of primary concern to auditors. If not reduced, these
risks will expose auditors to negligence that will lead to legal liability. Auditors should use a
representative sample to reduce such risk

In summary:

 Type II risk/error, or Beta risk is worse because it results in too little audit work
being done to support audit opinion
 Type I risk/error, or Alpha risk is not as bas, just less efficient. By definition it
pushes the auditor to do more audit work.

Page 68
Comparison of audit sampling tests

Compliance tests and substantive Substantive tests of details of

tests of transactions balances
Focus To obtain evidence that the client To obtain evidence to support
complies with the internal control management‘s assertions regarding
procedures designed and implemented to account balances
achieve specific control objectives
Population from which a Class of transactions Items in an account balance
sample is drawn
Example Testing control procedures relating to the Auditing the existence of
acquisition and payment cycle for ● Accounts receivable
●Authorization for purchasing ● valuation of inventory (expressed
●Proper classification of asset at cost)
expenditure
● evidence that the extensions on invoices
were checked and that the payment was
authorized
Sample Sample of payments from the check Sample from customers with
register or cash disbursement journal outstanding
(random sample of check numbers) accounts receivable balances
Method of testing The auditor would obtain supporting The auditor would support existence
documentation for each check and test by choosing a sample from the
for appropriate controls, such as the customers with outstanding balances
existence of an approved purchase order and obtain confirmations directly
matched to the invoice, a supervisor‘s from those customers.
initials on the invoice to authorize
payment, and so on.

Page 69
Non-Sampling risk and Non-Sampling error

Non-Sampling risk
What are
they? Non sampling risk include all risks other than sampling risk
Non-sampling error is an error that arises from non-sampling risk
Examples 1. Failure to recognize errors in documents or transactions examined due to exhaustion,
boredom, or lack of understanding of what to look for.
 Assume 3 shipping documents were not attached to duplicate sales invoices in a
sample of 100. If the auditor concluded that no exceptions existed, that is a non-
sampling error.
2. Use of an inappropriate/ineffective audit procedure, eg. when the auditor has done
the test in the wrong direction
Non-Sampling risk occurs when there is an incorrect judgment about inherent risk,
control risk and detection risk, which causes the audit risk

Incorrect This is when auditors do not have proper understanding of the nature
judgment about of the client's operation and the auditable areas; they may wrongly
inherent risk believe that few errors and irregularities exist. This will lead them
to do less work and fail to detect the problem (samples taken in such
situations may not be representative)
How does
Non- Incorrect This is when auditors are too optimist about the ability of control
Sampling judgment about systems to prevent, detect and correct errors and irregularities, they
risk occur? control risk tend to do less work, ie they assume control system to be effective
and take few sample which may not be representative

Auditors poor Auditors may select inappropriate procedures for the audit objective.
choice of  Eg audit objective is to find unrecorded A/R. If the
procedures and procedure used to achieve this audit objective is sending
mistakes in confirmation letter for recorded A/R, it is an incorrect
applying procedure
procedures In this case, the sample of receivable balances confirmed do not
(related to represent the unrecorded A/R. (if the sample is taken from this
detection risk) group, the sample will not be representative)
How can a Non-sampling risk can be minimized through effective planning including
Non-  Careful design of audit procedures,
Sampling  Proper instruction,
risk be  Effective supervision of the audit engagement, and through
reduced?  Appropriately designed quality control procedures within the CPA firms.

Page 70
Sampling What is sampling risk? Can sampling risk be Can sampling risk be
risk -It is the risk that the reduced? quantified?
sample is not Sampling risk can be When statistical sampling
representative reduced by increasing methods are used,
-It is the risk that auditors the sample size sampling risk can be
conclusion based on (which means that quantified — it is the
sample might be different more of the probability that the
from the conclusion they population is being sample is not an accurate
would reach if the test examined). reflection of the
were applied to the entire population. (eg 5% error,
population. 95% confidence level)
-Sampling risk is an
inherent part of sampling
that result from testing
less than the entire
population.
Sampling What is sampling Why does sampling How many types of
error error? error occur? sampling errors are
How does it occur? Sampling error occurs there?
Sampling error: The because the auditor Sampling risk can lead to
difference between the has examined less two types of sampling
actual rate or amount in than 100% of the error:
the population and that of population. Type I error and Type II
the sample. error.
Eg. The actual but Eg.
unknown deviation rate
in the population is 3%
but the deviation rate in
the sample is 2%. This
difference of 1% is
known as sampling error.
Sampling error result
from sampling risk.

Page 71
 Statistical Non statistical
Sample selection Sample must be randomly selected. No requirement for random selection
Documentation More extensive documentation of Auditors would be wise to fully
decision process because of the greater document the audit work to
rigour of statistical sampling. Auditors provide background for review,
provide a better source for review, planning, and evidence.
planning, and evidence should the (The importance of
audit work be called into question. documentation cannot be too
strongly emphasized; if the audit
work is called into question when
non-statistical sampling is used,
only good documentation can
provide proof of the soundness of
the auditor‘s judgment.)
Quantification of sampling Requires the auditor to quantify the No quantification of sampling
risk sampling risk that influences the risk.
testing
decision in determining the sample
size.
Inference of The measurement of the sample results With a nonstatistical sample, the
Results (Whether using must be based on statistical methods inference must be made informally
statistical or nonstatistical (permits statistical evaluation). With a (that is, the auditor must use
sampling, the auditor statistical sample, the inference is judgment to estimate the population
infers the results of formalized mathematically (that is, a balance or error).
the sample to the point estimate is calculated and the
population.) confidence interval is constructed).

Page 72