1.32k likes | 1.72k Views
STATISTICAL SAMPLING FOR AUDITORS. Jeanne H. Yamamura CPA, MIM, PHD. OBJECTIVES. Review of sampling concepts Types of sampling Attribute sampling Steps Nonstatistical attribute sampling Compliance auditing Monetary unit sampling Steps Nonstatistical monetary unit sampling
E N D
STATISTICAL SAMPLING FOR AUDITORS Jeanne H. Yamamura CPA, MIM, PHD
OBJECTIVES • Review of sampling concepts • Types of sampling • Attribute sampling • Steps • Nonstatistical attribute sampling • Compliance auditing • Monetary unit sampling • Steps • Nonstatistical monetary unit sampling • Classical sampling • Ratio estimation • Difference estimation
AUDIT SAMPLING • Application of an audit procedure to less than 100% of the items in a population • Account balance • Class of transactions • Examination “on a test basis” • Key: Sample is intended to be representative of the population.
SAMPLING RISK • Possibility that the sample is NOT representative of the population • As a result, auditor will reach WRONG conclusion • Decision errors • Type I – Risk of incorrect rejection • Type II – Risk of incorrect acceptance
TYPE I – RISK OF INCORRECT REJECTION • Internal control: Risk that sample supports conclusion that control is NOT operating effectively when it really is • AKA – Risk of underreliance, risk of assessing control risk too high • Substantive testing: Risk that sample supports conclusion that balance is NOT properly stated when it really is
TYPE II – RISK OF INCORRECT ACCEPTANCE • Internal control: Risk that sample supports conclusion that control is operating effectively when it really isn’t • AKA – Risk of overreliance, risk of assessing control risk too low • Substantive testing: Risk that sample supports conclusion that balance is properly stated when it really isn’t
WHICH RISK POSES THE GREATER DANGER TO AN AUDITOR? • Risk of incorrect rejection • Efficiency • Risk of incorrect acceptance • Effectiveness • Auditor focus on Type II • Also provides coverage for Type I
NONSAMPLING RISK • Risk of auditor error • Sample wrong population • Fail to detect a misstatement when applying audit procedure • Misinterpret audit result • Controlled through • Adequate training • Proper planning • Effective supervision
SAMPLE SIZE FACTORS • Desired level of assurance (confidence level) • Acceptable defect rate (tolerable error) • Historical defect rate (expected error)
CONFIDENCE LEVEL • Complement of sampling risk • 5% sampling risk, 95% confidence level • How much reliance will be placed on test results • The greater the reliance and the more severe the consequences of Type II error, the higher the confidence level needed • Sample size increases with confidence level (decreases with sampling risk)
TOLERABLE ERROR AND EXPECTED ERROR • “Precision” – the gap between tolerable error and expected error • AKA Allowance for sampling risk • Sample size increases as precision decreases
WHEN DO YOU SAMPLE? • Inspection of tangible assets, e.g., inventory observation • Inspection of records or documents, e.g., internal control testing • Reperformance, e.g., internal control testing • Confirmation, e.g., verification of AR balances
WHEN IS SAMPLING INAPPROPRIATE? • Selection of all items with a particular characteristic, e.g., all disbursements > $100,000 • Testing only one or a few items, e.g., automated IT controls, walk throughs • Analytical procedures • Scanning • Inquiry • Observation
WALKTHROUGHS • Designed to provide evidence regarding the design and implementation of controls • Can provide some assurance of operating effectiveness BUT • Depends on nature of control (automated or manual) • Depends on nature of auditor’s procedures to test control (also includes inquiry and observation combined with strong control environment and adequate monitoring) • Walkthough = sample of 1
STATISTICAL VS NONSTATISTICAL SAMPLING • Statistical sampling • Statistical computation of sample size • Statistical evaluation of results • Nonstatistical sampling • Sample sizes should be approximately the same (AU 350.22) • Sample sizes must be sufficient to support reliance on controls and assertions being tested
WHEN IS SAMPLING NONSTATISTICAL? • If sample size determined judgmentally • If sample selected haphazardly • If sample results evaluated judgmentally
TYPES OF SAMPLING • Attribute sampling • Monetary unit sampling • Classical variables sampling
ATTRIBUTE SAMPLING • Used to estimate proportion of a population that possesses a specific characteristic • Most commonly used for T of C • Can also be used for dual purpose testing (T of C and Substantive T of T)
MONETARY-UNIT SAMPLING • AKA probability proportional to size (PPS) sampling, cumulative monetary unit sampling • Used to estimate dollar amount of misstatement
CLASSICAL VARIABLES SAMPLING • Uses normal distribution theory to identify amount of misstatement • Useful when large number of differences expected • Smaller sample size than MUS • Effective for both overstatements and understatements • Can easily incorporate zero balances
STEPS IN STATISTICAL ATTRIBUTE SAMPLING APPLICATION • Planning • Determine the test objectives • Define the population characteristics • Determine the sample size • Performance • Select sample items • Perform the auditing procedures • Evaluation • Calculate the results • Draw conclusions
STEP 1: DETERMINE THE TEST OBJECTIVES • Objective for T of C: To determine the operating effectiveness of the internal control • Support control risk assessment below maximum • Identify controls to be tested and understand why they are to be tested
TESTS OF CONTROLS • Concerned primarily with • Were the necessary controls performed? • How were they performed? • By whom were they performed? • Appropriate when documentary evidence of performance exists
STEP 2: DEFINE THE POPULATION CHARACTERISTICS • Define the sampling population • Assertion • Completeness • Define the sampling unit • Determined by available records • Define the control deviation conditions
STEP 3: DETERMINE THE SAMPLE SIZE • Determine factors • Desired confidence level (direct) • Tolerable deviation rate (inverse) • Expected population deviation rate (direct) • Desired confidence level • If planning to rely on controls, would be 90 to 95% • Significance of account and importance of assertion affected by control being tested
STEP 3: DETERMINE THE SAMPLE SIZE • Tolerable deviation rate • Maximum deviation rate that auditor willing to accept and still consider control effective • Control would be relied upon • Why any errors acceptable? • Control deviation = Misstatement
STEP 3: DETERMINE THE SAMPLE SIZE • Expected population deviation rate • Rate expected to exist in population • Based on prior years’ results or pilot sample • If expected population deviation rate > tolerable rate, DO NOT TEST • SAMPLE SIZE TABLES
STEP 3: DETERMINE THE SAMPLE SIZE • Testing multiple attributes on the same sample • Select largest sample size and audit all of them for all attributes • Result is some overauditing BUT may take less time than trying to remember which sample items need to be tested for which attribute
FINITE POPULATION CORRECTION FACTOR • When population size < 500 • Apply finite population correction factor • √1-(n/N) • Where n = sample size from table and N = number of units in population
STEP 4: SELECT THE SAMPLE ITEMS • Sample must be selected to be representative of the population • Each item must have an equal opportunity of being selected
STEP 4: SELECT THE SAMPLE ITEMS • Random number selection • Unrestricted random sampling without replacement (once selected cannot be selected again)
STEP 4: SELECT THE SAMPLE ITEMS • Random number table • Need to document • Correspondence: relationship between population and random number table • Route: selection path, e.g., up or down columns, and right to left (must be consistent) • Starting point: starting row, column, digit • Stopping point: to enable adding more sample items if needed
RANDOM NUMBER TABLE ILLUSTRATION • Select a sample of 4 items from prenumbered canceled checks numbered from 1 to 500. Start at row 5, column 1, digit starting position 1. Select three-digit numbers. Items selected are: • 145 (sample item #1) • 516 (discard because checks numbers do not exceed 500) • 032 (sample item #2) • 246 (sample item #3) • 840 (discard)181 (sample item #4)
RANDOM NUMBER TABLE ILLUSTRATION • To minimize discards, table numbers > 500 can be reduced by 500 to produce a sample item within the population boundary of 1 to 500. The four sample items selected are: • 145 (sample item #1) • 016 (sample item #2 = 516 – 500 = 016) • 032 (sample item #2) • 246 (sample item #3) • 340 (sample item #4 = 840 – 500 = 340)
RANDOM NUMBER TABLE ILLUSTRATION • Select 4 sales invoices numbered from 5000 to 12000. Start at row 21, column 2, digit starting point 1. Rather than use a 5-digit number, which produces a large number of discards, add a constant to get a population with 4 digits. If a constant of 3000 is used, the usable numbers selected from 2000 to 9000 are: • 6,043 (sample item #1 = 3043 + 3000) • 10,120 (sample item #2 = 7120 + 3000) • 10,212 (sample item #3 = 7212 + 3000) • 5,259 (sample item #4 = 2259 + 3000)
STEP 4: SELECT THE SAMPLE ITEMS - EXCEL • Excel • Select Tools • Select Data Analysis • Select Sampling
STEP 4: SELECT THE SAMPLE ITEMS • Input Range • Enter the references for the range of data that contains the population of values you want to sample. Microsoft Excel draws samples from the first column, then the second column, and so on. • Labels • Select if the first row or column of your input range contains labels. Clear if your input range has no labels; Excel generates appropriate data labels for the output table. • Sampling Method • Click Periodic or Random to indicate the sampling interval you want. • Period • Enter the periodic interval at which you want sampling to take place. The period-th value in the input range and every period-th value thereafter is copied to the output column. Sampling stops when the end of the input range is reached.
STEP 4: SELECT THE SAMPLE ITEMS • Number of Samples • Enter the number of random values you want in the output column. Each value is drawn from a random position in the input range, and any number can be selected more than once. • Output Range • Enter the reference for the upper-left cell of the output table. Data is written in a single column below the cell. If you select Periodic, the number of values in the output table is equal to the number of values in the input range, divided by the sampling rate. If you select Random, the number of values in the output table is equal to the number of samples.
STEP 4: SELECT THE SAMPLE ITEMS • Systematic selection • Determine sampling interval = Population / Sample Size • Ensure population is in random order • Select random starting number (within first interval) • Better to use multiple random starting points to reduce risk of missing systematic deviations • Select every nth item • Continue sample selection until population is exhausted • (Last sample selected + sampling interval) > Last item in population • In other words, don’t stop when desired sample size reached
STEP 5: PERFORM THE AUDITING PROCEDURES • Conduct planned audit procedures • What if? • Voided documents - if properly voided, not a deviation; replace with new sample item • Unused or inapplicable documents – replace with new sample item • Inability to examine sample item – deviation • Stopping test before completion – large number of deviations detected
STEP 5: PERFORM THE AUDITING PROCEDURES • Deviations observed • Investigate nature, cause, and consequence of every exception • Unintentional error? Or fraud? • Monetary misstatement resulted? • Cause – misunderstanding of instructions? Carelessness? • Effect on other areas?
STEP 6: CALCULATE RESULTS • Summarize deviations for each control • Calculate sample deviation rate and computed upper deviation rate • Sample deviation rate + Allowance for sampling risk = Computed upper deviation rate • Statistical sampling results evaluation tables
STEP 7: DRAW CONCLUSIONS • If Computed Upper Deviation Rate > Tolerable Rate, control is ineffective and cannot be relied upon. • If Computed Upper Deviation Rate < Tolerable Rate, control is effective
EVALUATION OF EXPOSURE • In a sample of 25 manual control operations from a population of 3,000 control operations, 1 deviation was identified. The sample was designed with an expectation that 0 deviations would be found. • Looking up the results (in 90% confidence level table): Computed upper error limit = 14.7%
EVALUATION OF EXPOSURE • The sample did not meet its design criteria, so there is a higher than desired risk that the control will fail to prevent or detect a misstatement. • To assess the magnitude of the exposure: • Identify the gross exposure of the account or process. This is based on the volume of dollars processed through the control. • The upper limit on the control deviations was 14.7%. • The adjusted exposure is $735,000 (14.7% * $5,000,000). • The $735,000 exposure may assist the auditor in evaluating the severity of the control deficiency.