Chapter 9

Audit Sampling

McGraw-Hill/Irwin

Copyright 2010 by The McGraw-Hill Companies, Inc. All rights

reserved.

What is Audit Sampling?

Applying

a procedure to less than 100%

of a population
To estimate some characteristic of the
population

Qualitative
Quantitative

9-2

9-3

Risk
Sampling risk

risk that the auditors conclusions based on a

sample may be different from the conclusion
they would reach if they examined every item in
the population
Nonsampling risk

risk pertaining to nonsampling errors

Can be reduced to low levels through effective

planning and supervisions of audit engagements

9-3

9-4

Nonstatistical sampling
The

auditor estimates sampling risk by

using professional judgment rather than
statistical techniques
Provides no means of quantifying
sampling risk
Sample may be larger than necessary or
auditors may unknowingly accept a higher
than acceptable degree of sampling risk
9-4

9-5

Advantages of Statistical Sampling

Allows

auditors to measure and control

sampling risk which helps:

Design efficient samples

Measure sufficiency of evidence
Objectively evaluate sample results

9-5

9-6

Selection of Random Sample

Random

sample results in a statistically

unbiased sample that may not be a
representative sample
Random sample techniques

Random number tables

Random number generators
Systematic selection

9-6

9-7

Random Number Table

9-7

9-8

Other Methods of
Sample Selection
Other

methods

Haphazard selection
Select items on an arbitrary basis, but without any
conscious bias

Block selection
Block sample consists of all items in a selected time
period, numerical sequence or alphabetical
sequence

Stratification

Technique of dividing population into relatively

homogeneous subgroups
9-8

An Illustration of Stratification

9-9

910

Types of Statistical Sampling Plans

Attributes

sampling
Discovery sampling
Classical variables sampling

Mean-per-unit estimation
Ratio estimation
Difference estimation

Probability-proportional-to-size

sampling
9-10

911

Dual Purpose Test

Tested

used both as a test of control and

substantiating the dollar amount of an
account balance

Ex. Test to evaluate the effectiveness of a

control over recording sales transactions and
to estimate the total overstatement or
understatement of the sales account

9-11

912

Allowance for Sampling Risk

Amount

used to create a range, set by + or

limits from the sample results, within
which the true value of the population
characteristic being measured is likely to lie
Precision
Wider the interval, more confident but less
precise conclusion
Can be used to construct a dollar interval
9-12

913

Sample Size
Significant

effect on allowance for

sampling risk and sampling risk

Sample size increase -> sampling risk and

allowance for sampling risk decrease

Sample

size affected by characteristics of

population

Generally as Population increases -> sample

size increase

9-13

914

Requirements of Audit
Sampling Plans

When planning the sample consider:

The relationship of the sample to the relevant audit objective

Materiality or the maximum tolerable misstatement or deviation
rate
Allowable sampling risk
Characteristics of the population

Select sample items in such a manner that they can be

expected to be representative of the population
Sample results should be projected to the population
Items that cannot be audited should be treated as
misstatements or deviations in evaluating the sample results
Nature and cause of misstatements or deviations should be
evaluated

9-14

915

Sampling Risks--Tests of Controls

Actual Extent of Operating Effectiveness
of the Control Procedure is
Adequate
Inadequate
The Test of Controls
Sample Indicates:
Extent of Operating
Effectiveness is
Adequate

Correct
Decision

Extent of Operating
Effectiveness
Inadequate

Incorrect
Decision
(Risk of Assessing
Control Risk
Too High)

Incorrect
Decision
(Risk of Assessing
Control Risk
Too Low)

Correct
Decision

9-15

916

Audit Sampling Steps for

Tests of Controls

Determine the objective of the test

Define the attributes and deviation conditions
Define the population to be sampled
Specify:

The risk of assessing control risk too low

The tolerable deviation rate

Estimate the population deviation rate

Determine the sample size
Select the sample
Test the sample items
Evaluate the sample results
Document the sampling procedure

9-16

Attributes Sampling: Relationship Between the

Planned Assessed Level of Control Risk and the
Tolerable Deviation Rate

9-17

Illustration of Attributes Sampling-Determining Sample Size

Risk

of Assessing Control Risk Too Low

5 percent
Tolerable Deviation Rate9 percent
Expected Population Deviation Rate2
percent

9-18

Figure 9.4: Statistical Sample Sizes for Tests of Controls

at 5 Percent Risk of Assessing Control Risk Too Low

9-19

Sample Size
Sample size using Figure 9-4 (next slide)
=68 (2)
This

means the auditor should select a

sample of 68 items. We will discuss the
(2) in a few slides.

9-20

Attributes Sampling Evaluation of

Results
2 possible approaches:
1. Use the bracketed number from Table
9.4. If you find that number or less
deviations, conclude that you have
accomplished your audit objective.
2. Use Table 9.5 for a more precise
conclusion.

9-21

Example A--No Deviations Identified (Evaluating

Attributes Sampling Results)
Approach 1You have met your audit objective (because the bracketed number was (2),
you meet objective when you identify 0, 1 or 2 deviations). What can you say?
I believe that the deviation rate in the population is less than 9 percent. You will be
wrong 5 percent of the time when the deviation is exactly 9 percent. If the deviation rate
is in excess of 9 percent you will be wrong even less than 5 percent of the time. The
planned assessed level of control risk is achieved.

Approach 2
You have tested 68 items, a number not on Table 9-5 (next slide
To be conservative go to next lowest number on table (65) and use it for your
conclusions (we could, but won't interpolate for a more precise answer).
You have met your audit objective. Table 9-5 gives us an answer of 4.6 percent.
What can you say?
"I believe that the deviation rate in the population is less than 4.6 percent. You will be
wrong 5 percent of the time when the deviation rate is exactly 4.6 percent. If the
deviation rate is in excess of 4.6 percent you will be wrong even less than 5 percent of
the time. The planned assessed level of control risk is achieved.

9-22

Figure 9.5 Statistical Sampling Results Evaluation Table for

Tests of Controls: Achieved Upper Deviation Rate at
5 Percent Risk of Assessing Control Risk Too Low

9-23

Example B--3 Deviations Identified

(Evaluating Attributes Sampling Results
Approach 1You have not met your audit objective. What can you say?
The achieved upper deviation rate is higher than 9 percent. The planned
assessed level of control risk is not achieved. You need to consider increasing the
assessed level of control risk above the planned assessed level.
Accordingly, you may not rely on internal control to the extent planned. Thus, the
auditor will need to increase the scope of substantive procedures (the nature,
timing, and/or extent).
Approach 2You have not met your audit objective. Table 9-5 provides us an answer of
11.5 percent
I believe that the deviation rate in the population is less than 11.5 percent. You
will be wrong 5 percent of the time when the deviation rate is exactly 11.5 percent.
But this is not good enough as you wanted 9 percent rather than 11.5 percent.
The planned assessed level of control risk is not achieved. You need to consider
increasing the assessed level of control risk above the planned assessed level.
As per Approach 1, an increase in the scope of substantive procedures is
appropriate.

9-24

Other Statistical Attributes

Sampling Approaches
Discovery

sampling

Purpose is to detect at least one deviation,

with a predetermined risk of assessing
control risk too low if the deviation rate in
population is greater than specified tolerable
deviation rate
Useful in suspected fraud

Sequential

925

(Stop-or-Go) Sampling

Audit sample taken in several stages

9-25

926

Sampling Risks--Substantive Tests

The Substantive
Procedure Sample
Indicates
Misstatement in
Account Exceeds
Tolerable Amount
Misstatement in
Account Is Less
Than Tolerable
Amount

The Population Actually is

Not Materially
Materially
Misstated
Misstated

Correct
Decision
Incorrect
Decision
(Risk of Incorrect
Acceptance)

Incorrect
Decision
(Risk of Incorrect
Rejection)

Correct
Decision

9-26

Audit Sampling Steps for

Substantive Tests

927

Determine the objective of the test

Define the population and sampling unit
Choose an audit sampling technique
Determine the sample size
Select the sample
Test the sample items
Evaluate the sample results
Document the sampling procedure

9-27

928

Population VariabilityWhy it Matters

Item
1
2
3
4
5

Population A Population B
2,100
2,100
2,100
2,100
2,100

25
2,000
400
75

Mean

2,100

2,100

Standard
deviation

-0-

8,000

3,395

The variability determines how much information each of the

items in the population tells you about the other items in the
population.

9-28

929

Factors Affecting Sample Size

9-29

Mean Per Unit (MPU)

Illustration

Population Size = 100,000 accounts

Book value = $6,250,000
Other information:
Tolerable misstatement = $364,000
Sampling risk
Incorrect Acceptance = 5%
Incorrect Rejection = 4.6 %
9-30

MPU Risk Coefficients

Acceptable
Level of Risk
(%)

Incorrect
Acceptance
Coefficient

Incorrect
Rejection
Coefficient

1.0

2.33

2.58

4.6

1.68

2.00

5.0

1.64

1.96

10.0

1.28

1.64

15.0

1.04

1.44

20.0

.84

1.28

25.0

.67

1.15

30.0

.52

1.04

40.0

.25

.84

50.0

.00

.67

9-31

Determining Sample Size--MPU

(1 of 2)

Tolerable misstatement

Planned ASR =

1 + (Incorrect acceptance coefficient / Incorrect rejection coefficient)

$364,000

Planned ASR =

= $200,000

1 + (1.64 / 2.00)

9-32

Determining Sample Size--MPU

(2 of 2)
Population size * Incorrect rejection coefficien t * Est. std. dev.
Sample Size

Planned
allowance
for
sampling
risk

100,000 * 2.00 * $15

Sample Size

$200,000

= 225 Accounts

9-33

934

Variables Sampling Illustration--MPU

Adjusted allowance
for sampling risk
=
Tolerable
_ (Population size * Incorrect acceptance coef. * Sample stan. dev.)
misstatement
Sample size

This formula adjusts the allowance for sampling risk to consider the standard
deviation of the audited values in the sample. It holds the risk of incorrect
acceptance at its planned level.

9-34

935

Variables Sampling Illustration-MPU

Using the text example with a standard deviation of audited values
of $16
Adjusted allowance
for sampling risk
=
Tolerable

_ (Population size * Incorrect acceptance coef. * Sample stan. dev.)

misstatement
= $364,000

Sample size
_

($100,000 * 1.64 * $16)

225

= $189,067

We would still accept the book balance because the

$6,250,000 (book value) falls within this interval

Estimate of total
audited value
$6,100,000
[$5,910,933

+
+
to

Adjusted allowance
for sampling risk
$189,067
$6,289,067]
9-35

936

Acceptance Interval
Figure 9-12

9-36

Difference Estimation
Difference

Use sample to estimate the avg. difference

between the audited value and book value of
items in population

Projected
Misstatement

=
Sample Net Misstatement * Pop. Items
Sample items

Most appropriate when size of misstatements

does not vary significantly in comparison to
book value
9-37

938

Ratio Estimation
Use

a sample to estimate the ratio of

misstatement in a sample to its book
value and project it to population

Projected
Misstatement

Sample Net Misstatement * Pop. Book Value

Book Value of Sample

Preferred when the size of misstatements is nearly

proportional to the book values of the items
Large accounts have large misstatements
9-38

Nonstatistical Variables Sampling

Illustration

939

Plan Sample:

Population:

Size = 363 items

Book value = $200,000

Tolerable misstatement = $10,000

Risk assessments:

Inherent and control risk = Slightly below maximum

Other substantive tests = Moderate

9-39

Nonstatistical Sampling-Determination of Sample Size

940

Sample size = Population book value X Reliability factor

Tolerable misstatement
= $200,000 X 2.0
$10,000

= 40 items

9-40

Nonstatistical Sampling--Evaluation
of Sample Results

941

Sample results:
40 accounts in sample
$350 net overstatement
$60,000 book value of sample items
Projected misstatement:
= [Sample net misstatement]
[ Book value of sample ]

X Book value of population

= [ $350 ] X $200,000
[$60,000]
= $1,167

Since the projected misstatement is only 11.7 percent ($1,167/$10,000) of

tolerable misstatement, it is likely that the auditors would conclude that the
account balance is materially correct.

9-41

942

PPS Sampling Illustration

Population

book value = $6,250,000

Other Information:

Tolerable misstatement = $364,000

Sampling risk--Incorrect acceptance = 5%
Expected misstatement = $50,000

Use

Figures 9-14 and 9-15 to obtain a

reliability factor and an expansion
factor--next slide
9-42

PPS Sampling Reliability and

Expansion Factors

9-43

944

PPS Sample Size Computation

Sample

size =

Recorded amount of population * Reliability factor

Tolerable misstatement - (Expected misstatement * Expansion factor)
=

$6,250,000 * 3.0
$364,000 - ($50,000 * 1.6)

66

Sampling interval = Book value of the population

Sample size

= $6,250,000
66

= $95,000 (approximately)

9-44

Figure 9.16 PPS Sample

Selection Process

9-45

946

PPS Evaluation of Results

Upper Limit on misstatement =
Projected misstatement
+ Basic precision (Rel. factor x interval)
+ Incremental allowance

9-46

947

Calculation of Upper Limit on Misstatement

9-47

Comparison of statistical sampling

techniques for substantive procedures

9-48

949

Audit Risk
AR = IR x CR x DR
where

AR=The allowable audit risk that a material misstatement might

remain undetected for the account balance and related assertions.

IR= Inherent risk, the risk of a material misstatement in an assertion,

assuming there were no related controls.
CR= Control risk, the risk that a material misstatement that could
occur in an assertion will not be prevented or detected on a timely
basis by internal control.
DR= Detection risk, the risk that the auditors procedures will fail to
detect a material misstatement if it exists.

9-49