1. AUDIT

2. AUDIT SAMPLING

3. Audit Sampling The population being sampled is normally distributed
Testing of less than 100%
Sample should be representative of population
Every item must have a chance of being selected
No substitute items
Representative of the population
Variability = Uncertainty = Larger sample size

4. Audit Sampling Methods
Statistical sampling – results are evaluated quantitatively
Non statistical sampling – auditors use their judgment.
Both are acceptable
Judgment is required for statistical sampling

5. Advantages of Statistical Sampling
Measure the sufficiency
Provide an objective basis for quantitatively evaluating sample results
Design an efficient sample
Quantify sampling risk so as to limit risk to an acceptable level

6. Types of Statistical Sampling
Attribute sampling – primarily used for testing internal controls.
Variable sampling and probability proportional (PPS) to size – used in substantive testing of account balances

7. Sampling Risk
Is the risk that the auditor’s conclusions may be different from the conclusions which would have been reached had the tests been applied to all items in the account balance or class of transactions.
Chance the sample is WRONG!

8. Sampling Risk In substantive tests:
Risk of incorrect acceptance (effectiveness)
Risk of incorrect rejection (efficiency)
In tests of controls:
Risk of assessing control risk too low (effectiveness)
Risk of assessing control risk too high (efficiency)

9. STATISTICAL SAMPLING SAMPLE POPULATION INTERNAL CR < 100% CR = 100%
EFFECTI
CONTROLS
EFFIC
SUBSTANTIVE
REASONABLE
NOT REASONABLE
TESTING

10. Non-Sampling Risk Use inappropriate audit evidence
Improperly evaluating the results

11. Attribute Sampling
Method used to estimate the rate (%) of occurrence (exception) of an attribute
Generally deals with yes/no questions
Planning considerations:
Relationship of the sample to the objective
Tolerable deviation rate (deviations do not necessarily result in misstatements)
The allowance for sampling risk (too low)
Characteristics of the population

12. Attribute Sampling Example
Define the objective of the test – determine the % of sales orders that are missing credit approval
Define the population – all sales orders used during the year
Define the sampling unit – each sales order
Define the attributes of interest – missing credit approvals or sales orders

13. Attribute Sampling Example
5. Determine the sample size
Risk of assessing control risk too low
Tolerable deviation rate
Expected deviation rate
Population size
See page 10 for questions.
6. Select the sample using random selection or a systematic selection
7. Evaluate the sample results (page 12 for ??)
8. Form conclusions about the internal controls
9.Document the sampling procedure

14. Attribute Sampling Evaluation of results: Actual deviation rate
+ Allow.for sampling risk
Upper deviation rate > Tolerable rate = Control risk 100%
Upper deviation rate < Tolerable rate = Control risk < 100%

15. Other Attribute Sampling Models
Discovery sampling – for fraud
Stop-or-go sampling – designed to avoid over sampling for attributes by allowing an auditor to stop an audit test before completing all steps. It is used when few errors are expected in the population

16. Variable Sampling
Method used to obtain evidence about the reasonableness of monetary amounts.
For substantive testing
Planning considerations:
Relationship of the sample to the objective
Tolerable misstatement
The allowance for sampling risk (incorrect acceptance)
Characteristics of the population
Sample selection considerations – items subject to sampling may also be separated into relatively homogeneous groups (stratification). Stratification is commonly used when a population has highly variable recorded amounts.

17. Projection Techniques
There are 3 commonly used classical variables projection techniques:
Mean-per-unit estimation –uses the average value of the items in the sample to estimate the true population value. (avg sample value x # of items in the population)
Ratio estimation – uses the ratio of the correct values to their book values
Difference – uses the average difference between the correct values and their book values to project the actual population value.

18. Variable Sampling Evaluation of results: Projected error
+ Allow.for sampl. risk
Upper deviation error > Tolerable misstatement = Not
reasonable
Upper deviation error < Tolerable misstatement = Reasonable

19. Variable Sampling Example
Define the objective of the test – client’s accounts receivable balance
Define the population – 5,000 accounts with a recorded book value of $4,500,000
Define the sampling unit – each of the 5,000
Determine sample size
Number of items
Risk of incorrect acceptance
Risk of incorrect rejection
Estimate of standard deviation (variability) of population
Tolerable misstatement

20. Variable Sampling Example
5. Select the sample – random sampling
6. Evaluate sample results
7. Form conclusions about the balances tested
8. Document the sampling procedure

21. Sample size Sample size will increase as the following increase:
Number of items in the population
Population variability
Sample size will decrease as the following increase:
Tolerable misstatement
Desired risk of incorrect acceptance
Desire risk of incorrect rejection

22. Probability Proportional to Size
Method used to express a conclusion in dollar amounts. For substantive testing.
Advantages:
Emphasizes larger items by stratifying the sample
If no errors are expected, PPS sampling generally requires a smaller sample than other methods
Disadvantages:
Zero balances, negative balances, and understated balances generally require special design considerations

23. Probability Proportional to Size
Sampling interval = Tolerable misstatement
Reliability factor
Sample size = Recorded book value
Sampling interval
Reliability factor correspond to the risk of incorrect acceptance and are obtained from a table.
Example: page 20

24. $ ,850
1,000
5,000
20%
300
1200
1500
1,600
N/A
19%
1600
6900
8500
100%
4900 - 0%
4350
$ ,250
$ 5,000
25%
$ 200 $ $
ERROR
INTERVAL %
A-B
AMOUNT
PROJECTED
SAMPLE
AUDIT
REORDED

25. Qualitative Considerations
Nature and cause of deviations
Nature and cause of misstatements
Possible relationship of deviations and misstatements to other phases of the audit

26. Mc 1-8

27. Internal Control Communications

28. I/C Communications Three (3) situations:
Financial statement audit (nonissuers) – certain deficiencies must be communicated (SAS)
Integrated audits
2. Examination of Internal Control – report on its effectiveness (SSAE)
3. Integrated audit (issuers) – an audit of internal control in conjunction with the audit of financial statements (PCAOB)

29. I/C Communications – Definitions
Control deficiency – when the design or operation of internal control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis (design or operational).

30. I / C Communications
Material weaknesses – a significant deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis.

31. I/C Communications
Significant deficiency – is a control deficiency, or a combination of deficiencies in internal control, that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

32. Indicators of Material Weakness
Identification of any level of fraud perpetrated by senior management.
Restatement of previously issued financial statements to correct a material misstatement.
Identification by the auditor of a material misstatement that would have not been identified by the entity’s internal control.
Ineffective oversight by those charged with governance.

33. Non issuers – Internal Control Matters Noted
Not required to search & not required to express an opinion
For those identified – determine whether they represent significant deficiencies or material weaknesses. Both should be:
Communicated to the Audit Committee (or B/D) and Management
In writing
At any time during the audit (up to 60 days beyond the report release date)
Absence of significant deficiencies should not be communicated
Absence of material weaknesses may be communicated
Previously existing – repeat every year

34. Report Contents Example – Page #28 Should include: Examples:
Purpose of the audit was to report on the F/S
A statement that the auditor is not expressing an opinion on internal control
A definition of material weakness and, if relevant, significant deficiency
Identification of significant deficiencies & material weaknesses noted
Limited distribution statement
Examples:
Lack of controls
Inadequate procedures
Failure to safeguards
Significant undisclosed related party transactions
Example – Page #28

35. Integrated Audits
Auditing both the financial statements and management’s assessment of the effectiveness of internal control over financial reporting
Conditions:
The examination of internal control should be integrated with an audit of the financial statements
Tests of controls should be performed

36. Integrated Audits Management requirements (public companies):
Requires each issuer’s annual report to contain an internal control report that:
States management’s responsibility for establishing and maintaining an adequate internal control structure & procedures for financial reporting
Contains an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of issuer for financial reporting

37. Integrated Audits Management requirements (private companies):
Management accepts responsibility
Suitable criteria – AICPA guides
Sufficient evidential matter exists
Management must provide a written assertion

38. Written Representations (issuers & nonissuers)
Auditor should obtain a written representation letter from management in which management:
Acknowledges its responsibility
States the assertion and criteria used
Affirms that management did not rely on the auditor’s procedures as the basis for the assertion
Confirms that all significant deficiencies and material weaknesses have been disclosed to the auditor
Describes fraud resulting in material misstatement or fraud involving senior management or key employees
States whether there were any significant changes to internal control after the date of the report

39. Audit Approach Risk-Based approach Top-Down approach
Evaluate risks at the financial statement level
Considers controls at the entity level
And then focuses on accounts for which there is a reasonable possibility of material misstatement
Risk-Based approach
A greater risk implies that more evidence should be obtained
Walkthroughs are a way to identify likely sources of potential misstatements

40. Reporting on an Entity’s I/C over Financial Reporting
Performing the engagement:
Obtain a written assertion from management
Obtain an understanding
Evaluate the design effectiveness of the controls
Test and evaluate the operating effectiveness
Form an opinion

41. Non issuers – Examination of Internal Control – Communication Requirements
Communicate to management, in writing, control deficiencies. Should be made no later than 60 days following the report release date. Should also inform those charged with governance when such a communication has been made. Previously existing need not be repeated
Communicate to management and those charged with governance, in writing, all significant deficiencies and material weaknesses. Should be made by the report release date. Previously existing should be repeated

42. Issuers – Communication Requirements
Communicate to management and the audit committee, in writing, all material weaknesses. Should be made prior to the issuance of the auditor’s report on internal control over financial reporting.
Communicate to the audit committee, in writing, all significant deficiencies. Should be made by the report release date. Previously existing should be repeated
Communicate to management, in writing, control deficiencies. Should also inform those charged with governance when such a communication has been made. Previously existing need not be repeated

43. Reporting on an Entity’s I/C over Financial Reporting
Separate or combined reports
Two types of reporting:
An opinion on management’s assertion
An opinion directly on the effectiveness of an entity’s internal control
Material weakness = Adverse opinion & express an opinion directly on the effectiveness of internal control, and not on management’s assertion

44. Communications with Those Charged with Governance

45. Audit Committees
3 to 5 outside directors, neither employees nor part of management
Functions:
Selects and appoint the auditors
Solve disagreements
Maintain lines of communications
Evaluate internal controls
Sarbanes-Oxley requires audit committees to approve the engagement of the auditor, to pre-approve the services, and to have ongoing communication.

46. Comm. With Audit Committee (oral or written)
Auditor’s responsibility under GAAS
That internal control is considered for planning, but not for expressing an opinion (nonissuers)
That the audit is designed to provide reasonable, but not absolute assurance about whether the financial statements are free of material misstatement
Overview of the planned scope and timing of the audit
For audits of issuers communications are required to be made before the auditor’s report on the financial statements is filed with the SEC

47. Comm. With Audit Committee (oral or written)
Matters related to the Auditor’s responsibility:
The auditor is responsible for forming and expressing an opinion
The audit do not relieve management of responsibilities
The auditor is responsible for performing the audit in accordance with GAAS
The audit provides reasonable assurance only
The auditor is not going to form an opinion on internal control
Significant matters will be communicated

48. Comm. With Audit Committee (oral or written)
Overview of Scope & Timing:
How significant risks of material misstatements will be addressed
Planned approach toward internal control
Factors affecting materiality
Potential use of internal auditors

49. Comm. With Audit Committee (oral or written)
Overview of Scope & Timing:
How significant risks of material misstatements will be addressed
Planned approach toward internal control
Factors affecting materiality
Potential use of internal auditors

50. Comm. With Audit Committee (oral or written)
Significant audit findings:
The auditor’s views about qualitative aspects of the entity’s accounting practices:
Initial selection of, changes in, and appropriateness of accounting policies
Process in formulating estimates
Significant management judgments
Adequacy of financial statements disclosures
Significant difficulties in performing the audit
Disagreements with management
Difficulties encountered in performing the audit
Uncorrected misstatements
Independence issues

51. Comm. With Audit Committee (oral or written)
Other issues when governance is not managing the entity:
Significant issues or findings arising from the audit
Material corrected misstatements
Management representations requested by the auditor
Management’s consultation with other accountants

52. Management representations

53. Evidential Proc. – Rep. Letter
Purposes:
To confirm representations given.
To indicate & document the continuing appropriateness of such representations.
To reduce the possibility of misunderstanding concerning matters that are the subject of the representations.
Should cover all periods presented.
Dated same as audit report
Signed by CEO & CFO
Mandatory – scope limitation, disclaimer of opinion

54. Evidential Proc. – Rep. Letter
Representations regarding:
Financial statements
Completeness of information
Recognition, measurement, and disclosure
Subsequent events
Other
Example: Page #59-60