1. Rittenberg/Schwieger/Johnstone Auditing: A Business Risk Approach Sixth Edition Chapter 10
Audit Sampling
Copyright © 2008 Thomson South-Western, a part of the Thomson Corporation. Thomson, the Star logo, and South-Western are trademarks used herein under license.

2. Overview
Audit sampling is defined as applying audit procedures to less than 100 percent of a population in order to estimate some characteristic about that population
Typically, auditors sample to determine whether
A control procedure is operating effectively (test of controls)
An account balance is presented fairly (substantive test)
Fraud exists

3. Overview (continued)
In some cases, sampling may not be the best approach
Some audit procedures do not provide sufficient evidence when applied on a sample basis
Example: auditors read minutes of all BOD meetings to identify related party transactions
Reading the minutes of a sample of BOD meetings would not be sufficient
Audit procedures that provide high quality evidence at low cost may be applied more extensively simply because its cheaper to test all items rather than sampling
Example: auditors typically confirm all bank account balances
Account balances that are immaterial (or where the potential misstatement is immaterial) may not be worth sampling
Such accounts may be audited more efficiently with analytics

4. Overview (continued)
From the results of sampling, the auditor makes an inference about the underlying population
For this inference to be valid, the sampling units tested must be representative of the underlying population
The auditor needs to make four important decisions to ensure the sample is representative and to control against making an incorrect inference:
Which population should be tested and for what characteristics? (population)
Sample size?
Which items should be included in the sample? (selection)
What inferences can be made from the sample? (evaluation)

5. What is non-sampling and sampling risk?
When auditors draw an erroneous inference from sampling, the cause is either non-sampling or sampling risk
Non-sampling Risk
Occurs when auditor does not appropriately carry out audit procedures or misinterprets results
Results from human error
Cannot be quantified
CPA firms try to minimize through quality control practices
Sampling Risk
Occurs when sample is not representative of the underlying population
Can be controlled through sample size - as sample size increases, sampling risk decreases
If the sample is 100% of the population, sampling risk is zero; however, this is often not practical

6. Sampling Risks Related to Tests of Controls
If the sample is not representative of the population, the auditor may draw an incorrect conclusion about the effectiveness of a control:
Auditor assesses control risk too high:
Sample indicates control is worse than it really is
As a result, the auditor does not rely on the control and does more substantive testing than necessary
Assessing control risk too high does not directly affect audit quality, but does lead to audit inefficiencies
Auditor assesses control risk too low:
Sample indicates control is better than it really is
As a result, the auditor relies on an ineffective control (without realizing it's unreliable) and substantive testing is not rigorous as it should be
This increases the risk that material misstatements are not found and an incorrect audit opinion issued

7. Sampling Risks Related to Substantive Testing
If the sample is not representative of the population, the auditor may draw an incorrect conclusion about whether an account balance is presented fairly:
Incorrect acceptance
Sample indicates account balance is not materially misstated when it is
Auditor may issue unqualified opinion on materially misstated statements
Because of the potential costs associated with incorrect acceptance, auditors control for this risk

8. Sampling Risks Related to Substantive Testing (continued)
Incorrect rejection
Sample indicates account balance is materially misstated when it isn't
There are things that reduce this risk
Before telling client to adjust its books, auditor usually performs additional tests
If client believes account balance is correct, client will ask auditor to perform more tests
These increase probability that incorrect rejection will be discovered
Incorrect rejection affects the efficiency of the audit, but does not affect the fairness of the audited financial statements

9. Selecting a Sampling Approach
Auditors use both statistical and non-statistical sampling techniques
Non-statistical sampling
Auditor judgment used to determine sample size, sample selection, and evaluate sample results
Does not provide objective way to control and measure sampling risk
Because its subjective, results are less defendable in legal proceedings
takes less time to perform
Frequently used in audits of small clients

10. Selecting a Sampling Approach (continued)
Statistical sampling
Allows auditor to statistically design an efficient sample, measure sufficiency of evidence, and evaluate sample results
Provides quantified measures of control procedure failure rates, amount of error in account balances, and sampling risk
Requires precise definitions of acceptable risk and sample objectives
Requires knowledge of statistical sampling methods
Efficient method for testing large populations

11. Testing Controls and Compliance
If an auditor believes a control is effective and plans to rely on that control, s/he must test the control to see if it is operating effectively
Attribute estimation sampling and discovery sampling are the statistical methods frequently used to test controls
In this context, an attribute is the characteristic that indicates the control is working effectively
Example: the organization requires all sales on account be approved by the credit manager
Approval is evidenced by the manager's initials on the sales invoice
The manager's initials are the attribute
The auditor would examine sales invoices and look for the initials

12. Attribute Estimation Sampling
The appropriate sample size depends on a number of factors including:
Statistical Risk (Risk of assessing control risk too low)
Risk of concluding controls are effective when, in fact, they are not
Means auditor relies on an ineffective control without realizing it
The lower the risk, the larger the sample size

13. Attribute Estimation Sampling (continued)
Tolerable failure rate
Failure rate at which auditor will determine the control is not operating effectively
Based on the importance of the control
If a control is crucial, the tolerable failure rate is set at low level
The lower the tolerable failure rate, the larger the sample size
Expected failure rate
Based on auditor's experience with the client
The higher the expected failure rate, the larger the sample size

14. Attribute Estimation Sampling as an Audit Objective
The steps to implement an attribute estimation sampling plan are:
Identify the attribute to be tested and define conditions of failure
Define the population to be tested including the period covered by the test, sampling unit, and ensuring population is complete
Determine appropriate sample size
Determine effective and efficient method of selecting the sample
Select and audit sample items
Evaluate sample results and reach conclusion on audit objectives
Document all phases of the sampling plan

15. Attribute Estimation Sampling: Sample Size
The appropriate sample size depends on a number of factors including statistical risk, and the tolerable and expected failure rates
Other issues:
Multiple Attributes
Auditors frequently test several attributes using the same set of source documents
While the sampling risk should be the same, the tolerable and expected failure rates may differ between controls
The result is a different sample size for each control
There are several approaches to select items for the sample
Small Populations (Appendix)
- If the sample is a large portion of the population, auditor may be able to reduce the sample size
- Use a finite adjustment factor

16. Attribute Estimation Sampling: Sample Selection
Once the appropriate sample size has been determined, the auditor must decide how to select sample
Random-based methods eliminate the possibility of unintentional bias in the selection process and help ensure the sample is representative
- Random number - efficient selection method if there is an easy way to relate random numbers to the population
Examples: sales invoice number, purchase order number
Computer programs typically used to generate random numbers

17. Attribute Estimation Sampling: Sample Selection (continued)
Systematic selection - selects every nth item in the population from a randomly selected starting point
Sampling interval (n) is determined by dividing population size by desired sample size
To use this method, auditor must be sure there is not a systematic pattern of failures in the population
Haphazard selection (non-statistical method)
Arbitrary selection
Not random based
Judgmental sampling (non-statistical method)
Auditor may use judgment to select sample

18. Attribute Estimation Sampling: Evaluate Sample Results
The auditor projects the results of sampling to the population before drawing a conclusion
If the sample failure rate is no greater than the expected failure rate, the auditor can conclude the control is as effective as expected
If the sample failure rate exceeds the expected failure rate, the auditor must determine whether the projected maximum failure rate is likely to exceed the tolerable failure rate
To do this, the auditor must determine the upper limit of the potential failure rate in the population
The upper limit is based on the sample failure rate and sample size and is adjusted upward for sampling error

19. Attribute Estimation Sampling - Evaluate Sample Results (continued)
If the upper limit exceeds the tolerable failure rate, the internal control process has deficiencies
The auditor should either
Test a compensating control (if available)
Increase the rigor of the subsequent substantive testing
The auditor should also evaluate
The nature of the control procedure failures (pattern of error)
The effect of such failures on potential financial statement misstatement

20. Attribute Estimation Sampling: Evaluate Sample Results (continued)
When control failures are found, they should be analyzed qualitatively as well as quantitatively
Auditor should try to determine whether the failures
Were intentional or unintentional
Were random or systematic
Had a direct dollar effect

21. Searching for Fraud
Discovery sampling may be used to help identify potential fraud
Tolerable rate is set very low and expected rate is set at zero percent
Results in large sample size
At any point, if evidence of just one potential fraud is found, the auditor stops sampling and starting investigating to determine if fraud actually occurred

22. Sampling to Test for Account Balance Misstatements (Substantive Testing)
Basic steps:
Specify audit objective of the test
Define misstatement
Define population (and sampling units)
Choose sampling method
Determine sample size
Select sample
Audit selected items
Evaluate sample results
Perform follow-up work as necessary
Document sampling procedure and results

23. Specifying the Audit Objective
Sampling always relates to one specific procedure usually testing one specific assertion
Specifying the audit objective determines the population to test
For example:
If objective is to determine existence, the sample should be selected from recorded information
- On the other hand, if the objective is to determine completeness, the sample should be selected from a complementary population such as source documents

24. Define Misstatements
Misstatements should be defined before sampling to
Preclude auditor from rationalizing away misstatements as isolated events
Provide guidance to the audit team
Misstatement is usually defined as a difference that affects the correctness of the overall account balance

25. Define the Population
Group of items in an account balance that the auditor wants to test
Does not include:
Items the auditor has decided to examine 100%
Items that will be tested separately
Important to properly define the population:
Sample results can be projected only to the group from which the sample is selected
The population must be directly related to the audit objective

26. Define the Sampling Unit
Sampling units are the individual auditable elements that make up the population
Example: sampling units for confirming accounts receivable could be the individual customer's balance or individual unpaid invoices

27. Identify Individually Significant Items
Many account balances are comprised of a few large dollar items and many smaller items
Dividing a population into two or more subgroups based on dollar amount can increase audit efficiency
Items in excess of a specified dollar amount (top stratum items) are examined 100%
Items less than the specified amount (lower stratum items) are sampled
This process (stratification) allows the auditor to examine a significant portion of an account balance even though s/he examines a relatively few items

28. Choosing a Sampling Method
There are a number of sampling methods an auditor may use
Non-statistical
Probability proportional to size (PPS)
Classical sampling methods (not covered in this text)
Mean-per-unit
Ratio estimation
Difference estimation

29. Choosing a Sampling Method (continued)
The sampling methods differ in a number of ways:
Measure of sampling risk
Statistical methods provide an objective measure of sampling risk
Non-statistical methods do not provide such a measure
Tests for account balance
PPS is designed to test for overstatement of an account balance
Classical methods test for both overstatement and understatement
Statistical estimates
PPS provides an estimate of the amount of misstatement in the account
Classical methods provide an estimated range of the account balance
Sample selection
PPS is a dollar-based approach; each dollar is a sampling unit
Classical samples are selected using a variety of sampling units

30. Choosing a Sampling Method (continued)
Use of PPS would be appropriate if
Auditor is testing for overstatements in an account balance
A dollar-based sampling approach increases the probability of selecting overstated items
Few or no misstatements expected
Individual book values (like a subsidiary ledger) are available
One of the classical methods would be appropriate if the auditor
Is concerned about understatements in an account balance
Expects numerous misstatements
Is examining an account balance based on estimates rather than a total of individual items
Is trying to estimate an account balance

31. Determining Sample Size, Selecting Sample, Evaluating Results
Sample size, method of selecting the sample, and the approach to evaluating sample results all depend on the sampling method used
Whichever sampling method is used, consideration must be given to the risk of misstatement, sampling risk, and the auditor's assessment of tolerable and expected misstatement
Tolerable misstatement
Maximum misstatement an auditor will accept before deciding the recorded account balance is materially misstated
Expected misstatement
Based on results of other substantive tests and auditor's prior
experience with the client
Expected misstatement should be less than tolerable misstatement

32. What is non-statistical sampling?
Determine sample size
All significant items should be tested
No way to mathematically control sampling risk
Select the sample
Sample must be representative of population
Could use random-based method or haphazard selection
Evaluate sample results
Project misstatements to the population
Consider sampling error
Make judgment as to whether account is likely to be materially misstated

33. Probability Proportional to Size (PPS) Sampling
Dollar-based sampling approach where the population is the number of dollars in the account balance examined
Using dollars as sampling units means larger dollar items in the account balance are more likely to be selected in the sample
PPS is an effective sampling approach when the auditor is testing for overstatements
Appropriate when few misstatements are expected and individual book values are available

34. What is probability proportional to size (PPS) sampling - TD risk?
To use PPS, the auditor must determine the allowable risk of the sample failing to detect a material misstatement (test of details risk) and tolerable and expected misstatements for the account balance
Test of Details Risk
Detection risk is the risk that the substantive audit procedures will fail to detect material misstatements
There are two types of substantive audit procedures - those that use sampling, and other (non-sampling) substantive procedures
Test of details (TD) risk is the part of detection risk related to sampling; the risk that substantive sampling procedures will fail to detect a material misstatement
Other substantive procedures risk (OSPR) is the risk that the non-sampling procedures will fail to detect a material misstatement

35. Probability Proportional to Size Sampling (continued)
The relation between TD risk and inherent and control risks and OSPR is inverse
High inherent risk means the auditor is examining transactions that are susceptible to misstatement
High control risk means the client controls are weak
High OPSR means the non-sampling audit procedures are not effective in detecting material misstatements
In each of these situations, the auditor would want to be more careful with his/her sampling procedures
The auditor would want lower TD risk; less chance of failing to detect material misstatements with sampling procedures
Lower TD risk means the auditor wants a lower risk of sampling procedures failing to detect material misstatements
To achieve this lower risk of failing to detect, the sample size must increase

36. Probability Proportional to Size Sampling: Sample Size
PPS samples are usually selected using a fixed interval sampling approach
The sampling interval (I) is calculated as
I = TM - (EM x EEF) RF
TM = Tolerable misstatement
EM = Expected misstatement
EEF = Error expansion factor
RF = Reliability factor
Error expansion and reliability factors are based on TD risk
Sample size (n) is computed by dividing the account book value by the sampling interval
n = Population Book Value
Sampling Interval

37. Probability Proportional to Size Sampling: Sample Selection
Sample items are often selected using a fixed interval approach
Every Ith dollar after a random start
A random start is required to give every dollar in the population an equal chance to be included in the sample
The first sample item is the one that first causes the cumulative total (cumulative book value + random start) to equal or exceed the sampling interval
Successive sample items are those first causing the cumulative total to equal or exceed multiples of the interval
Sample composition:
All top stratum items will be included in the sample
Lower stratum items will be sampled

38. Probability Proportional to Size: Zero or Negative Balances
Items with zero balances have no chance of being selected using PPS
If evaluation is necessary, zero balance items should be audited as a different population
Two approaches to deal with population items with negative balances:
Exclude them from the selection process and test them as a separate population
Include them in the selection process and ignore the negative sign

39. Probability Proportional to Size: Sample Evaluation
Based on sample results, the auditor computes the upper misstatement limit
Upper misstatement limit (UML)
Maximum dollar overstatement that might exist in the population
Given the misstatements detected in the sample
At the specified TD risk level
UML is the sum of three components:
Basic precision
Most likely misstatement
Incremental allowance for sampling error.

40. Review Probability Proportional to Size - Sample Evaluation
If the UML is less than the tolerable misstatement, the account balance is considered fairly presented
If the UML exceeds the tolerable misstatement, the account balance is not fairly presented