A5: Sampling and Communications

Question 1

Sampling Rules

Answer 1

• assume population is normally distributed
• samples must be randomly selected (each item has equal chance of being selected; no CPA bias in making selection)
• large randomly-selected sample will be representative of the population
• standard deviation is measure of variability

Question 2

Sampling Types

Answer 2

• statistical sampling: specify acceptable sampling risk, calculate sample size, random sample selection, results evaluated quantitatively
• nonstatistical sampling: judgment to determine sample size, results evaluated judgmentally
• both require use of professional judgment

Question 3

Audit Risk

Answer 3

• uncertainty inherent in applying audit procedures
• sampling risk (chance sample not representative of population and CPA’s conclusion was wrong) and nonsampling risk (use inappropriate audit evidence, improperly evaluate results; can only reduce through planning/supervision/quality control)

Question 4

Types of Statistical Sampling

Answer 4

Attribute sampling – testing controls, characteristics, flagging errors (yes/no questions)
Variables sampling (and PPS sampling) – substantive tests, estimate $ value of population

Question 5

Sampling Risks

Answer 5

• main focus: risk of incorrect acceptance (substantive)/risk of assessing control risk too low (controls)/Beta risk; ineffective test, overreliance on control; okay sample when population is not okay (could lead to incorrect opinion)
• risk of incorrect rejection (substantive)/risk of assessing control risk too high (controls)/Alpha risk: inefficient audit; reject sample when population is good

Question 6

Tests of Controls: Attribute Sampling

Answer 6

• tolerable deviation rate: max rate of errors
• deviation rate: in sample (missing items typically considered deviations)
• sample deviation rate + allowance for sampling risk = upper deviation rate
• rely on control if UDR TDR
• sample size: inverse relationships to risk of assessing control risk too low and to tolerable deviation rate, direct relationship to expected deviation rate, no impact of population size

Question 7

Substantive Tests: Variable Sampling

Answer 7

• tolerable misstatement: max $ misstatement (related to preliminary materiality estimates)
• option to stratify population into more homogeneous groups: reduced sample sizes, used when highly variable amounts
• sample size: inverse relationships to tolerable misstatement and to risk of incorrect acceptance, direct relationships to expected size and frequency of misstatements and to population variability (standard deviation)
• allowance for sampling risk: precision interval

Question 8

Variable Sampling Plans

Answer 8

Mean-per-Unit estimation: point estimate = average sample value * items in population (sensitive to variability of population, often stratify population to reduce sample sizes)
Ratio estimation: point estimate = (total sample true value/total sample book value)population book value (useful if audited values proportional to book amounts)
Difference estimation: projected error = (average difference btw total sample book and true values/sample size)population size
-ratio and difference use smaller samples, but only effective when expect many over- and under-statements

Question 9

Probability-Proportional-to-Size (PPS) Sampling

Answer 9

-dollar unit sampling
-emphasizes larger items, chance of selection proportional to dollar amount
-zero balances, negative balances and understated balances require special consideration
Sampling Interval = Tolerable Misstatement / Reliability Factor
Sample Size = Population Book Value / Sampling Interval
-reliability factor (from table) corresponds to risk of incorrect acceptance
-random number selected and determines first item selected
-misstatement in selection projected to interval (projected error = [item misstatement / item’s book value]*sample interval)
-if item has balance larger than interval, use actual dollar misstatement amount

Question 10

Engagements concerning Internal Control

Answer 10

• private company F/S audit: not engaged to opine on internal controls, but deficiencies may be noted during the audit; SAS
• examination of private company internal controls: separate engagement, integrated w/ F/S audit, SASE
• public company audit: required to have integrated audit of internal control over financial reporting; PCAOB

Question 11

Types of Internal Control Problems

Answer 11

• deficiency: design or operation doesn’t allow timely prevention/detection/correction of misstatements
• significant deficiency: deficiency important enough to merit attention by those charged with governance
• material weakness: deficiency w/ reasonable possibility that material misstatement will not be prevented/detected/corrected
• indicators of material weakness: fraud by senior mgt, restatement of previous F/S b/c of material misstatement, ID of material misstatement that wouldn’t have been detected by controls, ineffective oversight by those charged with governance

Question 12

Auditor Responsibility for Internal Control Issue Noted during Nonissuer Audit

Answer 12

• not required to perform procedures to ID deficiencies, or to opine on effectiveness o internal control
• if become aware of deficiency, evaluate if it is significant deficiency or material weakness
• communicate significant deficiencies and material weaknesses in writing to mgt and those charged w/ governance by 60 days after report release date (re-communicate any previously noted deficiencies)
• communicate other deficiencies to mgt only, written or orally (need not tell them again about previously noted ones)

Question 13

Written Communication Requirements: Control Issues Noted in Nonissuer Audit

Answer 13

• must define significant deficiency and material weakness, describe the deficiencies noted and potential effects, purpose of audit to opine on F/S and not on internal control, restrict use to management/internal/gov’t regulators
• may describe inherent limitations of internal control, and extent of CPA consideration of internal control during audit
• may not report absence of significant deficiencies
• may report absence of material weaknesses
• if mgt’s written response included in document w/ auditor’s communication, CPA adds paragraph disclaiming opinion on mgt’s response

Question 14

Integrated Audits: F/S and Internal Controls, Issuers and Nonissuers

Answer 14

• PCAOB requires integrated audits of issuers
• SSAE allows auditor to examine/report on nonissuer’s internal control over financial reporting done w/ a F/S audit
• plan/perform engagement to obtain reasonable assurance no material weaknesses exist

Question 15

Management Responsibilities in Integrated Audit

Answer 15

• issuers: mgt responsible for internal controls, reports on and assesses effectiveness of internal controls
• nonissuers: mgt responsible for internal controls, provides written assertion of effectiveness of internal controls (no assertion: scope limitation, should withdraw)
• issuers and nonissuers: representation letter notes mgt responsibility for internal controls, all significant deficiencies and material weaknesses were disclosed to auditor, material fraud or fraud involving senior mgt disclosed (failure to obtain rep letter is scope limitation: disclaimer or withdraw)

Question 16

Auditor Procedures in Integrated Audit

Answer 16

• testing: evaluate design effectiveness and operating effectiveness of controls
• benchmarking: if automated controls haven’t changed since prior year, no need to repeat testing from prior year
• evaluating deficiencies: determine if they represent significant deficiencies or material weaknesses (effective compensating controls may limit severity of a deficiency)

Question 17

Integrated Audit: Communicate Internal Control Issues w/ Management

Answer 17

• nonissuers: all significant deficiencies and material weaknesses (including previously communicated ones) in writing to mgt and those charge w/ governance by the report release date (not designed to find deficiencies less severe than material weaknesses, define/ describe deficiencies); all other deficiencies in writing to mgt by 60 days after report release date (no need to repeat previously communicated deficiencies)
• issuers: all material weaknesses in writing to mgt and audit committee before issuing report, significant deficiencies in writing to audit committee, all deficiencies in writing to mgt (do not state that no deficiencies/ significant deficiencies found)

Question 18

Integrated Audit: Reporting on Internal Control

Answer 18

• separate or combined reports
• adverse opinion if material weakness
• introduction, scope (attestation standards or PCAOB), definition (of internal controls), inherent limitations (controls may not prevent material misstatements), opinion (nonissuers: if material weakness, adverse opinion directly on effectiveness of controls, not mgt’s assertion), audit of financial statements (if separate reports, each refers to the other and the nature of opinion expressed)
• voluntary engagement to report on existence of previously identified control weakness: CPA must have knowledge of company and its internal controls, testing limited to controls specifically identified as addressing weakness

Question 19

Integrated Audit: Other Issues

Answer 19

• scope limitations: withdraw or issue disclaimer (identified material weaknesses described and material weakness defined in disclaimer)
• issuers: another auditor may not be involved in internal control audit
• nonissuers: testing of controls more limited in F/S audit than in separate engagement to examine internal controls

Question 20

Communications with Those Charged with Governance

Answer 20

• board of directors and audit committee
• audit committee selects auditor, ensures CPA is independent, evaluates internal control
• required communications: auditor’s responsibilities, situations impacting independence, planned audit scope and timing, significant audit findings (significant accounting policies, estimates, judgments, difficulties in performing audit, disagreements w/ mgt, uncorrected misstatements)
• if those charged w/ governance not involved in mgt: communicate material corrected misstatements
• issuers: communication before issuance of audit report

Question 21

Management Representation Letter

Answer 21

• required (failure is scope limitation; disclaimer or withdraw)
• purpose: confirm reps given to auditor, document continuing appropriateness of such reps, reduce likelihood of misunderstanding of matters related to such reps
• assert all material matters adequately disclosed, dated same date as auditor’s report
• materiality doesn’t apply to availability of information and records, issues of fraud
• letter contensts: mgt responsible for F/S and internal controls, provided all info and access, mgt responsibility for internal controls to prevent fraud, disclosed fraud or suspected fraud, identified/suspected noncompliance w/ laws/regulations, uncorrected misstatements are immaterial, litigation disclosed and accounted for, assumptions for estimates reasonable, disclose and account for related parties and related party transactions, subsequent events disclosed, future plans that may impact valuation/classification in F/S