AUD 5 - Sampling and Communications Flashcards
What is the difference between attribute sampling and variables sampling?
- Attribute: estimates of a rate of occurrence; primarily used for testing internal control; more likely to deal with tests of controls; often can be identified by finding the option that deals with yes-no questions; testing characteristics, flagging errors.
- Variables: of a numeric quantity/generally deals with dollar values; estimate of dollar value of the population; along with PPS sampling are typically used in substantive testing of account balances.
What is audit risk, and what does it include?
The uncertainty inherent in applying audit procedures. It includes both uncertainties due to sampling and uncertainties due to factors other than sampling.
What is sampling risk, and what are sampling risks in substantive testing and in tests of controls?
- Chance the sample is “wrong;” possibility auditor’s conclusion will be different than if tests were applied to the whole population (sample not representative of the population.)
- Variables: (a.) Risk of incorrect acceptance (beta risk): risk that the sample supports the conclusion that the recorded account balance is not materially misstated when in fact it is (ineffective: auditor’s concern). (b.) Risk of incorrect rejection (alpha risk): risk that the sample supports the conclusion that the recorded account balance is materially misstated when in fact it is not (inefficient).
- Attributes: (a.) Risk of assessing control risk too low (beta risk; overreliance): risk that the assessed level of control risk based on the sample is less than the true risk based on the actual operating effectiveness of the control (sample results indicate a lower deviation rate that actually exists in the population) (ineffective: auditor’s concern). (b.) Risk of assessing control risk too high (alpha risk; underreliance): risk that the assessed level of control risk based on the sample is greater than the true risk based on the actual operating effectiveness of the control (sample results indicate a greater deviation) (inefficient).
What is nonsampling risk?
Includes all aspects of audit risk that are not due to sampling; always present and can’t be measured; e.g. selecting inappropriate audit procedures and failure to recognize misstatements in documents examined.
What are the factors that affect sample size?
- Risk of assessing control risk too low - inverse relationship.
- Tolerable deviation rate - inverse relationship.
- Expected deviation rate - direct relationship.
What does the upper deviation rate equal?
Sample deviation rate + allowance for sampling risk
What is discovery sampling and stop-or-go sampling.
Other attribute sampling models:
- appropriate when the auditor believes the population deviation rate is zero or near zero; used for detecting fraud/critical items.
- (sequential sampling) designed to avoid oversampling for attributes by allowing the auditor to stop an audit test before completing all steps; used when few errors are expected in the population.
What are the three commonly used classical variables sampling plans?
- Mean-per-unit estimation: uses the avg. value of the items in the sample to estimate the true population value (i.e., estimate = avg. sample size * number of items in population); does not require book value of the population to estimate true population value (=avg. value * number of accounts in population; avg. value = audited value/number of sample accounts).
- Ratio estimation: uses the ratio of the audited (correct) values of items to their book values to project the true population value; highly efficient when calculated audit amounts are approximately proportional to the client’s book amounts (=audited value/book value * total value).
- Difference estimation: uses the avg. difference b/w the audited (correct) values of items and their book values to project the actual population value; used over ratio when the differences are not nearly proportional to book values ( [book value-audited value / number of sample accounts) * number of population accounts] ).
What is PPS sampling?
Probability-proportional-to-size sampling (substantive testing): the sampling unit is defined as an individual dollar in a population; once a dollar is selected, the entire account (containing that dollar) is audited; a hybrid method bc it uses attribute sampling theory to express a conclusion in dollar amounts rather than as a rate of occurrence.
In PPS sampling, what are the formulas for the sampling interval and the sample size?
- Sampling interval = tolerable misstatement/reliability factor (from table).
- Sample size = recorded amt. of the population/sampling interval.
What is a control deficiency, a material weakness, and a significant deficiency?
- Quotations for nonissuers and brackets for issuers differences:
1. Exists when the design or operation of a control does not allow mngt. or employees, in the normal course of performing their assigned functions, to “prevent, or detect and control” {prevent or detect} misstatements on a timely basis.
2. Is a deficiency, or a combination of deficiencies, in internal control {over financial reporting}, such that there is a reasonable possibility that a material misstatement of the “entity’s” {company’s annual or interim} f/s will not be “prevented, or detected and corrected” {prevented or detected} on a timely basis.
3. Is a deficiency, or a combination of deficiencies, in internal control {over financial reporting} that is less severe than a material weakness, yet important enough to merit attention by those “charged with governance” {responsible for oversight of the company’s financial reporting}.
What is the required date for written communication (and to whom) of control deficiencies, significant deficiencies, and material weaknesses by the auditor when auditing f/s only for nonissuers? For an examination engagement of nonissuers? For issuers?
- Recommended by the report release date, but a window extending 60 days beyond is acceptable; control deficiency to mngt. only and may be oral; for other 2, in writing to mngt. and those charged with governance.
- For significant deficiencies and material weaknesses, by the report release date; for control deficiencies, the 60 day window may be used; all 3 in writing to mngt.; control deficiency not to those charged with governance.
- Communicate the deficiency to mngt, in writing, and inform the audit committee that this communication has been made for all 3; communicated the deficiency to the audit committee, in writing for significant and material; communication (to mngt. and the audit committee) should be made prior to the issuance of the auditor’s report on internal control for material weaknesses.
What is the Dodd-Frank Act?
The amended Rule 404 of SOX to provide that an audit of an issuer’s internal control over financial reporting is only required for issuers that are large accelerated filers (an issuer with a worldwide market value of out. common equity held by non-affiliates of $700 million or more) or accelerated filers ($75 million or more, but less than $700 million).
What is the “top-down” approach?
Use a “top-down” approach to select controls to test. The auditor evaluates overall risks at the f/s level, considers controls at the entity level, and then focuses on accounts, disclosures, and assertions for which there is a reasonable possibility of material misstatement.
What is the FCPA?
The Foreign Corrupt Practices Act which includes provisions regarding internal accounting control for certain entities. Compliance with the FCPA is a legal determination. An examination of the effectiveness of internal control under SSAE generally would not be sufficient to determine whether an entity is in compliance with this Act. “We’re not lawyers.”
