Audit 5 - Sampling and Communications Flashcards
What is audit sampling?
The testing of less that 100% of the items within an account balance or class of transactions in order to evaluate some characteristic of the balance or class
When is audit sampling especially useful?
When the auditor has no special knowledge about likely misstatements contained in account balances and transactions
Samples MUST be…
randomly selected – each item in a population must have an absolutely equal chance of being selected, CPA cannot use bias (no substitute)
What is sampling risk?
Risk that the sample is not representative of the population and that the auditor’s conclusion will be different from the conclusion had the auditor examined 100% of the population
Types of sampling include
Statistical and Nonstatistical sampling
In statistical sampling, auditors…
specify the risk they are willing to accept and then calculate the sample size that provides that degree of reliability. Results evaluated quantitively
In nonstatistical sampling, the sample size is…
not determined mathematically – auditors use their judgment in determining sample size. Results evaluated judgmentally
Professional judgment must be applied in both statistical/nonstatistical sampling to…
- define population and sampling unit
- select appropriate sampling method
- evaluate appropriateness of evidence
- evaluate the nature of deviations and errors
- consider sampling risk
- evaluate results obtained from sample/project results onto population
Professional judgment is not used in statistical ONLY when…
selecting samples
Statistical sampling – advantages
- measures the sufficiency of audit evidence obtained
- provides objective basis for quantitive evaluation of results
- design an efficient sample
- quantify sampling risk to limit risk to acceptable level
Uses of statistical sampling
May be used to estimate many different characteristics of populations – generally used as attribute sampling or numerical quantity
Sampling concepts generally do NOT apply to…
- Risk assessment procedures
- Tests of automated controls
- Analyses of security and access controls
- Some tests related to the operation of the control environment
Sampling risks in substantive testing (variables – $ amt)
- Risk of incorrect acceptance
2. Risk of incorrect rejection
Risk of incorrect acceptance (beta)
Risk that the sample supports the conclusion that the recorded account balance is NOT materially misstated when in fact is IS materially misstated
Risk of incorrect rejection (alpha)
Risk that the sample supports the conclusion that the recorded account balance IS materially misstated when in fact is is NOT materially misstated
Sampling risks in tests of controls (attributes – yes/no)
- Risk of assessing control risk too LOW
2. Risk of assessing control risk too HIGH
Risk of assessing control risk too LOW
Risk that the assessed level of control risk based on the sample is less than the true risk based on the actual operating effectiveness of the control – overrealiance – ineffective
Risk of assessing control risk too HIGH
Risk that the assessed level of control risk based on the sample is greater than the true risk based on the actual operating effectiveless of the control – underreliance – inefficient
Efficiency is lost with
the risk of assessing control risk too HIGH and the risk of incorrect REJECTION
Effectiveness is lost with
the risk of assessing control risk too LOW and the risk of incorrect ACCEPTANCE
Nonsampling risk
includes all aspects of audit risk not due to sampling – is always present and cannot be measured. Can only reduce risk to very low level through adequate planning and supervision, and quality control of all firm practices
Attribute sampling is…
A statistical method used to estimate the rate of occurrence of a specific characteristic. Generally yes/no questions
Deviation rate is..
The auditor’s best estimate of the deviation rate in the population from which it was selected
If the estimated deviation rate is less than the tolerable rate for the population…
The auditor should consider the risk that such a result might be obtained even though the true deviation rate for the population exceeds to tolerable rate for the population
Steps for testing controls/attribute sampling
- Define objective of test
- Define the population
- Define the sampling unit
- Define the attributes of interest
- Determine the sample size
- Select the sample
- Evaluate the results
- Form conclusions
- Document sampling procedure
Attributes of interest
is only found in attribute sampling – deviations are situation where the control was not properly applied
To determine the sample size for tests of controls, the auditor must consider..
- Risk of assessing control risk too LOW
- Tolerable deviation rate
- Expected deviation rate
- Population size
The risk of assessing control risk too low and tolerable deviation rate have which type of relationship to sample size?
INVERSE
Expected deviation rate has which type of relationship with sample size?
DIRECT
Types of sample selection include…
Random selection, and systematic selection. Block sampling is NOT acceptable
Upper deviation rate = the sum of
Sample deviation rate + Allowance for sampling risk
The auditor may rely on the control if..
the UDR is LESS THAN or EQUAL TO the auditor’s TDR
The auditor would not rely on the control when…
the UDR is GREATER THAN the auditor’s TDR
Sampling documentation for tests of controls
The auditor must document each step in audit sampling – planning, rationale for parameters, performance of procedures, observed results, evaluation and interpretation of results
Variable sampling is…
A statistical sampling method used to estimate the numerical measurement of population, such as dollar value
Objective of variable sampling is..
To obtain evidence about the reasonableness of monetary amounts
Tolerable misstatement is..
The maximum monetary misstatement in the related account balance or class of transactions that the auditor is willing to accept
Stratification
Separation of items subject to sampling into relatively homogeneous groups. Commonly used when population has highly variable recorded amounts
Projected misstatement
projection of misstatement onto population upon completion of sampling procedures
If TPM > TM, the auditor should..
Consider the risk that such a result might be obtained even though the true monetary misstatement for the population exceeds tolerable misstatement
Commonly used classical variable sampling plans
- Mean-per-Unit estimation
- Ratio estimation
- Difference estimation
Mean-per-Unit
Uses the average value of the items in the sample to estimate the true population value – very sensitive to the variability of the population
Ratio estimation
Uses the ratio of the audited (correct) values of items to their book values to project the true population – usually requires smaller sample sizes than the MPU method – only effective when auditor expects large numbers of over- and understaements
Difference estimation
Uses the average difference between the audited (correct) value of items and their book values to project the actual population value – usually requires smaller sample size that the MPU method – only effective when auditor expects large numbers of over- and understaements
Steps for substantive testing
- Define objective of test
- Define the population
- Define the sampling unit
- Determine the sample size
- Select the sample
- Evaluate the results
- Form conclusions
- Document sampling procedure
To determine the sample size for substantive testing, the auditor must consider..
- Tolerable misstatement
- Expected misstatement
- Acceptable level of risk
- Characteristics of the population
- Assessed risk of material misstatement
Test of controls/variable sampling has DIRECT relationship with
- Expected misstatement
- Standard deviation
- Assessed level of risk
Test of controls/variable sampling has INVERSE relationship with
- Tolerable misstatement
2. Acceptable level of risk
Book value is fairly stated if…
Recorded book value falls within the acceptable range (point estimate +/- allowance for sampling risk)
Sampling documentation for substantive tests
The auditor must document each step in audit sampling – planning, rationale for parameters, performance of procedures, observed results, evaluation and interpretation of results
Probability-proportional-to-size (PPS) sampling
Technique where the sampling unit is defined as an individual dollar in a population – once a dollar is selected, the entire account containing that dollar is audited
Advantages of PPS sampling
- Automatically emphasizes larger items by stratifying the sample
- If no errors are expected, PPS generally requires a smaller sample
Disadvantages of PPS sampling
Zero balances, negative balances, and understated balances require special design considerations
PPS sample interval =
tolerable misstatement / reliability factor
PPS tolerable misstatement is…
the maximum dollar error that may exist in the account without causing the F/S to be materially misstated
PPS reliability factors
correspond to the risk of incorrect acceptance and are generally obtained from a table
PPS evaluation – auditor concludes balance is fairly stated when…
no errors are found in the sample, the error projection is zero, and the allowance for sampling risk would not exceed the auditor’s tolerable error
PPS projected error =
Recorded amount – Audit amount / recorded amount = % * sample interval
Dual-purpose samples are generally used only when…
the auditor believes that there is an acceptable low risk that the deviation rate in the population exceeds to tolerable rate
The size of a sample designed for dual-purposes should be…
the larger of the samples that would otherwise have been designed for the two separate purposes
An accountant communicates internal control-related matters in what situations?
- F/S audit (nonissuers)
- Examination of I/C (nonissuesr)
- Audit of I/C (issuers)
A control deficiency exists when…
the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to [prevent, or detect] and correct misstatements on a timely basis
A deficiency in design occurs when…
a necessary control is missing or when an existing control does not achieve the desired objective
A deficiency in operation occurs when…
a properly designed control does not operate as designed, or is performed by an inappropriate person
A material weakness is…
a deficiency, or a combination of deficiencies in internal control [over financial reporting], such that there is a reasonable probability that a material misstatement of the entity’s [company’s annual or interim] F/S will not be [prevented or detected] and corrected on a timely basis
A significant deficiency is…
deficiency, or a combination of deficiencies, in internal control [over financial reporting] that is less severe than a material weakness yet important enough to merit attention by those charged with governance
Control deficiencies that may be significant deficiencies or material weaknesses include..
deficiencies in the design of controls, and failure in the operation of controls
Auditor’s responsibility – control deficiencies (nonissuer)
Auditor is responsible for evaluating control deficiencies identified during the audit and, in some cases, reporting on those deficiencies
Auditor’s responsibility – detection of control deficiencies
Auditor of F/S is not required to perform procedures to identify deficiencies in I/C
Significant deficiencies and material weaknesses must be communicated..
on a timely basis in writing to mgt and those charged with governance – even those that were corrected during the audit
Previously existing deficiencies and material weaknesses that have not been corrected…
should be communicated again, in writing, during the current audit by referring to the previously issued written communication and the date of such communication
Written communication – timing
Recommended: by report release – Required: release + 60 days
Management’s responsibility – control deficiency
to evaluate and address control deficiencies – mgt may decide to accept deficiencies or weaknesses if cost of correction is too high (auditor must still communicate)
Communication of control deficiencies in I/C – F/S audit
to management only – within 60 days of report release date
Communication of significant deficiency in I/C – F/S audit
to management and those charged with governance – within 60 days of report release date
Communication of material weakness in I/C – F/S audit
to management and those charged with governance – within 60 days of report release date
Communication of deficiencies and weaknesses should include..
- definition of the term material weakness and, when relevant, the definition of significant deficiency
- description of significant deficiencies and material weaknesses, including an explanation of their potential effects
- Sufficient information to enable those charged with governance and mgt to understand context
- restriction of use
Absence of significant deficiencies and material weaknesses
auditor may NOT report absence of significant deficiency, but MAY issue communication indicating that no material weaknesses were identified
Integrated audits
Audit of both the F/S and management’s assessment of the effectiveness of I/C over financial reporting. Required by PCAOB for issuers.
Integrated audits – objective
to express an opinion on the effectiveness of the entity’s internal control over financial reporting
Integrated audits – mgt requirements (issuers)
- establishing and maintaining an adequate I/C structure and procedures for financial reporting
- annual report must contain assessment of the effectiveness of I/C structure and procedures for financial reporting
Integrated audits – mgt requirements (nonissuers)
- accept responsibility for effectiveness of I/C
- evaluate effectiveness of I/C using suitable and available criteria
- support assertion about effectiveness of I/C with sufficient appropriate audit evidence
- provide written assertion about the effectiveness of the entity’s I/C in a report that accompanies the auditor’s report
Failure to obtain written rep from client is a..
scope limitation that will generally result in the auditor’s withdrawal or disclaimer of opinion
Steps of testing controls (issuers/nonissuers)
- evaluate the design effectiveness of the controls
- test and evaluate the operating effectiveness of the controls
- obtain relatively more evidence for controls that are subject to a greater risk of failure
- obtain sufficient appropriate audit evidence to support the opinion
- determine the effect of any identified control deviations
- determine the appropriate timing for tests of controls
- consider knowledge obtained during past examinations
If a service org is part of entity’s I/C, auditor should..
- obtain understanding of relevant controls
2. obtain evidence that the controls are operating effectively
Integrated audits – Evaluating control deficiencies (issuers/nonissuers)
- determine whether identified deficiencies represent significant deficiencies or material weaknesses
- compensating controls may limit severity of identified deficiencies
Communication of control deficiencies in I/C – examination of nonissuer
to management only – within 60 days of report release date
Communication of significant deficiency in I/C – examination of nonissuer
to management and those charged with governance – by the report release date
Communication of material weakness in I/C – examination of nonissuer
to management and those charged with governance – by the report release date
Communication of control deficiencies in I/C – examination of issuer
to management, in writing, and inform the audit committee that this communication has been made
Communication of significant deficiency in I/C – examination of issuer
to management and audit committee, in writing
Communication of material weakness in I/C – examination of issuer
to management and audit committee, in writing, prior to the issuance of the auditor’s report
A material weakness requires the auditor to..
issue an adverse opinion
Financial statement audit vs. Examination of I/C
F/S audit: purpose of consideration of I/C is to enable auditor to plan the audit and determine the NET of tests to be performed – Examination: to express an opinion about whether the entity maintained, in all material respects, effective I/C as of a point in time based on the control criteria
To whom does “those charged with governance” refer?
Those who bear responsibility to oversee the obligations and strategic direction of an entity, including the financial reporting process
What is an audit committee?
A committee of the BODs, generally made up of 3-5 members of the board who are “outside directors”
Specific functions of the audit committee
- selects and appoints the independent auditor and sets audit fee
- ensures that any recommendations made by the auditor are given proper attention
- ensure the I/C of the company with the help of the independent auditor
Audit committee and auditor should meet..
without management present at least once each year
Required communications with those charged with governance
- matters related to the auditor’s responsibility
- overview of the planned scope and timing of the audit
- significant audit findings
Requirements of management’s rep letter
- final piece of evidential matter
- letter is mandatory
- dated same date as audit report
- signed by CEO and CFO
- representations
- materiality
- doubt about the reliability of written representations
Contents of management’s rep letter
- financial statements
- completeness of information
- fraud
- laws and regs
- uncorrected misstatements
- litigation and claims
- estimates
- related party transactions
- subsequent events
- additional representations