Audit Sampling Flashcards
What is Audit Sampling?
Taking part of a population- subjecting it to audit procedures- projecting results to a population
What are the characteristics of Statistical Sampling?
Based on formulas
Helps find an appropriate audit sample
Helps evaluate evidence obtained
Helps evaluate results and quantify Sampling Risk
What are the characteristics of Non-Statistical Sampling?
Based on human decision
Equally acceptable as Statistical Sampling
What are the characteristics of Substantive Tests?
Variables sampling
Probability proportionate to size sampling
What type of sampling are Control Tests?
Attribute Sampling
What is Sampling Risk?
Risk that your sample isn’t representative of population
Can happen even if audit is done properly
What is the risk of assessing Control Risk too high?
A risk of Control Testing - Auditor works to make Control Risk lower
More substantive tests - Sample overstates Control Risk- Leads to an under-reliance on internal control- over-testing- and overall audit inefficiency
Audit ends up being effective (correct result)- but you do more work
What is the risk of assessing Control Risk too low?
A risk of Control Testing - Complement to Confidence Level
Inverse relationship to Sample Size
Higher accepted risk of assessing Control Risk too low = Smaller Sample
Lower accepted risk of assessing Control Risk too low = Larger Sample
What are the risks if the auditor concludes controls are operating effectively based on the sample and Control Risk is set too low?
Leads to higher Detection Risk - Fewer substantive tests
Sample understates Control Risk
This error leads to over-reliance on internal control- under-testing- and overall audit ineffectiveness.
Does NOT necessarily mean that the Financial Statements are materially misstated - it does mean that if there is one- you are less likely to find it
What is the risk of Incorrect Acceptance?
A risk of Substantive Testing - Auditor accepts a balance as fairly stated- when in fact it is not fairly stated
Hurts audit effectiveness
Wrong conclusion reached
Efficient- but not effective
What is the risk of Incorrect Rejection?
A risk of Substantive Testing - Auditor rejects balance as fairly stated when in fact it is fairly stated
Hurts audit efficiency
Wrong recommendations given
Effective- but not efficient
What is Non-Sampling Risk?
Risk of human (auditor) missing an error
Also called exception- error or deviation.
How does Sampling Risk compare to Non-Sampling Risk?
Sampling Risk deals with the chance that your audit sample is flawed
Non-Sampling risk deals with the chance that your human decisions/conclusions are flawed
What is Attribute Sampling?
Looking at Control Procedures - Were invoices approved when paid?
Errors are stated in terms of %- not dollar amounts
For example- 5 invoices out of 100 were not properly paid. Error rate is 5%
Hint: If you see Error Rate on the Exam- they are referring to Attribute Sampling.
How do you determine if Control Procedures are operating properly or not operating properly?
Control Procedures are either operating properly or they are not operating properly - based on Error Rate and the tolerance you have for errors
What is the Tolerable Rate?
Error rate in population that you are willing to accept/tolerate
Inverse relationship to Sample Size
Higher Tolerable Rate = Smaller Sample
Lower Tolerable Rate = Larger Sample
If you’re willing to accept a higher probability that errors exist- there is less pressure on the sample
What is the Expected Population Error Rate?
What Error Rate are you expecting? - Judgment call- based on experience
Direct relationship to Sample Size
More errors = Larger Sample
Less errors = Smaller Sample
What is the basic premise of Attribute Sampling?
Attribute in the sample gives information about the entire audit population
Used to estimate Internal Control error rate
For what is the Expected Population Deviation (error) Rate used?
Used to determine initial level of Control Risk
What is the Allowable Risk of Over-reliance?
Risk of Assessing Control Risk too low
Gives you the Sampling Risk
When is Attribute sampling used?
Attribute sampling is only useful when there is documented evidence (an audit trail) to test
Use when the existence of an error needs to be verified or debunked
What is Classic Variable Sampling?
Testing for a dollar amount
Value in sample gives information about value in entire population.
What functions are used in conjunction with Classic Variable Sampling?
Mean Per Unit = Sample Average x Number in Population
Stratification - Decreases effect of variance in population and reduces sample size
What are the characteristics of Probability Proportionate to Size (PPS) sampling?
A form of Variable Sampling
Does NOT use Standard Deviation
Auditor focuses on a dollar amount
Larger or more valuable items get picked more often as part of the sample
What is Projected Misstatement?
Misstatement found in sample - have to project it to remainder of population
How does Probability Proportionate to Size (PPS) sampling compare to Classic Variables sampling?
PPS:
Easier to use- Results in a stratified (homogenous) sample- Results in a smaller sample size to audit- Easy to design
Classic Variables Sampling:
Easy to expand sample size- Selecting zero and negative balances easy
What factors affect sample size?
Tolerable rate for error - Inverse relationship with sample size
Risk of assessing Control Risk too low - Inverse relationship with sample size
Expected population error rate - Direct relationship with sample size
Population size does NOT affect the sample size - as population is larger- sample size doesn’t grow.
What is the formula for Audit Sampling?
SER + ASR < TER
SER = Sample Error Rate
ASR = Allowance for Sampling Risk
TER = Tolerable Error Rate
What is Allowance for Sampling Risk?
The amount that you add to the Sampling Error Rate to get some cushion for your sample.
As high as you think the population error rate could go based on experience.
What is the Tolerable Error Rate?
The amount of error rate that you can accept - If population error rate is less than TER- then accept the Control as effective
If population error rate is more than TER- do more testing to get SER lower or conclude control isn’t effective. Do more substantive testing
What are the steps to develop a sampling plan?
Determine Test Objective - for example- have sales shipments been billed?
Define Population and Deviation - take a sample of shipping document- trace forward to see if billed
Determine Sample Size based on tolerable rate for error- risk of assessing Control Risk too low- and expected population error rate.
Select Sampling Technique
After a Sampling Plan is developed- what are the steps in sampling?
Perform the Sampling Plan
Evaluate Results
Document Results
What is Systematic Sampling?
Every certain # of a population is selected
Population needs to be randomly ordered
Primary advantage is that population doesn’t require pre-numbering
What is Sequential Sampling?
Also called Stop or Go sampling
Each audit step determines the next step
What is Discovery Sampling?
Audit is testing an area that is so crucial that zero population errors can be tolerated
Any phony employees on payroll?
How does Block Sampling compare to other sampling methods?
Easy to implement- but is the worst method of sampling.
As a result of sampling procedures applied as tests of controls, an auditor incorrectly assesses control risk higher than appropriate. What is the likely cause of this?
If the deviation rate in the sample is higher than the tolerable rate, the auditor may assess a high level of control risk. However, if the deviation rate in the population does not exceed the tolerable rate, the auditor will have assessed the level of control risk for the sample as greater than the true operating effectiveness of the control.
What is the major reason that the difference and ratio estimation methods would be expected to produce audit efficiency?
Difference and ratio estimation methods measure the difference between audit and book values or the ratio of audit to book values. As these differences should not be great, the population of these differences will have little variance. In statistical sampling the less variation in a population, the smaller the required sample to provide an estimate of the population. In other words, difference and ratio estimation methods are more efficient because the differences between audit and book values are expected to vary less than the actual items in the population.
What is necessary to audit balances in an on-line EDP system in an environment of destructive updating?
Destructive updating in an online computer system is destructive of transaction files. Accordingly, auditing of the balances in accounts where transactions are periodically destroyed requires a well-documented audit trail for the auditor.
How does the auditor determine the balances to be tested and when sampling plan can be established?
Establish tolerable misstatement—the maximum difference, taking materiality into account
Determine allowable risk of incorrect acceptance or sampling risk—the maximum allowable risk of that the auditor will accept an amount that is materially incorrect
Determine the expected amount of misstatement or expected deviation—the amount by which the auditor expects the actual balance to differ from the reported amount based on the assessed level of control risk
Calculate the sample size
Select and test the sample
Calculate the upper deviation limit—the estimated difference between the actual amount and the reported amount based on the sample
Reach conclusions and document results
If precision ≤ tolerable misstatement—opinion may require modification
If precision > tolerable misstatement—opinion will not require modification
What is Controlled Reprocessing?
Controlled reprocessing does not ordinarily continuously test controls within a computer system. Controlled reprocessing, a variation of parallel simulation, processes actual client data through a copy of the client’s application program.
What are some Techniques used for continuous (or concurrent) testing that are able to identify and capture audit data as transactions occur? (Advanced computer systems, particularly those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of audit data as transactions are processed.)
1) Embedded audit modules and audit hooks—Embedded audit modules are programmed routines incorporated into an application program that are designed to perform an audit function such as a calculation, or a logging activity. Because embedded audit modules require that the auditor be involved in systems design of the application to be monitored, this approach is often not practical. An audit hook is an exit point in an application program that allows an auditor to subsequently add an audit module (or particular instructions) by activating the hook to transfer control to an audit module.
(2) Systems control audit review files (SCARF)—A SCARF is a log, usually created by an embedded audit module, used to collect information for subsequent review and analysis. The auditor determines the appropriate criteria for review and the SCARF selects that type of transaction, dollar limit, or other characteristic.
(3) Extended records—This technique attaches additional audit data which would not otherwise be saved to regular historic records and thereby helps to provide a more complete audit trail. The extended record information may subsequently be analyzed.
(4) Transaction tagging—Tagging is a technique in which an identifier providing a transaction with a special designation is added to the transaction record. The tag is often used to allow logging of transactions or snapshot activities.
