Beruflich Dokumente
Kultur Dokumente
AUDIT SAMPLING
Definition: testing of less than 100% o the items within an account balance or class of transactions in
order to evaluate some characteristics of the balance or class when an auditor has no special knowledge
about likely misstatements.
Every item in the population must have equal chances of being selected
CPA cannot use bias deciding. No substitutes may be used.
If the sample is large enough and is randomly selected, the sample will be representative of the
population.
Sufficiency of audit evidence is related to the design and size of the sample.
Professional judgment MUST be used when sampling despite of the method of sampling used.
STATISTICAL SAMPLING: auditors specify the sampling risk they are willing to accept and then
calculate sampling size that provide that degree of reliability.
NON-STATISTICAL SAMPLING: sample size is not determined mathematically. Auditors use
judgment in determining sample size, and sample results are evaluated judgmentally.
PROFESSIONAL JUDGMENT includes: defining the population, selecting appropriate method,
evaluating appropriateness of evidence, errors and deviations, sampling risks, and evaluation of
results against population.
Use of Sampling
1. Types of Sampling
a. Attribute sampling: rate of occurrence; primarily used for testing of INTERNAL CONTROLS. It
also often deals with yes or no questions (i.e. is the invoice properly approved?)
b. Variable sampling and PPS: deals with DOLLAR VALUES.
Audit Risk
Sampling risk in Substantive testing: (i) risk of incorrect acceptance; (ii) risk of incorrect
rejection.
Sampling risk in test of controls: (i) risk of assessing control risk too low – sample risk indicate a
lower deviation risk than it exists; (ii) risk of assessing control risk too high.
Incorrect acceptance: auditor may fail to identify existing problem.
Incorrect rejection: auditor may falsely identify a problem.
Efficiency: the risk of incorrect rejection and the risk of assessing the risk too high relate to the
efficiency of the audit (auditor does more audit work than is necessary).
Effectiveness: risk of incorrect acceptance and the risk of assessing control risk too low relate to
the effectiveness of the audit. Auditors usually accept a risk of 5% or 10%.
ATTRIBUTE SAMPLING
Statistical sampling method used to estimate the rate (%) of occurrence (exception) of a specific
characteristic (attribute).
Concludes whether controls are being applied as prescribed; YES or NO test; “are time cards
properly authorized, are invoices properly voided?”
Formula: Deviation rate + allowance for sampling error = Upper deviation rate (after sampling)
Projected Misstatement: these are misstatements that the auditor projects before collecting the
sample. This is compared against tolerable misstatements. If projected misstatements are low in
relation to tolerable misstatements it means there is a LOW sampling risk.
Answer: The sample error of $1,000 ($5,000 $4,000) is projected to the entire interval through use
of a "tainting factor" of 20% ($1,000/$5,000). If this were the only misstatement discovered by the
auditor, the projected misstatement of this sample would be 20% of $10,000, or $2,000
Formula: (a) Actual – (b) Audited = (c) / (a) x sampling interval = projected misstatement
An auditor established a $60,000 tolerable misstatement for an asset with an account balance of
$1,000,000. The auditor selected a sample of every twentieth item from the population that
represented the asset account balance and discovered overstatements of $3,700 and
understatements of $200. Under these circumstances, the auditor most likely would conclude
that:
Answer: Selection of every twentieth item results in a sample that is 5% (1/20 .05) of the
population. The sample results indicate a net overstatement of $3,500 ( $3,700 $200), which is
then projected to the total population as $70,000 ( $3,500 / .05).
(Alternatively, 3,500 20 70,000). Since the projected misstatement of $70,000 exceeds the
tolerable misstatement of $60,000, there is an unacceptably high risk that the actual
misstatement in the population will exceed the tolerable misstatement
EFFECTS OF INFORMATION TECHNOLOGY ON THE AUDIT
If a client processes most of its financial data in electronic form, without any paper
documentation, audit tests should be performed on a continuous basis.
Computer systems should be designed to supply electronic audit trails.
Computer systems provide more opportunities for data analysis and review.
A. Auditing around the computer
(i) Auditor tests the input data, processes the data independently, and then compares the
independently determined results to the program results. Emphasis is on the input and
output stages of transaction processing.
B. Computer assisted audit techniques (CAAT) – input and processing
(i) Transaction tagging: electronic tag specific transactions and follow them through the
client’s system. Tagging allows the auditor to test the computerized processing and the
manual handling of transactions.
(ii) Embedded audit modules: sections of the application that collect transaction data for
the auditor (i.e. collect all transactions affecting a specific code greater than $500) -
Embedded audit modules are usually built into the application program when the program
is developed. This would require that the auditors be involved in the system design of the
application to be monitored.
(iii) Test data: uses the application program to process a set of test data for results which
are already known. (test auditor’s data off-line) The test data approach refers to a
technique in which the client's application program is used to process a set of test data,
the results of which are already known by the auditor. If the client's program is operating
effectively, it should generate the same results determined by the auditor.
(iv) Integrated Test Facility: similar to the test data approach except that the test data is
commingled with live data. (test auditor’s data on-line) – Use of fake customers,
vendors – client personnel are not informed that the test is being run.
(v) Parallel Simulation (re-performance test): auditor re-processes some or all of the client’s
live data using software provided by the auditor, then compares to actual results from
the software provided by the client.
C. Generalized Audit Software Package (GASPs)
(i) Allow the auditor to perform test of controls and substantive tests directly on client’s
system. Tasks performed by GASPs include:
a. Examining transactions for control compliance
b. Selecting items meeting specified criteria
c. Recalculating amounts and totals
d. Reconciling amounts and totals
e. Performing statistical analysis of transactions
(ii) Advantages:
a. Sample and test a much higher % of transactions; more reliable audit.
b. Require little technical knowledge
c. Can significantly reduce audit time without sacrificing quality.
D. Auditing with a Computer
(i) Advantages of using a computer
a. Reduce mathematical errors
b. Automatic cross reference
c. Automatic preparation of FS, tax return schedules, and consolidation.
d. Reduction in required supervisory review time
e. Automatic performance of certain analytical review procedures
f. Enhanced client service
g. Improved moral of audit team; less time spent on tedious tasks.
(ii) Disadvantages
a. Audit documentation may not contain readily observable details of calculations.
1. Control Deficiency: exists when the design or operation of a control does not allow
management or employees while performing their functions, to prevent or detect
misstatements on a timely basis.
2. Significant Deficiency: combination of control deficiencies, that affects the entity’s ability to
initiate, authorize, record, process, or report financial data reliably in accordance with GAAP
such that there is more than a remote change that a misstatement of the FS that is more than
inconsequential will not be prevented or detected. (i.e. selection and application of accounting
principles, antifraud programs, non-routine transactions, period-end financial reporting).
3. Material Weakness: a combination of significant deficiencies, that a material misstatement will
not be detected or prevented.
Current and Previous deficiencies and material weaknesses must be communicated to those
charged with governance in writing.
It is recommended that a written communication to management regarding any deficiencies be
made by the report date, although a window extending to 60 days beyond this date is
acceptable.
For issuers, the communication should occur before issuance of the auditor’s report.
B. The written report should include: Report should be in writing and addressed to management;
restricted in use; and issued no later than 60 days after the report release date.
a. Indication that the purpose of the audit is to express an opinion on the FS, not on the
effectiveness of the internal control
b. Statement that the auditor is not expressing an opinion on internal control
c. Definition of the significant deficiency and, if applicable, material weakness
d. Identification of those deficiencies
e. Statement that the communication is intended solely for the information use of
management (restricted use).
If management provides the auditor with a written response, the auditor MUST add a paragraph
disclaiming an opinion on management’s response.
Government engagements may be financial audit, attestation (compliance with specific laws), or
performance audits (evaluation of effectiveness, economy, and efficiency).
Requirements:
1. Obtain an understanding of the DESIGN of relevant controls and whether they have been
IMPLEMENTED.
2. Communicate all significance deficiencies noted during the audit.
3. GAGAS requires a written report on the auditor understands of internal control and
assessment of control risk in ALL audits. This is different from GAAS, which require written
communication only when deficiencies are noted.
Assertion that evaluating compliance with laws, rules, regulations with a direct material
effect on the FS is part of developing an opinion on the FS.
Assertion that specific controls relating to financial reporting is reported.
Indication whether significant deficiencies were found and whether they were material.
a. Entities that expend a total assistance equal or in excess of $500,000 must have an audit in
accordance with this act.
b. Objective: (i) audit of financial statements, and reporting on a separate schedule of
expenditures of federal awards in relation to those financial statements; (ii) compliance
audits are expended throughout the year for issuing additional reports on compliance
related to major programs and on internal control over compliance.
c. The single act requires that materiality of the transaction be considered separately in
relation to each major program, not simply in relation to the FS.
d. Major transactions: $300,000 or more.
e. Auditors can also use the risk approach to determine major programs.
f. A single audit represents a combined audit of both an entity's financial statements and
federal financial assistance programs. The single audit provides audited organizations with
the opportunity to capitalize on the efficiency of satisfying their audit requirements with a
single audit. Auditors are governed by the Single Audit Act and OMB Circular A-133.
Henderson, CPA has decided to use probability-proportional-to-size (PPS) sampling, sometimes referred
to as dollar-unit or cumulative-dollar-amount sampling, in the audit of a client's accounts receivable.
Henderson will use the following PPS sampling table:
Number of
Overstatement Risk of Incorrect Acceptance
Misstatements 1% 5% 10%
0 4.61 3.00 2.31
1 6.64 4.75 3.89
2 8.41 6.30 5.33
3 10.05 7.76 6.69
4 11.61 9.16 8.00
Additional Information:
Tolerable misstatement
(net of effect of expected misstatement) $126,000
Risk of incorrect acceptance 5%
Number of misstatements allowed 2
Recorded amount of accounts receivable $700,000
Number of accounts 500
The reliability factor, as determined from the table, is 6.3. Sampling interval is then calculated as
tolerable misstatement divided by the reliability factor, or $126,000 / 6.3 = $20,000. In a population of
$700,000 with a sampling interval of $20,000, the sample size will be $700,0000 / $20,000, or 35
accounts.