Characteristics of Audit Sampling 7

Chapter 1
Characteristics of Audit Sampling
1.01 This chapter defines audit sampling and illustrates the difference
between procedures that involve audit sampling and those that do not involve
audit sampling.
1.02 An auditor often does not rely solely on the results of a single proce-
dure to reach a conclusion on an assertion relating to an account balance or a
class of transactions, or the operating effectiveness of controls. Rather, audit
conclusions are usually based on evidence obtained from several sources as
a result of applying a number of procedures. The combined evidence obtained

AL
from the various procedures is considered in reaching an opinion about whether
the financial statements are free of material misstatement.

RI
1.03 The assertions described in paragraph .A114 of AU-C section 315,
Understanding the Entity and Its Environment and Assessing the Risks of
Material Misstatement (AICPA, Professional Standards), should be considered

TE
when planning audit sampling (for example, what could go wrong or the correct
population for sampling) as well as other audit procedures. In this guide, the
guidance relating to balances and classes of transactions implies the consider-
MA
ation of relevant assertions for the particular account or class of transactions.

Observations and Suggestions

D

When indicating a best practice or providing guidance on the application of

sampling procedures, this guide may use the terms typically, normally, usu-
TE

ally, or best practice. These terms do not imply a requirement, but are sugges-
tions to assist auditors in identifying the usual circumstance or application
of a concept.
GH

Audit Sampling Defined

RI

1.04 According to paragraph .05 of AU-C section 530, Audit Sampling

(AICPA, Professional Standards), audit sampling is "The selection and evalu-
PY

ation of less than 100 percent of the population of audit relevance such that
the auditor expects the items selected (the sample) to be representative1 of
the population and, thus, likely to provide a reasonable basis for conclusions
CO

about the population." In other words, audit sampling provides the auditor
an appropriate basis on which to conclude on a characteristic of a population
based on examining evidence regarding that characteristic from a sample of
the population. Procedures not involving audit sampling are not the subject of
AU-C section 530 or this guide.
1.05 In many contexts in sampling, "representative" conveys the sense
that the sample results are believed to correspond, at the stated risk level,
to what would have been obtained had the auditor examined all items in the
population in the same way as examined in the sample. Correspond does not
mean that the projected misstatement from the sample will exactly equal the

1
Appendix G, "Glossary," contains further discussion regarding the term representative in the
context of audit sampling.

AAG-SAM 1.05
8 Audit Sampling

misstatement in the population (which the auditor does not know). Rather a
sample is expected to be representative if it is free from selection bias. Sta-
tistical samples are designed to be representative, with the stated confidence
that the true population misstatement is measured by the confidence inter-
val. Nonstatistical samples generally are selected in a way that the auditor
expects them to be representative. Representative relates to the total sample,
not to individual items in the sample. Also, representative does not relate to
the sample size, but to how the sample was selected. The sample generally is
expected to be representative only with respect to the occurrence rate or inci-
dence of misstatements, not their specific nature. A sample misstatement due
to an unusual circumstance may nevertheless be indicative of other unusual
misstatements in the population.

Procedures That May Not Involve Audit Sampling

1.06 Some auditing procedures by their nature may not involve audit
sampling (unless the procedures are specifically designed as audit samples). In
general, procedures that may not involve audit sampling may be grouped into
the categories as discussed in the following paragraphs.

Inquiry and Observation

1.07 Auditors ask many questions during the course of their audits. Audi-
tors also observe the operations of their clients' businesses and their controls.
Both inquiry and observation provide auditors with audit evidence. Inquiry
and observation commonly are used in the following procedures:
r Interviewing management and employees
r Obtaining an understanding of the internal controls
r Observing the behavior of personnel and the functioning of busi-
ness operations
r Observing cash-handling activities
r Observing the operation of controls
r Performing walkthrough procedures2
r Observing the existence of land and buildings
r Obtaining written representations from management
In some cases these procedures could be designed as sampling procedures, such
as designing multiple observations of physical security controls.

Analytical Procedures
1.08 According to paragraph .04 of AU-C section 520, Analytical Proce-
dures (AICPA, Professional Standards), analytical procedures are defined as
evaluations of financial information through analysis of plausible re-
lationships among both financial and nonfinancial data. Analytical
procedures also encompass such investigation, as is necessary, of iden-
tified fluctuations or relationships that are inconsistent with other rel-
evant information or that differ from expected values by a significant
amount.

2
Walkthroughs may also include an examination of evidence and reperformance, depending on
their design and performance.

AAG-SAM 1.06
 Characteristics of Audit Sampling 9
In performing analytical procedures, the auditor "compares the recorded
amounts or ratios developed from recorded amounts with expectations" de-
veloped by the auditor.
1.09 These procedures are not considered audit sampling because they
do not result in projecting the result of the examination of a portion of the
population to the total population. For similar reasons, scanning accounting
records for unusual items is not audit sampling.

Procedures Applied to Every Item in a Population

1.10 In some circumstances, an auditor might decide to examine every
item constituting an account balance or a class of transactions. Because the
auditor is examining the entire population, rather than only a portion, to reach
a conclusion about the balance or class as a whole, 100 percent examination
is not a procedure that involves audit sampling. In some cases, the use of
computer assisted audit techniques may allow the application of a test to all
items in the population (for example, tests of clerical accuracy and comparison
of invoices and shipments) and, thus, audit sampling does not apply.
1.11 A population for audit sampling purposes does not necessarily need
to be an entire account balance or class of transactions. In some circumstances,
an auditor might examine all the items that constitute an account balance
or class of transactions that exceed a given amount (for example, more than
$25,000) or that have an unusual characteristic (for example, require dual
signature approval for payment). The auditor might either (a) apply other
auditing procedures (for example, targeted analytical procedures performed
at a detailed level such as at the line-item or location level) to items that
do not exceed that given amount or possess the unusual characteristic or
(b) apply no detailed auditing procedures to them because there is an acceptably
low risk of material misstatement existing in the remaining items. Again, the
auditor is not using audit sampling when applying procedures in this manner.
Rather, the auditor has segregated the account or class of transactions into two
groups. One group is tested 100 percent; the other group is tested by analytical
or other auditing procedures or remains untested based on the low level of risk
of material misstatement in the portion not subjected to 100 percent testing.
1.12 For the same reason, cutoff tests often do not involve audit sampling
applications. In performing cutoff tests, auditors often examine all significant
transactions for a sufficient period surrounding the cutoff date and, as a result,
such tests often do not involve the application of audit sampling. However,
one could design cutoff tests by using audit sampling when the volume of
transactions during the period of interest is high.

Some Tests of Controls May Not Involve Audit Sampling

1.13 Auditors choose from a variety of methods, including inquiry, obser-
vation, inspection of documentary evidence, and reperformance, in evaluating
the implementation of controls. Although many procedures where documen-
tary evidence is examined or where the auditor reperforms a control involve
audit sampling, many of the other methods may not involve sampling. Certain
types of tests of controls, because of the nature of the procedures used, do not
normally involve audit sampling. For example, tests of automated application
controls are generally tested only once or a few times when effective IT general
controls are present, and thus do not rely on the concepts of risk and tolerable
deviation as applied in other sampling procedures. Sampling generally is not

AAG-SAM 1.13
10 Audit Sampling

applicable to analyses of controls for determining the appropriate segregation

of duties or other analyses that do not examine documentary evidence of per-
formance. In addition, sampling may not apply to tests of certain documented
controls or to analyses of the effectiveness of security and access controls. Sam-
pling also may not apply to some tests directed toward obtaining audit evidence
about the operation of the control environment or the accounting system, for
example, inquiry or observation of explanation of variances from budgets when
the auditor does not desire to estimate the rate of deviation from the prescribed
control, or when examining the actions of those charged with governance for
assessing their effectiveness.
1.14 In addition, when the performance of a control is not documented or
evidenced, such as the performance of an automated control where no record of
the control performance is retained, the concept of sampling such a control in
the conventional sense may not be meaningful. For example, such a test may
be performed contemporaneously with its occurrence or tested with a test deck
of data with known properties that are designed to test the automated controls,
and the extent of testing and the periods included in the test are determined
based on the quality of the related IT general controls. Such tests often do not
involve audit sampling.

Tests of Controls When Extrapolation Is Not Intended

1.15 Observation of a client's physical inventory count activities is a test
usually performed primarily through the auditor's observation of the operation
of controls over inventory movement, counting procedures, and other activi-
ties used by the client to control the count of the inventory. The auditor's test
counts of client counts may not be for extrapolating results, but may be for
determining the adequacy and accuracy of the count procedures. Nevertheless,
the auditor considers the deviations and misstatements found. As such, when
discrepancies in the count are identified, an assessment is made of the rea-
sons for the discrepancy, and a recount may be indicated for some or all of the
inventory items by a count team or in a location until the auditor is satisfied
that the count is accurate. Using this procedure during the count may not
involve the application of audit sampling. Even when extrapolation is not
intended, the auditor still considers issues such as the extent of procedures
performed and the possibility of bias in the selection of sample items.

Procedures That Do Not Evaluate Characteristics

1.16 Procedures from which the auditor does not intend to extend the
resulting conclusion to the remaining items in the account balance or class
of transactions do not require audit sampling. The auditor does not use audit
sampling when he or she applies an auditing procedure to less than 100 percent
of the items in an account balance or class of transactions as something other
than evaluating a trait of the entire balance or class. For example, an audi-
tor might trace several transactions through an entity's accounting system to
obtain an understanding of the design of the entity's internal control. In such
cases, the auditor's intent is to gain a general understanding of the accounting
system or other relevant parts of the internal control, rather than to evaluate
a characteristic of all transactions processed. As a result, the auditor may not
be using audit sampling.
1.17 Occasionally, auditors perform such procedures as checking arith-
metical calculations or tracing journal entries into ledger accounts on less than

AAG-SAM 1.14
 Characteristics of Audit Sampling 11
a 100 percent (test) basis. When such procedures are applied to less than 100
percent of the arithmetical calculations or ledger postings that affect the finan-
cial statements, audit sampling may not be involved if the procedure is not a
test to evaluate a characteristic of an account balance or class of transactions,
but is intended to provide only limited evidence that supplements the auditor's
other audit evidence regarding a financial statement assertion or is designed
to provide evidence only about the items tested.

Untested Balances
1.18 The auditor might decide that he or she need not apply any detailed
audit procedures to an account balance or class of transactions if the auditor
believes that there is an acceptably low risk of material misstatement existing
in the account or class. Audit sampling is not relevant to untested balances.

Tests of Automated IT Controls

1.19 IT systems process transactions and other information consistently
unless the systems or programs (or related tables, parameters, or similar items
that affect how the programs process the data) are changed. Therefore, when
testing the operations of automated controls, the auditor may adopt the strat-
egy of testing one or a few of each type of transaction at a point in time and
test general controls (for example, controls over implementation and changes
to systems and programs, access and security, and computer operations) to
provide evidence that the automated controls have been operating effectively
over the audit period. When IT general controls are tested and determined
to be effective, a single test of an automated control for each type of control
operation may be sufficient to place reliance on the automated control during
the period of the audit examination.

1.20 Because distinguishing between audit procedures involving audit

sampling and procedures not involving audit sampling might be difficult, the
next section of this chapter discusses the distinction between procedures that
do and do not involve audit sampling.

Sampling and Nonsampling Audit

Procedures Distinguished
1.21 An account balance or class of transactions may be examined by a
combination of several audit procedures. These procedures might involve audit
sampling. An illustration can help clarify the distinction between procedures
that do or do not involve audit sampling. An auditor might be examining fixed
asset additions of $2 million. These might include 5 additions totaling $1.6
million related to a plant expansion program and 400 smaller additions con-
stituting the remaining $400,000 recorded amount. The auditor might decide
that the 5 large additions are individually significant and need to be examined
100 percent and might then consider whether to apply audit sampling to the
remaining 400 items. This decision is based on the auditor's determination of
tolerable misstatement for the sample and the assessment of the risks of ma-
terial misstatement in the $400,000, not on the percentage of the $2 million
individually examined (in this case, 80 percent). Several possible approaches
are discussed in the following 3 situations.

AAG-SAM 1.21
12 Audit Sampling

1.22 Situation 1. The auditor has performed other procedures related to

fixed-asset additions, including the following:
r Risk assessment procedures
r The consideration of related controls, which supported a low level
of assessed control risk
r A review of the entries in the fixed asset ledger, which revealed
no unusual items
r An analytical procedure, which suggested the $400,000 recorded
amount, does not contain a material misstatement
1.23 In this situation, the auditor might decide that sufficient audit evi-
dence regarding fixed-asset additions has been obtained without applying audit
sampling to the remaining individually insignificant items. Therefore, the con-
cept of audit sampling would not apply unless a sample is selected.
1.24 Situation 2. The auditor has not performed any procedures related
to the accuracy of the remaining 400 items, but, nonetheless, decides that any
misstatement in those items would be immaterial. The physical existence of
the assets was verified by other procedures. The only remaining exposure is
assessed to be the risks of material misstatement in the accuracy of the recorded
amounts, which, based on the simple cash based purchases and controls over
disbursements, the auditor has assessed to be low. Therefore, the concept of
audit sampling would not apply unless a sample is selected.
1.25 Situation 3. The auditor has performed some or all of the same
procedures as in situation 1, but concludes that some additional audit evidence
about the 400 individually insignificant additions will be obtained through
audit sampling. In this case, the information in AU-C section 530 and this
guide assists the auditor in planning, performing, and evaluating the audit
sampling application.

Terminology Used in This Guide

1.26 The terms used in this guide are consistent with those in AU-C sec-
tion 530 and other professional standards. Some auditors may be familiar with
other terms, including precision, confidence level, reliability, alpha risk, and
beta risk, which are often used in discussions of statistical sampling. AU-C
section 530 does not use those terms because it applies to both statistical and
nonstatistical sampling and, therefore, nontechnical terms are more appropri-
ate. Also, certain statistical terms, such as reliability and precision, have been
used with different meanings. Auditors may use various terms in their practice,
as long as they understand the relationship of those terms to the concepts in
AU-C section 530 and this guide. Terms used in this guide or found in various
auditing literature are defined in the glossary found in appendix G, "Glossary."
Some of those relationships follow.

Reliability or Confidence Level

1.27 AU-C section 530 and AU-C section 200, Overall Objectives of the
Independent Auditor and the Conduct of an Audit in Accordance With Generally
Accepted Auditing Standards (AICPA, Professional Standards), use the concept
of risk instead of reliability (or confidence level). However, statistical sampling
literature often uses the terms reliability and confidence level. In addition, other
auditing standards use the term assurance, a concept related to confidence or

AAG-SAM 1.22
 Characteristics of Audit Sampling 13
reliability. Additionally, some auditors express the sampling guidance in their
audit approaches in terms of assurance, and not risk. Risk is the complement
of reliability or confidence level. For example, if an auditor accepts a 10 percent
sampling risk, the reliability or confidence level is specified as 90 percent. The
term risk is more consistent with the auditing framework described in the
SASs. Audit professionals are advised to be familiar with the various terms
that are relevant to audit sampling.

Sampling Risk
1.28 Paragraph .05 of AU-C section 530 defines sampling risk in terms of
two types of erroneous conclusions:
a. In the case of a test of controls, that controls are more effective
than they actually are, or in the case of a test of details, that a
material misstatement does not exist when, in fact, it does. The
auditor is primarily concerned with this type of erroneous conclu-
sion because it affects audit effectiveness and is more likely to lead
to an inappropriate audit opinion.3
b. In the case of a test of controls, that controls are less effective
than they actually are, or in the case of a test of details, that a
material misstatement exists when, in fact, it does not. This type
of erroneous conclusion affects audit efficiency because it would
usually lead to additional work to establish that initial conclusions
were incorrect.4
Other sampling literature and paragraph .A13 in the "Application and Other
Explanatory Material" section of AU-C section 530 term the risks in preceding
subparagraph a as the risk of overreliance (for controls) and the risk of in-
correct acceptance (for substantive testing). Formal statistical literature often
terms this risk as beta risk. The risks described in preceding subparagraph b
are also termed in prior AICPA and other sampling literature as the risk of
underreliance (for controls) and the risk of incorrect rejection (for substantive
tests). Formal statistical literature often terms this risk as alpha risk. Both
alpha risk and beta risk (sometimes referred to as risks of type I and type II
errors) are statistical terms that have not always been consistently applied in
the auditing literature.

Precision
1.29 Precision might be used both as a planning concept and an evalua-
tion concept for audit sampling. Rather than the term precision, AU-C section
530 uses the difference between the expected deviation rate or expected mis-
statement amount and the tolerable deviation rate or tolerable misstatement
as a measure of precision.5

3
AU section 350, Audit Sampling (AICPA, Professional Standards), used the specific terms risk
of assessing control risk too low (when sampling for tests of controls) and risk of incorrect acceptance
(for substantive testing).
4
AU section 350 used the specific terms risk of assessing control risk too high (controls) and risk
of incorrect rejection (substantive).
5
This edition of the guide, as well as prior editions, use the term allowance for sampling risk to
represent precision. Precision is a term used in statistical sampling.

AAG-SAM 1.29