Topic: Audit Sampling

According to PSA 500 (Audit Evidence), the application of any one or combination of the following means of selecting items for testing
to gather audit evidence is available to the auditor:
I. Selecting all items (100% examination)
II. Selecting specific items
III. Audit sampling

Any or combination of the above means may be appropriate depending on the particular circumstances, such as:
• The risks of material misstatement related to the assertion being tested; and
• The practicality and efficiency of the different means

It is important to note that while both of the above factors are considered in determining which means (or combination of means) to use,
the auditor should obtain assurance that the methods to be used will be effective to meet the objectives of the audit procedure.

According to PSA 500, a 100% examination may be appropriate when:

• The population constitutes a small number of large value items
• There is a significant risk and other means do not provide sufficient appropriate audit evidence
• The repetitive nature of a calculation or other process performed automatically by an information system makes a 100%
examination cost effective, for example, through the use of computer-assisted audit techniques (CAATs).

PSA 500 states that the auditor may decide to select specific items from a population based on such factors as the auditor’s
understanding of the entity, the assessed risk of material misstatement, and the characteristics of the population being tested. Specific
items that may be selected for testing may include:
• High value or key items – items that are of high value or exhibit some other characteristics like those that are unusual,
suspicious, risk-prone, etc.
• All items over a certain amount – items whose values exceed a certain amount so as to verify a large proportion of the total
amount of a class of transactions or an account balance.
• Items to obtain information – items that provide specific information like the nature of the entity, the nature of transactions,
and internal control.

As defined in PSA 530 (Audit Sampling), audit sampling involves the application of audit procedures to less than 100% of items within
a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable
basis on which to draw conclusions about the entire population.

Population, as defined in PSA 530, means the entire set of data from which a sample is selected and about which the auditor wishes to
draw conclusions. It is important for the auditor to ensure that the population is
I. Appropriate to the objective of the audit procedure
II. Complete

The auditor should ensure that the population is appropriate to the objective of the audit procedure, which includes consideration of the
direction of the test to be applied. For example, the appropriate population to test for overstatement of accounts payable will be the
accounts payable listing. However, if the auditor’s objective is to test for understatement of accounts payable, the appropriate
population is not the accounts payable listing but the subsequent disbursements, unpaid invoices, vendors’ statements, or other audit
evidence that will satisfy the objective of the test.

It is also important for the auditor to ensure that the population is complete. For example, if the sample is to be drawn from the
vouchers file, the auditor should be satisfied that all vouchers have, in fact, been filed.

The two general approaches to audit sampling are statistical and nonstatistical.

A statistical sampling plan should have the following characteristics:

a. Random selection of a sample; and
b. Use of probability theory to evaluate sample results, including measurement of sampling risk.

A nonstatistical sampling plan is any sampling plan which, according to the standard, does not have the characteristcs of statistical
sampling.

Stratification is the process of dividing a population into discrete subpopulations (also called strata), each of which is a group of
sampling units which have similar characteristics (often monetary value). Value weighted is a selection method in which the sampling
unit is identified as the monetary units that make up a transaction class or an account balance.

Random selection gives each sampling unit a chance of being selected. Conversely, nonrandom selection does not give each
sampling unit a chance of being included in the sample.

Precision is the allowance of sampling risk. Reliability (also called confidence level) is the degree to which the sample selected is
expected to be representative of the population. It is the mathematical component of sampling risk.

According to PSA 530, the principal methods of selecting samples are as follows:
a. Use of computerized random number generator (through CAATs) or random number tables.
b. Systematic selection, in which every nth item from a population of sequentially ordered items is selected.
c. Haphazard selection, in which the sample is selected without following a structured or organized approach, but also without
conscious bias. This selection method is inappropriate for statistical sampling but may be useful for nonstatistical sampling
plans.

Statistical sampling involves the application of the laws of probability that enables the auditor to design an efficient sample (i.e., a
sample that is neither too large nor too small), to measure the sufficiency of the audit evidence obtained, and to evaluate the sample
results.

In some circumstances, a nonstatistical sampling plan may be more appropriate to minimize the failure to detect errors and fraud.
Nonsampling erros do not relate to audit sampling. These are human errors like the auditor’s use of inappropriate procedrues or failure
to recognize an error because of misinterpretation of audit evidence obtained. In addition, nonsampling errors arise because of the fact
that most of the audit evidence is persuasive rather than conclusive.

Both statistical and nonstatistical sampling may be used to reduce audit risk. Moreover, statistical sampling is irrelevant to materiality.

As defined in the standard, sampling risk arises from the possibility that the auditor’s conclusion based on a sample may be different
from the conclusion reached if the entire population were subjected to same audit procedure. Stated another way, sampling risk arises
from the fact that a sample may not be representative of the population from which it was drawn.

In performing tests of controls, the two aspects of sampling risk are:

1. The risk of assessing control risk too high is the risk that the assessed level of control risk based on the sample is greater
than the true operating effectiveness of the control.
2. The risk of assessing control risk too low is the opposite of assessing control risk too high. It is the risk that the auditor
may believe that a control is operating effectively when it is not.

The two aspects of sampling risk in substantive testing are:

1. The risk of incorrect rejection is the risk that a sample supports the conclusion that the account balance is materially
misstated when, unknown to the auditor, the account balance is not materially misstated (i.e., it is fairly stated).
2. The risk of incorrect acceptance is the risk that a sample supports the conclusion that the account balance is not materially
misstated (i.e., it is fairly stated) when, unknown to the auditor, the account balance is materially misstated.

If an auditor erroneously accepts an account balance as fairly stated, it is unlikely that additional audit procedures will be performed.
Thus, the probability that the erroneous conclusion will be discovered is minimal, thereby decreasing the effectiveness of the audit.

An auditor’s rejection of a fairly stated account balance is most likely to result in performing extended substantive testing that will
ultimately lead to the acceptance of the balance. Hence, the risk of incorrect rejection affects the efficiency of the audit.

Assessing control risk too low leads to an unjustifiable reduction in susbtantive testing which, in turn, results in obtaining insufficient
audit evidence, thereby decreasing the effectiveness of the audit. Conversely, assessing control risk too high results in an unjustified
increase in substantive testing and thus affecting the efficiency of the audit.

According to the standard, sampling risk arises from the possibility that the auditor’s conclusion based on a sample may be different
from the conclusion reached if the entire population were subjected to the same audit procedure. It is the risk that, unknown to the
auditor, the sample selected is not representative of the population.

Under random-based selection, each item has a known chance of being selected. The auditor typically uses random number tables or
a computerized random number generator (through CAATs) in applying this method.

Systematic selection involves selecting every nth item from the population. The number of items to skip is determined by calculating the
sample interval (population size divided by sample size). Under this method, there is no need to establish correspondence between
population items and random numbers.

PSA 530 states that when using systematic selection, the auditor would need to determine that sampling units within the population are
not structured in such a way that the sampling interval corresponds with a particular pattern in the population.

Attribute sampling is designed to test the rate of deviation from a prescribed control procedure.

Variables samping is designed to test whether an account balance is materially misstated.

A variable sampling plan is designed to test whether an account balance is materially misstated and therefore addresses numerical
measurements at peso value. Attribute sampling deals with deviation rates, not numerical measurements.

Random-number sampling is a selection method and may be used with either an attribute or a variable sampling plan.

Stop-or-go sampling (also called sequential sampling) is a form of attribute sampling. In stop-or-go sampling, the sample is selected in
several steps (i.e., not only a single sample is tested). For each step, the auditor decides whether to stop the test or to proceed to the
next step.

To determine the sample size for tests of controls, the auditor considers the following factors:

Conditions Leading to
Factor Smaller Sample Size Larger Sample Size
1. Planned reliance on internal Lower reliance on internal control Higher reliance on internal control
control1
2. Tolerable deviation rate (TDR)2 Higher TDR Lower TDR
3. Allowable risk of assessing Higher allowable risk of assessing control Lower allowable risk of assessing control
control risk too low risk too low risk too low
4. Expected population deviation Lower EDR Higher EDR
rate (EDR)3
5. Number of sampling units in the Negligible effect on sample size unless population is small
population

1The auditor does not perform tests of controls when no reliance on internal controls is planned.
2 The TDR is the rate of deviation from the prescribed control activity that the auditor is willing to accept.
3 The EDR is the rate of deviation from the prescribed control activity that the auditor expects to find in the population.

The TDR is inversely related to the sample size – that is, as the TDR increases, the sample size decreases.
The EDR has a direct effect on the samples size – that is, as the expected deviation rate increases, the sample size increases.
An increase in the EDR increases the degree of assurance to be provided by the sample and therefore increases the sample size.
The risk of assessing control risk too low is determined based on the auditor’s judgment and does not necessarily increase with the
EDR.
Sampling risk is the difference between the maximum deviation rate (also called upper precision limit) and the sample deviation rate.
The tolerable deviation rate is determined based on the auditor’s judgment. It is a function of the planned assessed level of control risk
and the level of assurance the evidence is expected to provide. It does not necessarily increase with the EDR.

Deviations from a specific control activity increase the risk of, but do not always result in, misstatement. Hence, deviations from a
specific control activity at a given rate ordinarily result in misstatements at a lower rate.
As the population size increases, the sample size increases at a decreasing rate. Thus, a large population size will have little or no
effect on the sample size.

The auditor’s failure to apply the planned audit procedures or to perform alternative procedures to selected items requires consideration
of the reasons for the limitation. Moreover, the auditor considers such items as deviations from the prescribed control procedures for
the purpose of evaluating the sample.

In an attribute sampling plan, the auditor’s concern is the occurence rate of deviations in the population. This statistical sampling plan
enables the auditor to make an estimate of the occurence rate and to arrive at a conclusion concerning the relation of the population
deviation rate to the tolerable deviation rate.

If the sample deviation rate is less than the tolerable rate, the auditor will conclude that the control tested is functioning effectively.
However, if true population deviation rate exceeds the tolerable rate, the auditor’s assessment of control risk would be lower than
appropriate, that is, too low.
The auditor’s assessment of control risk is too high if the sample deviation rate exceeds the tolerable rate, but the true population
deviation rate is less than the tolerable rate.
The auditor’s conclusion is correct if the sample and population deviation rates are both greater or less than the tolerable rate.
Moreover, assessing control risk too high concerns the efficiency, not the effectiveness, of the audit because it typically leads to the
performance of additional audit procedures to ultimately arrive at the correct conclusion.

Precision (also called confidence interval) is the range within which the estimate of the population characteristic is expected to fall. It is
an interval around the sample statistic that is expected to contain the true population value.
Confidence level refers to the auditor’s measure of how reliable the sample results should be.
The upper deviation limit, as it suggests, is the upper limit of the precision or confidence interval.

The auditor considers the following factors in determining the sample size for substantive tests of details:
Conditions Leading to
Smaller Sample Size Larger Sample Size
a. Reliance on internal control Higher reliance on internal control Lower reliance on internal control
b. Reliance on other substantive Higher reliance to be placed on other Lower reliance or no reliance to be placed
tests directed at the same substantive tests on other substantive tests
assertion
c. Measure of tolerable error Larger measure of tolerable error Smaller measure of tolerable error
d. Expected size and frequency of Smaller errors or lower frequency Larger errors or higher frequency
errors
e. Population value Smaller monetary significance to the Larger monetary significance to the
financial information financial information
f. Acceptable level of risk Higher acceptable level of risk Lower acceptable level of risk
g. Stratification Stratification of the population when No stratification of the population
appropriate
h. Number of sampling units in the Negligible effect on sample size unless population is small.
population

Anomalous error is an error that arises from an isolated event that has not recurred other than on specifically identifiable occassions
and is therefore not representative of similar errors in the population.
PSA 530 states, “When an error has been established as an anomalous error, it may be excluded when projecting sample errors to the
population.”

Variables sampling is designed to estimate the value of a population, for example, an account balance. Hence, the estimate is
quantitative, not qualitative.

The tolerable misstatement is the maximum amount of misstatement that may exist in an account balance without causing the financial
statements to be materially misstated. The combined tolerable misstatement for an entire audit should not exceed the auditor’s
preliminary estimate of materiality for the financial statements taken as a whole.
As the audit progresses, the auditor may decide to change the tolerable misstatement like when he/she discoveres that incorrect
planning assumptions were used.
The auditor’s business risk is irrelevant to the determination of tolerable misstatement.
Qualitative factors should be considered when determining the tolerable misstatement for the sample. For example, the auditor should
consider the nature and cause of misstatements and their impact on other phases of the audit.

If the cost and effort of selecting additional items are low, the auditor may accept a higher risk of incorrect rejection.
A decrease in the risk of incorrect rejection is required if increased reliability (confidence level) from the sample is desired.
The account balance is more likely to be misstated if many differences are expected and therefore incorrect rejection is less likely.
Control risk relates to tests of controls whereas incorrect rejection relates to substantive testing.

Stratification involves dividing the population into homogenous groups called strata or subpopulations, thus reducing the effect of high
variability of amounts in the population. Because the variability of items within each subpopulation or stratum is reduced, the auditor
will be able to select a smaller sample for each subpopulation.

The auditor should stratify the population to ensure that “unusually large transactions” will be tested. Sampling procedures will then be
applied to those smaller transactions.