AUDIT SAMPLING

Session 1: Explaining the Concepts and Principles in Audit Sampling

Means of selecting items for testing

1. Selecting all items (100% examination)

2. Selecting specific items

3. Audit Sampling

When designing tests of controls and tests of details, the auditor shall
determine means of selecting items for testing that are effective in meeting
the purpose of the audit procedure - ISSAI 1500:10

1. Selecting all items (100% examination)

Examination of the entire population of items that make up a class of
transactions or account balance Unlikely in the case of tests of
controls, common for test of details
Appropriate when:
The population consists of a small number of large value items
 There is a high audit risk
 Auditors use computer-assisted audit techniques

2. Selecting Specific items

 High value or key items
High value items - those of high value
Key items - Items that exhibit some other characteristic such as being
suspicious, unusual, risk-prone or having a history of error
 All items over a certain amount - those with recorded values
exceed a certain amount so as to verify a large proportion of the total
amount of a class of transactions or account balance
 Items to obtain information - those to obtain information about
matters such as the nature of the entity or the nature of transactions

3. Audit Sampling
The application of audit procedures to less than 100% of items within a class
of transactions or account balance such that all sampling units have a
chance of selection in order to provide the auditor with a reasonable basis on
which to draw conclusions about the entire population

Can be used in:

 Test of controls
 Substantive tests of details
 Dual purpose tests

Not applicable to:

 Inquiry and Observation

 Analytical Procedures

Benefits:

 More expeditious review of working papers

 Reduced audit costs
 Minimized risk of over- auditing

Means of Selecting Items for Testing

The application of any one or combination of these means may be

appropriate depending on the particular circumstances, such as the risks of
material misstatement related to the assertion being tested, and the
practicality and efficiency of the different means (ISSAI 2500.A52)

Concepts in sampling

 Sampling
 Population
➤ The entire set of data from which a sample is selected
➤ The "universe"
 Sampling Unit
➤ The individual items constituting a population
 Sample
➤ Collection of sampling units drawn from the population

Audit Risk and Confidence Level

 Sampling Risk

The risk that the auditor's conclusion based on a sample may be

different from the conclusion had the entire population were subjected
to the same audit procedure.

Confidence Level
 The probability that the sample will produce accurate results

Example:
95% confidence level: If a particular test was performed 100 times, the
results would be accurate 95 times, with a risk that 5 tests will produce
inaccurate results (or 5% beta risk)
 90% or 95% confidence levels are recommended
 The mathematical complement of sampling risk

CONSIDERATION CONFIDEN RISK

CE LEVEL
Test of Controls 90% 10%
 There are evidence obtained from other
sources such as tests of operational
effectiveness or related controls

Test of Details
 The class of transactions/account
balance/disclosure being tested is below
performance materiality
 There are evidence obtained from other
sources such as analytical review and other
substantive procedures
Test of Controls 95% 5%
 There are no evidence obtained from other
sources such as tests of operational
effectiveness or related controls

Test of Details
 The class of transactions/account
balance/disclosure being tested is above
performance materiality
 There are no evidence obtained from other
sources such as analytical review and other
substantive procedures

Non-Sampling Risk

• The risk that the auditor reaches an erroneous conclusion for any reason
not related to sampling risk

• Examples:

• Use of Inappropriate audit procedures

• Misinterpretation of audit evidence

• Failure to recognize a misstatement or deviation

• Cannot be measured

• Can be reduced to an acceptable level by adequate planning and

supervision of audit work and by implementing an effective quality
control system.
Sample Selection Methods
1. Random Sampling

2. Systematic Sampling

3. Monetary Unit Sampling

4. Test Audit Day Scheme

5. Not recommended methods: Haphazard Selection and Block

Selection

The auditor shall set items for the sample in such a way that each sampling
unit in the population has a chance of selection-ISSAI 2530:8

1. Random Sampling
 Allows each item in the population an equal chance of being selected
 Useful when: there is a unique identification number for every
sampling unit in the population

2. Systematic Sampling
 Allows every sampling unit in the population equal chance of being
selected
 Selection of every nth item from a population of sequentially
ordered items (n is the sampling interval)
 Useful when:
o Population items lack identification numbers
o There is no list of items
3. Monetary Unit Sampling
 A.k.a. Probability-Proportional-to-Size Sampling
 Uses pesos as sampling units-higher value, higher chances of being
selected
 Uses sampling interval (like systematic sampling) and RNS
 Useful when:
o The auditor gives greater importance to items with higher values
o There is a list of all items in the population, together with their
monetary values.
 Cannot be applied if there are transactions with balances equal to
zero (or negative, rarely)-exclude these items first
 4. Test Audit Day Scheme
 Used for purposes such as determining whether the day's collection
was deposited intact on the day following the date of collection
 The sampling units are the working days in a year. The samples are
called test days. All transactions in a test day will be audited.
 There should be at least 6 test days per month, including the
mandatory test days (last working day of each month and first
working day of January), for a total of 72 test days a year.
 The Random Number Table #1 will be used to determine the test days.

Steps in applying sampling procedures in test of

controls

1. Use the Audit Sampling Working Paper-Test of Controls

2. Define specific risk control(s)
3. Define the objectives
4. Define what constitutes a deviation
5. Describe the population to be tested
6. Determine the sample size
 7. Choose a sample selection method
8. Perform the test and conclude

1.Use the Audit Sampling Working Paper-Test of Controls

2.Define specific risk control(s)

In the Results of Risk Assessment at the Assertion Level (RRAAL) Template of

Financial Audit Manual (FAM), the risk controls to be tested are the ones
which have adequate control design.

Multiple specific risk controls may be

tested using one sampling working paper.

Example:

a.Approval of Requisition and Issue Slips

(RIS) supported with valid doctor's prescription

b. Signature of end-user in the RIS

3.Define the objectives

Objective of test of controls: to obtain evidence of the operating

effectiveness of certain risk controls during the period covered by the test

Operating effectiveness - the controls are being applied as designed on a

sufficiently consistent basis

Example:
To test the operating effectiveness of the control that the prescribed approval
of RIS with valid doctor's prescription is obtained before issuance of drugs
and medicines

4.Define what constitutes a deviation

Define the conditions by which items will be considered deviations.

Deviations - Non-performance of a prescribed risk control

Example:

 Approval of RIS without valid doctor's prescription

 Absence of signature of end-users in the RIS

6.Determine the sample size

If population < 300:

• Determine sample size for controls operating less than daily

Control Operates Used Population Suggested Expected

Minimum Sample Number of
Size Deviation
Weekly 54 10 0
Semimonthly 24 8 0
Monthly 12 4 0
Quarterly 4 2 0

• OR use a sample size of at least 30

Factors to consider:

1. Confidence level
• Choose either 95% or 90%
• May consider if there are other sources of evidence
Example:
Suppose that we assume a risk of assessing control risk too low of 5%,
meaning, we will choose a 95% level of confidence.
2. Tolerable rate of deviation
 Tolerable rate of deviation - the maximum rate of nonperformance in a
prescribed control that the auditor is willing to accept and still rely on that
risk control

Likelihood high 6% 4% 4%
of material moderate 8% 6% 4%
misstateme low 8% 8% 6%
nt arising Strong some none
from
control
failure
Existence of compensating controls
that reduce impact or failure

Example:

We choose a tolerable rate of deviation of 6% due to the moderate likelihood

of material misstatement arising from control failure and existence of some
compensating controls.

3. Expected rate of deviation

Based on either:
A. The auditor's understanding of the relevant controls
Expected Rate of
Factor Deviation Category
Low Modera High
te
Assessment of Stron Sound Adequate
quality of accounting g
and internal control
systems
Changes to None Some Substanti
accounting and or al
internal control mino
systems and r
personnel
Results of prior or None Few Many
other current period
audit procedures
Example:

Internal control systems are assessed as strong so we came up with a low

expected rate of deviation. Between 0 and 1%, we will choose 1% since we
expect such rate of deviation to occur in the population.
 Zero expected deviation rate may be used when test is to be done on
computerized transactions since the auditor generally does not expect
a deviation from risk control unless there is an error in the program or
design of the system.

B. Examination of a small number of items from the population

7.Choose a sample selection method

Choose either Random Sampling or Systematic Sampling

8.Perform the test and conclude