HOW TO GUIDE

DECIDING WHEN IT IS
APPROPRIATE TO USE AN OSP
SAMPLING APPROACH
 CONTENTS INTRODUCTION
SAMPLING APPROACHES - HOW TO GUIDE

Audit sampling is the application of audit procedures to less than 100% of items

1 Is using a sampling approach

always the right solution?
within a population where all items have an equal chance of selection. Audit
sampling is designed to enable conclusions to be drawn about an entire population
on the basis of testing a sample drawn, without bias, from it.
This How to Guide aims to provide practical guidance for designing audit tests and

2
determining when it is most appropriate for us to use an OSP (Other Substantive
How can we use DATs as an Procedure) sampling approach.
effective and efficient alternative to
In an effort to obtain sufficient appropriate audit evidence, we often use audit
sampling OSPs?
sampling procedures to ‘…draw conclusions about the population from which a

3
sample is selected.’1 There are many ways we can test financial statement areas
(FSAs) and audit assertions using Tests of Control (TOC), sampling and non-
Is a sampling OSP always
sampling OSPs, Substantive Analytical Procedures (SAP), or Data Analytics Tests
appropriate?
(DAT). Our role as an engagement team is to consider and determine the most
effective and efficient audit approach for each FSA and assertion.

4 How can we perform sampling

OSPs?
Although BDO’s methodology (i.e., policies, procedures, and guidance) follow
International Standards on Auditing (ISAs) issued by the International Auditing and
Assurance Standards Board (IAASB), many BDO firms also operate in jurisdictions
that have their own auditing standards and regulatory requirements, which may

5
go beyond those required by the ISAs. In applicable sections, we have highlighted
How to Guide tips certain incremental requirements for audits conducted under the Public Company
Accounting Oversight Board (PCAOB) standards.
Engagement teams who want to find out more about sampling approaches or
concepts can access additional How to Guides here.

1 International Standard on Auditing, ISA 530 - Audit Sampling, paragraph 4.

GO FORWARD

GO BACK

REVEAL ADDITIONAL INFORMATION

02

RETURN TO INDEX
SAMPLING APPROACHES - HOW TO GUIDE

1.
The answer to this question is ‘No’.
Professional standards outline various requirements when deciding to use audit sampling. In the context of each audit, we
use our professional judgment to determine whether we need to design an audit response that includes some element of
sampling.
Just as with any audit, the appropriateness of using a sampling approach is going to be determined by the facts and
circumstances of the engagement, the risks that we are responding to and the underlying data that is being tested. In some
circumstances the answer to the original question may be a ‘Yes’ – there may be no alternative to having to perform a
sample (particularly in a population which comprises very similar types of balances or highly consistent attributes or in
many cases when testing the Existence assertion). Alternatively, there may be a range of approaches we can consider first
before we decide to go down a sampling route, based on the nature of the risk being responded to or the FSAs, balances or
assertion(s) being tested.
Is using a sampling One of the first steps we consider is the type of test(s) we plan to perform.

approach always the OUR MIX OF POTENTIAL AUDIT PROCEDURES

The BDO Audit Approach enables us to select different types of tests (or a mix of tests) depending on the nature of the FSA
right solution? and relevant assertions being tested. Some of these audit procedures contain an element of sampling, some do not. For
example, in this illustration, we can see how different combinations of test types could include elements of TOC or OSP
sampling procedures (as indicated by the white target signs):
SECTION 1
03
SAMPLING APPROACHES - HOW TO GUIDE
In addition, use of audit data analytics (ADA) could result in a population being analyzed for risk
assessment purposes or to obtain assurance through use of DATs. Use of DATs could be applied
to the whole population or a sub-population. Alternatively, DATs could be used in combination
with OSPs or SAPs. While there are many more additional mixes of procedures, the nature of the
procedures we plan to perform has a direct impact on whether we use a sampling approach or
not.
AVOIDING A ‘SAMPLING FIRST’ APPROACH TO DESIGN AUDIT RESPONSE
Neither professional standards nor the BDO Audit Approach require that the starting point
for designing our audit response has to be based on procedures that include an element of
sampling. When designing our audit strategy, we use our professional judgment to design
tailored audit procedures for each scoped in FSA and assertion by taking into account:
• The nature and the level of the individual risk of material misstatement (RMM) that we have
identified for these assertions, and
• Matters we have identified that affect the nature and timing of testing required.
We also consider key concepts such as ‘sufficiency’, ‘appropriateness’, ‘reliability’ and
‘relevance’ when deciding on the mix and types of procedures we plan to design, choosing
the most effective and efficient combination of procedures. Reliability refers to the accuracy
and completeness of information produced by the entity (IPE) and we also consider whether
the information we are using in our audit procedures is sufficiently precise and detailed for
our purposes. Many factors help us decide on effectiveness and efficiency of the procedures
available to us; these include:
• The nature of the balance we are auditing and the RMMs we have identified
• Our assessment of the RMM level for each scoped in FSA and assertion (being either normal
R=2.0 or significant R=3.0)
• The extent to which the procedure can make use of other tests performed (for example,
performance of ADA or computer-assisted audit tests to provide insights into the nature of a
balance)
• The design and implementation (D&I) of controls and whether they are likely to operate
SECTION 1
effectively – if so, then TOCs may be an option to consider
• Whether the balance is highly susceptible to management override or fraud – if so, TOCs are
unlikely to be a good option
04
• The reliability of data – if it is not reliable, then SAPs may not be a good option
• The predictability of the FSA or relationship to other FSAs – if it is somewhat predictable,
SAPs are likely to be a good option
• The requirements of relevant professional standards
• If it is appropriate to use sampling (for example, if the population may be incomplete)
• The timing of our procedure(s).
Different facts and circumstances may lead to different audit strategies and planned tests:
Entity ABC has effective controls, the engagement team decides to perform TOCs
(which rely on sampling).
EXAMPLE
As professional standards require auditors not to rely solely on a TOC-based
approach, the engagement team plans to perform an additional OSP to analyze
various transactions using a sampling approach.
In this instance the engagement team has selected procedures that contain two
different types of sampling.
Both ISA and PCAOB standards require that the approach for significant risk areas includes
substantive procedures that are specifically responsive to the identified risks. In addition,
where our approach consists of only using substantive procedures (no controls reliance) – the
ISA standards require these procedures include test of details.
AUDITS OF ISSUERS2 UNDER THE PCAOB STANDARDS
PCAOB standards highlight that, for significant risks, the auditor should perform
substantive procedures, including tests of details, that are specifically responsive to the
assessed risks, regardless of which testing strategy is used, as it is unlikely that audit
evidence obtained from substantive analytical procedures alone will be sufficient.
To comply with PCAOB standards it is important to ensure that we include substantive
tests of details that are specifically responsive to each of the significant risks that have
been identified.
2 The term ‘Issuer’ is defined under PCAOB Rule 1001(i)(iii).
SAMPLING APPROACHES - HOW TO GUIDE

The nature of some FSAs (e.g., expenses) may mean that they could be tested using OSP sampling but have
characteristics that may provide a more effective approach using other techniques (such as DAT, SAP and/or
OSP procedures).
DISCOVER ALTERNATIVE WAYS TO TEST EXPENSES USING NON-SAMPLING
PROCEDURES
SECTION 1
05
SAMPLING APPROACHES - HOW TO GUIDE

Entity XYZ has controls which have been designed and implemented satisfactorily.
Given the nature of the balance being audited, the timing of the audit work and

EXAMPLE
the high volume of low value items being tested, the engagement team decides to
rely on a DAT that resembles a SAP for their audit assurance.
This approach does not require use of sampling as 100% of the balance is going to
be tested via the DAT.

Effective testing approaches (e.g., using a mix and/or tailored tests) are designed after
consideration of a series of questions. Engagement teams are encouraged to answer the
following questions when designing their audit strategy:
• Does the D&I of controls and whether they are likely to operate effectively lead us to
consider using a TOC-based approach?
• Can the availability and quality of data potentially enable us to use a DAT (see section 2)?
• Is there a clear relationship that we can successfully explore through use of a SAP?
• If we need to obtain assurance through OSPs – are there other non-sampling OSPs we can
apply prior to designing a sampling OSPs?

THE KEY THING TO NOTE IS THAT SAMPLING IS NOT ALWAYS APPROPRIATE OR THE
MOST EFFECTIVE APPROACH.
SECTION 1
06
SAMPLING APPROACHES - HOW TO GUIDE

2.
Prior to concluding that a sampling OSP is the most effective or efficient way to test a population, we may consider using an
alternative approach, such as ADA as part of our audit strategy.
Within the BDO Audit Approach we can use:
• Risk Assessment Data Analytics (RADA) as part of our risk assessment procedures, or
• DAT to obtain assurance, or
• Some combination of both.
While DATs have the potential to replace traditional sampling OSPs (as well as other types of procedures we may have
included in our audit strategy in the past), DATs or RADA can also support existing sampling OSPs by providing greater
How can we use DATs as insight into the population being tested.
For example, use of ADA might provide more information about the nature or mix of a population or identification of ADA
an effective and efficient Notable Items which means that our testing approach can be more targeted to problem items within a population.

alternative to sampling
We can see how ADA can help by looking at a simple before and after scenario:

OSPs? Entity name: Emerald-Frankby Limited

FSA: Accounts Receivable
Assertion(s): E, A, V
Balance being tested: € 13 m
Performance materiality: € 2.3 m
Assurance required: R factor of 2.0
SECTION 2
07
SAMPLING APPROACHES - HOW TO GUIDE

Click on the + buttons below to compare and contrast how a particular engagement team adopted different approaches to their planned testing on the Emerald-Frankby Limited
engagement.

A TRADITIONAL (‘BEFORE’) APPROACH AN ENHANCED (‘AFTER’) APPROACH

SECTION 2
08
SAMPLING APPROACHES - HOW TO GUIDE
OSPs can be split into 3 main types:
• PROOF IN TOTAL

3.
• OTHER TESTS OF DETAIL
• REPRESENTATIVE SAMPLING
Representative sampling (often known as ‘sampling OSPs’) is one of the most common test types used to obtain audit
evidence during our audit engagements whether in isolation or as part of a mix of tests. However, is a sampling OSP
always the best approach? In this section we explore a series of questions we can work through when deciding the
type(s) of test we need to design to be able to obtain the required assurance.

HAVE WE IDENTIFIED THE FSA OR PART OF THE FSA

1 THAT WE WANT TO TEST? NO

Is a sampling OSP always YES

appropriate? 2 HAVE WE IDENTIFIED THE SAMPLING UNIT? NO

If ‘no’ we are
YES unable to plan a
sampling OSP.

3 IS THE POPULATION COMPLETE? NO

YES

WILL TESTING THE POPULATION ADDRESS THE NO

4 RELEVANT ASSERTIONS?

YES
If ‘yes’ do not
SECTION 3

plan a sampling
IS THERE A MORE EFFECTIVE OR EFFICIENT WAY TO TEST YES OSP.
5 THE POPULATION?
09
SAMPLING APPROACHES - HOW TO GUIDE

As we answer each question, we consider: Given the facts and circumstances of the engagement and having applied steps 1 to 5, we may still be of the view that a
sampling OSP approach is likely to be an appropriate part of our audit strategy. When this is the case, we ask ourselves two
STEP 1 – IDENTIFYING THE FSA (or part of an FSA) for testing,
final questions about the representative nature of the items in the sample and whether the population itself can be further
by considering whether we are testing all of a particular FSA or
disaggregated:
part of it. For example, an Accounts Payable FSA may include
more than just trade payable balances. This step defines the
population for testing.
ARE THE ITEMS IN CAN THE POPULATION BE SPLIT Perform
STEP 2 – IDENTIFYING THE SAMPLING UNIT, establishing
6 THE POPULATION 7 INTO SUB-POPULATIONS THAT non-
whether we are planning to test invoices, classes of transactions REPRESENTATIVE OF EACH THEN BECOME REPRESENTATIVE sampling
or account balances. OTHER? POPULATIONS? OSPS
OR NO on the
STEP 3 – COMPLETENESS OF POPULATION – checking that Are items approximately the NO
we have the full population that we plan to test i.e., confirming same size, same amount, similar CAN WE SELECT AND INDIVIDUALLY population
characteristics (depending on what is TEST KEY ITEMS, LEAVING A – assuming
the population agrees to all (or part of) the FSA balance/
contained within the population)? REMAINING REPRESENTATIVE other
general ledger. If a population is incomplete, then it could
POPULATION? approaches
provide us with a misleading conclusion based on the items we (TOC,
subsequently tested. Testing is still performed separately on IPE. DAT, SAP)
YES YES
STEP 4 - ASSERTIONS – confirming that our planned sampling have been
OSP has been designed to: considered
and
• Address the FSA(s) and assertion(s), and rejected.
A sampling OSP is likely to be appropriate.
• Respond to the risks we had identified during our risk
assessment procedures.
STEP 5 – EFFECTIVE OR EFFICIENT ALTERNATIVES - after
gathering some initial information by performing Steps 1 - 4, we
consider whether there is a more effective and efficient way to
test the population. Examples might include:
• Testing some significantly large balances which reduces
the RMM level to an acceptably low level for the residual
population, or
• Testing a small number of large balances (for example
quarterly payments) which can be tested 100%.
SECTION 3
10
SAMPLING APPROACHES - HOW TO GUIDE

IDENTIFYING POPULATIONS TO BE TESTED INDIVIDUALLY OR AS A GROUP

4.
When identifying populations for OSP testing, it can often be more efficient to test similar, homogeneous populations together
if the risks and test objectives are compatible. This is often the case for Income Statement items (such as expenses), where it
may be important to separate the Income Statement into types of expenses based on the characteristics of the FSA. This may
be irrespective of whether these expenses are individually material or presented separately on the Income Statement (since
level of aggregation of presentation within the Income Statement often depends on management’s judgment and preferences
once the requirements of the applicable financial reporting framework have been met).

SEE HOW CERTAIN EXPENSE ITEMS COULD BE COMBINED WHEN PERFORMING SAMPLING OSPS

How can we perform

sampling OSPs?
SECTION 4
11
SAMPLING APPROACHES - HOW TO GUIDE

ANALYZING A POPULATION TO MAKE SAMPLING OSPS MORE EFFECTIVE AND EFFICIENT

In this scenario, the engagement
Once the population has been defined, we analyze whether there are sub-populations or if
team initially determines that it
disaggregation can make sampling OSPs more effective and efficient. To do this, we:
is highly unlikely there are credit
a. Identify key items - key items may be those above performance materiality3, larger items in
balances within a particular
relation to other items in the population, or unusual items and other judgmentally selected
population of debit balances.
items. Other judgmentally selected items include, but are not limited to, those items that

EXAMPLE
are prone to risk such as transactions with related parties or unusual patterns of activity. After reviewing the balances
Key items are excluded from our sampling approach and tested 100% (i.e., these items that make up the General Ledger
are automatically tested in addition to our sampled items, and errors identified as part of population of € 12,250, the team
testing these 100% items are excluded from extrapolation of results from the sampling decides to:
OSP). • Perform a traditional sampling
OSP on the debit balances, and
In this scenario, the engagement team initially
• Treat the three credit balances
determines that balances above € 20,000 are
as an SRMM for targeted testing.
to be treated as key items.
This results in the following being treated as
FURTHER INFORMATION ON SAMPLING FOR DEBIT, CREDIT AND ZERO
key items:
BALANCES CAN BE FOUND HERE
• € 50,000 balance (as it is above € 20,000)
EXAMPLE

• € 18,000 balance (as it is close to € 20,000

and identified as a logical threshold given
the average balances of other items).
The balance of € 300 is also determined to
be a key item because when the engagement
team read the account name on the ledger,
they realized it matched that of one of the
director’s adult children.

b. Evaluate if debits are to be treated as a separate population from credits or if netting

debits and credits within a population is appropriate, and determine how to deal with zero
SECTION 4

balances.

3 Some firms in certain jurisdictions may determine that key items are ordinarily those above ‘tolerable misstatement’.
12
SAMPLING APPROACHES - HOW TO GUIDE

c. Consider the variability of the remaining population. When assessing the variability in the d. After considering if there are any sub-populations, we define the ‘sampling unit’. A
remaining population, we consider whether the population is similar (both quantitatively and sampling unit is defined as the individual items constituting a population. Establishing, as an
qualitatively). engagement team, what we mean by a sampling unit can help us avoid different traps.

For example, we consider:

• Are there any items in the population that are subject to different risks?
• Are there customers with different characteristics? (i.e., do some customers always
have larger balances than other customers? Are some customers ‘regular’ or ‘one-off’
customers?)
• Are items in the population processed differently, or originate from different
businesses and processes and/or control environments?
• If the population is not homogeneous – are there sub-populations that can be tested
separately?
• Are there a significant proportion of items below the quantitative average of items in
the population?
We consider the data or attribute for which support can be provided for audit
purposes.
• For example, a sampling unit might be a customer account balance or an invoice.
We also consider effectiveness and efficiency in relation to the objective that we are
testing. For example:
• If the procedure is confirmation of Accounts Receivable, we select the sampling
unit that is most likely to generate a response from customers. Also, we consider
which sampling unit may be the most efficient in the event that a confirmation
response is not received, and alternative procedures are performed. We may
select invoices as the sampling unit rather than customer balances, as customer

EXAMPLE
balances may not be easy or efficient to test if confirmations are not received.
In one particular scenario, the engagement team
is determining how best to test the recoverability • When using sampling for PPE additions, we understand the detailed listing of
of Accounts Receivable balances (after key additions that is provided to us, as such amounts may be presented based on
EXAMPLE

items and credits have been removed from the vendor invoice, or compiled by project:
population). • We do not automatically select items from the additions schedule but first
The team decides that the remaining sampling understand how the schedule is prepared
population is not homogeneous or it exhibits high • We exercise care, particularly in those entities that may account for
variability, for the following reasons: activities using project codes, that we identify the right sampling unit (i.e.,
• There is a disproportionate number of we establish what is the sampling unit such as a project code, individual
balances which are below $ 500. invoice or individual items within an invoice). If we identify a project code as
• A significant proportion of balances (are of the sampling unit, we would verify the entire balance for each project code
an average amount) but are based in a new selected.
overseas location.

The team decides to divide the population into 2 distinct parts for testing – items
SECTION 4

overseas, and items from local customers. In addition, for the local items, the team
further stratifies the population between those items above $ 500 and those items
below $ 500, selecting two-thirds of the selections from the larger items in the
population.
13
SAMPLING APPROACHES - HOW TO GUIDE

e. Generally, the population from which the sample is selected is the same population used for
the projection of the sample result.
For example, when testing Hoylake Inc., if a population is defined to include transactions
EXAMPLE from three locations and an error is found in testing at one location, the error would
ordinarily be projected over the entire population (i.e. all three locations).
Had the population been defined as being three separate populations (i.e., one for each
location) then the error can be projected over the population only related to that one
location.

As we have seen throughout this Guide, there are a whole host of decisions for us to make
as an engagement team ranging from: whether we decide that sampling is an appropriate
part of our design audit response through to deciding how we plan to sample a particular
procedure.
All of these involve using our professional judgment as a collective engagement team.

Engagement teams can find out more about different aspects of sampling by accessing the series
of How to Guides here.
SECTION 4
14
SAMPLING APPROACHES - HOW TO GUIDE

5. HOW TO GUIDE TIPS

Simple steps that engagement teams can perform in order to get better results when deciding
whether to use a sampling approach can include:

TAKE A STEP BACK

Look at our mix of tests and think through how we plan to test a particular FSA or assertion and consider
whether sampling is the most appropriate method. Ask whether there is a better way to test something...
don't always default to a sampling approach or rely on our testing strategy from prior years. Use the decision
diagram to sense-check whether sampling is right for the audit. Thinking through these steps can help avoid
common sampling traps.

CHALLENGE THE POPULATION USE TECHNOLOGY

Don’t be afraid to analyze, sub-divide or disaggregate Think about whether there's a quicker and more
our population so that we can use sampling more effective way to test the entity's data by using ADA
effectively and efficiently. or other automated tools and techniques.
GUIDE CHECKPOINTS
15
SAMPLING APPROACHES - HOW TO GUIDE

CONTACT US: How to Guide is issued by the Global Assurance Department and distributed to the International
A&A Coordinators. Please share this publication with relevant partners and staff in your firms.
[email protected]
BDO internal use only.

BDO’, ‘we’, ‘us’, and ‘our’ refer to one or more of BDO International Limited, its network of
independent member firms (‘the BDO network’), and their related entities.

Service provision within the BDO network is coordinated by Brussels Worldwide Services BV, a
limited liability company incorporated in Belgium.

Each of BDO International Limited (the governing entity of the BDO network), Brussels
Worldwide Services BV and the member firms is a separate legal entity and has no liability
for another such entity’s acts or omissions. Nothing in the arrangements or rules of the BDO
network shall constitute or imply an agency relationship or a partnership between BDO
International Limited, Brussels Worldwide Services BV and/or the member firms of the BDO
network. Neither BDO International Limited nor any other central entities of the BDO network
provide services to clients.

BDO is the brand name for the BDO network and for each of the BDO member firms.

© Brussels Worldwide Services BV July 2020.

16