Chapter 9

Audit Sampling

McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
 What is Audit Sampling?
 Applying a procedure to less than 100%
of a population
 To estimate some characteristic of the
population
 Qualitative
 Quantitative

9-2
 9-3

Risk
 Sampling risk
 risk that the auditors’ conclusions based on a

sample may be different from the conclusion

they would reach if they examined every item
in the population
 Nonsampling risk
 risk pertaining to nonsampling errors

 Can be reduced to low levels through effective

planning and supervisions of audit

engagements
9-3
 9-4

Nonstatistical sampling
 The auditor estimates sampling risk by
using professional judgment rather than
statistical techniques
 Provides no means of quantifying
sampling risk
 Sample may be larger than necessary or
auditors may unknowingly accept a higher
than acceptable degree of sampling risk

9-4
 9-5

Advantages of Statistical Sampling

 Allowsauditors to measure and control

sampling risk which helps:
 Design efficient samples
 Measure sufficiency of evidence
 Objectively evaluate sample results

9-5
 9-6

Selection of Random Sample

 Random sample results in a statistically
unbiased sample that may not be a
representative sample
 Random sample techniques
 Random number tables
 Random number generators
 Systematic selection

9-6
 9-7

Random Number Table

9-7
 9-8

Other Methods of
Sample Selection
 Other methods
 Haphazard selection
• Select items on an arbitrary basis, but without any
conscious bias
 Block selection
• Block sample consists of all items in a selected
time period, numerical sequence or alphabetical
sequence
 Stratification
 Technique of dividing population into relatively
homogeneous subgroups
9-8
An Illustration of Stratification

9-9
 9-10

Types of Statistical Sampling Plans

 Attributessampling
 Discovery sampling
 Classical variables sampling
 Mean-per-unit estimation
 Ratio estimation
 Difference estimation
 Probability-proportional-to-size sampling

9-10
 9-11

Dual Purpose Test

 Tested
used both as a test of control and
substantiating the dollar amount of an
account balance
 Ex. Test to evaluate the effectiveness of a
control over recording sales transactions and
to estimate the total overstatement or
understatement of the sales account

9-11
 9-12

Allowance for Sampling Risk

 Amount used to create a range, set by +
or – limits from the sample results, within
which the true value of the population
characteristic being measured is likely to
lie
 Precision
 Wider the interval, more confident but less
precise conclusion
 Can be used to construct a dollar interval

9-12
 9-13

Sample Size
 Significanteffect on allowance for
sampling risk and sampling risk
 Sample size increase -> sampling risk and
allowance for sampling risk decrease
 Sample size affected by characteristics of
population
 Generally as Population increases -> sample
size increase

9-13
 9-14

Requirements of Audit
Sampling Plans
 When planning the sample consider:
 The relationship of the sample to the relevant audit objective
 Materiality or the maximum tolerable misstatement or
deviation rate
 Allowable sampling risk
 Characteristics of the population
 Select sample items in such a manner that they can be
expected to be representative of the population
 Sample results should be projected to the population
 Items that cannot be audited should be treated as
misstatements or deviations in evaluating the sample
results
 Nature and cause of misstatements or deviations should
be evaluated

9-14
 9-15

Sampling Risks--Tests of Controls

Actual Extent of Operating Effectiveness

of the Control Procedure is

Adequate Inadequate
The Test of Controls
Sample Indicates: Incorrect
Correct Decision
Extent of Operating (Risk of Assessing
Effectiveness is Decision
Adequate Control Risk
Too Low)
Incorrect
Extent of Operating
Effectiveness Decision Correct
Inadequate (Risk of Assessing
Decision
Control Risk
Too High)

9-15
 9-16

Audit Sampling Steps for

Tests of Controls
 Determine the objective of the test
 Define the attributes and deviation conditions
 Define the population to be sampled
 Specify:
 The risk of assessing control risk too low
 The tolerable deviation rate
 Estimate the population deviation rate
 Determine the sample size
 Select the sample
 Test the sample items
 Evaluate the sample results
 Document the sampling procedure

9-16
 Attributes Sampling: Relationship Between the
Planned Assessed Level of Control Risk and the
Tolerable Deviation Rate

9-17
Illustration of Attributes Sampling--
Determining Sample Size
 Risk of Assessing Control Risk Too Low—
5 percent
 Tolerable Deviation Rate—9 percent
 Expected Population Deviation Rate—2
percent

9-18
Figure 9.4: Statistical Sample Sizes for Tests of Controls
at 5 Percent Risk of Assessing Control Risk Too Low

9-19
 Sample Size
Sample size using Figure 9-4 (next slide)
=68 (2)

 This means the auditor should select a

sample of 68 items. We will discuss the
(2) in a few slides.

9-20
 Attributes Sampling Evaluation of
Results
2 possible approaches:
1. Use the bracketed number from Table
9.4. If you find that number or less
deviations, conclude that you have
accomplished your audit objective.
2. Use Table 9.5 for a more precise
conclusion.

9-21
 Example A--No Deviations Identified (Evaluating
Attributes Sampling Results)
Approach 1—You have met your audit objective (because the bracketed number was (2),
you meet objective when you identify 0, 1 or 2 deviations). What can you say?

“I believe that the deviation rate in the population is less than 9 percent.” You will be
wrong 5 percent of the time when the deviation is exactly 9 percent. If the deviation rate
is in excess of 9 percent you will be wrong even less than 5 percent of the time. The
planned assessed level of control risk is achieved.

Approach 2
You have tested 68 items, a number not on Table 9-5 (next slide
To be conservative go to next lowest number on table (65) and use it for your
conclusions (we could, but won't interpolate for a more precise answer).

You have met your audit objective. Table 9-5 gives us an answer of 4.6 percent.
What can you say?
"I believe that the deviation rate in the population is less than 4.6 percent.” You will be
wrong 5 percent of the time when the deviation rate is exactly 4.6 percent. If the
deviation rate is in excess of 4.6 percent you will be wrong even less than 5 percent of
the time. The planned assessed level of control risk is achieved.

9-22
Figure 9.5 Statistical Sampling Results Evaluation Table for
Tests of Controls: Achieved Upper Deviation Rate at
5 Percent Risk of Assessing Control Risk Too Low

9-23
 Example B--3 Deviations Identified
(Evaluating Attributes Sampling Results
Approach 1—You have not met your audit objective. What can you say?
“The achieved upper deviation rate is higher than 9 percent.” The planned
assessed level of control risk is not achieved. You need to consider increasing the
assessed level of control risk above the planned assessed level.

Accordingly, you may not “rely” on internal control to the extent planned. Thus, the
auditor will need to increase the scope of substantive procedures (the nature,
timing, and/or extent).

Approach 2—You have not met your audit objective. Table 9-5 provides us an answer of
11.5 percent

“I believe that the deviation rate in the population is less than 11.5 percent.” You
will be wrong 5 percent of the time when the deviation rate is exactly 11.5 percent.
But this is not good enough as you wanted 9 percent rather than 11.5 percent.
The planned assessed level of control risk is not achieved. You need to consider
increasing the assessed level of control risk above the planned assessed level.

As per Approach 1, an increase in the scope of substantive procedures is

appropriate.

9-24
 9-25

Other Statistical Attributes

Sampling Approaches
 Discovery sampling
 Purpose is to detect at least one deviation,
with a predetermined risk of assessing
control risk too low if the deviation rate in
population is greater than specified tolerable
deviation rate
 Useful in suspected fraud
 Sequential (Stop-or-Go) Sampling
 Audit sample taken in several stages

9-25
 9-26

Sampling Risks--Substantive Tests

The Population Actually is

Not Materially Materially
Misstated Misstated
The Substantive
Procedure Sample
Indicates

Misstatement in Incorrect
Account Exceeds Correct Decision
Tolerable Amount
Decision (Risk of Incorrect
Rejection)
Misstatement in
Account Is Less Incorrect
Than Tolerable Decision Correct
Amount
(Risk of Incorrect Decision
Acceptance)

9-26
 9-27

Audit Sampling Steps for

Substantive Tests

 Determine the objective of the test

 Define the population and sampling unit
 Choose an audit sampling technique
 Determine the sample size
 Select the sample
 Test the sample items
 Evaluate the sample results
 Document the sampling procedure

9-27
 9-28

Population Variability—Why it Matters

Item Population A Population B

1 2,100 8,000
2 2,100 25
3 2,100 2,000
4 2,100 400
5 2,100 75

Mean 2,100 2,100

Standard
deviation -0- 3,395

 The variability determines how much information each of the

items in the population tells you about the other items in the
population.

9-28
 9-29

Factors Affecting Sample Size

9-29
 Mean Per Unit (MPU)
Illustration
Population Size = 100,000 accounts
Book value = $6,250,000
Other information:
Tolerable misstatement = $364,000
Sampling risk
Incorrect Acceptance = 5%
Incorrect Rejection = 4.6 %

9-30
MPU Risk Coefficients
Acceptable Incorrect Incorrect
Level of Risk Acceptance Rejection
(%) Coefficient Coefficient
1.0 2.33 2.58
4.6 1.68 2.00
5.0 1.64 1.96
10.0 1.28 1.64
15.0 1.04 1.44
20.0 .84 1.28
25.0 .67 1.15
30.0 .52 1.04
40.0 .25 .84
50.0 .00 .67

9-31
 Determining Sample Size--MPU
(1 of 2)
 Tolerable misstatement 
Planned ASR =  
 1 + (Incorrectacceptancecoefficient / Incorrect rejection coefficient) 

 $364,000 
Planned ASR =   = $200,000
 1 + (1.64 / 2.00) 

9-32
 Determining Sample Size--MPU
(2 of 2)
2
 Population size * Incorrect rejection coefficien t * Est. std. dev. 
Sample Size   
 Planned allowance for sampling risk 

2
 100,000 * 2.00 * $15 
Sample Size   
 $200,000 

= 225 Accounts

9-33
 9-34

Variables Sampling Illustration--MPU

Adjusted allowance
for sampling risk =
Tolerable _ (Population size * Incorrect acceptance coef. * Sample stan. dev.)
misstatement Sample size

 This formula “adjusts” the allowance for sampling risk to consider the standard
deviation of the audited values in the sample. It holds the risk of incorrect
acceptance at its planned level.

9-34
 9-35

Variables Sampling Illustration--MPU

Using the text example with a standard deviation of audited values of $16
Adjusted allowance
for sampling risk =
Tolerable _ (Population size * Incorrect acceptance coef. * Sample stan. dev.)
misstatement Sample size

= $364,000 _ ($100,000 * 1.64 * $16)

225
= $189,067

 We would still “accept” the book balance because the $6,250,000 (book value)
falls within this interval
Estimate of total + Adjusted allowance
audited value for sampling risk
$6,100,000 + $189,067
[$5,910,933 to $6,289,067]

9-35
 9-36

Acceptance Interval
Figure 9-12

9-36
 Difference Estimation
 Difference
 Use sample to estimate the avg. difference
between the audited value and book value of
items in population

Projected = Sample Net Misstatement * Pop. Items

Misstatement Sample items
 Most appropriate when size of misstatements
does not vary significantly in comparison to
book value

9-37
 9-38

Ratio Estimation
 Use a sample to estimate the ratio of
misstatement in a sample to its book
value and project it to population

Projected = Sample Net Misstatement * Pop. Book Value

Misstatement Book Value of Sample

 Preferred when the size of misstatements is nearly

proportional to the book values of the items
 Large accounts have large misstatements

9-38
 9-39

Nonstatistical Variables Sampling

Illustration
 Plan Sample:
 Population:
• Size = 363 items
• Book value = $200,000

 Tolerable misstatement = $10,000

 Risk assessments:
• Inherent and control risk = Slightly below maximum
• Other substantive tests = Moderate

9-39
 9-40

Nonstatistical Sampling--
Determination of Sample Size

Sample size = Population book value X Reliability factor

Tolerable misstatement
= $200,000 X 2.0 = 40 items
$10,000

9-40
 9-41

Nonstatistical Sampling--Evaluation
of Sample Results

 Sample results:
40 accounts in sample
$350 net overstatement
$60,000 book value of sample items

 Projected misstatement:
= [Sample net misstatement] X Book value of population
[ Book value of sample ]
= [ $350 ] X $200,000
[$60,000]
= $1,167

Since the projected misstatement is only 11.7 percent ($1,167/$10,000) of

tolerable misstatement, it is likely that the auditors would conclude that the
account balance is materially correct.

9-41
 9-42

PPS Sampling Illustration

 Population book value = $6,250,000

 Other Information:
 Tolerable misstatement = $364,000
 Sampling risk--Incorrect acceptance = 5%
 Expected misstatement = $50,000
 Use Figures 9-14 and 9-15 to obtain a
“reliability factor” and an “expansion
factor”--next slide

9-42
PPS Sampling Reliability and
Expansion Factors

9-43
 9-44

PPS Sample Size Computation

Sample size =

Recorded amount of population * Reliability factor

Tolerable misstatement - (Expected misstatement * Expansion factor)

= $6,250,000 * 3.0 = 66
$364,000 - ($50,000 * 1.6)

Sampling interval = Book value of the population

Sample size
= $6,250,000 = $95,000 (approximately)
66

9-44
Figure 9.16 PPS Sample
Selection Process

9-45
 9-46

PPS Evaluation of Results

Upper Limit on misstatement =

Projected misstatement
+ Basic precision (Rel. factor x interval)
+ Incremental allowance

9-46
 9-47

Calculation of Upper Limit on Misstatement

9-47
 Comparison of statistical sampling
techniques for substantive procedures

9-48
 9-49

Audit Risk
AR = IR x CR x DR
where
 AR=The allowable audit risk that a material misstatement might
remain undetected for the account balance and related assertions.

 IR= Inherent risk, the risk of a material misstatement in an assertion,

assuming there were no related controls.
 CR= Control risk, the risk that a material misstatement that could
occur in an assertion will not be prevented or detected on a timely
basis by internal control.
 DR= Detection risk, the risk that the auditors’ procedures will fail to
detect a material misstatement if it exists.

9-49