Audit Sampling 101 PDF

“Audit Sampling 101” BY: Christopher L. Mitchell, MBA, CIA, CISA, CCSA [email protected] BIO ► Principal KBA’s Risk Advisory Services Team ► 15 years of internal controls experience within the following industries: telecommunications, government, manufacturing, ﬁnancial services, public accounting, and information technology. ► BA in Accounting / MBA in Information Technology ► Certiﬁed Information Systems Auditor ► Certiﬁed Internal Auditor ► Certiﬁed Controls Self-Assessor Presentation Outline ► What is sampling and when is it used? ► Audit / Sampling / Non-Sampling Risks ► Statistical vs. Non- Statistical Sampling ► Attribute / Variable Sampling ► Steps in the sampling process ► Terms used in sample planning ► Terms used in evaluating results ► Computer Assisted Auditing Techniques ► Questions What is Sampling? Audit sampling is the application of an audit procedure (test of control or substantive testing) to less than 100% of the items within an account balance or class of transactions for the purpose of drawing a general conclusion about the account balance or the entire group of transactions based on the characteristics detected in the sample. Sampling allows an auditor to draw conclusions about transactions or balances without incurring the time and cost of examining every transaction. When is sampling used? Sampling is generally used in ﬁeld audits when it is not e icient to review 100% of the records. Sampling may also be used if records are missing or other circumstances make reviewing all of the records di icult. Representative Sample A representative sample is one in which the characteristics in the sample of audit interest are approximately the same as those of the population. Two things cause a sample to be non-representative: ► Non-sampling risk ► Sampling risk Non-Sampling Risk Non-sampling risk is the risk that the audit tests do not uncover existing exceptions in the sample. The two causes are: ► Auditor failure to recognize exceptions ► Inappropriate or ine ective audit procedures Sampling Risk Sampling risk is the risk that an auditor reaches an incorrect conclusion because the sample is not representative of the population. This can be controlled by: ► Adjusting the sample size ► Using an appropriate method of selecting sample items Audit Risk Risk Models Audit Risk = Inherent Risk X Control Risk X Detection Risk Audit Risk = Sampling Risk + Non-Sampling Risk Statistical vs. Non- Statistical Sampling Statistical Sampling _________________ Applies the laws of probability theory to assist the auditor in designing a sampling plan and subsequently evaluating the results of the sample. Non-Statistical Sampling ___________________ __ Is solely based on the auditor’s judgment. Statistical Sampling Statistical sampling provides a means of mathematically evaluating the outcome of the sampling plan by applying the laws of probability to measure the likelihood that sample results are representative of the population. Probabilistic Sample Selection Probabilistic sample selection selects a sample in a way that each population item has a known probability of being included in the sample and the sample is randomly selected. ► Simple Random Number Selection – all items of the population have an equal chance of being selected. Can use random number tables and random number generators. ► Systematic Sample Selection – auditor determines an interval and selects items on the basis of the interval. ► Probability Proportional to Size – probability of selecting an item is proportional to its recorded amount. ► Stratiﬁed Sample – divided population into subpopulations and use di erent selection criteria for each subpopulation. Stratiﬁcation Illustrated The process of dividing a population into subpopulations that have similar characteristics. Strata must be deﬁned so that each sampling unit can only be in one stratum Stratum Size Composition of Stratum Sample Selection 2 22 All accounts over $5,000 100% examination 3 121 All accounts between $1,000 and $5,000 Random-number table 4 85 All accounts under $1,000 Systematic selection 5 14 All accounts with credit balances 100% examination Accounts Receivable Stratiﬁcation Disadvantages of Statistical Sampling ► Overvalue the evidence it provides ► Reduces auditor skepticism ► Increased cost ► Train auditors ► Design samples Nonstatistical Sampling In nonstatistical sampling, the auditor does not quantify sampling risk. Instead, those sample items that the auditor believes will provide the most useful information are selected. Since conclusions are based on a judgmental basis, nonprobabilistic sample selection is normally conducted. Nonprobabilistic Sample Selection Nonprobabilistic sample selection is a method of selecting a sample where the auditor uses professional judgment rather than probabilistic methods to select sample items. ► Direct sample selection – auditor selects items based on judgmental criteria such as likelihood of misstatement, characteristics such as di erent time periods, or large dollar amounts. ► Block sample selection – selection of a number of items in sequence. Auditor must use several blocks to obtain a representative sample. ► Haphazard sample selection – selection of items without any conscious bias on the part of the auditor. Rule #1 When designing the size and structure of an audit sample, Auditors should consider the speciﬁc audit objectives, the nature of the population and the sampling and selection methods. The auditor should consider the need to involve appropriate specialist in the design and analysis of samples. Applications of Sampling in the audit Attribute Sampling (Test of Controls) The use of sampling for compliance testing (qualitative characteristic) Variables Sampling (Test of Account Balances) The use of sample for substantive test on the client’s account balances (quantitative characteristic) Sampling Risk in Attribute Sampling Risk of Underreliance Control Risk Too High Not relying on the internal controls when, in fact, the auditor should rely on internal control. Risk of Overreliance Control Risk Too Low Relying on internal controls when it is not appropriate. Sampling Risk in Variables Sampling Risk of Incorrect Rejection Auditor’s sample indicates that the account balance is materially misstated even though it is fairly stated. Risk of Incorrect Acceptance Auditor’s sample indicates that the account balance is fairly stated even though the account balance is materially misstated. Sample Characteristics ► Precision – Represents the closeness of the auditor’s sample estimate to the true (but unknown) population value. ► Reliability – is the probability that the auditor’s sample provides a sample estimate that is of a speciﬁed precision. Steps in the Sampling Process ► Planning the Sample (Steps 1-9) ► Select the Sample and Perform the Tests (Steps 10-11) ► Evaluate the Results (Steps 12-14) Planning the Sample 1. State the objectives of the audit test. 2. Decide whether audit sampling applies. 3. Deﬁne attributes and exception conditions. 4. Deﬁne the population. 5. Deﬁne the sampling unit. Planning the Sample Cont. 6. Specify the tolerable exception rate. 7. Specify the acceptable risk of assessing control risk too low. 8. Estimate the population exception rate. 9. Determine the initial sample size. Select the Sample and Perform the Tests 10. Select the sample 11. Perform the audit procedures Evaluate the Results 12. Generalize from the sample to population. 13. Analyze exceptions. 14. Decide the acceptability of the population. Terms Used in Sample Planning ► Characteristics or Attribute Sampling ► Variable Sampling ► Audit Objectives ► Sampling Unit ► Population ► Stratiﬁcation ► Tolerable Error ► Expected Error ► Sample Size ► Sampling Risk ► Risk of Incorrect Acceptance ► Risk of Incorrect Rejection ► Level of Sampling Risk Terms Related to Evaluation Results ►Exception ►Sample Exception Rate ►Computed Upper Exception Rate Computer Assisted Audit Techniques (CAATS) CAATS is the practice of using computers to automate or simplify the audit process. Examples: ► Audit Command Language (ACL) ► Interactive Data Extraction (IDEA) ► SAS ► Excel ► Access ► Crystal Reports ► Business Objectives CAATS vs. Traditional Audit ► Sample 100% percent of the data ► Test for Speciﬁc Risks ► Automated Process ► Easier to Target Sample ► More precise error rate ► Less time / more productive Questions?

Audit Sampling 101 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue