7.

ATTRIBUTES SAMPLING

At the end of this chapter the student should be able to: Define 'audit sampling' Explain different sampling selection methods Distinguish between attributes sampling and variables sampling Distinguish between the two types of sampling risk as they relate to Internal Control and their impact on the audit Explain the impact that certain factors have upon the design of a sample for testing Internal Control.

We may recall that because auditors cannot audit every single item (as in the case of a medium size to large company) they need to take a sample. We will now look at the various concepts and principles which pervade audit sampling and then we will look at the application thereof to tests of controls. The consideration of sampling as applied to substantive testing will be covered in Chapter 9. Audit sampling1 is the application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class Audit objective -The auditor has to consider the specific audit objectives to be achieved and the audit procedures which are likely to best achieve those objectives, In addition, when audit sampling is appropriate, the consideration of the nature of the audit evidence sought and possible error conditions or other characteristics relating to the audit evidence will assist the auditor in defining what constitutes an error and what population to use for sampling. For example, when performing tests of controls over an entitys purchasing procedures, the auditor will be concerned with matters such as whether an invoice was clerically checked and properly approved. On the other hand, when performing substantive procedures on invoices processed during the period, the auditor will be concerned with matters such as the proper reflection of the monetary amounts of such invoices in the financial statements. Population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. The auditor should determine that the population from which the sample is drawn is appropriate for the specific audit objective. The population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. The auditor should determine that the population from which the sample is drawn is appropriate for the specific audit objective. For example, if the auditors objective were
1

This is covered in ISA 530 Audit Sampling

AUDITING - The International Way

183

7. ATTRIBUTES SAMPLING
to test for overstatement of accounts receivable, the population could be defined as the accounts receivable listing (sampling frame2). On the other hand, when testing for understatement of accounts payable, the population would not be accounts payable listing but rather subsequent disbursements, unpaid invoices, suppliers statements, unmatched receiving reports or other populations that would provide audit evidence of understatement of accounts payable. The individual items that make up the population are known as sampling units. The population can be divided into sampling units in a variety of ways. For example, if the auditors objective is to test the validity of accounts receivable, the sampling unit could be defined as customer balances or individual customer invoices. The auditor defines the sampling unit in order to obtain an efficient and effective sample to achieve the particular audit objectives. Stratification is the process of dividing a population into sub-population, each of which is a group of sampling units, which have similar characteristics (often monetary value). The strata must be explicitly defined so that each sampling unit can belong to only one stratum. This process reduces the variability of the items within each stratum. Stratification therefore enables the auditor to direct audit efforts towards the items which, for example, contain the greatest potential monetary error. For example, the auditor may direct attention to larger value items for accounts receivable to detect material overstated material misstatements. In addition, stratification may result in a smaller sample size. E.g. A population of accounts receivable may have a total of 250 accounts, stratified as follows: Stratum Size 1 2 3 4 5 22 123 85 6 14 Composition of Stratum All accounts > $500,000 All accounts between $100,000 and $500,000 All accounts < $100,000 All accounts with nil balances All accounts with credit balances

Sampling Risk - the risk that the auditor's conclusion, based on a sample, might be different from the conclusion which would be reached if the test were applied in the same way to the entire population Non-Sampling Risk - this includes all aspects of audit risk that are not due to sampling. E.g. a) The failure to select appropriate audit procedures b) The failure to recognize errors in documents examined c) Misinterpreting the results of audit tests
2

The physical representation of the individual items in the population used to select the sample.

AUDITING - The International Way

184

7. ATTRIBUTES SAMPLING
To fully comprehend the position that sampling/non-sampling risk holds in the audit risk model let us revisit figure 4.1 on page 79 and then expand it as shown in Figure 7.1 below:
FIGURE 7.1 AUDIT RISK = RISK OF MATERIAL MISSTATEMENT * RISK AUDITOR DOES NOT DETECT MISSTATEMENTS

AUDIT RISK

INHERENT RISK * CONTROL RISK

* DETECTION RISK

SAMPLING RISK

NON-SAMPLING RISK

Tolerable error - the maximum error in the population that the auditor would be willing to accept and still conclude that the result from the sample has achieved the audit objective. Expected error - the expected error in a population. In arriving at this figure, the auditor would ordinarily consider such matters as error levels identified in previous audits, changes in the entitys procedures and evidence available from other procedures. Sample size - the amount of sampling units that will be examined. The determination of this amount is dependent upon the planned assessed level of control risk, the sampling risk, the tolerable error and the expected error. Unexamined Sample Items - this refers to selected missing sample items. A fundamental sampling tenet is that auditing procedures appropriate to a particular audit objective should be applied to each sample item, but the auditor may not be able to apply a planned audit procedure to selected sample items because, for example, supporting documentation may be missing. What should the auditor do when items cannot be located? Generally, the auditor first should assess whether the missing item is a fraud indicator. If the item is simply missing, then the auditors action depends on the effect the missing item will have on the sample evaluation. That is, if the auditors conclusion based on the sample would not change by considering the item a deviation or misstatement, it is not necessary to attempt to locate the missing item. But, if the inability to examine the item leads to a conclusion that an account balance is materially misstated, the auditor will have to consider applying alternative procedures. Alternative procedures should generate sufficient evidence to permit the auditor to determine whether the account balance is acceptable.

AUDITING - The International Way

185

7. ATTRIBUTES SAMPLING
Evaluation of sample results - having carried out, on each sample item, those audit procedures that are appropriate to the particular audit objective, the auditor should: a) analyze any errors detected in the sample and b) project the errors found in the sample to the population, then come to a conclusion. a) Analyze any errors detected in the sample - In analyzing the errors detected in the sample, the auditor will first need to determine that the item in question is in fact an error. In designing the sample, the auditor will have defined those conditions that constitute an error by reference to the audit objectives while also factoring the issue of unexamined items (see above). In analyzing the errors discovered, the auditor may observe that many have a common feature, for example, type of transaction, location, product line, period of time. In such circumstances, the auditor may decide to identify all items in the population which possess the common feature, thereby producing a sub-population, and extend audit procedures in this area. The auditor would then perform a separate analysis based on the items examined for each sub-population. b) Projection of errors - The auditor projects the error results of the sample to the population from which the sample was selected. There are several acceptable methods of projecting error results. However, in all cases, the method of projection will need to be consistent with the method used to select the sampling unit. When projecting error results, the auditor needs to keep in mind the qualitative aspects of the errors found and also the impact that the error will have on other sections of the audit. When the population has been divided into sub-populations, the projection of errors is done separately for each sub-population and the results are combined. The auditor will finally need consider whether the projected errors in the population exceed the tolerable error. Statistical vs. Non-Statistical sampling Statistical sampling is a sampling plan that uses the law of probability to make statements or generalizations about a population. A statistical sampling approach must meet the following conditions: 1. The sample, which is projected as a population characteristic, must have a known probability of selection ( that is, the sample must be expected to be representative) 2. The sample results must be quantitatively or mathematically evaluated. Non-Statistical sampling is the determination of sample size or the selection of the sampled items using judgmental reasoning rather than probability concepts. If a sample that is projected to the population or generalized as a population characteristic does not meet both of the requirements for statistical sampling, it is by definition a non-statistical sample. Thus, auditors should not conclude that non-statistical sampling is a less desirable approach to audit sampling.3
3

Auditing -5th Edition, Guy, Alderman & Winters - Dryden Press

AUDITING - The International Way

186

7. ATTRIBUTES SAMPLING
Comparisons Both involve some form of judgement Both can provide sufficient competent evidential matter Statistical sampling helps the auditor to 1) Design an efficient sample 2) Measure the sufficiency of the evidential matter obtained 3) Evaluate the sample results

Statistical sampling however has the following disadvantages

1. 2. 3.

Normally involves additional costs of training in the audit firm Sometimes requires additional sample design costs, and Sometime requires more costly sample selection

Statistical Sampling has proven to be very useful and as such it will be the focus of our discussion from this point onwards. Sample selection methods The auditor should select sample items in such a way that the sample can be expected to be representative of the population. This requires that all items in the population have an opportunity of being selected. While there are a number of selection methods, three methods commonly used are:

Random selection - ensures that all items in the population have an equal chance of
selection, for example, by use of random number tables.4

Systematic selection - involves selecting items using a constant interval between

selections, the first interval having a random start. The interval might be based on a certain number of items (for example, every 20th voucher number) or on monetary totals (for example, every $1000 increase in the cumulative value of the population). When using systematic selection, the auditor would need to determine that the population is not structured in such a manner that the sampling interval corresponds with a particular pattern in the population (i.e. it should be randomly structured). For example, if in a population of branch sales, a particular branchs sales occur only as every 100th item and the sampling interval selected is 50, the result would be that the auditor would have selected all, or none, of the sales of that particular branch.

Haphazard selection - a possible acceptable alternative to random selection provided

the auditor attempts to draw a representative sample from the entire population with no intention to either include or exclude specific units. When the auditor uses this method, care needs to be taken to guard against making a selection that is biased, for example, towards items which are easily located, as they may not be representative. Consequently haphazard sampling cannot be used for statistical sampling. 187

Computer-generated random numbers are more efficient.

AUDITING - The International Way

7. ATTRIBUTES SAMPLING
Sampling with or without Replacement - Sampling with replacement permits a selected sample item to be returned to the population and reselected. In other words, the same item may be included in the sample more than once. This may occur if a randomnumber table produces the same number more than once. In contrast, sampling without replacement removes an item from the population once it is selected. An item can be included only once in a sample selection. If a random-number table produces a duplicate number, the number is discarded after its initial selection. Because of logic and efficiency, sampling without replacement is typically used in accounting and auditing Types of sampling plans

1. Attributes sampling - (used in tests of controls) reaches a conclusion in terms of a

rate or occurrence. Discovery sampling is a type of attributes sampling plan and is typically used when the auditor expects to find very few or near-zero occurrences, e.g. fraud. 2. Variables sampling - (used in substantive testing) reaches a conclusion in dollar amounts or units 3. Probability-Proportional-to-Size (PPS) sampling5 - (used in substantive testing) uses attributes sampling theory to reach a conclusion in dollar amounts or units.

Sampling as applied in Tests of Controls - Attributes sampling

Sampling risk a) Risk of assessing control risk too high (Under reliance) (a.k.a. alpha risk, type I error) - the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control structure policy or procedure. If the auditor assesses control risk too high, substantive tests will consequently be expanded beyond the necessary level, leading to audit inefficiency b) Risk of assessing control risk too low (Over reliance) (a.k.a. beta risk, type II error) - the risk that the assessed level of control risk based on the sample is less than the true operating effectiveness of the control structure policy or procedures. If the auditor assesses control risk too low, substantive tests will not be expanded to the necessary level to ensure an effective audit.(Because of this reason risk is considered more important than risk). Tolerable rate (previously referred to as 'Tolerable error') - In tests of control, the tolerable rate is the maximum rate of deviation from a prescribed control procedure that the auditor would be willing to accept in the population based on the preliminary assessment of control risk.
5

Also known as Dollar-unit or Cumulative Monetary Amount (CMA) sampling] - American; OR Monetary Unit Sampling (MUS) - English

AUDITING - The International Way

188

7. ATTRIBUTES SAMPLING
Expected deviation rate (previously referred to as 'Expected error') - the anticipated rate of deviations in a population based on prior knowledge of the population or a pilot sample Sample size determination As mentioned earlier, when determining the sample size, the auditor should consider the preliminary assessment of control risk, the sampling risk (specifically the risk of over reliance), the tolerable error and the expected error (now referred to as expected deviation rate). The last three are the major ingredients and are the ones used to determine the sample size from statistical tables (discussed below). Presented below in Table 7.1 is the effect that certain factors have on the sample size during tests of controls:
TABLE 7.1

Conditions Leading To Factor A Assessment control risk Smaller Sample Size Larger Sample Size Relationship to sample size Inverse

of Higher preliminary Lower preliminary assessment of control risk assessment of control risk Higher acceptable rate of Lower acceptable rate of deviation deviation of over Lower risk reliance of over

B Tolerable error C D E Risk of reliance

Inverse Inverse Direct

over Higher risk reliance

Expected deviation Lower expected rate of Higher expected rate of rate deviation in population deviation in population * Number of items in population

Virtually no effect on sample size unless population is small.(i.e.<500)6

* High expected deviation rates ordinarily warrant little, if any, reduction of control risk and, therefore, tests of controls might be omitted.

For populations less than 500 or where the sample is more than 10% of the said population, the following adjustment, referred to as the finite correction factor, should be applied: n = n' . 1 + ( n'/N )

where n' = Sample size before considering the effect of population size. n = Revised sample size N = Population size

AUDITING - The International Way

189

7. ATTRIBUTES SAMPLING
Sample size Tables7 Tables exist to quickly determine the required sample size based on 1. The risk of over reliance 2. The tolerable rate 3. The expected deviation rate Table 7.2 below displays the sample sizes required for different combinations of expected deviation rates and tolerable rate based on a 5% risk of over reliance8. Table 7.3 on the following page gives sample sizes based on a 10% risk of over reliance.
Table 7.2

Statistical sample sizes for Tests of Controls - 5% Risk of over reliance

(with number of expected deviations in parentheses Expected population deviation rate 0.00% 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00 2.25 2.50 2.75 3.00 3.25 3.50 3.75 4.00 5.00 6.00 7.00 )

Tolerable Rate 2% 149(0) 236(0) * * * * * * * * * * * * * * * * * * 3% 99(0) 157(1) 157(1) 208(2) * * * * * * * * * * * * * * * * 4% 74(0) 117(1) 117(1) 117(1) 156(2) 156(2) 192(3) 227(4) * * * * * * * * * * * * 5% 59(0) 93(1) 93(1) 93(1) 93(1) 124(0) 124(0) 153(3) 181(4) 208(5) * * * * * * * * * * 6% 49(0) 78(1) 78(1) 78(1) 78(1) 78(1) 103(2) 103(2) 127(3) 127(3) 150(4) 173(5) 195(6) * * * * * * * 10% 29(0) 46(1) 46(1) 46(1) 46(1) 46(1) 46(1) 46(1) 46(1) 61(2) 61(2) 61(2) 61(2) 61(2) 73(3) 73(3) 89(4) 116(6) 179(11) * 15% 19(0) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 30(1) 40(2) 40(2) 40(2) 40(2) 50(3) 68(5) 20% 14(0) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 22(1) 30(2) 30(2) 37(3)

. * - Sample size too large to be cost-effective for most audit applications To use the tables, the auditor first ensures that he is using the correct table, in this case the 5% over reliance table. Next he then reads down the expected-population-deviationrate column to find the appropriate rate and then locates the column corresponding to the
7

Please note that ISA 530 does not identify specific procedures or formulae to determine sample sizes. The standard only states the applicability of probability theory in determining sample sizes. The tables presented in this chapter are those of the AICPA. 8 The table is uses the cumulative binomial distribution and is based on large populations. For small populations see footnote 6 on page 189.

AUDITING - The International Way

190

7. ATTRIBUTES SAMPLING
tolerable rate. The sample size is shown where the expected population deviation rate and the tolerable error intersect. The number in parenthesis is the expected number of deviations in the sample. It is calculated by multiplying the sample size by the expected population deviation rate. E.g. Given the following: risk of over reliance = 5%, expected population deviation rate 1.25% and tolerable rate = 4%, determine the sample size and the expected number of deviations in the sample. The answer would be 156 with 2 deviations.
Table 7.3

Statistical sample sizes for Tests of Controls - 10% Risk of over reliance
(with number of expected deviations in parentheses Expected population deviation rate 0.00% 0.25 0.50 0.75 1.00 1.25 1.50 1.75 2.00 2.25 2.50 2.75 3.00 3.25 3.50 3.75 4.00 5.00 6.00 7.00 )

Tolerable Rate 2% 114(0) 194(1) 194(1) 265(2) * * * * * * * * * * * * * * * * 3% 76(0) 129(1) 129(1) 129(1) 176(2) 221(3) * * * * * * * * * * * * * * 4% 57(0) 96(1) 96(1) 96(1) 96(1) 132(2) 132(2) 166(3) 198(4) * * * * * * * * * * * 5% 45(0) 77(1) 77(1) 77(1) 77(1) 77(1) 105(2) 105(2) 132(3) 132(3) 158(4) 209(6) * * * * * * * * 6% 38(0) 64(1) 64(1) 64(1) 64(1) 64(1) 64(1) 88(2) 88(2) 88(2) 110(3) 132(4) 132(4) 153(5) 194(7) * * * * * 10% 22(0) 38(1) 38(1) 38(1) 38(1) 38(1) 38(1) 38(1) 38(1) 38(1) 38(1) 52(2) 52(2) 52(2) 52(2) 52(2) 65(3) 78(4) 116(7) 199(14) . 15% 15(0) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 25(1) 34(2) 45(3) 52(4) 20% 11(0) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 18(1) 25(2) 25(2)

* - Sample size too large to be cost-effective for most audit applications

Sample Projection and Evaluation Table 7.2 can also be used to evaluate sample results. If the auditor finds that the number of deviations found in the audited sample does not exceed the parenthetical number in the table, he or she can conclude that the maximum population deviation rate is not more than the tolerable rate. In other words, with a sample size of 93, if no more than one deviation is found in the sample, the auditor may conclude that he or she has 95% reliability (or a 5% risk of under reliance) that the population deviation rate does not exceed 5%. AUDITING - The International Way 191

7. ATTRIBUTES SAMPLING
Instead of using Table 7.2 for evaluating the sample results, the auditor may use Table 7.4 below. Table 7.4 must be used if the actual number of deviations exceeds the parenthetical number in Table 7.2 and the auditor wants to assess the maximum population deviation rate. Table 7.5 on the following page provides similar values based on a 10% risk of over reliance.
TABLE 7.4

Statistical sample results evaluation table for Tests of Controls

- 5% Risk of over reliance Sample size 0 25 30 35 40 45 50 55 60 65 70 75 80 90 100 125 150 200 11.3 9.5 8.2 7.2 6.4 5.8 5.3 4.9 4.5 4.2 3.9 3.7 3.3 3.0 2.4 2.0 1.5 1 17.5 14.9 12.9 11.3 10.1 9.1 8.3 7.7 7.1 6.6 6.2 5.8 5.2 4.7 3.7 3.1 2.3 2 * 19.5 16.9 14.9 13.3 12.1 11.0 10.1 9.4 8.7 8.2 7.7 6.8 6.2 4.9 4.1 3.1 Actual number of deviations found 3 * * * 18.3 16.3 14.8 13.5 12.4 11.5 10.7 10.0 9.4 8.4 7.6 6.1 5.1 3.8 4 * * * * 19.2 17.4 15.9 14.6 13.5 12.6 11.8 11.1 9.9 8.9 7.2 6.0 4.5 5 * * * * 0.0 19.9 18.1 16.7 15.5 14.4 13.5 12.7 11.3 10.2 8.2 6.9 5.2 6 * * * * * * * 18.8 17.4 16.2 15.2 14.3 12.7 11.5 9.3 7.7 5.8 7 * * * * * * * * 19.3 18.0 16.9 15.8 14.1 12.7 10.3 8.6 6.5 8 * * * * * * * * * 19.7 18.4 17.3 15.5 14.0 11.3 9.4 7.1 9 * * * * * * * * * * 20.0 18.8 16.8 15.2 12.2 10.2 7.7 10 * * * * * * * * * * * * 18.1 16.4 13.2 11.0 8.3

* - More than 20%

Note: This table presents upper limits as percentages.

To use this table, the auditor reads down the sample-size column to find the appropriate sample size. (If the sample size is not shown, the auditor may interpolate). Next, the auditor locates the column for the actual number of deviations found. The intersection of the sample-size row with the actual-number-of-deviations column gives the projection of the sample results to the population plus an allowance for sampling risk (that is, maximum population deviation rate). In other words, the sample deviation rate (from the sample results) plus an allowance for sampling risk = maximum population deviation rate. E.g. Table 7.4 shows that the maximum population deviation rate is 12.1% for a sample size of 50 having 2 deviations at a 5% risk of assessing control risk too low (over reliance). Assuming Table 7.2 was used to determine the sample size of 50 (based on an expected population deviation rate of 6% and a tolerable rate of 15%), the sample deviation rate is 4% (2 50) and the allowance for sampling risk is 8.1% (12.1% - 4%). AUDITING - The International Way 192

7. ATTRIBUTES SAMPLING
If the maximum population deviation rate is less than or equal to the tolerable rate, the test supports the auditors planned assessed level of control risk from a strict quantitative perspective. If the maximum population deviation rate is greater than the tolerable rate, then the test does not support the auditor's planned assessed level of control risk. In this latter case the auditor will have to reassess control risk, possibly at the maximum Unexamined sample items - If the auditor cannot apply a planned test of controls to an individual item because of a missing document, the item is considered a deviation from the prescribed control. This decision is likely to increase the auditors assessed level of control risk and thereby increase substantive testing, but it does not require the performance of alternative tests of controls. In such a situation, the auditor simply shifts from tests of controls to substantive procedures to obtain a low audit risk.
TABLE 7.5

Statistical sample results evaluation table for Tests of Controls

- 10% Risk of over reliance Sample size 0 20 25 30 35 40 45 50 55 60 70 80 90 100 120 160 200 10.9 8.8 7.4 6.4 5.6 5.0 4.5 4.1 3.8 3.2 2.8 2.5 2.3 1.9 1.4 1.1 1 18.1 14.7 12.4 10.7 9.4 8.4 7.6 6.9 6.3 5.4 4.8 4.3 3.8 3.2 2.4 1.9 2 * 19.9 16.8 14.5 12.8 11.4 10.3 9.4 8.6 7.4 6.5 5.8 5.2 4.4 3.3 2.6 Actual number of deviations found 3 * * * 18.1 15.9 14.2 12.9 11.7 10.8 9.3 8.3 7.3 6.6 5.5 4.1 3.3 4 * * * * 19.0 17.0 15.4 14.0 12.9 11.1 9.7 8.7 7.8 6.6 4.9 4.0 5 * * * * * 19.6 17.8 16.2 14.9 12.8 11.3 10.1 9.1 7.6 5.7 4.6 6 * * * * * * * 18.4 16.9 14.6 12.8 11.4 10.3 8.6 6.5 5.2 7 * * * * * * * * 18.8 16.2 14.3 12.7 11.5 9.6 7.2 5.8 8 * * * * * * * * * 17.9 15.7 14.0 12.7 10.6 8.0 6.4 9 * * * * * * * * * 19.5 17.2 15.3 13.8 11.6 8.7 7.0 10 * * * * * * * * * * 18.6 16.6 15.0 12.5 9.5 7.6

* - More than 20% Note: This table presents upper limits as percentages.

Commentary Auditors sometimes test key control attributes by selecting 5, 10 or 15 simple items. As Table 7.3 indicates, these sample sizes are generally too small, even when they result in zero deviations, to produce acceptable tolerable rates. A small sample may generate sufficient evidence to reduce the assessed level of control risk slightly below the maximum However sample sizes less than 15 should be considered walk-through tests used to understand internal controls, not sampling tests of controls. AUDITING - The International Way 193

7. ATTRIBUTES SAMPLING
End of chapter questions
Multiple choice

1. A sample in which every possible combination of items in the population has an equal chance of constituting the sample is a a) b) c) d) representative sample. statistical sample. random sample. judgement sample.

2. Sampling risk (sampling error) is an inherent part of sampling that results from a) b) c) d) inappropriate audit procedures. failure to recognized exceptions. testing less than the entire population. weaknesses in clients internal control system. 3. Which of the following statements is a valid criticism of the use of non-statistical sampling methods? a) Many audit tests, such as footing of journals, must be performed outside statistical sampling context. b) The cost of performing random selection or testing often exceeds benefits. c) Non-statistical sampling does not differ substantially from statistical sampling methods. d) Conclusions may be drawn in more precise ways when using statistical sampling methods.

4. Auditors who prefer statistical to non statistical sampling believe that the principal
advantage of statistical sampling flows from its unique ability to a) define the precision required to provide audit satisfaction. b) provide a mathematical measurement of uncertainty. c) establish conclusive audit evidence with decreased audit effort. d) promote a more legally defensible procedural approach. 5. The most common method used for performing statistical tests of transactions is variables sampling. attribute sampling. judgement sampling AUDITING - The International Way 194

a) b) c)

7. ATTRIBUTES SAMPLING
d) random selection of samples.

6. Which of the following statements regarding replacement and non-replacement

sampling is not true? a) In replacement sampling, an element in the population will not be included in the sample more than once. b) In non-replacement sampling, en element in the population can be included in the sample only once. c) If the random number corresponding to an element is selected more than once in non-replacement sampling, it is treated as a discard the second time. d) Auditors rarely use replacement sampling

7. If certain forms are not consecutively numbered

a) b) c) d) selection of a random sample probably is not possible. systematic sampling may be appropriate. stratified sampling should be used. random number tables can not be used.

8. The process which requires the calculation of an interval and then selects the items based on the size of the interval is a) Statistical sampling b) Random selection c) Systematic selection d) Computerized selection 9. When the auditor goes through a population and selects items for the sample without regard to their size, source, or other distinguishing characteristics, it is called a) haphazard selection. b) systematic selection. c) statistical selection. 10. Since auditors are interested in the occurrence of exceptions in populations, they refer to the occurrence rate as a) the exceptions rate. b) the populations rate. c) the deviation rate. d) the confidence level. 11. If an auditor, without statistical sampling, selects a sample of one hundred items from a population and finds two exceptions, the auditor a) can conclude that the sample deviation rate is 2 percent. b) can conclude that the population deviation rate is 2 percent. AUDITING - The International Way 195

7. ATTRIBUTES SAMPLING
c) can calculate the highest deviation rate expected in the population. d) cannot make any conclusions about either the sample or the population. 12. The risk which the auditor is willing to take of accepting a control as being effective when it is not, is the a) b) c) d) Tolerable deviation rate acceptable risk of over-reliance. estimated population deviation rate. finite correction factor.

13. The deviation rate the auditor will permit in the population and still be willing to reduce the assessed level of control risk is called the a) b) c) d) tolerable deviation rate. estimated population deviation rate. acceptable risk of over-reliance. sample deviation rate.

14. The effect of the finite correction factor on small population sizes is to a) reduce the initial sample size. b) increase the initial sample size. c) either reduce or increase the initial sample size, depending on the circumstances of the situation. d) increase the population size. 15. The tolerable deviation rate (TDR) has a significant effect on sample size. The relationship of TDR to sample size is a) direct (i.e., larger TDR = larger sample). b) inverse (larger TDR = smaller sample). c) a variable (sometimes larger, sometimes smaller). d) not determinable. a) b) c) d) 16. If the auditor decides to assess control risk at the maximum level, tests of controls are not performed. reduced in number. increased in number. unchanged from prior planned settings. 17. In attributes sampling, an advance estimate of the expected population deviation rate is necessary to plan the appropriate sample size. The relationship of Expected Population Deviation Rate (EPDR) to sample size is AUDITING - The International Way 196

7. ATTRIBUTES SAMPLING
a) b)
c) d) direct (i.e., small EPDR = small sample). inverse (small EPDR = large sample). a variable (sometimes small, sometimes large dependent on other factors present. indeterminate. 18. Which of the following combinations results in a decrease in sample size in a sample for attributes? Risk of assessing Expected control risk Tolerable population too low rate deviation rate a. Increase Decrease Increase b. Decrease Increase Decrease c. Increase Increase Decrease d. Increase Increase Increase 19. Statistical theory proves that in most types of populations to which attributes sampling applies, the population size is a) b) c) d) not a consideration in determining sample size. a minor consideration in determining the sample size. a major consideration in determining the sample size the determining factor in establishing the sample size.

20. An auditor who uses statistical sampling for attributes in testing internal controls should increase the assessed level of control risk when the a) Sample rate of deviation is less than the expected rate of deviation used in planning the sample. b) Tolerable rate less the allowance for sampling risk exceeds the sample rateof deviation. c) Sample rate of deviation plus the allowance for sampling risk exceeds the tolerable rate. d) Sample rate of deviation plus the allowance for sampling risk equals the tolerable rate.

21. What is an auditors evaluation of a statistical sample for attributes when a test of 100
documents results in 4 deviations if tolerable rate is 5%, the expected population deviation rate is 3 %, and the allowance for sampling risk is 2%? AUDITING - The International Way 197

7. ATTRIBUTES SAMPLING
a) Accept the sample results as support for planned reliance on the control because the tolerable rate less the allowance for sampling risk equals the expected population deviation rate. b) Modify planned reliance on the control because the sample deviation rate plus the allowance for sampling risk exceeds the tolerable rate. c) Modify planned reliance on the control because the tolerable rate plus the allowance for sampling risk exceeds the expected population deviation rate. d) Accept the sample results as support for planned reliance on the control because the sample deviation rate plus the allowance for sampling risk exceeds the tolerable rate. Essays /problems

22. Explain how Sampling Risk fits into the 'Audit Risk Model'.
23. Determine sample sizes for each of the following situations: A
Risk of assessing control risk too low Population Deviation Rate Tolerable rate Sample size 5% 1.25% 4% -

B
10% 1.50% 5% -

C
5% 2.00% 5% -

D
10% 2.00% 10% -

E
5% 0 5% -

F
10% 0 10% -

24. What is the sample size for a statistical test of controls if the risk of assessing control risk too low is 5%, the population deviation rate is estimated to be 2%, the tolerable rate is 5%, and the population size is 5,500? What if the population size is 100,000? What if the population size is 350? What if the population size is 1,800? 25. Calculate the maximum deviation rate, the sample-size deviation rate, and the allowance for sampling risk for the following sample results: A
Risk of assessing control risk too low Sample size Actual number of deviations Maximum deviation rate Sample deviation rate Allowance for sampling risk 5% 60 0 -

B
10% 40 1 -

C
5% 100 4 -

D
10% 30 3 -

E
5% 75 3 -

F
10% 25 0 -

26. How does the auditor determine whether the results from a statistical test-of-controls application support the planned assessed level of control risk? 27. In the audit of the cash disbursements cycle of the Carmichael Company, the auditor identified the following attributes for tests of controls. The statistical parameters for each attribute and the number of deviations found in the sample are also specified. AUDITING - The International Way 198

7. ATTRIBUTES SAMPLING
Risk of assessing control risk too low (%) 5 5 10 10 10 Tolerable rate (%) 3 5 15 5 6 Expected Population Deviation Rate (%) 0 1 5 1 2 Number of sample deviations 1 1 4 2 1

Attribute 1. Examine vouchers for supporting documents 2. Examine supporting documents for evidence of cancellation (marked paid) 3. Ascertain whether cash discounts were taken 4. Review vouchers for clerical accuracy 5. Agree purchase order prices to invoices

Required: a) Determine the sample size for each attribute. b) Determine the maximum population deviation rate for each attribute. (Indicate whether you used Table 7.2, 7.3, 7.4 or 7.5 to determine the maximum population rate.) c) For attributes 1 and 2 in the table, calculate the allowance for sampling risk. What does the allowance for sampling risk mean? d) Based on the quantitative evaluation, identify the controls that can be used to lower the assessed level of control risk. 28. Fred Hancock, a senior accountant with Louis & Dent, Chartered Accountants, has just completed a continuing professional education course on attribute sampling. He has decided to apply attribute sampling to a current assignment. He believed it would be appropriate to apply attribute sampling in a test of purchase transactions. He decided that a 5% tolerable rate with a 10% risk of assessing control risk too low would be appropriate. His expected deviation rate was 2%, so he took a sample of 100 items. Because Hancock felt the large items deserved more attention than the smaller ones, he included in the sample 60 items with a value of $5,000 or more each; the remainder of the 100 items were valued at less than $5,000 each. He was very careful to take a representative sample of his test month for each of these two types of items. When testing the sample for the attributes, he found only five deviations. One deviation was a missing vendors invoice, so he sent a confirmation to the vendor to make certain it was a valid invoice. The confirmation indicated no errors. Another deviation was simply a missing approval by the authorized official. Hancock went to the official who agreed he had failed to sign the invoice and stated it was valid and correct. The client official also signed the invoice as required by prescribed procedure. A third deviation was simply a missing purchase order. However, the amount of the transaction was small. Hancock decided it was too small to define as an error or deviation. The other deviations both involved dollar amounts. One was an error in the extension of the invoice of $50 and the other a misclassification error of $850. Hancock was not particularly concerned about the $50 error because it was not material, but the $850 was fairly large. Fortunately, it was a misclassification between expenses and did not AUDITING - The International Way 199

7. ATTRIBUTES SAMPLING
affect net income. He decided to call the last two deviations actual errors and concluded that the maximum deviation rate was 3.8% at a 10% risk of assessing control risk too low. Thus, he concluded that purchases for the year were almost certain to contain fewer deviations than the 5% tolerable rate. As a result, he accepted the population and decided to reduce the test of year-end accounts payable based on a low assessed level of control risk. Hancock was pleased with the use of attribute sampling because he had objective results. The reviewing partner, who could not attend the course because she was talking to a prospective client that day, also liked it because it reduced their exposure to legal liability and reduced the time budget to complete the engagement. Required: Identify each weakness in the attribute sampling application, and state why it is a weakness.

AUDITING - The International Way

200