I. CAS 500, 530 summaries of key concepts
II. Introduction to monetary-unit sampling (MUS) also called dollar-unit sampling (DUS) in North America
III. MUS mechanics: Sample Planning
IV. Giant Stores Case
V. MUS Mechanics: Sample Evaluation
VI. Some Statistical Theory
VII. Summary of Required Reading article: Hall et al.
VIII. Solutions to other class questions: EP 1 page 407 SB (10.53), EP 3 page 407 SB (10.55), and DC 1 pages 408-409 SB (10.59)
I. Summary of CAS 500, 530
A. CAS 500: Audit Evidence
This standard is also reviewed in Lecture Notes 5.
CAS 500: audit evidence
Comment: this standard is a review of intro audit concepts including sufficiency and appropriateness of evidence (A1-A6); audit procedures (substantive and tests of controls—A 10-A 25); relevance (A 27- A 30); reliability (A 31-51); and selecting items (A 52-56): 100% exam, selecting specific items, and audit sampling. The standard has a specialized appendix on reliance on actuaries for evidence.
CAS 500 is largely a summary of intro audit concepts. A52 identifies ways of selecting items:
1. Selecting all items (100% exam)
2. Selecting specific items; and
3. Audit sampling …show more content…
CAS 530 reviews what is involved with audit sampling.
The most important for purposes of this class is the definition of key classic sampling concepts in paragraph 5: audit sampling, population, sampling risk, non-sampling risk, statistical sampling, an anomaly to identify unusual misstatements. Also stratification, tolerable misstatements, and tolerable rate of deviation (materiality for tests of controls is called the threshold rate—you can think of this as the amount of control deviations that would lead to a material (tolerable) misstatement. The auditor needs to evaluate all deviations quantitatively and
qualitatively.
There are several methods of selecting samples. The first two below are suitable for statistical sampling.
• Random sampling
• Systematic sampling
• Haphazard (judgmental) sampling
• Block sampling
There are 2 key features of statistical sampling:
1. random sampling is selection of items when each item has a predictable chance of selection (this predictable amount is what the formulas are based on and allows prediction of sampling risks). The goal is to obtain a representative sample of the population.
2. statistical evaluation of results (is based on the sampling probability distribution which is based on some probability model using a predictable chance of selection)
There are 2 types of sampling risk:
1. effectiveness risk of CAS 530.05 (c), which we call the beta risk (note this is also referred to as a Type II error risk in your stats course)
2. efficiency risk of CAS 530.05 (c), which we call the alpha risk (note this is also referred to as Type I error risk in your stats course)
CAS 530.14 and CAS 539.A14: auditors must project sample misstatements to the entire population, but this may not be sufficient for deciding on an adjusting entry (specifically, the beta risk may still be too high even for the adjusted amount because the sample size has too high a beta risk associated with it)
CAS 530.A3: tolerable misstatement = overall materiality or performance materiality or lower (we show below that with our formulas you can simply use overall materiality as long as that is sufficient to meet user needs for the account or population in question).
CAS 530.A6: The auditor must clearly define what is a misstatement, both qualitative and quantitative.
CAS 530.A13: Haphazard selection is acceptable but see Hall et al. article on how judgmental biases (these are a form of non-sampling errors) can cause problems. Auditors control non-sampling errors with proper training, supervision, and PA firm quality controls.
CAS 530.A21-A23 (same as AuG-41): decisions can be based on projected misstatements (this is for non-statistical evaluation). If the results are not acceptable then can test alternative controls in the case of control testing; or modify related substantive procedures (using the audit risk model). Details are given below.
CAS 530 Appendix 1: stratification introduces efficiencies. One form of stratification is monetary unit sampling (MUS). Dollar unit sampling (DUS) is one type of MUS. In Canada we have dollars so we refer to DUS but the same formulas can be applied to any monetary units. MUS also results from having a different perspective on an accounting population, thereby illustrating how a different perspective can have an effect on the audit reasoning process.
CAS 530 Appendixes 2 and 3: Factors that influence sample size, which we will see illustrated with DUS below.
CAS 530 Appendix 4:
1. random selection: the objective is to get a representative sample of the population
2. systematic selection: frequently implemented by adding items through a population.
3. MUS: MUS when combined with systematic and random selection is an very effective way of sampling in a continuous online audit environment with electronic evidence.
4. Haphazard sampling (unstructured sampling, also referred to as judgmental sampling—the dangers of this approach are emphasized in the Hall et al. article)
5. Block sampling: a type of convenient testing but usually not very representative.
II. Introduction to Dollar Unit Sampling (DUS)
To better illustrate risk based reasoning in an audit sampling situation, especially with the audit risk model, it is useful to use a specific sampling model. There are many such statistical models used in practice by the auditing firms. There are even statistical specialists and statistical software to help implement use of these models. Some university programs offer an entire course devoted to statistical auditing. The idea is that statistical auditing makes auditing more “scientific” and more rigorous.
We restrict ourselves to 2 weeks coverage of statistical auditing by focusing on the easiest to implement, most audit effective, and the most widely used statistical approach in auditing. We call this approach dollar-unit sampling (DUS). This is the approach discussed in Ch. 10 SB. Chapter 10 SB begins with a general introduction to audit sampling similar to what is covered in CAS 500 and 530, and later in the chapter gets into some of the details of DUS.
DUS is a type of monetary unit sampling (MUS) discussed in CAS 530 where the monetary units are dollars. (By the way, there is nothing special about dollars or any other currency. The same formulas and logic holds whether you define the units as dollars, quarters, nickels, pennies, yen, pesos, Euros, etc.). The unique perspective of DUS is that it views a population as a population of equal valued dollar units, not as accounts, receivables, payables, or inventory. It views these accounts as a population of dollar-units, each dollar unit uniform in value, associated with the accounts. Dollar units are selected and each selected one is evaluated as to the amount of error in the selected dollar-unit. The process of evaluating how much a sampled dollar-unit is in error can be complex and is covered in Appendix 10B of SB. You do not need to read or know Appendix 10B other than the few pages indicated in the course outline. In this course, you are responsible only for a situation where the dollar unit either has a 100% error (i.e., is entirely wrong) or there are no errors in the selected dollar units. As we will see this is equivalent to the logic of tests of controls sampling.
III. Mechanics of MUS for this course.
To implement MUS you need to know a formula R = nP and one table. We refer to the table as the R value table. An R value table is given on page 412 SB and one is provided below. As the name indicates the table consists mostly of R values. (For those technically inclined but not needed for the purposes of this course, R values are the means of a Poisson distribution reflecting Poisson processes relevant for auditing, i.e., the processes reflect the rates at which errors occur. The Poisson is used to approximate a binomial distribution, which in turn approximates the exact hypergeometric distribution reflecting errors found in a sample.) There is a unique R value associated with for each combination of confidence level and “K” value.
Confidence level is the same as you learned in your stats course. K value is the number of errors found (in sample results evaluation stage) or expected to be found in a sample (in sample planning stage). The K values are given in the central column of the R value table. They start with zero (the smallest number of errors you will find) at the top and increase as you go down the column. Confidence levels are given across the top of the table.
With this background you should now be able to find the correct R value using the table: it is the intersection of the K value and the confidence level. If we represent confidence level as c.l., find the R value corresponding to c.l. = 95% and K = 0? Answer: 3.00
Question 2: find the R value corresponding to c.l. = 80% and K = 3? Answer: 5.52
Question 3: find the R value corresponding to c.l. = 75% and K = 8? Answer: 10.81
Question 4: find the R value corresponding to c.l. = 99% and K = 4? Answer: 11.61
Now that you can find R values, note several important things about the R value table.
1. R values increase with the confidence level (c.l.) ,i.e., they increase going left to right within a row
2. R values increase as K increases, i.e., they increase going down a column.
3. The smallest R values are with K = 0
4. The R values increase with the confidence level.
How to make use of the R value table.
The formula R = nP can now be used with the R value table. R is the value you get from the table as discussed above, n is the sample size, and P is a measure of precision or accuracy the auditor wants. The value of P depends on what kind of decision the auditor is making. There are 2 decisions the auditor can make with the above table and formula:
1. Plan the sample size ( i.e., plan the amount of work to do for representative sampling)
2. Evaluate the sample results after taking a representative sample and finding how many errors there are.
Statistical Sampling Decision I: planning the sample size
If you want to plan a sample size, you want to solve for n in the formula R = nP so that n = R/P. When solving for n this way the auditor must be prepared to specify R and P. Let’s start with R. As we saw above specifying R means specifying a confidence level (CL) and a number of errors (K) to expect in a sample. In this course, if you are asked to specify a CL and K in sample planning use K =0 and CL will be specified in the question. For example, if CL is given as 95% and no other information is given then use K = 0 so that R = 3 (from the R value table). The value of K is a replacement for the expected rate or the expected misstatements of CAS 530 Appendixes 2 and 3, respectively; and in chapter 10 SB. If we set K = 0, we are effectively saying that the expected errors are zero. The significance of using K = 0 is further discussed later in these notes, after we discuss some theory.
Now you need to specify P. In this course, P is set equal to materiality (equals the tolerable amount of CAS 230.A3 and Appendixes 2 and 3). P needs to be specified as a proportion or rate. Let’s say for purposes of illustration that materiality as a rate is .03 (i.e., as a percentage it is 3%). Under these conditions, with the above assumptions regarding CL and K, the planned sample size is n = R/P = 3/.03 = 100. You can interpret this sample size as the amount of work needed to get 95% confidence or assurance that there is no material misstatement of 3% (or higher).
You should now be able to calculate the sample sizes for all the cases in the class handout, and as reproduced below (same as question DC 4 requirement a., page 411 of SB). The solutions are given below (in section V).
The above are sample size calculation exercises for tests of controls (or compliance testing of controls using the older terminology). For substantive testing of details sample planning there is an additional complication added by the fact that for substantive tests materiality (or tolerable misstatement of CAS 530 Appendix 3 table) is given as a dollar amount. For example, assume that materiality is $300,000 (300k) for an accounts receivable population that is recorded at $10,000,000 ($10 million). What should the sample size be with the same objectives as the illustration above? The answer is to represent the materiality P as a rate or proportion as before. The natural way to do this is to represent materiality as a proportion of the reported amount (book value). If this is done, then P = (300k)/(10 million) = .03. Since P is the same as before the sample size n = R/P = 3/.03 = 100 is the same also. So the only added complication in planning sample sizes for substantive tests of details procedures with our approach is the need to represent any materiality in monetary amounts as a proportion of the amount recorded or book values. This is a minor complication compared to other statistical approaches that would require you to use different formulas and tables in planning sample sizes for substantive testing of details.
Effect of using the Audit Risk Model for Sample Planning
We can now illustrate the impact of relying on controls to reduce substantive testing of details.
Assume the accounts receivable calculation sample size of 100 and that the auditor is also using a planned audit risk of .05, then what is the assessed IR and CR for receivables?
We know from the audit risk model that:
(1) audit risk = IR X CR X DR.
Substantive testing risk is captured by DR and, as we will see below, CL = one minus DR for our formulas and R value table. Thus DR above is .05, but so is audit risk. This means that both IR and CR must be 1.0 as assessed by the auditor.
Next, assume the auditor puts some reliance on controls. Some reliance on controls means CR must be less than one. Assume CR = .5. Then, for the risk model formula (1) to hold we have audit risk = .05 = IR X CR X DR, and since CR is .5 and IR is unchanged (it is determined by the client’s condition) the auditor can plan a lower higher DR (the auditor decides on DR using the audit risk model as a guide). How much higher? Whatever it takes to maintain equality in formula (1). In this case DR can be increased to .1. If the auditor were to increase DR from .05 to some value less than .1, then audit risk will be less than planned and the auditor will be doing more work than necessary for a planned audit risk of .05. Assume the auditor uses the new DR = .10, then what is the new substantive test sample size?
Answer: If DR = .10 then the new CL as a result of reliance on controls becomes CL = one minus DR = one minus .10 = .90. This is our new confidence level for planning substantive tests of details as a result of reliance on internal controls. Thus the new sample size is n = R/P where R has CL = .90 and K = 0 from the R value table, so that now n = 2.31/.03 = 77 (P = materiality = .03 remains the same).
We have just illustrated the saving in substantive work (testing) for the auditor as a result of reliance on internal controls. Specifically, whereas before we had a sample size n of 100 (see above), we now get a reduction in substantive details testing to 77: a reduction or savings of 100 minus 77 = 23 items sampled. This is the main use of the audit risk model in audit planning, and illustrates how reliance on internal controls can reduce audit work. Of course, to make the assessment that CR is .5 also requires additional work, specifically testing of controls work. But many auditors find such a trade off advantageous and that is a major reason the risk model was developed in the first place. Now you can demonstrate the tradeoffs objectively via the formulas.
A brief review of some concepts may be in order at this point. Substantive testing is a direct test of monetary accuracy in the FS (e.g., confirmation indicates that a wrong amount was recorded), whereas tests of control are indirect tests of monetary accuracy (e.g., failure to find evidence of credit approval does not necessarily mean that a wrong amount was recorded—the amount recorded may still represent a bona fide receivable). Tests of controls are frequently easier to conduct because all you may be looking for is an initial or mark indicating there is a control process in place (e.g., credit approval by credit manager) whereas substantive testing may be much more involved. Because of such tradeoffs and the fact most control testing takes place before the yearend, auditors find it advantageous to rely on controls to the extent possible. Requirements to report significant control weaknesses to audit committees have accelerated this trend.
Concept of Decreasing Returns (Assurance) from Testing (From Application Case and Analysis Ch. 10 pages 403-404 SB).
Once a formal theory such as MUS has been accepted to assist in auditor decision making, it can be used to illustrate some basic concepts of auditing. For example, using our formulas and R value tables we can easily illustrate the law of diminishing returns on assurance as auditors gather additional sampling evidence. For example, assuming materiality has a value of .01 (1%), then the sample sizes (n = R/P) for confidence levels of 80%, 95%, and 99% respectively (equivalent beta risks of 20%, 5%, and 1%) are as follows: 161, 300, and 451. Confidence levels translate roughly to assurance levels obtained from these samples. Thus auditors using a materiality of 1% get assurance of 80% for sample size of 161, 95% assurance for sample size of 300, and 99% assurance for sample size of 451. These assurance levels relate to specific assertions, such as existence, depending on the audit purpose of the test. Testing is a generic term used for all types of sampling, whether representative or not.
The above calculations indicate the first 80% of assurance is achieved with a sample size of 161. To get an additional 15% assurance (to 95%), the necessary sample size almost doubles. In other words, the auditor gets less assurance for each additional item sampled. Note that to get an additional 4% assurance beyond 95%, the original sample size must almost triple. The final 1% assurance comes through testing the entire population. If, for instance, the population consisted of 10,000 items of varying amounts such as inventory items (not unusual for a medium-sized auditee), the final 1% assurance eliminating all uncertainties regarding existence involves testing an additional 9,549 (10,000 – 451) items! This explains why auditors use sampling and illustrates the diminishing law of assurance—it is rarely economical to eliminate the last bit of uncertainty in order to get 100% assurance. Since assurance equals 1 – risk, this also explains why auditors don’t wish to fully eliminate risk (nor are clients willing to pay for it) but will settle for some acceptable level of it.
With the R value table and formulas you can prove to yourself why auditors use the concept of sampling (testing) rather than a 100% exam. Assume for simplicity that an auditee has a population of 10,000 items and that P (materiality as a rate or proportion) has a value of .01.
In order to get 80% confidence level (assurance) at K = 0, the auditor needs a sample size of n = R/P = 1.61/.01 = 161. Note this means on average 80%/161 = .5% assurance per item sampled
For 95% confidence the planned sample size is n = R/P = 3.0/.01 = 300. Note this means that to get an additional 15% assurance the auditor needs to increase the amount of testing by (300 minus 161)/161 = 86%, or on average 15%/139 = .11% assurance per item sampled.
For 99% confidence the planned sample size is n = R/P = 4.51/.01 = 451. Note this means that to get an additional 4% assurance the auditor needs to increase testing by an additional (451 minus 300) = 151 items to get an average incremental assurance of 4%/151 = .026% assurance per additional item sampled.
Finally, to totally eliminate sampling risk the auditor could get 100% assurance by examining all 10,000 items. Thus to eliminate the last 1% sampling risk the auditor would need to sample an additional 10,000 minus 451 = 9549 to get average incremental assurance of 1%/9549 = .0001 assurance per additional item sampled. We refer to this phenomenon as diminishing (assurance) returns from testing. At some point the cost of additional testing is not worth the additional assurance provided so that the auditor settles for some (acceptably low) level of sampling risk in designing the audit. 100% auditing is impractical. This is the reason that we have risk based auditing!
[pic]
MUS and Statistical Continuous Auditing
MUS when combined with systematic sampling makes feasible statistical continuous auditing in an online environment and with cloud computing (all these topics except for the statistical formulas are covered in the IT auditing course). In continuous auditing the auditor tests controls and transactions in real time so that the auditor learns how the system is operating over time. This creates a problem for the auditor in that some way of planning the testing of the system over time must be implemented before the auditor knows the total size of the population of transactions at the end of the period. Our formulas and Tables are perfect for such an approach when combined with systematic sampling. Systematic sampling is based on the concept of sampling interval (SI) which is defined as the recorded amount/n (e.g., reported amount of $10 million and n =100 gives SI = $100,000). Note this gives you n equal sized segments and with systematic sampling of one item per segment you will automatically get the desired sample size of n, whatever it is.
One limitation to this set up is that it appears to require knowledge of the reported amount in advance. Not true! For example, the increasingly important concept of continuous auditing allows a way to calculate sample size and sampling interval without knowing the recorded amount for the entire period. That is, without knowing the recorded amount (BV) of an entire population, such as sales or purchases for the period. Tests of controls and substantive tests with DUS addresses this problem of continuous audits by allowing the calculation of sampling interval and sample size without knowing the BV for the population in advance. All that’s required is for the auditor to specify materiality in dollar terms. But this is simply P*BV, that is, MM = P*BV. Note that if the auditor can directly specify MM (= P*BV), then the auditor can also determine the average sampling interval: BV/n. This is possible because n = R/P, and the sampling interval is algebraically equivalent to BV/(R/P) = (BV*P)/R = MM/R.
Thus the auditor can determine the sampling interval without specifying BV itself or knowing BV in advance. This can be an important advantage in practice if the auditee has not yet compiled a total BV for his or her population, as would be the case in continuous audits involving continuous on-line real-time reporting of sales and purchases as may be demanded in e-commerce audits. The auditor can take a systematic sample as he or she simply adds through the population of transactions as the transactions occur. This could be done , for example, with embedded software that monitors client transactions throughout the period. What MUS adds is the ability to statistically evaluate the sampled items as discussed below. You do not need to know anything more about the rest of the population that was created during the period monitored. You are relying entirely on inferences that can be made with the MUS model. This is the easiest way to combine statistical sampling with computer auditing and electronic evidence.
Demonstration of No Need to Allocate Under MUS (From Application Case and Analysis Ch. 10 page 404 SB).
With our formula, we can also show why there is no need to allocate materiality with DUS. For example, assume accounts receivable has a reported balance of $20 million, inventory has a balance of $10 million, and overall materiality is $1 million. If we wanted 95% confidence level to verify existence of accounts receivable via confirmation procedures, the sample size would be n = R/P = 3/(1/20) = 60. If we wanted 95% confidence level to verify existence of inventory via inventory counts, the sample size would be n = R/P = 3/(1/10) = 30. Note that the sum of these two sample sizes is the same it would be if we treated inventory and receivables as one dollar-unit population, in which case the sample size for the combined population (at 95% confidence) would be n = R/P = 3/(1/30) = 90. Thus, by individually testing the populations associated with receivables and inventory using the same overall materiality of $1 million, the auditor can get the same 95% confidence for the combined population as for the separate populations. All the auditor needs to do is add up the errors from the two samples and evaluate as though one sample of a dollar-unit population of $90 million were tested. In this way, the auditor can also get 95% confidence on the overall conclusion for the combined population. The crucial point is that the same materiality is used for the overall evaluation as for the individual inventory and receivables valuations. There is no need to use different materialities for the components that are smaller than the overall materiality of $1 million with DUS. However, this is not the case for other statistical approaches such as normal distribution-based tests, when performance materialities smaller than those of overall would be required (and having nothing to do with particular user needs—see lecture notes class 2) to get the same confidence level for the combined population. MUS can use smaller materialities for specific populations to meet specific user needs, but it does not require this whereas non-MUS models do require allocation. The need for complex materiality allocation rules has been introduced to auditing primarily because of normal distribution-based tests, further demonstrating how the needs of specific sampling models can affect audit reasoning about evidence gathering.
IV. Giant Stores Case
• This case is a good illustration of the practical uses of sample planning formulas. When you have a statistical theory supporting your decision you have a powerful warrant in your argument. The main value of statistical warrants is that they increase the epistemic probability of your conclusions. People are more likely to believe you because the audit has been made more scientific and your statistical conclusions are more objective. If some people such as in a trial question your judgment it is a lot easier to defend yourself when you can point to a widely accepted theory to help justify your decision. The solution is given by first reviewing the lessons learned in this case, and then outlining the answers to each question in the case. Other practical examples are given in University of Toronto example page 39 SB Appendix 10B. Is it easier to notice when 40% of your belongings are missing or 1% ?
• Also see box on page 402 SB
• Lessons to Be Learned
• Illustrations of Methods for Misrepresenting Accounts Payable.
• Accounts Payable Audit Objectives and How to Achieve Them.
• Illustrations of Need to Consider Sufficiency (quantity) and appropriateness (quality) of Audit Evidence.
• Importance of Resolving All Suspicious Items Discovered During Audit.
• Importance of Knowledge of the Business (KNOB) and Recognition of Red Flags.
• Illustration of Common Pressure Tactics Used by Client/Personnel.
• Question 1
• Completeness assertion because of lack of incentives to maintain strong control for payables.
• Question 2
• completeness objective
• subsequent year disbursements is the primary procedure for material transactions. Not clear whether this was included in this case.
•
• Question 3
• a number of methods are possible. Under DUS:
• n = R/P where:
• P = (materiality)/ (recorded payables or credits for payables depending on how the population is defined). For example, by AUG-41, materiality is .05 X reported net income of $1.5 million = 75k so that P = 75k/300k = .25, and if we use 95% confidence level, R =3.0 so that n = 3/ .25 = 12. Note this shows that the SEC may be wrong in saying that 24 items is not a sufficient sample size. Your warrants are those of statistical theory and DUS. What are theirs?
• Question 4
• The general issue is whether the evidence is appropriate, in this case whether it is sufficiently independent of the client.
• auditor should make phone call
• auditor should obtain written confirmation
• Question 5
• Confirmation procedure is much more common for AR than for AP.
• major audit objective for AR is existence.
• major audit objective for AP is completeness
• completeness means that for AP send confirmation for zero balances and all known creditors. Also don’t indicate amount owed, instead ask the amount owed.
• Question 6
• There should be open, uninhibited communications among all staff.
• Junior staff should be involved and have a right to air their views.
• any member of an audit team should be allowed to disassociate from a decision via a memo. Whether this memo is included in the final working papers is decided by the senior staff. You would keep your own copy in case you need defend yourself from litigation.
V. Mechanics: Sample Evaluation (from pages 386-388 SB)
Sample evaluation involves solving for P in the formula R = nP so that P = R/n. Known as the achieved P or the achieved UEL, it is calculated after the sample has been taken and the results are known. This means that the number of errors (K) detected by the sample is already known, the confidence level (CL = 1 – beta risk) is known, and the sample size taken is already known. Thus we can solve for achieved UEL = achieved P = R/n, where R = CLRK, CL is the specified confidence level, and K is the number of errors found in the sample (not the number expected as in sample size planning). To illustrate sample evaluation for a test of controls, assume that two errors or deviations were found in a sample of 100 and you wish to calculate the achieved P at 95% CL: thus P = R/n = UEL. Note this is the same situation as case 1 (first column) of the R Value handout. See below Plugging in the appropriate values from the table in class handout (R value table) or Appendix 10A of SB gives usthe following: achieved P = R/n = UEL = 6.30/100 = 0.063. This is the maximum error at the specified confidence level. This is then compared to what is material or tolerable. The basic rule is that if achieved P, or UEL, is greater than material or tolerable, reject the population—otherwise accept it. Compare this rule to AuG-41, para. 42 and note that the monetary-unit sampling (MUS) rule is less ambiguous. In the case of tests of controls, rejection of the populaton is equivalent to assessing control risk as high, that is, there is no (or reduced) reliance on controls.
Achieved P can always be interpreted as the maximum error rate for the specified confidence level. There are additional complications for substantive testing but these formulas are the only thing necessary for a conceptual understanding. These formulas or tables of monetary-unit sampling (MUS) or dollar-unit sampling (DUS) are so simple and so effective that they are now the most widely used in audit practice.
MUS is also so widely used because taking an appropriate sample one does not require advance knowledge of the recorded amount of the population, as the other statistical approaches do. This characteristic of MUS makes it particularly appropriate for audits involving continuous, online real-time reporting of sales and purchases as might be required in electronic commerce audits. The basic calculations for planning and evaluating the continuous audit samples have already been described above.
Follow-up all the Deviations The evaluation described so far has been mostly quantitative in nature, involving counts of deviations, deviation rates and tolerable rate, and risk judgment criteria. Qualitative evaluation in the form of determining the nature and cause of the deviations is also necessary. A single deviation can be the tip of the iceberg—the telltale sign of a more pervasive deficiency. Auditors are obligated by the standard of due audit care to investigate known deviations so that nothing important will be overlooked. Qualitative evaluation is sometimes called error analysis because each deviation from a prescribed control procedure is investigated to determine its nature, cause, and probable effect on financial statements. The analysis is essentially judgmental and involves auditors’ determination of whether the deviation is (1) a pervasive error in principle affecting all like transactions or just the one particular transaction; (2) a deliberate or intentional control breakdown, rather than unintentional; (3) a result of misundersood instructions or careless inattention to control duties; or (4) directly or remotely related to a money amount measurement in the financial statements. Clearly, different qualitative perceptions of the seriousness of a deviation would result from error analysis findings. When the decision criteria are not satisfied and the preliminary conclusion is that the control risk is high, the auditors need to decide what to do next. The deviation follow-up can obligate auditors to do more account balance audit work by changing the nature, timing, and extent of other audit procedures. If you suspect the sampling results overstate the actual population deviation rate, one option is to enlarge the sample and perform the control tests on more sample units in hopes of deciding that the control risk is actually lower. However, when faced with the preliminary “nonreliance” decision, you should never manipulate the quantitative evaluation by raising the tolerable rate or the risk of assessing the control risk too low. Supposedly, these two decision criteria were carefully determined in the planning stage, so now only new information would be a good basis for easing them. When a test of controls results in a “reject” decision, in most cases auditors reduce or eliminate reliance on the control tested.
Comparison to Opinion Poll (pages 367-368 SB)
How Risk and Materiality Used in Opinion Polls Relate to Audit Sampling
Materiality and risk are key concepts in statistical sampling and auditing. This is illustrated in CAS 530 (5300, 5142):
The determination of an appropriate sample on a representative basis may be made using either statistical or non-statistical methods. Whether statistical or non-statistical methods are used, their common purpose is to enable the auditor to reach a conclusion about an entire set of data by examining only a part of it. Statistical sampling methods allow the auditor to express in mathematical terms the uncertainty he or she is willing to accept and the conclusions of his or her test. The use of statistical methods does not eliminate the need for the auditor to exercise judgment. For example, the auditor has to determine the degree of audit risk he or she is willing to accept and make a judgement as to materiality.
The following box shows how the auditor’s professional judgment is applied if audit sampling were viewed like that in an opinion poll.
Professional Judgment and the Extent of Audit Testing
Handbook, 5142.08 states, “decisions concerning materiality and audit risk are the most significant made in the course of an audit because they form the basis for determining the extent of the auditing procedures to be undertaken.” This illustrates that professional judgment is critical to audit practice. To better understand why this is, imagine if the audit were a purely scientific endeavour in which the management assertions were hypotheses that had to be either supported (verified) or contradicted by the evidence. An analogy, but not one to be taken too literally, is to think of auditor opinions as being similar to a media opinion poll. An opinion poll in The Toronto Star reported that a mayoral candidate M.L. led with 51 percent of the decided vote over candidate B.H. who had 46 percent support. This poll was the result of surveying 400 Toronto residents. A sample of this size is considered accurate to within 5 percentage points, 19 times out of 20. In other words, due to the uncertainties associated with the representatives of the sample of 400, the best the statistician can conclude about M.L.’s prospects is that there is a 95 percent confidence level that his actual support is in the range 51% ( 5% = 46–56%. The width of this band around M.L.’s best point estimate of 51 percent is referred to as sampling precision, which is related to materiality. The confidence level is related to audit assurance. Conceptually, an auditor can make a similar statement about financial statements. For example, after audit testing, the auditor may conclude that a client’s net income number is $200,000 ( $10,000, 19 times out of 20. The auditor could make this kind of statement if the appropriate statistical samples were drawn from all the accounting components making up net income. In this statistical sampling framework, materiality is the degree of accuracy or precision of the sample, that is, the ( $10,000 (or ( 5% in the Star poll). Audit assurance is the statistical confidence; that is, 19 times out of 20, which is equal to 95 percent. Thus, if an auditor’s report were interpreted purely statistically, “presents fairly in all material respects” means that the difference between the audit estimate (audit value, or AV) based on audit testing and the reported amount (book value, or BV) is less than material. The level of audit assurance is captured by the words in our opinion in the auditor’s report. Under this view the standard audit report indicates, therefore, that there is a high level of assurance that there are no material factual misstatements in the financial statements. We can also look at the complement of assurance, audit risk discussed in paragraph 5095.08, and interpret the standard audit report to mean there is a low level of risk that there are material misstatements in the financial statements after the audit. Using a statistical sampling framework, the audit report decision will be based on a sufficient amount of testing so that the confidence interval around the auditor’s best estimate AV will both include BV and be smaller than materiality; that is, the auditor will have achieved the planned level of assurance from his the testing. For example, assume the auditor has done enough testing at a client with a reported net income of $198,000 to conclude that they have 95 percent confidence (assurance) that GAAP income is in the interval $198,000 ( $10,000. If materiality is set at 8 percent of reported income, it equals .08 ( $198,000 = $15,840. As the achieved precision of $10,000 is less than materiality of $15,840, the auditor can conclude with at least 95percent assurance that there is no material error in the reported net income of $198,000. To reach such a conclusion, the auditor will have to plan the testing so that achieved precision is no larger than materiality. Note that if BV – AV is greater than materiality, then the auditor has not obtained the 95 percent assurance from testing and will either have to do more audit work or insist on an adjustment.
Question: What is the 95% confidence interval equivalent to the opinion poll example above using the R value table calculation given earlier?
Answer: (0, .063).
In tests of controls evaluation, which is illustrated in the R value application question above preceding the box, the confidence interval is a one sided one because auditors are interested in the maximum possible error rate, not the minimum one. This one sided bound is illustrated in Exhibit 2 below. Note that the Achieved P of case 1 (column 1 in class handout example, also see below for a reproduction of the handout) has been converted to an estimate of maximum possible errors in the population by assuming that we multiply Achieved P by the population size. To make the calculations simpler in developing a correspondence with AuG-41.41-42, we add the assumption that the number of transactions processed during the year (i.e., he population size for tests of controls) is 10,000. Thus we can interpret case 1 results as a sample of size 100 that finds 2 errors (i.e., the identified misstatements of AuG-41 = IMs) resulting in .02 X 10,000 = 200 (likely aggregate misstatements of AuG-41 = LAM). Knowing the population value of 10,000 also allows us to convert materiality (tolerable misstatement) from a relative amount (or proportion) of .06 to an absolute amount of .06 X 10,000 = 600. Similarly the Achieved P or Upper Error Limit (UEL) or maximum possible misstatement of AuG-41.41 is .063 X 10,000 = 630. Now everything can be lined up as discussed in the concepts of AuG-41.41-42. See Exhibit 2.
A PICTURE IS WORTH A 1000 WORDS (HOPEFULLY). Auditors use a Bayesian Theory interpretation of sample results. This can be illustrated with the DUS sampling probability distribution using the above case 1 calculations. From the Bayesian perspective, the sampling evidence tells us something about the amount of misstatements or errors as summarized by the sampling distribution. With this perspective (note the importance of a perspective in reasoning as will be discussed in class 3 lecture notes ) the auditor can assess quantitatively the probability of material misstatement: this is the area under the curve (technically the probability density function) that is above(to the right) of materiality (in this case 600). The thing to note now is that the Achieved P of 630 at 95% confidence level is the 95% cumulative probability (area under the curve) of the sampling distribution. This means that the area that includes misstatements greater than 630 has a probability of .05 (i.e. 5%). But this also means that since 630 > 600, that the probability of error greater than materiality (of 600) is greater than .05, i.e., greater than acceptable. This is what the shaded area under the curve in Exhibit 2 tries to illustrate.
By this reasoning if materiality happened to be greater than 630 (say, 700 as illustrated in Exhibit 3), then the probability of material misstatement (henceforth PMM) would be less than .05. You as the auditor decide what is material.
Notice what is happening: Exhibit 2 shows that if Achieved P > material misstatement (MM), then that is equivalent to PMM > .05 = acceptable level = planned level; and Exhibit 3 shows that the condition Achieved P < MM is equivalent to PMM < .05 = acceptable level = planned. (What you do when Achieved P exactly equals MM, or equivalently, PMM exactly equals the acceptable risk is a little arbitrary. Here we assume “acceptance of the population” because this is most consistent with the language used ,i.e., “acceptable” and the reasoning in planning a sample. When you plan a sample assuming no errors and you take that sample and find no errors, guess what, Achieved P = MM. Is this acceptable? It should be since you found no errors. By the way, if you took a smaller sample size and found no errors then Achieved P > MM, guaranteed. Prove it to yourself with the R value table and formulas. Note this is a problem with the guidance given in AuG-41.42: it assumes the auditor took a sufficient sample size, but you can only prove that with formulas. The problem with AuG-41.42 is that it tries to provide guidance without any statistical theory to use as warrants. )
Exhibits 2 and 3 together should be illustrating to you graphically that the decision rule used in evaluating sample results of rule (1):
(1) If Achieved P > MM then reject; otherwise accept
Is exactly equivalent to the following rule (2):
(2) If PPM > acceptable risk (= the planned risk) then reject; otherwise accept.
Rule (2) is the one we are most interested in because it represents a more general version of rule (1), and as we will see in class 3 lecture notes the more general the warrants, the higher the inductive probability of the argument supporting the auditor’s conclusion.
The equivalency of rules (1) and (2) is important for illustrating the generality of rule (2). Rule (1) is limited to using the R value table and formulas. You can think of rule (1) as a more detailed version of rule (2) limited to sampling applications. They are equivalent in the sense that whenever one decides to accept/reject so will the other using the same sample information.
The more general nature of rule (2) should be evident from its wording—it deals with any risk and is not limited only to sampling risk like rule (1) is limited. Thus rule (2) can be extended to any application of risk based auditing. There is no need that the acceptable risk be the same for all risks. We will clarify later. Rule (2) is the most important principle we will be using in this course, and the claim will be made that it should used as a guide in all audit/accounting argumentation. You will decide if you are willing to accept this claim and give your reasons for your decision.
[pic]
[pic]
Class 1-2 Handout
The following are auditor judgment and audit sampling results for six populations. Assume large population sizes.
| |1 |2 |3 |4 |5 |6 |
|Estimated population deviation rate | | | | | | |
|(in percentage) | | | | | | |
| |2 |0 |3 |1 |1 |8 |
|Tolerable deviation rate (in | | | | | | |
|percentage) |6 |3 |8 |5 |20 |15 |
|Acceptable risk of overreliance on | | | | | | |
|internal control in percentage) | | | | | | |
| | | | | | | |
| |5 |5 |10 |5 |10 |10 |
|Actual sample size |100 |100 |60 |100 |20 |60 |
|Actual number of deviations in the | | | | | | |
|sample | | | | | | |
| |2 |0 |1 |4 |1 |8 |
Required:
a) For each population, did the auditor select a smaller sample size than is indicated by using the tables for determining sample size? Explain the effect of selecting either a larger or smaller size than those determined in the tables. b) Calculate the sample deviation rate and computed upper deviation rate for each population. c) For which of the six populations should the sample results be considered unacceptable? What options are available to the auditor? d) Why is analysis of the deviations necessary even when the populations are considered acceptable? e) For the following terms, identify which is an audit decision, a nonstatistical estimate made by the auditor, a sample result, and a statistical conclusion about the population. 1) Estimated population deviation rate. 2) Tolerable deviation rate. 3) Acceptable risk of overreliance on internal control. 4) Actual sample size. 5) Actual number of deviations in the sample. 6) Sample of deviation rate. 7) Computed upper deviation rate.
R VALUE TABLE
(for calculating upper error limits of either overstatements or understatements)
|Confidence Levels |Number of sample|Confidence Levels |
| |errors | |
|75% |80% |85% |90% | |95% |97.5% |99% |
|2.70 |3.00 |3.38 |3.89 |1 |4.75 |5.58 |6.64 |
|3.93 |4.28 |4.73 |5.33 |2 |6.30 |7.23 |8.41 |
|5.11 |5.52 |6.02 |6.69 |3 |7.76 |8.77 |10.05 |
|6.28 |6.73 |7.27 |8.00 |4 |9.16 |10.25 |11.61 |
|7.43 |7.91 |8.50 |9.28 |5 |10.52 |11.67 |13.11 |
|8.56 |9.08 |9.71 |10.54 |6 |11.85 |13.06 |14.58 |
|9.69 |10.24 |10.90 |11.78 |7 |13.15 |14.43 |16.00 |
|10.81 |11.38 |12.08 |13.00 |8 |14.44 |15.77 |17.41 |
|11.92 |12.52 |13.25 |14.21 |9 |15.71 |17.09 |18.79 |
|13.03 |13.66 |14.42 |15.41 |10 |16.97 |18.40 |20.15 |
The solution to the problem on the preceding slide (same as 10.62 in the RS textbook and in this class’s handout) is as follows:
a. The sample sizes using the formula (with k=0): n = R/P are .
Case 1, n=50. Case 2,n=100. Case 3,n=29. Case 4,n=60. Case 5,n=12. Case 6,n=16
Anything larger than these discovery sample sizes (the name for sample sizes when you use k = 0 in planning the sample size as we do in this course) reduces alpha risk, while beta risk (1 – confidence level) remains constant.
b. The achieved P or UELs are as follows. Case 1, UEL = .063. Case 2, UEL = .03. Case 3, UEL = .065. Case 4, UEL = .092. Case 5, UEL = .195. Case 6, UEL = .217.
c. Unacceptable for cases 1,4, and 6. The auditor can extend testing, insist on an adjustment, re-consider the extent of reliance on controls.
d. Sources of error helps auditor asses whether error is intentional or unintentional, and to assess qualitative aspects of internal control (for example, whether a particular individual, department, or time period is affected).
e. 1. auditor 2. auditor 3. auditor 4. auditor, or by formula 5. sample result 6. sample result 7. sample result: achieved P or UEL is the maximum error rate at the stated confidence level.
-------------------------------------------------------------------------------------------------------------------------------------
VI. Some Statistical Theory
In this section, you will find an overview of some theory about how risks are controlled with all statistical audit procedures using the concept of hypothesis testing.
How Sampling Risks Are Controlled in Statistical Auditing
When using statistical sampling concepts in auditing, we need to develop a decision rule, which must be used consistently if we are to control risks objectively. It is the assumption of the consistent use of a strict decision rule that allows the risks to be predicted and thus controlled via the sample size. The decision rule is frequently referred to as a hypothesis test, and the auditor is typically interested in distinguishing between the following two hypotheses:
Hypothesis 1: -There exists a material misstatement in the total amount recorded for the accounting population (e.g., accounts receivable file).
Hypothesis 2: -There exists no misstatement in the amount recorded for the accounting population.
The decision rule the auditor uses in statistical auditing is to select one of these two simplified hypotheses based on the results of the statistical sample. The mechanics of this are discussed in sections III and V of these lecture notes. Now we are interested in depicting what happens to sampling risk (risk that arises when testing only a portion of the population statistically) when a consistent decision rule is used. The concept of a probability of acceptance curve becomes useful for summarizing these risks (see Exhibit 4 below).
Probability of Acceptance Curve (or acceptance curve, for short) Consider a plot of the probability of acceptance of the recorded amount against total misstatement within the recorded amount of some accounting population, such as aggregate accounts receivable. The horizontal axis reflects total misstatement while the vertical axis reflects probability.
In a perfect world of no uncertainty, auditors would want to have a zero probability of accepting a recorded amount having material misstatement (MM). However, the concept of testing or sampling only a part of a population requires the auditor to be willing to accept some uncertainty concerning the total population value. This is reflected in the fact that the probability of acceptance cannot be zero at MM with sampling. However, the auditor can, or course, design his or her audit so that this probability is appropriately low.
An auditor using a consistent decision rule selecting one of the hypotheses discussed above with a given sample size over a range of possible errors will experience varying probabilities of acceptance. This is what we mean by a probability of acceptance curve as shown in Exhibit 4 below.
Note an important feature of this curve: as the error amount increases (in the direction of the arrow), the probability of acceptance goes down (as one would expect). How fast it drops depends on a variety of factors including the statistical model, the sample size and the error pattern.
Concepts of Sampling Risk
The probability of acceptance curve is useful for depicting the full range of sampling risks that the auditor may experience with a given test. This is summarized in Exhibit 4.
To understand these risks, let’s consider some scenarios. First, assume there is an immaterial amount of misstatement (i.e., to the left of MM in Exhibit 4), say 1/2 MM. The probability of acceptance curve in Exhibit 4 tells us what the probability is of accepting any given amount of misstatement (including .5MM).
Is acceptance the correct decision with this amount of misstatement? The answer is yes because the amount of misstatement is less than material. Thus, the probability of acceptance gives us the probability of making the correct decision at .5MM. Since the only other alternative in this simple framework is to reject the reported amount, an incorrect decision, this probability of making the incorrect decision must then be one minus the probability of acceptance. This risk of incorrect decision when there is less than material misstatement is referred to as the alpha risk in auditing.
A completely different error is possible when there happens to be a material misstatement, that is, at or to the right of MM in Exhibit 4. Now, accepting the reported amount is the incorrect decision and the probability of accepting the recorded amount is thus the risk of accepting a material misstatement. This risk of accepting a material misstatement is referred to in auditing as the beta risk. The correct decision is to reject the reported amount when there is a material misstatement and this equals one minus the probability of accepting the reported amount when there is a material misstatement, or one minus beta risk.
To recap: alpha risk can only occur when there is less than material misstatement and alpha risk = one minus the probability of acceptance when there is less than material misstatement. On the other hand, beta risk can only take place when there is a material misstatement and beta risk = the probability of acceptance of the recorded amount when there is material misstatement.
Another important thing to note is that as error increases, the probability of acceptance decreases and therefore, beta risk decreases. The maximum beta risk is thus at the smallest amount of material misstatement, which is at the point MM itself. That is, maximum beta risk is at MM. Hence if the auditor controls beta risk at a specified level at MM, he or she automatically controls it at a lower level for errors greater than MM.
This is not true for alpha risk, however. An analysis of Exhibit 4 should make clear that as probability of acceptance decreases with increasing errors in the immaterial error range, alpha risk is increasing. Maximum alpha risk therefore occurs at just below MM and equals (at the limit) one minus beta risk at MM. For a numerical example assume beta risk is controlled at .05 at MM. Then we know that maximum alpha risk = 1 – .05 = .95. In practice, alpha risk is frequently controlled at zero errors by controlling alpha risk at its minimum level. Note that this concept of risk control is completely different from that of beta risk control, which is always controlled via the beta risk’s maximum value. A control point for alpha risk greater than zero can be chosen but this will increase sample size beyond the minimum required (i.e., the discovery sample size) and this will have the effect of reducing alpha over its entire range. This reduction in alpha is the payoff for the increased testing.
Positive and Negative Approaches and Confidence Level
In the statistical literature there is frequent reference to the concept of confidence level of a statistical test. How does this relate to alpha and beta risks as used in auditing?
The answer is, it all depends.
It depends on the way the hypothesis tests are constructed. Confidence level is related to the primary or null hypothesis of the test. Specifically, confidence level equals one minus risk of rejecting the null hypothesis when it is true. Thus, confidence level is dependent on the null hypothesis used. In auditing a distinctive statistical terminology has evolved over the years. If hypothesis 1 above is the null hypothesis, then we are using the negative approach to hypothesis testing, and if hypothesis 2 is the null hypothesis, then we are using the positive approach to hypothesis testing.
Under the negative approach, confidence level equals one minus beta risk while under the positive approach, confidence level equals one minus alpha risk.
The negative approach is the more important and common approach in auditing. In particular, it underlies all attribute sampling tables and formulas. Dollar unit sampling always uses the negative approach. The positive approach frequently underlies formulas using the normal distribution assumption; this is briefly discussed at the end of the chapter. Because of its simplicity and straightforward relationship to audit objectives, the negative approach is used throughout this course. However, it should be noted that the positive approach is much more important in the sciences, and, in particular, the alpha risk when associated with the null hypothesis of “no difference” is the more important risk of the sciences. In contrast, the beta risk is more important in auditing because it is related to the more important hypothesis of “material misstatement” or “significant difference,” which it is the auditor’s job to detect. In fact, some have characterized the purpose of the auditing profession as that of “controlling beta risk” associated with financial statements. For this reason beta risk is associated with audit effectiveness.
Effect of Changing the Sample Size under the Negative Approach
Under the negative approach, the confidence level = 1 – beta risk. From the Bayesian perspective that auditors take on evidence, auditors can equate the confidence level with audit assurance, and so these auditors work with assurance or confidence factors rather than risk factors. The underlying principles remain the same, however, whether the auditor works with risk or confidence levels.
What if the auditor varies the sample size while keeping the confidence level constant?
Exhibit 4 indicates what happens as sample size is increased to population size. The outer rectangle is the acceptance curve with 100% sampling. It is perfect knowledge in a sampling context. The curve indicates the risk if only a small portion of the population is sampled, e.g., using our formula for n above. Note both alph and beta risks begin to appear. If you increase sample size, then the curve shape would move up upward toward rectangular shape representing perfect auditor knowledge about the population (resulting from a 100% exam. If sample size is reduced the acceptance curve shape moves away from the rectangular shape. The main result is that alpha risk is increased over its range as sample size is reduced. If sample size gets below our minimum sample size (using K = 0 zero as discussed above, then even beta can increase to beyond its planned (acceptable) level. From Exhibit 4 it is also evident that if confidence level (and thus beta risk under the negative approach) and MM are held constant while changing the sample size, it is the alpha risk that changes with the sample size—specifically, alpha risk is reduced throughout its range when the sample size is increased, and the converse. This illustrates that if the auditor wishes to reduce alpha risk while keeping beta risk and MM unchanged, then a larger sample size needs to be used. In fact, if any one of alpha risk, beta risk or MM were to be reduced, sample size would need to be increased, and the converse.
This smallest sample size is called a discovery sample (what we use at k=0). If the auditor wishes to control alpha risk to a lower level, the sample size should be increased. Sample size increases in practice are normally implemented through formulas by one of two major approaches: (1) increase the number of errors to be accepted by the sample, or (2) increase the planned expected error rate in computing the sample size. Sometimes a combination of the two approaches is used in computing the sample size. More rigorous methods are available for controlling alpha risk for an explicit amount of expected errors, but we will not cover these methods here because the additional complexity does not change the nature of the basic judgments that must be made and the necessary cost-benefit tradeoffs that are required. The concepts of beta risk, alpha risk, and their relationship to confidence level described here applies with some modification to all statistical procedures. In this sense they are very general, and Exhibit 4 below is suggestive of sampling risk associated with all statistical hypothesis testing. Auditors have developed their own terminology for the risks associated with different audit procedures. As we review various statistical procedures, we will identify new risk terms associated with these procedures, but we will see that for the most part these risks relate to the more important sampling risk in auditing, that of beta risk.
Finally, it should be noted that these acceptance curves are not the same thing as probability distributions that you may be familiar with from your statistics courses. Probability distributions measure the probability of various risks by calculating areas under the curve (for example, the normal probability distribution). The acceptance curves that we have discussed here represent the probabilities as the vertical distance from the curve to the horizontal axis (representing the probability of one or zero, respectively). Acceptance curves make it easier to visualize the sampling risks for different amounts of errors. Acceptance curves are a type of what statisticians call power curve, where the shape of the power curve varies, like the confidence level, with the null hypothesis.
EXHIBIT 4
VII. Summary of Hall et al. 2006 article: “How Reliable Is Haphazard Sampling?”
Haphazard sampling refers to sampling that is intended to be representative of a population but rigorous random or systematic selection is not used. Thus the probability of selecting a particular item becomes unpredictable. This article illustrates one source of such unpredictability: bias due to judgmental errors based on the availability heuristic discussed in class 3. Specifically, judgmental biases arise from items that stand out or draw attention (brightly colored items, large items, isolated items of inventory or files), or items that are easier to access (27). When auditors use haphazard sampling they should be trained in de-biasing procedures if they want this type of evidence to be acceptable in court. Otherwise, the auditor must be prepared to non-statistically sample a very large proportion of the population (30% or more). For example, in the decreasing returns to testing illustration above, the auditor would need to test about 3000 items to get an assurance of 95% (rather than 300 if a true random sample were taken). This illustrates another advantage of the more formal statistical sampling—potentially much smaller amounts of testing can result, as documented by this article.
Summary of Pavlock et al. article May 1990
• The Pavlock et al. article provides a good review of much of this course through the various accountability reports they foresaw in future corporate reporting 20 years ago.
– financial statements
– internal control reporting
– VFM audit reports
– fraud deterrence reports
• Note that all of these reports relate to different aspects of management accountability. This is not surprising since accountability is fundamental to the proper functioning of advanced societies. For example, in political science it is widely recognized that the reason democracy is such a successful form of government is that it seems to maximize the accountability of leaders to the rest of society. Note also that accountability relates to the social role of the accountable party.
• We will review all of the above reports/engagements as they have evolved to the present day.
• About half this course, however, will be on financial reporting and their audits since it is the auditor who states that the financial statements ‘present fairly’ in accordance with Canadian GAAP (or IFRS). As we will see this concept of fairness of presentation is being extended to include the risk of fraudulent reporting, and to internal control reporting.
• These increasing responsibilities increase the importance of critical thinking about the auditor’s role. Same with the next article.
VIII. Solutions to Textbook Questions
EP 1 page 407 SB (10.53)
a) The sample of 3 purchase orders and subsequent tracing the cash disbursement documents and procedures is not considered “audit sampling.” The work was properly done for the purpose of obtaining a preliminary understanding of the control design (structure), not for making a judgment of the effectiveness of control procedures. Audit sampling standards apply to samples for the purpose of reaching a conclusion about a a whole population of data—in this case the cash disbursement controls—and not to work done to obtain a general understanding of a control design (structure).
b) This is an example of a sample but not a representative one. Only the largest quantity items were chosen, and the others were ignored. This prevents us from validly extending the results to the 800 that were not sampled.
c) This is not a sample, rather this is a 100% examination. Sampling or testing refers to reaching a conclusion based on examining less than 100% of a population.
d) Audit sampling is not involved in the procedure of obtaining client representations. Appropriate written representations can be obtained from the persons with highest authority, and they need not be obtained from less authoritative persons. Written representations are not a selection of less than 100% of events from a larger population. They constitute the entire record of relevant written client representations.
EP 3 page 407 SB (10.55) Timing of Test of Controls Audit Procedures
Auditor Magann was auditing the authorization control over cash disbursements. She selected cash disbursement entries made throughout the year and vouched them to paind invoices and cancelled cheques bearing the initials and signatures of people authorized to approve the disbursements. She performed the work on Sept 30, when the company issued cheques 43921-52920, Since 9,000 cheques had been issued in 9 months, she reasoned that 3,000 more could be issued in the three months before the Dec 31 yearend. About 12,000 cheques had been issued last year. She wanted to take one sample of 100 disbursements for the entire year so she selected 100 random numbers in the sequence 43921 - 55920. She audited the 80 cheques issued prior to Sept 30 and held the next 20 for yearend. She found no deviations in the 80 - which would cause her to assign a low control (20%) risk to the probability that the system would permit improper charges to be hidden away in expense and purchase/inventory accounts
- Take the role of Magann and describe the options with respect to evaluating control performance for the remaining period (Oct - Dec)
1. Cannot elect to for go all further work on the control for the remaining period
2. The audit team can audit 20 remaining items - least costly - won’t take much time
3. The audit team could inquire about authorization control performance during Oct-Dec, only useful news would be that the control is no longer performed - do more other audit work
4. 3 months is a long time , should be concerned , can’t presume control worked just fine.
5. If dollar amount of transaction had decreased substantially, then she would not need to be so concerned about the additional control testing But this is unlikely.
6. Not auditing the 20 would be too risky, i.e., actual risk > acceptable thus violating our general audit reasoning principle. Therefore should audit the 20 extra. Only to avoid auditing the extra 20 is if can justify something like point 5 above.
10.59 Application to Accounts Receivable
Toni Tickmark has been assigned to plan the audit of the Cajuzzi Corp’n, and is currently planning the circularization of a/r. Cajuzzi sells a number of products in the personal health care field but its mainstay is a portable whirlpool unit for use in bathtubs - the Ecstasizer. Has been an outstanding success and is largely responsible for the 14% jump in sales this year. 5 major types of customers - wholesalers, department store chains, drug stores, hardware stores and sporting goods stores. Number of clones starting to appear. Cajuzzi has an aggressive sales strategy coupled with fairly liberal credit policies. Gives display units for demonstration purposes. These costs are charged to promotion expense. Stated objective to have every store in the country displaying its products. New customers get very liberal credit policies and terms net 30. Cajuzzi will not stop shipments unless balances are more than 120 days old.
Customer’s credit status is returned to normal as soon as the overdue balances are paid. Cajuzzi is loathe to write off any account unless the customer is actually insolvent or has given intent not to pay. Schedule A contains a 5-year summary of key financial data, and schedule B has a summary of a/r at the year-end circularization date (06/30/97). This is the second year that Toni’s firm has been the auditor of Cajuzzi, and her first year on the engagement. Last year’s working papers showed that the 50 largest accounts were circularized, which was coverage of 20% ($2,600,000). Overstatement of a/r of $190,000 was discovered, but no adjustment was proposed as the error was deemed immaterial.
a. Critique last year’s approach to the circularization of receivables and the subsequent disposition of errors discovered.
- not representative sample (only specific items based on size) - difficult to assess reasonableness
- coverage - only 20% - still high probability that other balances are misstated.
- errors discovered - 7%, no attempt to project to determine if material or not, probably is material
- overdue accounts - no mention given to overdue a/c’s in sample selection - more likely to be uncollectible
- no mention of risk assessment - loathe to write off bad a/c’s
- no mention of compliance testing
- should have increased sample size, given errors and required adjustment
b. What is meant by random(representative) selection and why is it the most fundamental principle of sampling theory? Under what conditions is non-random selection appropriate?
- attempt to choose the sample in such a way that its characteristics represent the characteristics of the entire population, therefore can project over population
- fundamental principle of sampling theory as testing is designed to reduce work
-Non random selection is appropriate when there are items in the population whose testing is warranted because of certain specific characteristics - unusually large, specific time period
c. What is meant by the terms sampling error and non-sampling error? What steps can be taken to control
- sampling error - risk that the sample results are not representative of the true population characteristic - can be controlled by increasing the sample size
- non-sampling error results when the auditor forms the wrong conclusion from the sample even though the sample was representative of the population - can be controlled by designing appropriate auditing procedures, supervision and training of assistants.
----------------------- probability representing alpha risk = incorrect decision
probability of incorrect decision increasing
beta risk range
alpha risk range
MM
probability of
correct decision
probability representing =
beta risk
probability of incorrect decision