Chapter 8 – Tools to Gather Audit Evidence
1. LO1: Overview of Tools to Gather Audit Evidence 2. LO2: Overview of Sampling 3. LO3: Selecting a Sampling Approach 4. LO4: Gathering Sample Evidence about Control Effectiveness 5. LO5: Statistical Approach to Test Account Balances and Assertions: Monetary Unit Sampling (MUS) 6. LO6: No Misstatements in the Sample 7. LO7: Using Generalized Audit Software to Obtain Evidence 8. LO8: Analytical Procedures as a Substantive Test
Overview of Tools to Gather Audit Evidence
Substantive Analytical Procedures
Provide evidence on the reasonableness of the account balance
Substantive Analytical Procedures
Provide evidence on the reasonableness of the account balance
Sampling
Can be used for both tests of controls and direct tests of account balances
Sampling
Can be used for both tests of controls and direct tests of account balances
Generalized Audit Software
To analyze underlying data and to support tests of controls and direct tests of account balances
Generalized Audit Software
To analyze underlying data and to support tests of controls and direct tests of account balances
* Financial Statement Assertions are: 1) Existence 2) Completeness 3) Rights and obligations 4) Valuation or Allocation 5) Presentation and Disclosure
LO2: Overview of Sampling * Definition of Audit Sampling: applying audit procedures to less than 100 percent of a population in order to estimate some characteristic about that population
* Purpose of Audit Sampling - to gather evidence to: 1. Test controls to express an opinion on the client’s internal controls 2. Test controls to assess control risk 3. Test for compliance 4. Test details in account balances to determine whether material misstatements exist
* Four Important Decisions for a representative sample: 1. Which population should be tested and for what characteristics? (population) 2. How many items should be selected for audit testing? (Sample size) 3. Which items should be included in the sample? (selection) 4. What inferences can be made from the sample? (evaluation)
* Sampling Risk versus Non-sampling Risk Nonsampling Risk * The risk that audit tests do not uncover existing exceptions in the sample * Minimize nonsampling risk: * Proper training * Adequate supervison * Carefully designed audit programs Nonsampling Risk * The risk that audit tests do not uncover existing exceptions in the sample * Minimize nonsampling risk: * Proper training * Adequate supervison * Carefully designed audit programs Sampling Risk * The risk that an auditor reaches an incorrect conclusion because the sample is not representative of the population. * Minimizing sampling risk: * Adjust sample size * use appropriate sample selection method Sampling Risk * The risk that an auditor reaches an incorrect conclusion because the sample is not representative of the population. * Minimizing sampling risk: * Adjust sample size * use appropriate sample selection method
Sampling Risks – Related to Test of Controls Procedures | | | Actual State of Controls | Auditor’s Assessment of Control Risk | | Not Effective | | Effective | High | | Correct conclusion * no risk | | Incorrect rejection(Type I Error) * Audit inefficiencies | Low | | Incorrect acceptance (Type II Error) * Increase the likelihood that material misstatements not detected | | Correct conclusion * no risk |
Sampling Risks – Related to Substantive Testing | Auditor’s Conclusion Based on Sample Evidence | | Actual State of the Population | Auditor’s Assessment of Control Risk | | Materially misstated | | Not materially misstated | Conclude that the population is materially misstated | | Correct conclusion * no risk | | Incorrect Rejection (Type I Error) * Audit inefficiencies | Conclude that the population is not materially misstated | | Incorrect Acceptance (Type II Error) * Audit ineffectiveness | | Correct conclusion * no risk |
* Selecting a Sampling Approach - statistical vs. non-statistical sampling techniques
| | Statistical Sampling | | Nonstatistical Sampling | Sample Size | | Auditor judgment is quantified and sample size determined by probability theory | | Determined by auditor judgment | Sample Selection | | The sample must be randomly selected to give each item in the population an equal chance to be included in the sampleDirected sample selection can also be used | | Any method that the auditor believes is representative of the population * Directed sample selection – the selection of each item based on auditor’s judgmental criteria * Block sample selection – the selection of several items in sequence * Haphazard sample selection – the selection of items without any conscious bias on the part of the auditor * Systematic sample selection – the auditor calculates an interval and then select the items for the sample based on the size of the interval (determined by dividing the population size by the number of sample size desired) | Evaluation | | Statistical inference is used to assist auditor judgment | | Based on auditor judgment | Whether to use statistical or nonstatistical sampling is a cost/benefit decision | Cost | | * Requires knowledge of statistical sampling methods and/or special computer sampling software * Training costs * Requires definitions of acceptable risk and sample objectives to be made in advance | | * Requires audit judgment to determine an appropriate sample size and evaluate the results * Does not provide an objective way to control and measure sampling risk | Benefit | | Helps the auditor: * Design an efficient sample * Measure the results by providing an objective measure of sampling risk * Gain efficiencies through computerized selection and statistical evaluation * Defend sample inferences because they are based on statistical theory | | * Does not require additional software * Can be based on auditor’s prior expectations about errors in the account * May take less time to plan, select, and evaluate the sample |
* Gathering Sample Evidence about Control Effectiveness (AS5)
* The assessment of control effectiveness may be based on: 1. A sample to test the effectiveness of controls in operation 2. The auditor’s observation of the significant business processes 3. Tests of controls built into the client’s computer system 4. Inquiry and a review of monitoring reports
* Attribute Estimation Sampling
* An attribute is a characteristic of the population of interest to the auditor * the effective operation of a control
Appropriate Sample Size
Expected Failure Rate (EFR)
* Based on prior experience * The higher EFR, the larger sample size
Expected Failure Rate (EFR)
* Based on prior experience * The higher EFR, the larger sample size
Sampling Risk
* Risk of assessing control risk too low
Sampling Risk
* Risk of assessing control risk too low
Tolerable Failure Rate (TFR) * Failure rate at which the control is not operating effectively * Level at which the control’s failure to operate would change the auditor’s planned assessment of control risk in performing tests of account balances * Must set in advance in order to determine sample size
Tolerable Failure Rate (TFR) * Failure rate at which the control is not operating effectively * Level at which the control’s failure to operate would change the auditor’s planned assessment of control risk in performing tests of account balances * Must set in advance in order to determine sample size
* Attribute Estimation Sampling as an Audit Objective * The steps to implement an attribute estimation sampling plan are:
1. 1. Define the attributes of interest and what constitutes failures 2. 1. Define the attributes of interest and what constitutes failures
2. Define the population * the period to be covered by the test – the year when evaluating controls * the sampling unit – an item that would indicate the operation of a control * the process of assuring the completeness of the population * footing the file * Reconciling the balance to the general ledger * Reviewing the completeness of pre-numbered documents
2. Define the population * the period to be covered by the test – the year when evaluating controls * the sampling unit – an item that would indicate the operation of a control * the process of assuring the completeness of the population * footing the file * Reconciling the balance to the general ledger * Reviewing the completeness of pre-numbered documents
3. Determine the sample size * tolerable failure rate * expected failure rate * an acceptable sampling risk * Exhibit 8.4 – Attribute Sample Size Tables (pg. 390) * *
3. Determine the sample size * tolerable failure rate * expected failure rate * an acceptable sampling risk * Exhibit 8.4 – Attribute Sample Size Tables (pg. 390) * *
4. Select and audit sample items * Systematic selection - selects every nth item in the population from a randomly selected starting point * Haphazard selection - arbitrary * Judgmental sampling - Auditor may use judgment to select sample *
4. Select and audit sample items * Systematic selection - selects every nth item in the population from a randomly selected starting point * Haphazard selection - arbitrary * Judgmental sampling - Auditor may use judgment to select sample *
5. Evaluate sample results and reach conclusion on audit objectives * Projects the results of sampling to the population * If the sample failure rate the expected failure rate, then must determine whether the projected maximum failure rate is likely to exceed the tolerable failure rate * To do this, the auditor must determine the upper limit of the potential failure rate in the population * The upper limit is based on the sample failure rate and sample size and is adjusted upward for sampling error * If the upper limit exceeds the tolerable failure rate, the internal control process has deficiencies * Qualitative Evaluation: When control failures are found, they should be analyzed qualitatively as well as quantitatively * Auditor should try to determine whether the failures * Were intentional or unintentional * Were random or systematic * Had a direct dollar effect * Were of such magnitude that a material dollar amount of errors could occur and not be detected
* Exhibit 8.6 – Attribute Estimation Sample Evaluation Tables
5. Evaluate sample results and reach conclusion on audit objectives * Projects the results of sampling to the population * If the sample failure rate the expected failure rate, then must determine whether the projected maximum failure rate is likely to exceed the tolerable failure rate * To do this, the auditor must determine the upper limit of the potential failure rate in the population * The upper limit is based on the sample failure rate and sample size and is adjusted upward for sampling error * If the upper limit exceeds the tolerable failure rate, the internal control process has deficiencies * Qualitative Evaluation: When control failures are found, they should be analyzed qualitatively as well as quantitatively * Auditor should try to determine whether the failures * Were intentional or unintentional * Were random or systematic * Had a direct dollar effect * Were of such magnitude that a material dollar amount of errors could occur and not be detected
* Exhibit 8.6 – Attribute Estimation Sample Evaluation Tables
*
6. Document all phases of the sampling plan
6. Document all phases of the sampling plan
* Sampling to Test for Account Balance Misstatements (Substantive Sampling)
Basic Steps | 1. Specify audit objective of the test a. If objective is to determine existence, the sample should be selected from recorded information b. if the objective is to determine completeness, the sample should be selected from a complementary population such as source documents | | 2. Define a misstatement * Misstatements should be defined before sampling to * Preclude the client or auditor from rationalizing away misstatements as isolated events * Provide guidance to the audit team * Misstatement is usually defined as a difference that affects the correctness of the overall account balance | 3. Define the population * Group of items in an account balance that the auditor wants to test does not include: * Items the auditor has decided to examine 100% * Items that will be tested separately * Important to properly define the population: * Sample results can be projected only to the group from which the sample is selected * The population must be directly related to the audit objective | | 4. Define the Sampling Unit * Sampling units are the individual auditable elements that make up the population * Example: sampling units for confirming accounts receivable could be the individual customer’s balance or individual unpaid invoices, or a combination of these two. | 5. Choose sampling methodThere are a number of sampling methods an auditor may use a. Non-statistical b. Probability proportional to size (PPS) - test for overstatement of an account balance, provides an estimate of the amount of misstatement in the account, a dollar-based approach(each dollar is a sampling unit) c. Classical sampling methods - test for both overstatement and understatement, provide an estimated range of the account balance, use a variety of sampling units i. Mean-per-unitn=[(N*Ur*SDE)/A]^2N-popuplationUr-incorrect rejection coefficientA-planned allowance for sampling riskA=TM/(1+Ua/Ur)Ua-incorrect acceptance coefficient ii. Ratio estimation * Must appropriate when size of misstatement is proportional to the book value of items iii. Difference estimation * Most appropriate when the size of the misstatement does not vary significantly in comparison to the size of book value * Whichever sampling method is used, consideration must be given to the risk of misstatement, sampling risk, and the auditor’s assessment of tolerable and expected misstatement * Tolerable misstatement * Maximum misstatement an auditor will accept before deciding the recorded account balance is materially misstated * Expected misstatement * Based on results of other substantive tests and auditor’s prior experience with the client * Expected misstatement should be less than tolerable misstatement | | 6. Determine sample size * Non-statistical * All significant items should be tested * No way to mathematically control sampling risk | 7. Select sample | | 8. Evaluate sample results | 9. Document sampling procedure and results | | |
* Nonstatistical Sampling to Test Account Balances and Assertions 1. Determine Sample Size – all significant items should be tested 2. Select the Sample * The auditor should take the steps to increase the likelihood that the sample is representative of the population. * To use a random-based method: either random dollars or random items * Haphazard selection – without any conscious bias 3. Evaluate the Sample Results * Misstatements found must be projected to the population.
* Illustration 1: The following information relates to a nonstatistical sample used for a price test of inventory: | Population | | Sample | | Number | Amount | | Number | Amount | Misstatement | ≥$30,000 | 20 | $1,600,000 | | 20 | $1,600,000 | $1,000 |