Specialized Audit Tools: Sampling and Generalized Audit Software

1. Overview of Sampling and GAS as Tools for Gathering Audit Evidence

2. Objectives of Sampling and Risks Associated with Sampling
3. Nonstatistical and Statistical Sampling
4. Attributes Sampling
5. Using Sampling to Gather Evidence about Misstatements in Account Balances and Associated Assertions
6. Using Generalized Audit Software to Obtain Evidence
Audit Sampling Audit sampling is defined as the application of an audit procedure to less than 100% of the items within an account
balance or class of transactions for the purpose of evaluating some characteristic of the balance or class.

In other words, audit sampling allows the auditor to learn a lot about a population of items of interest without examining every one
of those items individually.

The inspection teams identified deficiencies in firms' performance of audit sampling, including:
1. Using sample sizes that were too small to obtain enough evidence to form a conclusion about the account balance or class of
transactions being tested.
2. Failing to appropriately project the effect of errors identified when testing the items selected to the entire population.
3. Failing to select the sample in such a way that it could be expected to be representative of the underlying population.
4. Not appropriately testing all the items in the sample.

Tools for Gathering Audit Evidence

1. Audit Sampling
o Sampling involves applying audit procedures to less than 100% of transactions, focusing on tests of controls and direct tests
of account balances and assertions.
o Suitable for procedures like examining documents, recalculations, or confirmations, but not for inquiry, observation, or most
analytical procedures.
o other types of audit procedures such as inquiry, observation, and most analytical procedures would not involve sampling.
o Sampling ensures auditors can reach conclusions about population accuracy while reviewing only a subset of transactions.
o Samples should be representative, adequately sized, and selected from the appropriate population to minimize errors.
2. Generalized Audit Software (GAS)
o Analyze underlying data and for supporting tests of controls and direct tests of account balances and assertions
o GAS automates the testing process and analyzes entire populations when applicable.
o Use GAS to import client’s computerized data then the software can be applied to the data
o Functions include scanning, sorting, summarizing, stratifying, and sampling data, as well as identifying duplicate entries,
gaps in data, and population outliers.

Objectives of Audit Sampling

 When testing controls, the goal is to determine if controls are operating effectively.
 If not, auditors must consider this in their internal control opinion and substantive procedures.
 When testing account balances, the goal is to estimate misstatements and ensure corrections are made for large
misstatements.

Challenges of Sampling
 Auditors must consider how to take samples that minimize the likelihood of reaching an incorrect conclusion about what
they are testing.

Key Concepts in Sampling

 Sampling Units: Individual items tested within the population.
 Population: Group of transactions or items that form an account balance, tested for characteristics like control effectiveness
or misstatements

Critical Questions for Sampling

1. Population: Which population and sampling units should be tested, and which characteristics should be examined?
2. Sample Size: How many items should be selected for audit testing?
3. Selection: Which items should be included in the sample?
4. Evaluation: What inferences can be made about the overall population from the sample?

Non-sampling and Sampling Risks in Audit Sampling

Errors by the auditor about the characteristics of the underlying population
a. Non-sampling risk: the auditor did not appropriately carry out the audit procedures or inappropriately diagnosed problems
b. Sampling risk: the auditor made an incorrect inference from a sample that was not representative of the population

1. Non-sampling Risk
o Errors unrelated to sampling, such as improper audit execution or lack of auditor knowledge.
o Controlled through training, supervision, robust audit programs, and technology.
2. Sampling Risk
o risk that the auditor’s conclusion based on a sample might be different from the conclusion that would be reached
if the audit procedure were applied in the same way to the entire population.
o Sampling risk can be measured for statistical samples, but not for nonstatistical sampling approaches.
o Statistical sampling helps auditors measure and control this risk.
o The smaller the sample, the more the uncertainty; the larger the sample, the less the uncertainty.
Sampling Risks in Testing
 Tests of Controls:
o Incorrect Acceptance: Concluding controls are effective when they’re not, leading to insufficient substantive
testing.
o Incorrect Rejection: Concluding controls are ineffective when they’re effective, causing inefficiency.
 Tests of Details of Account Balances:
o Incorrect Acceptance: Concluding an account balance is free of material misstatement when it contains one,
resulting in inaccurate financial statements.
o Incorrect Rejection: Concluding an account balance has a material misstatement when it does not, leading to
unnecessary audit work but not compromising the audit conclusion.
Auditors focus on minimizing the risk of incorrect acceptance to ensure audit quality and accuracy.

ATTRIBUTES SAMPLING
 estimate the rate of control procedure failures based on
selecting one sample and performing the appropriate audit
procedure.
 Test the operating effectiveness of controls
 Attribute – characteristic of the population of interest to
the auditor
Steps in Attributes Sampling Steps in Sampling Account Balances and Associated Assertions
1. Define the attributes of interest and what constitutes 1. Specify the audit objective of the test and define a
failure(s). misstatement.
2. Define the population from which the sample is to be 2. Define the population from which the sample is to be
taken. taken.
3. Determine the sample size. 3. Choose an appropriate sampling method.
4. Determine the method of selecting the sample. 4. Determine the sample size.
5. Select the sample items and perform the test of control. 5. Select sample items and perform the substantive
6. Evaluate the sample results and consider the effect on procedure.
planned substantive procedures. 6. Evaluate the sample results.
7. Document all phases of the sampling process. 7. Document all phases of the sampling process.

Factual misstatements Projected misstatements

 specifically identified and about which  auditor’s best estimate of the misstatements in a given population based on
there is no doubt, such as a difference the sample results; they are a projection of the misstatements identified in
identified in a sample item or an item an audit sample to the entire population from which the sample was drawn
examined 100%  likely misstatements
 known misstatements

(Factual misstatement) + (projected misstatement) = compared with tolerable misstatement when evaluating the sample results
 Tolerable misstatement Expected misstatement
 monetary amount set by the auditor in respect of which the auditor seeks to  level of misstatement that the auditor
obtain an appropriate level of assurance that the monetary amount set by expects to detect, and it is based on
the auditor is not exceeded by the actual misstatement in the population. projected misstatements in prior-year
 maximum amount of misstatement the auditor can accept in the population audits, results of other substantive tests,
without requiring an audit adjustment or a qualified audit opinion audit judgment, and knowledge of
 tolerable misstatement is the application of performance materiality to a changes in personnel and the accounting
particular sampling procedure. system.
 Tolerable mis statement may be the same amount or an amount smaller  It is usually desirable to be conservative
than performance materiality and use a slightly larger expected
 Tolerable misstatement is based on planning materiality for the account misstatement than is actually anticipated.
balance.

STEP 2: Define the population from which the sample is to be taken

Define the sampling unit Sampling units are the individual auditable elements and often are made up of individual account
balances.
Completeness of the A sample is selected from a physical representation of the population. A common procedure is to
population foot the list and reconcile it with the general ledger.
Identify individually  Top-stratum items are population items whose book values exceed the sampling interval and
significant items are therefore all included in the sample. No estimate or projection of errors is required.
 Lower-stratum items are those that are not in the top-stratum.
 The audit results reflect the sum of top-stratum items and the projected misstatement based
on lower-stratum items.
 The auditor often uses judgment to determine the cutoff point for top stratum items.
 The division of the population into two or more subgroups is referred to as stratification.
 Stratification of the population into several homogeneous subpopulations generally creates
audit efficiency.

Step 3. Choose an Appropriate Sampling Method

 common statistical approaches for substantive testing are classical variables sampling (beyond the scope of this textbook)
and monetary unit sampling (MUS).
 MUS is based on attributes sampling theory, but is used to express conclusions in monetary terms.
 MUS = probability proportional to size (PPS) sampling.
 The term PPS describes a method of sample selection where the probability of an item’s selection for the sample is
proportional to its recorded amount, while MUS is used to describe sample size and evaluation methods (based on
monetary units).

Steps 4, 5, and 6. Determine the Sample Size, Select the Sample Items and Perform the Substantive Procedure, and Evaluate the
Sample Results
 Whatever the sampling method chosen, consideration must be given to
o the risk of misstatement in the account,
o sampling risk, and
o the auditor’s assessment of tolerable and expected misstatement

Unacceptable Sample Results (when the total estimated misstatement exceeds the tolerable misstatement)
 Ask the client to correct the factual misstatements
 Analyze the detected misstatements for common problem(s)
 Design an alternative audit strategy
 Expand the sample
 Change the audit objective to estimating the correct value

Monetary unit sampling (MUS)

 is a sampling method based on attributes estimation sampling, but involving dollar misstatements rather than control failure
 rates.
 results in an efficient sample size and concentrates on the dollar value of the account balances.
 Also called dollar-unit sampling, PPS, and combined attributes-variables sampling.
 MUS was designed to be especially effective in testing for overstatements in situations when few or no misstatements are
expected
 The population for MUS is defined as the number of dollars in the population being tested.
 Each dollar in the population has an equal chance of being chosen, but each dollar chosen is associated with a tangible item
such as a customer’s balance or an inventory item, so items with more dollars have a greater likelihood of being selected.
 All items with a book value equal to or greater than the interval will be selected for auditor evaluation. As previously noted,
these items are referred to as top-stratum items.
 Population items with zero balances have no chance of being selected using PPS sampling.
 Population items with negative balances require special consideration
Strengths Weaknesses
 MUS is generally easier to apply than other statistical  MUS is not designed to test for the understatement of a
sampling approaches. population.
 MUS automatically selects a sample in proportion to an  If an auditor identifies understatements in a MUS sample,
item’s dollar amount, thus providing automatic evaluation of the sample requires special considerations.
stratification of the sample.  Selection of zero or negative balances requires special
 If the auditor expects (and finds) no misstatements, MUS design considerations.
usually results in a highly efficient sample size.

The sample size in a MUS sample is a function of the following factors:

 the risk of incorrect acceptance,
 the ratio of expected misstatement to tolerable misstatement, and
 the ratio of tolerable misstatement to the total population value.

Sampling interval = (population size) / (sample size)

When evaluating the Monetary Unit Sampling (MUS) sample results, the auditor calculates the total estimated misstatement in
the account balance based on the sampling process. This total includes the following four components:
Factual misstatement for items in
the top-stratum
Basic precision  The amount of uncertainty associated with testing only a part of the population
(sampling risk)
 Basic precision is the amount of error you are confident of not exceeding if no
errors are detected in the sample.
 Basic precision is calculated as the sampling interval multiplied by a confidence
factor.
Projected misstatement for item  The best estimate of the actual amount of dollar misstatements in the population,
sin lower-stratum based on projecting the sample results to the population
 The projected misstatement is calculated as the sampling interval multiplied by the
tainting percentage.
 The terms likely misstatement or most likely misstatement are also used to refer to
the projected misstatement.
Incremental allowance for  An increase in the total estimated misstatement caused by the statistical
sampling risk properties of misstatements detected in the lower stratum:
 This refers to the adjustment made to the overall misstatement estimate,
accounting for the nature and extent of errors identified in the sample's lower-
value items or stratum.

No misstatements in the sample Overstatements in the sample Understatements in the sample

 If the auditor finds no misstatements  the auditor begins by identifying the  When an
in the sample, the misstatement percentage that the book value of understatement is
projection is zero dollars, and the each misstated sample item is encountered, the
total estimated misstatement will overstated or under stated (referred auditor has two possible
equal basic precision. to as the tainting percentage). courses of action.
 The basic precision is the amount of  The tainting percentage is the  First, the
 error you are confident of not percentage of misstatement present understatement can be
exceeding if no errors are reported in a logical unit, such as the sample ignored for purposes of
for the sample. item’s book value. this sample evaluation
 The tainting percentage equals the and if there are other
amount of misstatement in the item audit tests for
divided by the item’s recorded understatements, this
amount (in other words, the book understatement can be
value). included in as part of
 A tainting percentage is calculated other tests.
for all sample items with  Alternatively, the
misstatement in the lower-stratum. auditor can perform a
 The auditor multiplies the tainting separate analysis
percentage by the sampling interval specifically for
to calculate the projected understatements.
misstatement for each misstated
item

Using Generalized Audit Software to Obtain Evidence

Much of an auditor’s work involves gathering evidence on the correctness of an account balance by examining the details making up
the balance. For example, the auditor tests accounts receivable by gathering evidence using procedures such as those shown in
Exhibit 8.13. Fortunately, the auditor can use computer audit tools to increase the efficiency of many audit procedures. Visualize an
auditor sitting in a chair with a large paper document (printout) of the year-end accounts receivable list. Then note the general
nature of the procedures performed in Exhibit 8.13:
 Foot the individual accounts making up the total of accounts receivables
 Age the accounts
 Select individual items for further audit tests
 Print confirmations
 Statistically evaluate the results
 Make a judgment on the need for an audit adjustment

GAS
 They are a type of Computer-Aided Audit Technique (CAAT). They are designed to perform common audit tasks on a variety
of data files.

Tasks performed by GAS

1. Analyze a file
2. Select transactions based on logical identifiers
3. Select samples
4. Evaluate samples
5. Print confirmations -
6. Analyze overall file validity -
7. Generate control totals -
8. Perform numerical analyses – fraud is difficult to cover up because of numerical patterns
9. Perform other tasks

Benefits of using GAS

 The software is independent of the system being audited and only requires a read-only copy of the file to ensure there is no
risk of corrupting an organization’s data.
 It includes various audit-specific routines, such as sampling.
 The software provides documentation of each test performed, which can be included in the auditor’s work papers.
 Generalized Audit Software (GAS) aids auditors in improving efficiency while fulfilling their responsibilities related to
gathering and evaluating audit evidence.
Summary
Two commonly used tools in gathering audit evidence include sampling and generalized audit software (GAS). Auditors use
sampling—both nonstatistical and statistical—in testing controls and in performing tests of details. Attributes sampling is a
frequently used statistical approach for testing internal controls, and MUS is used for testing account balances for
overstatement. GAS is used extensively to automate aspects of the audit, including analyzing client data, selecting transactions
for testing, and selecting and evaluating samples.
Attribute A characteristic of the population of interest to the auditor.
Attributes sampling A statistical sampling method used to estimate the rate of control procedure failures based on selecting one
sample and per forming the appropriate audit procedure.
Audit sampling The application of an audit procedure to less than 100% of the items within an account balance or class of
transactions for the purpose of evaluating some characteristic of the balance or class
Basic precision The amount of uncertainty associated with testing only a part of the population (sampling risk). Basic precision is
calculated as the sampling interval multiplied by a confidence factor.
Block sampling A sampling technique that involves selecting a sample that consists of contiguous population items, such as selecting
transactions by day or week.
Expected failure rate See expected population deviation rate.
Expected misstatement The level of misstatement that the auditor expects to detect, and it is based on projected misstatements in
prior-year audits, results of other substantive tests, audit judgment, and knowledge of changes in personnel and the accounting
system.
Expected population deviation rate An anticipation of the deviation rate in the entire population. Also referred to as the expected
failure rate.
Factual misstatements Misstatements that have been specifically identified and about which there is no doubt. Also referred to as
known misstatements.
Generalized audit software (GAS) Software programs designed specifically for auditors.
Haphazard sampling A nonstatistical sample selection method that attempts to approximate a random selection by selecting
sampling units without any conscious bias, or special reason for including or omitting certain items from the sample.
Incremental allowance for sampling risk An increase in the total estimated misstatement caused by the statistical properties of
misstatements detected in the lower-stratum.
Known misstatements See factual misstatements.
Likely misstatement See projected misstatement.
Logical unit The balance or transaction that includes the selected dollar in a monetary unit sample.
Lower-stratum Items that are not in the top-stratum.
Misstatement An error, either intentional or unintentional, that exists in a transaction or financial statement account balance. For
substantive sampling purposes, a misstatement involves differences between recorded values and audited values.
Monetary Unit Sampling (MUS) A sampling method based on attributes estimation sampling, but involving dollar misstatements
rather than failure rates. MUS is often referred to as probability proportional to size (PPS) sampling.
Most likely misstatement See projected misstatement
Nonsampling risk The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk.
Nonstatistical sampling The application of auditor judgment and experience in a sample application to assist the auditor in
determining an appropriate sample size and in evaluating the sample results.
Population A group of transactions or the items that make up an account balance for which the auditor wants to estimate some
characteristic, such as the effectiveness of a control procedure or estimate the extent of mis statement in an account.
Probability proportional to size (PPS) sampling A sampling selection method in which each item in the population has a probability
of being included in the sample proportionate to the dollar value of the item.
Projected misstatement The best estimate of the actual amount of dollar misstatements in the population based on projecting the
sample results to the population. The projected misstatement is calculated as the sampling interval multiplied by the tainting
percentage. Also see likely misstatement or most likely misstatement.
Risk of assessing control risk too high See risk of incorrect rejection of internal control reliability.
Risk of assessing control risk too low See risk of incorrect acceptance of internal control reliability.
Risk of incorrect acceptance of internal control reliability The risk that the auditor will conclude that the state of internal controls is
effective when internal controls are actually not effective (also referred to as the risk of assessing control risk too low).
Risk of incorrect acceptance of book value The risk that the auditor will conclude that the account balance does not contain a
material misstatement when the account balance actually does contain a material misstatement.
Risk of incorrect rejection of internal control reliability The risk that the auditor will conclude that the state of internal controls is
not effective when internal controls are actually effective (also referred to as the risk of assessing control risk too high).
Risk of incorrect rejection of book value The risk that the auditor will conclude that the account balance contains a material
misstatement when the account balance actually does not contain a material misstatement.
Risk of overreliance See risk of incorrect acceptance of internal control reliability.
Risk of underreliance See risk of incorrect rejection of internal control reliability.
Sampling risk The risk that the auditor’s conclusion based on a sample might be different from the conclusion he or she would reach
if the test were applied in the same way to the entire population.
Sampling units The individual items to be tested.
Simple random sampling Selecting a random sample by matching random numbers generated by a computer or selected from a
random number table with, for example, document numbers such as an invoice or a purchase order.
Statistical sampling The application of probability theory and statistical inference, along with auditor judgment and experience, in a
sample application to assist the auditor in determining an appropriate sample size and in evaluating the sample results.
Stratification Dividing the population into two or more subgroups.
Systematic random sampling This sampling technique involves systematic sampling in which the first item is selected randomly from
the interval.
Systematic sampling This sampling technique involves dividing the number of physical units in the population by the sample size to
determine a uniform interval; a random starting point is selected in the first interval and one item is selected throughout the
population at each of the uniform intervals after the starting point.
Tainting percentage The percentage of misstatement present in a logical unit, such as the sample item’s book value. The tainting
percentage equals the amount of misstatement in the item divided by the item’s recorded amount.
Tolerable failure rate See tolerable rate of deviation.
Tolerable misstatement A monetary amount set by the auditor in respect of which the auditor seeks to obtain an appropriate level of
assurance that the monetary amount set by the auditor is not exceeded by the actual misstatement in the population. In practical
terms, a tolerable misstatement is the maximum amount of misstatement the auditor can accept in the population without requiring
an audit adjustment or a qualified audit opinion.
Tolerable rate of deviation
A rate of deviation set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of
deviation set by the auditor is not exceeded by the actual rate of deviation in the population. Also referred to as the tolerable failure
rate.
Top-stratum Population items whose book values exceed the sampling interval and are therefore all included in the sample. The top-
stratum con sists of all account balances exceeding a specific dollar amount
1. Sampling can be used for both tests of controls and direct tests of account balances and assertions. TRUE
2. Audit procedures such as inquiry, observation, and analytical procedures are the primary audit procedures involving audit
sampling. FALSE
3. Sampling risk is the risk that the auditor’s conclusion based on a sample might be different from the conclusion that would be
reached if the audit procedure were applied in the same way to the entire population. TRUE
4. The risk of incorrect acceptance of internal control reliability is the risk that the auditor will conclude that the state of internal
controls is not effective when internal controls are actually effective. FALSE
5. A benefit of nonstatistical sampling as compared to statistical sampling is that the sample size can be significantly smaller,
thereby making the audit more efficient. FALSE
6. A benefit of statistical sampling as compared to nonstatistical sampling is that less auditor judgment is required because the
auditor can leverage the power of probability theory. TRUE
7. Attributes sampling is a statistical sampling method used to estimate the rate of control procedure failures based on selecting
one sample and performing the appropriate audit procedure. TRUE
8. In attributes sampling, the attribute of interest is an individual dollar amount in the population. FALSE
9. Factual misstatements are those that are the auditor’s best estimate of misstatements in a given population based on sample
results. FALSE
10. The division of a population into two or more subgroups is referred to as stratification. TRUE
11. One strength of MUS is that it automatically selects a sample in proportion to an item’s dollar amount, thus providing automatic
stratification of the sample. TRUE
12. MUS is most often used in situations in which the auditor expects a significant number of large understatements in recorded
balances. FALSE
13. GAS would be useful for completing the following tasks: footing a file, doing arithmetic calculations, checking for gaps in
processing sequences, and printing confirmations. TRUE
14. GAS would be useful in testing the completeness assertion by helping the auditor select data to perform sales cutoff tests
around year end. TRUE
15. For which of the following auditing procedures would sampling be most appropriate?
a) Examining documents.
b) Inquiring of management.
c) Observing controls being completed.
d) Conducting analytical procedures.
16. Which of the following activities would be most likely to be accomplished using sampling?
a) Sorting a file to identify the largest items.
b) Scanning for unusual transactions.
c) Selecting items and tracing back to source documents.
d) Footing the file.
17. Which of the following is a question that the auditor will answer when sampling?
a) Which population and sampling unit should be tested, and what characteristics should be examined?
b) How many items should be selected for audit testing?
c) Which items should be included in the sample?
d) What inferences can be made about the overall population from the sample?
e) All of the above.
18. Refer to Exhibit 8.3 and determine which of the following terms matches this definition: the risk that the auditor will conclude
that the state of internal controls is effective when internal controls are actually not effective.
a) The risk of incorrect acceptance of internal control reliability.
b) The risk of incorrect acceptance of book value.
c) The risk of incorrect rejection of internal control reliability.
d) The risk of incorrect rejection of book value.
19. Refer to Exhibit 8.4 and determine which of the following statements is true.
a) In nonstatistical sampling, sample size is determined by auditor judgment.
b) In statistical sampling, the sample must be randomly selected to give each unit in the population an equal chance to be
included in the sample.
 c) In nonstatistical sampling, evaluation is based on auditor judgment and projections are based on sample results.
d) In statistical sampling, the auditor is required to define acceptable risk in advance.
e) All of the above.
20. Which of the following statements is false?
a) When properly used, either nonstatistical or statistical sampling can be effective in providing sufficient appropriate audit
evidence.
b) Statistical sampling allows the auditor to precisely control the risk of making an incorrect inference about the population from
which the sample is taken, whereas nonstatistical sampling does not allow such control.
c) Nonstatistical sampling may help avoid second guessing by regulators or jurors should those parties question the quality of the
sampling method used.
d) Combining statistical sampling with audit judgment generally produces a higher quality audit conclusion than using audit
judgment alone.
21. In attributes sampling, which of the following will not affect the determination of sample size?
a) Sampling risk.
b) The tolerable rate of deviation.
c) The expected population deviation rate.
d) The risk of incorrect rejection of book value.
22. Refer to Exhibit 8.6. Assume a 5% risk of overreliance, a tolerable deviation rate of 8%, a sample size of 100, and that the number
of deviations is 5. What is the upper limit of the possible deviation rate, and what does it mean?
a) 10.3%. The auditor is 95% confident that the real error rate in the population is no greater than 10.3%.
b) 10.3%. The auditor is 95% confident that the real error rate in the population is no greater than 5%.
c) 5%. The auditor is 92% confident that the real error rate in the population is no greater than 10.3%.
d) 5%. The auditor is 92% confident that the real error rate in the population is no greater than 5%.
23. Which of the following definitions is correct?
a) Factual misstatement—A misstatement that has been specifically identified and about which there is no doubt.
b) Projected misstatement—The auditor’s best estimate of the misstatement in a given population based on the sample results.
c) Tolerable misstatement—A monetary amount set by the auditor in respect of which the auditor seeks to obtain an appropriate
level of assurance that the monetary amount set by the auditor is not exceeded by the actual misstatement in the population.
d) Expected misstatement—The level of misstatement that the auditor expects to detect.
e) e. All of the above are correct.
24. Which of the following statements is false?
a) Top-stratum items are population items whose book values exceed the sampling interval and are therefore all included in the
sample.
b) Because the auditor knows the amount of errors in the top stratum (all items were evaluated), no estimate of errors is
required.
c) Stratification of the population into several homogeneous subpopulations generally reduces audit efficiency.
d) The audit sampling evaluation reflects the sum of top-stratum items and the projected misstatement derived from lower
stratum items.
e) None of the above.
25. Refer to Exhibit 8.7. Assume that the risk of incorrect acceptance is 10%, tolerable misstatement is 5% of population dol lars, and
expected misstatement is 30% of tolerable misstatement (in other words, 1.5% of the population dollars). What is the minimum
sample size that the auditor should use?
a) 28
b) 87
c) 120
d) 162
26. Which of the following represents the correct calculation of the sampling interval?
a) Tolerable error ÷ Risk of incorrect acceptance.
b) Sample size ÷ Population size.
c) Tolerable error × Risk of incorrect acceptance.
d) Population size ÷ Sample size.
27. Which of the following is a task commonly performed using GAS?
a) Selecting transactions based on logical identifiers.
b) Selecting samples.
c) Evaluating samples.
d) Printing confirmations.
e) All of the above.
28. Which of the following auditing procedures would be conducted using GAS to assess the validity of the valuation assertion?
a) Foot a file.
b) Compare sales invoices with shipping documents and/or sales contracts.
c) Select a sample of shipping documents and electronically compare them with invoices to determine if billed in the proper
period.
d) Select contracts for audit review.
Audit Sampling Definition Audit sampling is defined as the application of an audit procedure to less than 100% of the items within
an account balance or class of transactions, for the purpose of evaluating some characteristic of the balance or class.
Put simply, audit sampling allows the auditor to gain significant insights about a population of items of interest without having to
examine each individual item.

Deficiencies Identified in Audit Sampling Performance Inspection teams highlighted several issues in firms' audit sampling practices,
including:
1. Using sample sizes that were too small to gather sufficient evidence to form conclusions about the account balance or class
of transactions being tested.
2. Failing to appropriately project the effect of errors identified in the tested sample items to the entire population.
3. Selecting samples improperly, leading to samples that were not representative of the underlying population.
4. Not thoroughly testing all items within the sample.

Objectives of Sampling and Risks Associated with Sampling

 The objective of sampling when testing controls is to determine whether the controls are operating effectively.
 The objective of sampling when testing account balances is to estimate the amount of misstatement in an account balance.
 Auditors must consider how to take samples that minimize the likelihood they will reach an incorrect conclusion about what
they are testing.
 Sampling units refer to the individual items to be tested. The sampling units make up the population. The population is a
group of transactions or items that make up an account balance for which the auditor wants to estimate some
characteristic, such as the effectiveness of a control procedure or the extent of misstatement in an account.

Critical questions when sampling

1. Which population and sampling unit should be tested, and what characteristics should be examined (population)?
2. How many items should be selected for audit testing (sample size)?
3. Which items should be included in the sample (selection)?
4. What inferences can be made about the overall population from the sample (evaluation)?

Risks
(a) the auditor did not appropriately carry out the audit procedures or inappropriately diagnosed problems (non-sampling risk)
or
(b) the auditor made an incorrect inference from a sample that was not representative of the population (sampling risk).

Non-sampling risk
 The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk
 due to a lack of knowledge of the auditor performing the audit procedure.
 The audit firm controls the possibility of such errors through proper training and adequate supervision of the auditors, well-
designed computer programs to accomplish sampling, and carefully designed and executed audit programs.

Sampling risk
 risk that the auditor’s conclusion based on a sample might be different from the conclusion that would be reached if the
audit procedure were applied in the same way to the entire population.
 The smaller the sample, the more the uncertainty; the larger the sample, the less the uncertainty.
 By using statistical sampling, the auditor can control—and measure—how much risk there will be that the sample might not
be representative of the population.
 Sampling risk can be measured for statistical samples, but not for nonstatistical sampling approaches.

Sampling risks related to tests of controls

 The auditor wants an accurate estimate of the percentage of time that a control fails
 the auditor uses this information to reach a conclusion about the effectiveness of the control and the extent of substantive
testing that should be performed or the opinion to issue on internal controls.
  The risk of incorrect acceptance of internal control reliability (also referred to as the risk of assessing control risk too low or
the risk of overreliance) is the risk that the auditor will conclude that the state of internal controls is effective when internal
controls are actually not effective.
 The risk of incorrect rejection of internal control reliability (also referred to as the risk of assessing control risk too high or
the risk of under-reliance) is the risk that the auditor will conclude that the state of internal controls is not effective when
internal controls are actually effective.
 The auditor’s main concern when performing sampling related to tests of controls is controlling the risk of incorrect
acceptance of internal control reliability. With incorrect acceptance, control failures are more common than the sample
indicates, but the sample results lead the auditor to believe that control risk is relatively low. As such, the auditor will
incorrectly rely on the effectiveness of internal controls and will not perform as much substantive testing as would be
required to conduct a quality audit.
 On the other hand, if the auditor were to incorrectly reject control reliability, the auditor will not rely on internal controls
and will perform more substantive testing than would be required to conduct a quality audit, thereby resulting in
inefficiency.

Sampling risks related to tests of details of account balances

 Sampling can also be used to estimate the amount of misstatement in an account balance.
 The risk of incorrect acceptance of book value is the risk that the auditor will conclude that the account balance does not
contain a material misstatement when the account balance actually does contain a material misstatement.
 The risk of incorrect rejection of book value is the risk that the auditor will conclude that the account balance contains a
material misstatement when the account balance actually does not contain a material misstatement.
 The auditor’s main concern when performing sampling related to substantive tests of details is controlling the risk of
incorrect acceptance of book value. With incorrect acceptance, the account balance contains a material misstatement, but
the sample results lead the auditor to believe the account does not contain a material misstatement. No additional audit
work would be performed, and the financial statements will be issued with a material misstatement.
 On the other hand, if the auditor were to incorrectly reject a population that does not contain a material misstatement, the
client will usually object and encourage the auditor to perform additional work. The additional audit work should lead to a
correction of the inappropriate inference. The risk of incorrect rejection of book value thus affects the efficiency of the
audit, but it should not affect the auditor’s overall conclusion about the fairness of the financial statements.

Nonstatistical and statistical sampling

 Nonstatistical sampling, however, does not allow the auditor to statistically control for or measure the risk of incorrect
inference about the sample.
 Statistical sampling involves the application of probability theory and statistical inference, along with auditor judgment and
experience, in a sample application to assist the auditor in determining an appropriate sample size and in evaluating the
sample results.
 Nonstatistical sampling relies solely on the application of auditor judgment and experience in a sample application to assist
the auditor in determining an appropriate sample size and in evaluating sample results.
 An auditor who applies statistical sampling uses tables or formulas to compute sample size, while an auditor who applies
nonstatistical sampling uses only professional judgment.
 the nonstatistical sample size should not be smaller than the sample size resulting from an efficient and effectively designed
statistical sample.
 Statistical sampling allows the auditor to precisely control and measure the risk of making an incorrect inference about the
population from which the sample is taken, whereas nonstatistical sampling does not allow such control and measurement.
 For both approaches, the auditor must consider the nature of control failures or misstatements detected in the sample,
project the sample findings to the population, and conclude on the overall population.
 In addition to evaluating the results of a sample quantitatively, the auditor should consider the qualitative aspects of control
failures and misstatements.
 Combining statistical sampling with audit judgment generally produces a higher-quality audit conclusion than using audit
judgment alone.
Attributes sampling
 The auditor performs tests of controls focused on operating effectiveness only after determining that the auditor’s design
would be effective in assessing control effectiveness.
 This may be based on:
o A sample to test the effectiveness of controls in operation.
o The auditor’s observation of the controls within significant business processes.
o Tests of controls built into the client’s computer system.
o Inquiry and review of monitoring reports.
 Sampling concepts do not apply to all tests of controls. When effective general computer controls are present, tests of
automated application controls are generally performed with sample sizes of just one or a few items.
 Sampling is generally not applicable for determining the appropriate segregation of duties and may not apply to tests of
operating effectiveness of the control environment.
 When sampling is appropriate, the auditor uses a sample to infer whether the control in the population is operating
effectively.
 The most commonly used statistical approach for tests of controls is attributes sampling. Attributes sampling is a statistical
sampling method used to estimate the rate of control procedure failures based on selecting one sample and performing the
appropriate audit procedure.
 An attribute is a characteristic of the population of interest to the auditor. Typically, the attribute the auditor wishes to
examine is the effective operation of a control

The steps to implement an attributes sampling plan are:

1. Define the attributes of interest and what constitutes failure(s).
2. Define the population from which the sample is to be taken.
3. Determine the sample size.
4. Determine the method of selecting the sample.
5. Select the sample items and perform the test of control.
6. Evaluate the sample results and consider the effect on planned substantive procedures.
7. Document all phases of the sampling process.

Step 1: Define the Attributes of Interest and What Constitutes Failure(s):

 A number of attributes could be tested, but the auditor tests only important controls.
 Control failures should be precisely defined to ensure the auditor clearly understands what to look for, thereby reducing
non-sampling risk.

Step 2: Define the Population from Which the Sample Is to Be Taken

In defining the population, the following factors need to be addressed:
 The period to be covered by the test; for example, the year when evaluating controls.
 The sampling unit; for example, an item that would indicate the operation of a control.
 The completeness of the population.

Period Covered by the Test:

 The period tested depends on the audit objective.
 In most instances, the period is the time period covered by the audited financial statements.
 As a practical matter, tests of controls are often performed prior to the balance sheet date and may cover the first 10 or 11
months of the year.
 If the controls are found to be effective, the auditor should take additional steps to ensure that the controls continue to be
effective during the remainder of the year.
 These additional steps may include:
o Making inquiries,
o Further testing of the controls, or
o Gathering evidence of control effectiveness from substantive tests performed later in the audit.
  If the auditor is issuing an opinion on internal controls over financial reporting, they need reasonable assurance that the
controls are effective as of the client’s balance sheet date.

Sampling Unit:
The sampling unit is the item identified in the population as the basis for testing. Examples include:
 A document,
 An entry in the computer system, or
 A line item on a document.

Completeness of Population:
The auditor should take steps to help ensure that the population used in sampling is the total population of interest. Procedures may
include:
 Footing the file and reconciling the balance to the general ledger, or
 Reviewing the completeness of prenumbered documents.

Step 3: Determine the Sample Size

An optimal sample size minimizes sampling risk and promotes audit efficiency. The following audit judgments affect the
determination of sample size:
1. Sampling risk:
o Sampling risk is often set the same as audit risk (e.g., 1% or 5%) because the auditor’s assessment of internal
controls determines the nature and extent of other testing.
2. Tolerable rate of deviation:
o the tolerable rate of deviation is the rate set by the auditor to obtain assurance that the actual rate of deviation in
the population does not exceed this rate.
o This is also known as the tolerable failure rate.
o Practically, it is the level at which a control’s failure to operate would lead the auditor to conclude that the control
is not effective, which would likely change the planned assessment of control risk for account balance testing.
3. Expected population deviation rate:
o This is the auditor’s anticipation of the deviation rate in the population, sometimes referred to as the expected
failure rate.
o Failures may occur when personnel are hurried, careless, incompetent, or improperly trained. The auditor often
bases this rate on past experience adjusted for any changes in the system or personnel.

Other Considerations for Sample Size:

 In general, the size of the population has relatively little effect on the sample size, unless the population is very small.
 Auditors may use minimum sample sizes to address challenges related to small samples.

Determining Sample Size Using Tables:

The process is straightforward:
1. Select the allowable sampling risk (risk of overreliance of 5% or 10%) based on factors like audit risk and whether the
auditor will issue a separate opinion on internal control. Note: The term "risk of overreliance" is used in the AICPA’s sample
size tables and is synonymous with terms like "risk of incorrect acceptance of internal control reliability" or "risk of assessing
control risk too low."
2. Determine the tolerable rate of deviation by looking at the relationship between control failure rate and material
misstatement. The tolerable rate of deviation would be lower for more important controls, such as controls over more
significant accounts.
3. Use past knowledge to determine the expected population deviation rate.
4. Determine sample size by looking at the intersection of the expected population deviation rate and the tolerable rate of
deviation in the appropriate table.

Multiple Attributes:
  Auditors frequently test several controls or attributes using the same set of source documents.
 When doing so, the auditor should use the same sampling risk for all the tests. However, the tolerable rates of deviation and
expected population deviation rates for these attributes are likely to be different, resulting in different sample sizes.
 For example, the auditor may want to test whether sales transactions are classified correctly, whether they have been
recorded accurately, and whether there was proper review and approval for credit using tolerable deviation rates of 5%, 3%,
and 3%, respectively, and expected population deviation rates of 2%, 1%, and 0%, respectively.
 If the auditor sets the risk of overreliance at 10%, the sample sizes range from a high of 176 for attribute 2 to a low of 76 for
attribute 3.

There are three reasonable approaches to selecting the items for these tests:
 The auditor could select 176 sales transactions (the largest sample size) and audit all of them for attribute 2, three of four
for attribute 1, and every other one for attribute 3. This process, however, is quite cumbersome.
 The auditor could examine the first 76 randomly selected documents for all three attributes and documents, sample items
77–132 for attributes 1 and 2, and the remainder only for attribute 2. This process is also quite cumbersome.
 Often the most efficient approach is to test the 176 items for all three attributes. Attributes 1 and 3 will be in some sense
over-audited, but the over-auditing may take less time than keeping track of which sample items should be tested for which
attribute. Testing for attributes 1 and 3 does not take very long once the auditor has selected the documents in the sample.
The auditor’s evaluation of the control is based on the 176 items examined and improves the accuracy of the control risk
assessment.

Step 4: Determine the Method of Selecting the Sample

 Once the sample size has been determined, the auditor must select sample items so the sample can be expected to be
representative of the population and thus the results can be projected to the population.
 The auditor may use simple random sampling, systematic sampling, haphazard sampling, or block sampling.

Simple Random Sampling:

 Simple random sampling involves selecting a random sample by matching random numbers generated by a computer or
selected from a random-number table with, for example, document numbers such as an invoice or a purchase order.
 With this method, each sampling unit has the same probability of being selected as any other sampling unit.
 Simple random sampling is appropriate for both nonstatistical and statistical sampling applications.

Systematic Sampling:
 Systematic sampling involves dividing the number of physical units in the population by the sample size to determine a
uniform interval; a random starting point is selected in the first interval, and one item is selected throughout the population
at each of the uniform intervals after the starting point.
 In order to use systematic selection, the auditor must establish that the population is complete, and be sure that there is not
a systematic pattern in the population.
 The validity of a systematic sampling is based on the assumption that the items in the population are randomly distributed.
 The auditor must be knowledgeable about the nature of the population to be sure that no repeating or coinciding pattern in
the population would cause the sample to not be representative.
 Many auditors try to increase the chances that the systematically selected samples are representative of the population by
using multiple random starts.

Haphazard Sampling:
 Haphazard sampling is a nonstatistical sample selection method that attempts to approximate a random selection by
selecting sampling units without any conscious bias, or special reason for including or omitting certain items from the
sample.
 The word haphazard is not intended to convey that the sampled items are selected in a careless manner. Rather, it is
intended to imply that the sampled items selected are representative of the population.
 This technique is not allowed for statistical sampling because it does not allow the auditor to measure the probability of
selecting a combination of sampling units.
Block Sampling:
 Block sampling involves selecting a sample that consists of contiguous population items, such as selecting transactions by
day or week.
 There is much efficiency in such an approach, but the risk is that the way the transactions were processed on these days or
weeks may not be representative of how they were processed the other 364 days or 51 weeks.
 This judgmental decision is subject to second guessing that such a sample could not be representative.
 Block sampling is most appropriate for performing year-end cutoff tests.

Step 5: Select the Sample Items and Perform the Test of Control
 When selecting the sample, the auditor decides how to handle inapplicable, voided, or unused documents. If the
inapplicable document does not represent the control being tested, it should be replaced by another randomly selected
item.
 When a selected item cannot be located, the auditor should assume the worst—that the control procedure was not
followed—and assess it as a failure.
 If many failures of this type are found before finishing the audit of a sample, the auditor should conclude that no reliance
can be placed on the tested control procedure.
 In such a situation, the auditor should terminate the test to avoid wasting any more time and discuss it with management
and the audit committee.

Step 6: Evaluate the Sample Results and Consider the Effect on Planned Substantive Procedures
Evaluation of sample results requires the auditor to project those results to the population before drawing an audit conclusion.

Quantitative Evaluation:
 The auditor needs to determine whether the upper limit of the possible deviation rate exceeds the tolerable deviation rate.
 To make such an assessment, the auditor should use statistical evaluation.
 If the upper limit of the possible deviation rate exceeds the tolerable deviation rate, the auditor should:
1. Test a different control designed to mitigate the same risk, or
2. Adjust the nature, timing, and/or extent of the related substantive testing of the accounts affected by the control.
 In determining what changes to make in substantive audit procedures, the auditor should consider the nature of control
deviation (pattern of errors) and determine the effect of such deviations on potential material misstatements in the financial
statements.
 When the upper limit of the possible deviation rate exceeds the tolerable deviation rate, the auditor has to decide whether
the control failure, in conjunction with other control failures, leads to a conclusion that there are either significant
deficiencies or material weaknesses regarding internal control over financial reporting.
Qualitative Evaluation:
When control deviations are found, they should be analyzed qualitatively as well as quantitatively. The auditor should try to
determine whether the failures:
1. Were intentional or unintentional,
2. Were random or systematic,
3. Had a direct dollar effect on the account balance, or
4. Were of such magnitude that a material dollar amount of errors could occur and not be detected.
 The auditor is much more concerned if the control failures appear to be intentional, which might indicate fraud.
 If the failures are systematic, the auditor should be cautious in deciding to isolate the problem and reducing substantive
testing. For example, if all of the failures were related to pricing errors—and all were connected to one sales associate—the
auditor may expand audit testing to review all of the transactions related to that one sales associate.
 However, the auditor should not typically reduce substantive testing in other areas because the identified errors appear to
be isolated to the one sales associate. The sampling evidence may be signaling that there are other isolated failures that did
not happen to appear in the sample.
  Often, a failure in a control does not lead directly to dollar misstatements in the accounting records. Lack of proper approval
for payment of a vendor’s invoice, for example, does not necessarily mean that the invoice should not have been paid.
While it may have been an appropriate invoice, it might also have been a fictitious invoice.

Linkage of Test of Controls to Substantive Procedures:

 In addition to being the basis of a report on internal controls, the tests of controls are used to determine whether the
nature, timing, or extent of the planned substantive procedures needs to be modified.
 In general, if controls are not operating effectively, the auditor will likely choose to rely less on substantive analytical
procedures and more on tests of details for those accounts related to identified control failures.
 When the auditor concludes that a control is not operating effectively based on attributes sampling, the auditor can pursue
the following alternative courses of action:
o A compensating control procedure could be identified and tested. The decision to test the compensating control
procedure will depend on the perceived effectiveness of the control and the additional cost to test the control
procedure.
o A larger sample could be taken, but this is not likely to be cost-beneficial unless the auditor has reason to believe
the original sample was not representative.
o The assessment of control risk can be set higher than originally planned and the nature, timing, and/or the extent
of the related substantive tests can be modified. If the upper limit of the possible deviation rate does not exceed
the tolerable failure rate by very much, this modification could be very slight. For example, if the upper limit was
5.4% and the tolerable rate was 5%, very little modification is needed.
o The auditor will analyze the nature of the control deviations and determine the implications on the type of
misstatements, or causes of misstatements, that might occur in the financial statements and adjust the nature,
timing, and/or extent of the planned substantive testing.

Step 7. Document All Phases of the Sampling Process

All of the preceding steps and related decisions regarding the sampling process should be documented to allow for appropriate
supervision and provide adequate support for the conclusions reached.

Nonstatistical Sampling Approach to Testing Controls

 If the auditor chooses to use nonstatistical sampling procedures to test the operating effectiveness of controls, the planning
factors are often not quantified.
 Instead, the auditor addresses deviation rates through the more global concepts of none, few, and many.
 Sampling risk is often set as low, moderate, or high. Note, however, if the sampling is done as part of an audit of internal
controls, the presumption is that sampling risk must be low.
 Even by making these subjective judgments, the auditor cannot quantitatively assess the risk of making an incorrect
inference based on the sample results. For this reason, many auditors who use nonstatistical sampling should review the
factors and select a sample size consistent with a statistically determined sample.

The effect of these factors on sample size follows:

Smaller sample Larger sample
Tolerable deviation rate High Low
Expected population deviation rate Low High
Sampling risk (risk of overreliance) High Low
Population size Little effect Little effect

Using Sampling to Gather Evidence about Misstatements in Account Balances and Associated Assertions

Sampling Account Balances and Associated Assertions

Auditors follow certain steps in sampling account balances and associated assertions, whether using statistical or nonstatistical
sampling. These steps are:
Steps in Sampling Account Balances and Associated Assertions
The basic steps involved in sampling for substantive tests of details are the same regardless of the sampling approach:
1. Specify the audit objective of the test and define a misstatement.
2. Define the population from which the sample is to be taken.
3. Choose an appropriate sampling method.
4. Determine the sample size.
5. Select sample items and perform the substantive procedure.
6. Evaluate the sample results.
7. Document all phases of the sampling process.

Step 1: Specify the Audit Objective of the Test and Define a Misstatement
A sampling plan for tests of details is typically designed to provide assurance regarding financial statement assertions, such as the
existence of accounts receivable. Specifying the audit objective determines the population to test:
 Existence assertion: If the objective is to determine the existence of customer balances, the sample should be selected from
the recorded balances.
 Completeness assertion: If the objective is to determine the completeness of accounts payable, the sample should be
selected from complementary populations (e.g., cash disbursements made after the balance sheet date). The auditor seeks
payments for goods or services received by the balance sheet date but recorded after year-end.
Populations for testing the existence assertion are usually straightforward to define, as they include all recorded transactions.
However, completeness assertion populations are harder to define, since some transactions might not yet be recorded.

Defining Misstatements
Misstatements should be defined before beginning the sampling application to avoid rationalizing errors and to guide the audit team.
A misstatement refers to an intentional or unintentional error in a transaction or financial statement account balance. When
sampling for substantive tests of details, a misstatement involves differences between recorded values and audited values.

Factual misstatements Projected misstatements

 specifically identified and about which  auditor’s best estimate of the misstatements in a given population based on
there is no doubt, such as a difference the sample results; they are a projection of the misstatements identified in
identified in a sample item or an item an audit sample to the entire population from which the sample was drawn
examined 100%  likely misstatements
 known misstatements

(Factual misstatement) + (projected misstatement) = compared with tolerable misstatement when evaluating the sample results

Tolerable misstatement Expected misstatement

 monetary amount set by the auditor in respect of which the auditor seeks to  level of misstatement that the auditor
obtain an appropriate level of assurance that the monetary amount set by expects to detect, and it is based on
the auditor is not exceeded by the actual misstatement in the population. projected misstatements in prior-year
 maximum amount of misstatement the auditor can accept in the population audits, results of other substantive tests,
without requiring an audit adjustment or a qualified audit opinion audit judgment, and knowledge of
 tolerable misstatement is the application of performance materiality to a changes in personnel and the accounting
particular sampling procedure. system.
 Tolerable misstatement may be the same amount or an amount smaller than  It is usually desirable to be conservative
performance materiality and use a slightly larger expected
 Tolerable misstatement is based on planning materiality for the account misstatement than is actually anticipated.
balance.

STEP 2: Define the population from which the sample is to be taken

Define the sampling unit Sampling units are the individual auditable elements and often are made up of individual account
balances.
Completeness of the A sample is selected from a physical representation of the population. A common procedure is to
population foot the list and reconcile it with the general ledger.
Identify individually  Top-stratum items are population items whose book values exceed the sampling interval and
 significant items are therefore all included in the sample. No estimate or projection of errors is required.
 Lower-stratum items are those that are not in the top-stratum.
 The audit results reflect the sum of top-stratum items and the projected misstatement based
on lower-stratum items.
 The auditor often uses judgment to determine the cutoff point for top stratum items.
 The division of the population into two or more subgroups is referred to as stratification.
 Stratification of the population into several homogeneous subpopulations generally creates
audit efficiency.

Step 3. Choose an Appropriate Sampling Method

 common statistical approaches for substantive testing are classical variables sampling (beyond the scope of this textbook)
and monetary unit sampling (MUS).
 MUS is based on attributes sampling theory, but is used to express conclusions in monetary terms.
 MUS = probability proportional to size (PPS) sampling.
 The term PPS describes a method of sample selection where the probability of an item’s selection for the sample is
proportional to its recorded amount, while MUS is used to describe sample size and evaluation methods (based on
monetary units).

Steps 4, 5, and 6. Determine the Sample Size, Select the Sample Items and Perform the Substantive Procedure, and Evaluate the
Sample Results
 Whatever the sampling method chosen, consideration must be given to
o the risk of misstatement in the account,
o sampling risk, and
o the auditor’s assessment of tolerable and expected misstatement

Unacceptable Sample Results (when the total estimated misstatement exceeds the tolerable misstatement)
 Ask the client to correct the factual misstatements
 Analyze the detected misstatements for common problem(s)
 Design an alternative audit strategy
 Expand the sample
 Change the audit objective to estimating the correct value

Step 7. Document All Phases of the Sampling Process

All of the preceding steps and related decisions regarding the sampling process should be documented to allow for appropriate
supervision and provide adequate support for the conclusions reached.

Nonstatistical Sampling for Substantive Tests of Account Balances and Associated Assertions
 Nonstatistical samples should be based on the same audit considerations as those used for statistical sampling.
 There is no way to mathematically control for and measure sampling risk in a nonstatistical sample; the auditor can project
only the detected misstatements and make a judgment as to whether the account is likely to be materially misstated, and
then decide whether more audit work is needed.
 In determining sample size, all significant items should be tested.
 The auditor should select all items over a specific dollar amount, and then, depending on audit objectives, select items with
other characteristics, such as items billed in the last week or billed to specific parties.
 The sample size of the other items to be tested should be based on the same factors used in statistical sampling. In terms of
selecting the sample, the auditor should take steps to increase the likelihood that the sample is representative of the
population.
 The auditor may obtain a representative sample using a random based method or haphazard sampling. In terms of
evaluating the sample results, misstatements found in a sample must be projected to the population.

Statistical Sampling for Substantive Tests of Account Balances and Associated Assertions: Monetary Unit Sampling (MUS)
Monetary unit sampling (MUS)
  is a sampling method based on attributes estimation sampling, but involving dollar misstatements rather than control failure
rates.
 results in an efficient sample size and concentrates on the dollar value of the account balances.
 Also called dollar-unit sampling, PPS, and combined attributes-variables sampling.
 MUS was designed to be especially effective in testing for overstatements in situations when few or no misstatements are
expected
 The population for MUS is defined as the number of dollars in the population being tested.
 Each dollar in the population has an equal chance of being chosen, but each dollar chosen is associated with a tangible item
such as a customer’s balance or an inventory item, so items with more dollars have a greater likelihood of being selected.
 All items with a book value equal to or greater than the interval will be selected for auditor evaluation. As previously noted,
these items are referred to as top-stratum items.
 Population items with zero balances have no chance of being selected using PPS sampling.
 Population items with negative balances require special consideration
Strengths Weaknesses
 MUS is generally easier to apply than other statistical  MUS is not designed to test for the understatement of a
sampling approaches. population.
 MUS automatically selects a sample in proportion to an  If an auditor identifies understatements in a MUS sample,
item’s dollar amount, thus providing automatic evaluation of the sample requires special considerations.
stratification of the sample.  Selection of zero or negative balances requires special
 If the auditor expects (and finds) no misstatements, MUS design considerations.
usually results in a highly efficient sample size.

The population for MUS is defined as the number of dollars in the population being tested. Each dollar in the population has an equal
chance of being chosen, but each dollar chosen is associated with a tangible item such as a customer’s balance or an inventory item,
so items with more dollars have a greater likelihood of being selected.

The sample size in a MUS sample is a function of the following factors:

 the risk of incorrect acceptance,
 the ratio of expected misstatement to tolerable misstatement, and
 the ratio of tolerable misstatement to the total population value.

Sampling interval = (population size) / (sample size)

When evaluating the Monetary Unit Sampling (MUS) sample results, the auditor calculates the total estimated misstatement in
the account balance based on the sampling process. This total includes the following four components:
Factual misstatement for items in
the top-stratum
Basic precision  The amount of uncertainty associated with testing only a part of the population
(sampling risk)
 Basic precision is the amount of error you are confident of not exceeding if no
errors are detected in the sample.
 Basic precision is calculated as the sampling interval multiplied by a confidence
factor.
Projected misstatement for item  The best estimate of the actual amount of dollar misstatements in the population,
sin lower-stratum based on projecting the sample results to the population
 The projected misstatement is calculated as the sampling interval multiplied by the
tainting percentage.
 The terms likely misstatement or most likely misstatement are also used to refer to
the projected misstatement.
Incremental allowance for  An increase in the total estimated misstatement caused by the statistical
sampling risk properties of misstatements detected in the lower stratum:
 This refers to the adjustment made to the overall misstatement estimate,
accounting for the nature and extent of errors identified in the sample's lower-
value items or stratum.

No misstatements in the sample Overstatements in the sample Understatements in the sample

  If the auditor finds no  the auditor begins by identifying the percentage that  When an understatement is
misstatements in the sample, the book value of each misstated sample item is encountered, the auditor
the misstatement projection overstated or under stated (referred to as the has two possible courses of
is zero dollars, and the total tainting percentage). action.
estimated misstatement will  The tainting percentage is the percentage of  First, the understatement
equal basic precision. misstatement present in a logical unit, such as the can be ignored for purposes
 The basic precision is the sample item’s book value. of this sample evaluation
amount of error you are  The tainting percentage equals the amount of and if there are other audit
confident of not exceeding if misstatement in the item divided by the item’s tests for understatements,
no errors are reported for recorded amount (in other words, the book value). this understatement can be
the sample.  A tainting percentage is calculated for all sample included in as part of other
items with misstatement in the lower-stratum. tests.
 The auditor multiplies the tainting percentage by the  Alternatively, the auditor can
sampling interval to calculate the projected perform a separate analysis
misstatement for each misstated item specifically for
understatements.

Using Generalized Audit Software to Obtain Evidence

Much of an auditor’s work involves gathering evidence on the correctness of an account balance by examining the details making up
the balance. For example, the auditor tests accounts receivable by gathering evidence using procedures such as those shown in
Exhibit 8.13. Fortunately, the auditor can use computer audit tools to increase the efficiency of many audit procedures. Visualize an
auditor sitting in a chair with a large paper document (printout) of the year-end accounts receivable list. Then note the general
nature of the procedures performed in Exhibit 8.13:
 Foot the individual accounts making up the total of accounts receivables
 Age the accounts
 Select individual items for further audit tests
 Print confirmations
 Statistically evaluate the results
 Make a judgment on the need for an audit adjustment

GAS
 They are a type of Computer-Aided Audit Technique (CAAT). They are designed to perform common audit tasks on a variety
of data files.

Tasks performed by GAS

1. Analyze a file
2. Select transactions based on logical identifiers
3. Select samples
4. Evaluate samples
5. Print confirmations -
6. Analyze overall file validity -
7. Generate control totals -
8. Perform numerical analyses – fraud is difficult to cover up because of numerical patterns
9. Perform other tasks

Benefits of using GAS

 The software is independent of the system being audited and only requires a read-only copy of the file to ensure there is no
risk of corrupting an organization’s data.
 It includes various audit-specific routines, such as sampling.
 The software provides documentation of each test performed, which can be included in the auditor’s work papers.
 Generalized Audit Software (GAS) aids auditors in improving efficiency while fulfilling their responsibilities related to
gathering and evaluating audit evidence.
Summary
Two commonly used tools in gathering audit evidence include sampling and generalized audit software (GAS). Auditors use
sampling—both nonstatistical and statistical—in testing controls and in performing tests of details. Attributes sampling is a
frequently used statistical approach for testing internal controls, and MUS is used for testing account balances for
overstatement. GAS is used extensively to automate aspects of the audit, including analyzing client data, selecting transactions
for testing, and selecting and evaluating samples.