12.

Determining the Extent of Testing

Reference:
a. PSA 530, Audit Sampling

LECTURE NOTES
Means of Selecting Items for Testing
When designing tests of controls and tests of details, the auditor’s means of selecting items for
testing are:
• Selecting all items (100% examination),
• Selecting specific items, and
• Audit sampling.
These approaches are described in further details below.

Selecting All Items

100% examination is unlikely in the case of tests of controls; however, it is more common for tests of
details. 100% examination may be appropriate when, for example:
• The population constitutes a small number of large value items;
• There is a significant risk and other means do not provide sufficient appropriate audit evidence; or
• Cost effective by using CAATs.

Selecting Specific Items

Specific items selected may include:
• High value or key items.
• All items over a certain amount.
• Items to obtain information about matters such as the nature of the entity or the nature of
transactions. This does not constitute audit sampling. The results of audit procedures applied to items
selected in this way cannot be projected to the entire population; accordingly, selective examination
of specific items does not provide audit evidence concerning the remainder of the population.

Audit Sampling
Audit sampling is the application of audit procedures to less than 100% of items within a population of
audit relevance such that all sampling units have a chance of selection in order to provide the auditor
with a reasonable basis on which to draw conclusions about the entire population.
Audit sampling enables the auditor to obtain and evaluate audit evidence about some characteristic of
the items selected in order to form or assist in forming a conclusion concerning the population from
which the sample is drawn.
This is the case when it is not efficient to review 100% of the records or other circumstances make
reviewing all of the records difficult.

Representative Sample of the Population

A representative sample is one in which the characteristics in the sample of audit interest are
approximately the same as those of the population. However, the two things that cause a sample to
be non-representative of the population are sampling risk and non-sampling risk. These could also be
the two aspects of audit risk, i.e., [Audit risk = Sampling risk x Non-sampling risk].

Sampling Risks
Sampling risk is the risk that the auditor’s conclusion based on a sample may be different from the
conclusion if the entire population were subjected to the same audit procedure. Sampling risk can
lead to two types of erroneous conclusions, such as:

Alpha Risk (Type I Misstatement) Beta Risk (Type II Misstatement)

Test of Controls
Sampling risks Assessing control risk too high Assessing control risk too low
Controls are: less effective than they actually are more effective than they actually are
Reliance on Under-reliance Overreliance
internal control
 Test of Details
Sampling risks Incorrect Rejection Incorrect Acceptance

Material exists when in fact it does not does not exist when in fact it does
misstatement:
Affects audit: Efficiency Effectiveness

The auditor is more concerned with beta risk. The mathematical complements of these two risks are
termed confidence levels.

Dealing with sampling risks

The auditor can eliminate sampling risks by examining the entire population. However, examining the
entire population is normally not possible for the auditor. Instead, the auditor usually manages or
controls sampling risk by making the sample more representative of the population by:
• Increasing the sample size
• Using appropriate method of selecting sample items

Non-sampling Risks
Non-sampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk. Non-sampling risk is also an aspect of audit risk not attributable to sampling
such as human error due to:
• Use or application of inappropriate audit procedures
• Failure to recognize errors (misstatements or deviations) in the samples tested
• Misinterpretation of evidence obtained

Dealing with non-sampling risks

Non-sampling risks cannot be totally eliminated in audit. There is always a chance of human error in
audit as the auditor’s judgment may not always be correct. However, the auditor can manage non-
sampling risks through:
• Proper planning
• Adequate direction and supervision of the audit team and timely review of their work

The Two Sampling Approaches

Audit sampling can be applied using either non-statistical or statistical sampling approaches. These
two approaches involve the use of auditor’s professional judgment in planning and performing the
sampling procedure and evaluating the results of the sample.
The table below presents the comparison between the two sampling approaches:

Statistical Sampling Non-statistical Sampling

• Random selection of the sample • A sampling approach that does not

items have characteristics of statistical
• Apply the laws or theory of sampling (i.e., no random selection of
Basic concepts probability to: sample items and does not apply laws of
§ Design efficient sample probability)
§ Measure sufficiency of sample • Cannot measure sampling risk
§ Evaluate sample results quantitatively, only based on
§ Measure sampling risk the auditor’s judgment.
quantitatively

Advantages • More defendable • Easy to apply

• Free from bias • Less costly

Disadvantages • Overvalue the evidence it • Relies exclusively on professional

provides judgment to
• Reduces auditor skepticism § Determine sample size
• Increased cost, due to: § Evaluate sample results
§ training auditors
§ designing samples
Audit Sampling Process
When designing and performing audit sampling, the auditor normally observes the following 10 steps:
Step 1: Define the purpose (objective) of the audit test.
Step 2: Define the deviation or misstatement.
Step 3: Identify and understand the relevant population.
Step 4: Determine the relevant sampling unit.
Step 5: Select an appropriate approach of sampling.
Step 6: Determine the sample size.
Step 7: Select the sample items.
Step 8: Examine and evaluate the evidence for the sample.
Step 9: Evaluate the tests results.
Step 10: Document the audit sampling performed.

The steps above are the same regardless of, the sampling approach selected whether statistical or
non-statistical, the type of audit sampling technique utilized and whether the test is the performance
of test of controls or test of details.

Step 1: Define the purpose (objective) of the audit test

When designing an audit sample, the auditor shall consider the purpose (objective) of the audit
procedure based on the assessment of ROMM at the assertion level. The auditor’s consideration
includes the specific purpose (test of controls or test of details) to be achieved and the combination of
audit procedures that is likely to best achieve that purpose.

Step 2: Define a deviation or misstatement

The auditor considers what conditions constitute a deviation or misstatement by reference to the
objectives of the test.

Deviations for Tests of Controls

For example, suppose that a control requires support for every disbursement to include an invoice, a
voucher, a receiving report, and a purchase order; all stamped “Paid.”
The auditor believes that the existence of an invoice and a receiving report, both stamped “Paid,” is
necessary to indicate adequate performance of the control. Therefore, in this case, a deviation may
be defined as “a disbursement not supported by an invoice and a receiving report that has been
stamped ‘Paid.’”

Misstatement for Tests of Details

For example, in a test of details relating to the existence of accounts receivable, such as confirmation,
payments made by the customer before the confirmation date but received shortly after that date by
the client, are not considered a misstatement.

Step 3: Identify and understand the relevant population

Population means the entire set of data from which a sample is selected and about which the auditor
wishes to draw conclusions. For example, all of the items in an account balance or a class of
transactions constitute a population.
The auditor needs to identify the relevant population and consider its characteristics from which the
sample will be drawn. Considering the characteristics of the population would include:
• Preliminary assessment of expected rate of deviation or misstatement and the auditor’s tolerable
rate of deviation or misstatement.
• Determining whether stratification or value weighted selection is appropriate.
• Ascertaining the completion of population.
In addition, it is important that the population is appropriate to satisfy the established objective of the
audit procedures by considering the direction of the test.

Assessment of Expected Rate of Deviation or Misstatement and Tolerable Rate of Deviation or

Misstatement
Tolerable deviation rate or misstatement is the rate of deviation or monetary amount the auditor is
willing to accept on the population.
For test of controls, the auditor makes a preliminary assessment of the expected rate of deviation
based on the auditor’s understanding of the relevant controls or on the examination of a small number
of items from the population (‘pilot testing’). This assessment is made in order to design an audit
sample and to determine sample size. For example, if the expected rate of deviation is unacceptably
high than the auditor’s tolerable rate of deviation, the auditor will normally decide not to perform tests
of controls. Similarly, for test of details, the auditor makes an assessment of the expected
misstatement in the population. If the expected misstatement is high, 100% examination or use of a
large sample size may be appropriate when performing tests of details. This is normally the case
when the auditor’s expected misstatement is approximately or higher than tolerable misstatement.

Stratification and Value-Weighted Selection

Stratification
Audit efficiency may be improved if the auditor stratifies a population by dividing it into discrete sub-
populations which have an identifying characteristic. Stratification reduces the variability of items
within each stratum and allow sample size to be reduced without increasing sampling risk. For
example, 20% of the items in a population may make up 90% of the value of an account balance. The
results of audit procedures applied to a sample of items within a stratum can only be projected to the
items that make up that stratum.

Value-Weighted Selection
When performing tests of details it may be efficient to identify the sampling unit as the individual
monetary units that make up the population. This is discussed further below under ‘Monetary Unit
Sampling’.

Completeness of the population

The population used to make a sample selection needs to contain all sampling units that are to be
subjected to sampling procedures. The totality of the population may be verified by:
• Footing the population items and comparing the total obtained to that of the population
• Accounting for numerical sequence of prenumbered documents or records.

Direction of the Test, Appropriate to Test Objective

For test of controls
If the auditor wishes to test the operating effectiveness of a prescribed control designed to ensure
that all shipments are billed, the auditor would not detect deviations by sampling billed items because
that population would not be expected to contain items that were shipped but not billed. An
appropriate population for detecting such deviations is usually the population of all shipped items.

For test of details

When understanding the risks of material misstatement, the direction in which the population may be
misstated may need to be considered. When testing for overstatement, items to be examined are
selected directly from the population of audit interest. While, when testing for understatement, items
to be examined are selected from a reciprocal or independent population.
Populations on which we may perform audit sampling to test for understatement and examples of
appropriate reciprocal populations may include:

Population of audit interest Example of a potential reciprocal population

Accounts payable Subsequent disbursements
Sales Shipping documents

Step 4: Determine the relevant sampling unit

Sampling unit is the individual items constituting a population. The sampling units might be physical
items (for example, checks listed on deposit slips, credit entries on bank statements, sales invoices or
debtors’ balances) or monetary units. The total population of the sampling units could be manually
prepared documents or lists, documents generated from computer systems, or an electronic file
provided by the entity.

Step 5: Select an appropriate approach of sampling

The decision whether to use a statistical or non-statistical sampling approach is a matter for the
auditor’s judgment; in making that judgment the auditor consider the following:
• The choice is based on relative costs and benefits
• Effectiveness
• Need for quantitative estimate of sampling risk
However, sample size is not a valid criterion to distinguish between statistical and non-statistical
approaches and the choice between the two approaches is independent of audit procedures to be
performed.
Types of Statistical Sampling
The two commonly used statistical sampling used in auditing are:
• Attributes sampling–generally used for tests of controls
§ Tests rate of deviation from a prescribed control procedure
§ Estimate frequency of errors in population based on frequency in sample
§ Determine whether or not estimated error rate indicates control is working effectively
§ Attribute – a characteristic of control
§ Deviation – absence of the attribute
• Variables Sampling–generally used for tests of details
§ Tests whether recorded account balances are fairly stated
§ Estimate value of population based on value of items in sample

Attributes Sampling
• Traditional (Classical) attributes sampling
§ Under traditional attribute sampling, sample size is determined and sample tested to estimate error
rate in population
• Stop-or-go (Sequential) sampling
§ Performed in stages
§ Auditor decides to stop or continue sampling after each stage
§ Appropriate when expected deviation rate is low
§ Sample selected in steps
§ Each step is based on results of previous step
§ No fixed sample size and may result in lower sample if few or no errors detected
• Discovery sampling
§ Sample size is very small
§ Appropriate when expected deviation rate is extremely low or zero
§ Sample large enough to detect at least one error if it exists
§ Any errors in sample results in rejection

Variables Sampling
• Traditional (Classical) variables sampling – There are three approaches to classical variables
sampling for auditing applications that differ in the way the misstatement is projected to the population
are:
§ Mean-per-unit approach – The auditor estimates a total population amount by calculating an
average audited amount for all items in the sample and multiplying that average amount by the
number of items constituting the population.
§ Difference approach – The auditor calculates the average difference between audited and recorded
amounts of the sample items and projects that average difference to the population.
§ Ratio approach – The auditor calculates the ratio between the sum of the audited amounts and the
sum of the recorded amounts of the sample items and projects this ratio to the population. The
auditor estimates the total population amount by multiplying the total recorded amount for the
population by the same ratio.
Using normal distribution theory based on the variability of the audited amounts in the sample, the
auditor also calculates an allowance for sampling risk.
• Monetary unit sampling (a.k.a., Probability Proportional to Size (PPS) or Value-weighted selection)
§ Uses attributes sampling theory to express a conclusion in amounts rather than as a rate of
occurrence.
§ Probability of selecting an item is proportional to its recorded amount.
§ Automatically stratifies an audit population
§ Appropriate for testing for overstatement and few or no errors are expected

Useful for testing assets and revenues

§ Advantages over classical variables sampling
• Items with larger amounts have a greater probability of being selected
• An item that is individually material will automatically be selected
• Sample size may be reduced as the same item may be selected more than once
• The sample distribution does not have to be close to the distribution in the population for the sample
to be valid
• Sampling can be initiated prior to year-end more easily
§ Disadvantages of PPS
• Understated items have a lower probability of being selected
• Items with zero or negative balances are not generally included in the sample
• A high frequency of misstatements results in an increase in sample size
NOTE: The discussions below present traditional (classical) attributes sampling and traditional
(classical) variables sampling for test of controls and test of details, respectively.
Though the different types of sampling, as presented above, follow the same steps to be discussed,
they generally differ in considering factors in determining these areas: population, sample size and
evaluation of the test results.

Step 6: Determine the sample size

The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low
level. The sample size can be determined by the application of a statistically based formula or
through the exercise of professional judgment (non-statistical).
The tables below list the factors affecting sample size for test of controls and test of details.

Test of Controls (Attribute Sampling)

Factor Relationship
Tolerable deviation rate Inverse
Allowable risk of assessing control risk too low/Sampling risk (beta risk) Inverse
Expected population deviation rate Direct
Population size Negligible effect

Test of Details (Variables Sampling)

Factor Relationship
Assessment of the ROMM/level of control risk Direct
Other substantive tests Inverse
Tolerable misstatement Inverse
Allowable risk of incorrect acceptance/Sampling risk (beta risk) Inverse
Expected amount of misstatement Direct
Effect of stratification Inverse
Population size Negligible effect

Step 7: Select the sample items

The auditor shall select items for the sample in such a way that each sampling unit in the population
has a chance of selection. It is important that the auditor selects a representative sample, so that bias
is avoided.

Sample Selection Methods

The principal methods of selecting samples are the use of random selection, systematic selection and
haphazard selection. Sample selection methods are classified into probabilistic (statistical) and non-
probabilistic (nonstatistical).

Probabilistic Sample Selections

• Random-number Selection
§ Every sampling unit has the same probability of being selected as every other sampling unit in the
population.
§ Uses computer-generated numbers to select sampling units.
§ Match number to prenumbered documents.
§ Appropriate for both statistical and nonstatistical sampling.
• Systematic Selection
§ The number of sampling units in the population is divided by the sample size to give a sampling
interval, for example 50, and having determined a starting point within the first 50, each 50th sampling
unit thereafter is selected. Starting point may be determined haphazardly or randomly.
§ Determine that sampling units within the population are not structured in such a way that the
sampling interval corresponds with a particular pattern in the population.
§ Useful when identification numbers lacking
§ Appropriate for both statistical and nonstatistical sampling
• Stratified Selection
§ Stratification is the process of dividing a population into sub-populations, each of which is a group of
sampling units which have similar characteristics (often monetary value).
§ Subdivide population into homogeneous strata
§ Select separate sample for each strata by on of prior methods

Non-probabilistic Sample Selections

• Block Selection
§ Involves selection of a block(s) of contiguous items from within the population.
§ Inefficient & not generalizable
§ Should not be used for statistical or nonstatistical sampling without care in controlling sampling risk
• Haphazard Selection
§ The auditor selects the sample without following a structured technique.
§ Sampling units selected without special reason or conscious bias
§ Inappropriate for statistical sampling
§ Useful for nonstatistical sampling
• Direct sample selection
§ Auditor selects items based on judgmental criteria such as likelihood of misstatement,
characteristics such as different time periods, or large amounts.

Step 8: Examine and evaluate the evidence for the sample

The auditor shall perform audit procedures, appropriate to the purpose, on each item selected, and
evaluate the audit evidence obtained.
Voided Sample
The auditor shall perform the procedure on a replacement item. If the auditor is satisfied that the
sample has been properly voided such that it does not constitute a deviation, and the chosen
replacement is examined.
Missing or Lost Sample
If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures, to a
selected item, the auditor shall treat that item as a deviation from the prescribed control, in the case
of tests of controls, or a misstatement, in the case of tests of details.
Stopping the Test Before Completion
Occasionally the auditor might find a large number of deviations in auditing the first part of a sample.
As a result, the auditor might believe that even if no additional errors were to be discovered in the
remainder of the sample, the results of the sample would not support the planned assessed level of
control risk.

Step 9: Evaluate the tests results

The auditor uses judgment in evaluating the results and reaching an overall conclusion. In evaluating
the sample results, the auditor:
• Considers the nature and causes of deviations and misstatements,
• Calculates and projects the sample deviations and misstatements, and
• Reaches an overall conclusion.

Nature and Cause of Deviations and Misstatements

The auditor shall investigate the nature and cause of any deviations or misstatements identified, and
evaluate their possible effect on the purpose of the audit procedure and on other areas of the audit.
In the extremely rare circumstances the auditor considers a misstatement or deviation discovered in a
sample to be an anomaly (not representative of population). The auditor shall obtain a high degree of
certainty that such misstatement or deviation is not representative of the population. For example is
an error that is found to be caused by use of an incorrect formula in calculating all inventory values at
one particular branch.

Projecting Sample Deviations and Misstatements

Projecting Deviations for Tests of Controls
For tests of controls, no explicit projection of deviations is necessary since the sample deviation rate
(SDR) is also the projected deviation rate (PDR) for the population as a whole. SDR is the rate of
deviation in the operation of controls detected in the sample by performing tests of controls. SDR = #
of sample deviations / sample size. PDR, a.k.a., upper deviation or precision limit, is the rate of
deviation that the auditor estimates to be in the population.
PDR = SDR + allowance for sampling risk (Beta risk). An allowance for sampling risk can only be
calculated where the auditor has used statistical sampling.
Projecting Misstatements for Tests of Details
For tests of details, the auditor shall project misstatements found in the sample to the population.
Sample misstatement is the monetary misstatement detected in the sample by performing tests of
details.
Projected misstatement is the monetary misstatement that the auditor estimates to be in the
population, and is calculated by adjusting the sample misstatement by an allowance for sampling risk.
An allowance for sampling risk can only be calculated where the auditor has used statistical sampling.
The methods for calculating an allowance for sampling risk and projecting the sample error differ
between classical variables sampling and Monetary Unit Sampling (MUS). This is discussed below.
When a misstatement has been established as an anomaly, it may be excluded when projecting
misstatements to the population.

Evaluate Sample Results and Reach an Overall Conclusion

Overall Conclusion for Tests of Controls
There are two generally accepted approaches for evaluating the sample results for tests of controls:
• Compare PDR to tolerable deviation rate. If the PDR < tolerable deviation rate = the control is
operating effectively. If the PDR = or > tolerable deviation rate = the control is not operating effectively
as designed.
• Compare SDR to expected deviation rate. If the SDR < expected deviation rate = control is
operating effectively. If the SDR = or > expected deviation rate = control is not operating effectively as
designed.

Overall Conclusion for Tests of Details

When the projected misstatement plus anomalous misstatement, if any, exceeds tolerable
misstatement, the sample does not provide a reasonable basis for conclusions about the population
that has been tested. The closer the projected misstatement plus anomalous misstatement is to
tolerable misstatement, the more likely that actual misstatement in the population may exceed
tolerable misstatement.
If the auditor concludes that audit sampling has not provided a reasonable basis for conclusions
about the population that has been tested, the auditor may:
• Request management to investigate misstatements identified and the potential for further
misstatements and to make any necessary adjustments; or
• Tailor the nature, timing and extent of those further audit procedures to best achieve the required
assurance.

Step 10: Document the Audit Sampling Performed

The auditor should document the sampling application and related audit procedures.