Chapter 1 1

Evidence and sampling

Introduction
Learning outcomes
Syllabus links
Examination context
Chapter study guidance

Learning topics
1 Evidence
2 Selecting items to test
3 Drawing conclusions from sampling
4 Evaluation of misstatements
Summary
Further question practice
Technical reference
Self -test questions
Answers to Interactive questions
Answers to Self-test questions
Introduction

Learning outcomes
Gathering evidence on an assurance engagement
Students will b e able to select sufficient a n d appropriate methods of obtaining assurance evidence and recognise when
conclusions can be drawn from evidence obtained o r where issues need to be referred to a senior colleague.
In the assessment, students may be required to:
■ identify the different methods of obtaining evidence, including remote auditing techniques, from the use of tests of
control, substantive procedures, including analytical procedures a n d data analytics software
• recognise the strengths a n d weaknesses of the different methods of obtaining evidence
• identify the situations within which the different methods of obtaining evidence should a n d should not be used
• compare the reliability of different types of assurance evidence
■ recognise when the quantity (including factors affecting sample design) and quality (including analysis of data) of
evidence gathered is of a sufficient and appropriate level, after taking account of sampling risk, to draw conclusions o n
which to base a report
Specific syllabus references for this chapter: 3b, c, d, e, g

Syllabus links
In Audit and Assurance you will focus o n the drawing conclusions part of evidence, based o n the collection of evidence
that we focus o n in this Assurance manual.

Examination context
This is a very important part of your syllabus a n d the issues discussed here and previously in Chapter 4 underpin the
following two chapters as well. You can expect a number of practical a n d theoretical questions in the assessment covering
audit evidence.

Chapter study guidance

Use this schedule and your study timetable to plan the dates o n which you will complete your study of Chapter 1 1
Evidence and sampling.

Topic Practical significance Study approach Exam approach Self-test questions

1 Evidence Section 1 .1 of this This is a very important 3

Evidence is what the chapter picks u p o n some part of your syllabus and
assurance conclusion is of the points on evidence the issues discussed here
based on. Therefore, i n introduced in Chapter 4. and previously i n Chapter
practice, knowing which Review these points 4 underpin the following
tests to carry out a n d how briefly as they should be two chapters as well. You
many items to test is an familiar. Then read can expect a number of
important practical skill. through sections 1.2 - practical and theoretical
Getting it wrong may cost 1 .6. Notice i n particular questions in the
the firm money, if too the different procedures assessme nt cove ri ng
much work is done, o r which can b e used to audit evidence.
leave the firm exposed to obtain evidence and the
negligence claims, if way in which CAATs may
insufficient work is done. b e used.
It is an area where Section 1 .4 considers
considerable judgement analytical procedures as a
will have to b e exercised. substantive procedure.
Stop and think You will have come
across analytical
How d o you think an procedures in Chapter 3
auditor determines how as a planning procedure.
much evidence to obtain?
Attempt Interactive
question 1 before moving
on.
 2 Selecting items to test Section 2 looks at the This is an important and 1,2, 5
If you are training in issue of sampling. This is examinable section. It
practice, you are likely to quite a technical topic so covers a lot of material so
be involved in obtaining read through it slowly you will need to work
evidence, but less likely ensuring that you hard to be ready for
to be involved in the understand the various questions in this area.
more judgemental areas definitions as you work
of how to obtain it and through. Also note the
how much of it to obtain. different ways of
selecting the sample in
section 2.3 and review
the worked example.

3 Drawing conclusions Contin ue to work throug h This is another important 4

from sampling this material on sampling, section that you are likely
As you progress with your including the worked to be tested on.
training, you will be given example, and attempt the
opportunity to make interactive question.
judgements in this area.
You will be expected to
draw conclusions from
the audit work you have
undertaken from an early
stage. It is important
therefore to understand
why you are carrying out
a particular procedure
and what you intend to
achieve by it.

4 Evaluation of Work through this section This section may come up

misstatements and attempt the in your exam, but it is
It is not uncommon for interactive question at the slightly harder to test
the auditor to encounter end. than some of the other
misstatements when material. It is only a short
conducting audit section, however, so it
procedures. It is should not be too
important that you know onerous for you to retain
howto handle them. the information here.

Stop and think

What would you do if you
encountered a
misstatement when
performing an audit
procedure?

Once you have worked through this guidance, you will be ready to attempt the further question practice included at the
end of this chapter.

1 Evidence

Section overview

• Evidence must be sufficient and appropriate.

• Evidence is obtained in the form of substantive procedures and/or tests of controls.
• Evidence can be obtained by inspection, observation, inquiry and confirmation, recalculation, reperformance and
analytical procedures.
• Substantive procedures wi II test for evidence of u nderstatement or overstatement of account balances.
1.1 Overview of evidence from Chapter 4
You studied the basic principles of evidence i n Chapter 4. These are the key points:
Evidence includes all the information contained within the accounting records underlying the financial statements, and
other information gathered by the assurance providers, such as confirmations from third parties. Evidence is obtained i n
relation to the financial statement assertions which were set out in Chapter 4. There are two types of audit procedures:
tests of controls (which we have looked at in detail in Chapters 5 to 9], and substantive procedures (which we will look at in
more detail in Chapters 12 and 1 3).
ISA (UK) 500, A adit Evidence states that evidence must be sufficient and appropriate.
■ Sufficiency is the measure of the q uantity of audit evidence.
• Appropriateness is the measure of the quality o r relevance and reliability of the audit evidence.
We will look at the quantity of evidence obtained i n section 2 below.
There are some general principles relating to the quality of evidence which were set out in Chapter 4.

Quality of evidence

External Evidence from external sources is more reliable than that obtained from the entity's records

Auditor Evidence obtained directly by assurance providers is more reliable than that obtained indirectly
o r by inference

Entity Evidence obtained from the entity's records is more reliable when related control systems
operate effectively

Written Evidence in the form of documents (paper or electronic) o r written representations are more
reliable than oral representations

Originals Original documents are more reliable than photocopies, o r facsimiles

1 .2 Procedures to obtain evidence

Assurance providers obtain evidence by one or more of the following procedures outlined in ISA (UK) 500.

Procedures Explanation Strengths and weaknesses

Inspection of Inspection (physical examination) of tangible assets Inspection of assets is a g o o d procedure,

tangible assets that are recorded i n the accounting records confirms particularly in the case of assets that the
existence, but does not confirm rightsand entity could not function without (for
obligations or valuation. For example, machinery example its production plant), b u t the
recorded in asset register can be inspected by weakness associated with inspection is
assurance providers. that assets not used in daily production
Confirmation that assets seen are recorded in could b e hidden from the assurance
accounting records gives evidence of completeness. providers and not included in financial
However, this is limited to assets assurance providers state ments,
can see - if assets have been taken off site (hidden)
they might not be picked up.

Inspection of Inspection of documents involves examining records The strength of this procedure depends
documentation o r documents, for example, looking at a sales o n what is being inspected to give
contract or a share certificate. evidence. For instance, inspection of a
What inspection of documents achieves depends o n p u rchase invoice gives better q ual ity
the nature of the d o c u m e n t For example, looking at evidence than inspection of sales invoice,
a share certificate gives evidence of the existence of because a purchase invoice is created by
the investment. Looking at source documents (eg, a third party.
sales invoices) and tracing to financial statements
gives evidence of completeness (eg, of revenue).
Inspection also provides evidence of valuation (for
example, a purchase invoice gives evidence of the
cost of inventory), rights and obligations (for
example, a hire purchase agreement gives evidence
in relation to ownership of non-current assets) and
the nature of items (presentation and disclosure). It
can also be used to compare documents (and hence
test consistency of audit evidence) and confirm
authorisation.
 Observation This involves watching a procedure being This procedure is relatively weak, as it
performed (for example, post opening). only confirms that the procedure is being
performed correctly when the assurance
provider is watching.

Inquiry This involves seeking information from client The strength o r weakness of this
management o r staff or external sources and procedure will d e p e n d on of whom the
evaluating responses. inquiry is being made - a member of
client staff could misrepresent matters to
the assurance provider if they
misunderstand the nature of the
question, or they are seeking to conceal a
misstatement o r fraud.

External This involves seeking confirmation from a third party, This can be a very strong procedure but
confirmation (a eg, confirmation from bank of bank balances. there may be instances where the third
particular form of party is motivated to misrepresent, for
inquiry) example an understated receivables
balance might be confirmed because it
favoured the customer.

Recalculation Checking mathematical accuracy of client's records, Recalculation is evidence created by the
for example, adding u p ledger accounts. assurance provider so is strong evidence.

Reperformance Independently executing procedures or controls, Again, the fact that the assurance
either manually o r t h r o u g h the use of computer provider carries o u t the performance of a
assisted audit techniques (covered below). control themselves makes it strong
evidence.

Analytical Evaluating and comparing financial and/or non- Evidence here is limited b y the strength
procedures financial data for plausible relationships and o r weakness of the underlying
investigating unexpected fluctuations. accounting system. However, this can be
a strong procedure if comparison is
made to items that d o not rely o n the
same accounting system or that the
assurance provider can corroborate
outside the accounting system.

Often these procedures will be used in conjunction with one another to provide a greater quality of evidence. For
example, a n assurance provider might observe controls in operation and then reperform the control themselves to
confirm that it operates as they have observed. Auditors will gather detailed evidence but other assurance providers may
need less evidence.

1.3 Computer assisted audit techniq ues

With so many accounting systems now held on computer, the assurance provider may wish to make use of computer
assisted audit techniques (CAATs). These have been mentioned before in your Workbook, particularly i n Chapter 5. There
are three main types of CAAT that can be used:
■ test data
• audit software
• data analytics

1.3.1 Test data

Under this test of control, the assurance provider supervises the process of running data through the client's system. The
stages in the use of test data are as follows:
■ note controls in client's system
• decide u p o n test data, the options include:
- dummy data (the assurance provider must be very careful to reverse all effects)
- real data (the data may not contain all the errors necessary to test the controls rigorously)
- dummy data against a verified copy of the client's system (much safer)
■ run the test data
• compare results with those expected
• conclude on whether controls are operating properly
 Context example: Test data
Test data makes use of the client's own system. To carry out such a test the assurance provider identifies a control (or
series of controls) in the client's system. The assurance provider then predicts the system's reaction to the test data. For
example:
■ an invoice which does not cast should b e rejected when entered in the system
■ an invoice with an invalid supplier code should b e rejected
• dates outside the current year should b e rejected
* valid data should be posted to the correct account
The assurance provider then runs the test data through the client's system ( o r a copy thereof) and compares the results
with those expected. The results tell the assurance provider whether the controls within the system are operating correctly;
the test is therefore a test of control.

1.3.2 Audit software

Audit software makes use of the assurance providers' own specialised software. There are a number of off-the-shelf
packages available, o r t h o assurance provider could have a tailor-made system. Audit software works o n the basis of
interrogating the client's system a n d extracting and analysing information. It can therefore carry out a whole range of
substantive procedures, across all sorts of different data.
Examples of what audit software can d o include the following:
• extract a sample according to specified criteria:
- random
- over a certain amount
- below a certain amount
- at certain dates
• calculate ratios and select those outside set criteria (eg, more than 5% different from last year)
• check calculations and casts performed by the system
■ prepare reports (eg, comparison of actual against budgeted figures)
• follow items through a system and flag where they are posted
The procedures listed above are mostly substantive procedures, because they are substantiating the figures in the
accounts. To generate more procedures that can b e d o n e using audit software, just think of the substantive procedures
that you may wish to carry out, and consider whether the information is held on the client's computer (you can normally
assume that it is). If the test does not require judgement, then it can almost certainly be carried o u t by audit software.

1.3.3 Data analytics

Definition
Data analytics: When used to obtain audit evidence i n a financial statement audit, data analytics is the science and art of
discovering and analysing patterns, deviations and inconsistencies, and extracting other useful information in the data
underlying o r related to the subject matter of an audit through analysis, modelling and visualisation for the purpose of
planning a n d performing the audit.
FRC 201 7, Audit Quality Thematic Review. The Use o f Data Analytics in the Audit of Financial Statements

Within an audit context this is sometimes known as Audit Data Analytics, o r ADA.
Data analytics is a very hot topic in the auditing profession, and can be seen as part of the broader revolution wrought b y
' b i g data'. Data analytics are fundamentally a modern, developed form of CAATs, and whereas CAATs never really
changed the audit profession as a whole, it is possible that data analytics will do.
Auditors have for many years used computers to help them, developing the CAATs and audit software discussed above,
but technology has not really been powerful enough to make these tools worth the time that needed to b e invested in
them. A key problem was the need to tailor the CAATs to each audit client, which could be costly. Many auditors did not
use them.
In recent years, however, computing power has developed to the point where much more complex testing can be
performed o n data, but crucially without the need to create tailor-made software. Data analytics software came from the
older audit software, b u t is standardised and more powerful. Now, standard data analytics techniques can simply be
applied to a client's data, and since this is a much more efficient process than before, it is beginning to be adopted widely
within the profession.
Auditors can generate intuitive visualisations of very complex data (eg, bubble, bar or pie charts), which they can then use
in their analysis to spot trends that might otherwise have been missed.
Here are some examples of specific areas where ADA may be useful:
■ analyse all transactions in a population, stratify that population and identify outliers for further examination
• reperform calculations relevant to the financial statements
 • match transactions as they pass through a processing cycle
“ assist in segregation of duties testing
• co m p are e ntity d ata to externa I ly o bta i ned d ata
• manipulate data to assess the impact of different assumptions.
■ analyses of revenue trends split by product or region
• matches of orders to cash and purchases to payments
• three-way matches between purchase/sales orders, goods received /despatched documentation and invoices
• 'can do, d i d d o testing' of user codes to test whether segregation of duties is appropriate, and whether any
inappropriate combinations of users have been involved in processing transactions.
(FRC, 2017: p7)

1.4 Analytical procedures

ISA (UK) 520, Analytical Procedures gives more detail o n the use of analytical procedures as substantive procedures
(optional) and at the overall review stage (compulsory) of a n audit. The use of analytical procedures in planning
(compulsory) is included in ISA (UK) 31 5 Revised and was covered in Chapters. These ISA Standards apply to audits only,
but all assurance providers may b e able to use analytical procedures (indeed, they will b e an important tool where less
detailed evidence is required) and will need to consider the same general principles.
ISA (UK) 520 describes how the auditor must decide whether using substantive analytical procedures will be effective and
efficient in reducing audit risk to an acceptably low level. Auditors may find it effective to use analytical data prepared by
the entity's management, provided they are satisfied that it has been properly prepared.
There are a number of factors that the auditors should consider when using analytical procedures as substantive
procedures:
■ objective of the analytical procedures (for example analytical procedures may be good at indicating whether a
population is complete)
“ suita bility of analytical proced u res
• reliability of the data

Factor Issues to consider

Suitability • Generally analytical procedures are more applicable to large volumes of

transactions that tend to be predictable (for example, payroll).
• It depends o n the pu rpose of the test - for example, some analytical
procedures will provide persuasive evidence and others will provide
corroboration of other tests.
• Other audit tests directed to the same assertions.
• The auditor must decide if analytical procedures are suitable given the nature
of the assertion and the assessment of risk associated with it.

Reliability of the data • The source of the information used (third party or internal, for example).
• The comparability of the information (for example, an industry standard may
not b e useful if the company is unusual within the industry).
• Nature and relevance of the information used (for example, if comparing
something to budget, is the budget realistic o r more of a target?).
• Whether there are controls over the production of the information used to
ensure completeness, accuracy, validity.

Precision • The accuracy with which results in test area can be predicted (for example,
compare gross margin with a less predictable item, for example, advertising).
• The extent to which information can b e disaggregated (for example, by
division).
• Availability of required information.

Acceptable difference This is influenced b y materiality and the desired level of assurance. As assessed
risk rises, the amount of difference from expected results considered acceptable
without investigation will reduce.

When analytical procedures identify significant fluctuations or relationships that are inconsistent with other relevant
information, or that are not the results that were expected, this must be investigated further.
The auditor shall make inquiries of management about the inconsistency or unexpected result and then corroborate those
replies with other evidence.
 If management responses cannot be corroborated o r are unavailable, the auditor shall perform other audit procedures as
necessary.
The auditor may consider testing the operating effectiveness of controls, if any, over the preparation of information used
in applying analytical procedures. When such controls are effective, the auditor generally has greater confidence in the
reliability of the information, and therefore in the results of analytical procedures.
The operating effectiveness of controls over non-financial information may often b e tested i n conjunction with other tests
of controls. For example, in establishing controls over the processing of sales invoices, a business may include controls
over the recording of sales units. In these circumstances the auditor may test the operating effectiveness of controls over
the recording of unit sales in conjunction with tests of the operating effectiveness of controls over the processing of sales
invoices.
The suitability of a particular analytical procedure will d e p e n d u p o n the auditor's assessment of how effective it will b e in
detecting a misstatement that may cause the financial statements to be materially misstated.
The ISA states that:
The auditor shall design and perform analytical procedures near the e n d of the audit that assist the auditor
when forming an overall conclusion as to whether the financial statements are consistent with the auditor's
understanding of the entity (ISA (UK) 520: para. 6).
The conclusions from these analytical procedures should corroborate the conclusions formed from other audit
procedures o n parts of the financial statements. This assists the auditor to draw reasonable conclusions o n which to base
the audit opinion. However, these analytical procedures may identify a previously unrecognised risk of material
misstatement. In such circumstances the auditor is required to revise the auditor's assessment of the risks of material
misstatement a n d modify the further planned audit procedures accordingly.
As we have discussed, analytical procedures should b e used at the risk assessment stage. Possible sources of information
about the client include:
• interim financial information
• budgets
■ management accounts
■ non-financial information
• bank and cash records
• sales tax returns
• board minutes
• discussions or correspondence with the client at the yea r end
Auditors may also use specific industry information or general knowledge of current industry conditions to assess the
client's performance.
As well as helping to determine the nature, timing a n d extent of other audit procedures, such analytical procedures may
also indicate aspects of the business of which the auditors were previously unaware. Auditors are looking to see if
developments in the client's business have had the expected effects. They will be particularly interested in changes in
audit areas where problems have occurred in the past.

1.5 Directional testing

For any item in the final statements which is being tested there are two possibilities. It could b e fairly stated o r misstated.
If it is misstated there are again two possibilities. It could be:
• overstated; o r
• understated.
When testing for overstatement (or existence/occurrence) a different approach is used from testing for understatement (or
completeness).

Context example: Two invoices

Imagine two invoices, each for £1,000.
Invoice 1 is a fraudulent invoice for the purchase of a non-current asset and should not have been posted. As a result, non-
current assets are overstated b y £1,000 (before depreciation). To find this misstatement the auditor can either:
• look at all the purchase invoices an d try to identify the fraudulent one; o r
• look at the figure for non-current assets in the financial statementsand gradually follow the audit trail until arriving at
persuasive supporting evidence.
O n e m i g h t t h i n k t h a t e i t h e r o f these approaches would work. If the fraudulent invoice had been suppressed i n someway,
however, it would b e impossible to find it by looking through the invoices. It follows therefore that, when testing for
overstatement, the auditor should start with the figures given, and follow the audit trail until coming to the supporting
documentation.
To summarise, the pattern for overstatement testing is as follows:
 gure in the
accounts

Intermediate
documentation

Supporting
evidence

Now consider invoice 2, a sales invoice which has been omitted resulting in a n understatement of revenue by £1,000. In
this case, selecting a sample from the final revenue figure in the financial statements will be n o use. As the item has been
omitted, it will be impossible to select it and test it.
So, in order to test for understatement the auditor will have to select from a population which will give the chance of
selecting omitted items. Such a population has been described as 'a reciprocal population'. For invoice 2, that population
would be the entity's dispatch notes, provided that the auditor is satisfied that all despatches are 'captured' o n dispatch
notes at the point of dispatch.
A reciprocal population for accounts payable is more difficult to arrive at. Paragraph A27 of ISA (UK) 500 suggests that
when testing accounts payable for understatement, such a population could be:
• subsequent disbursements
* unpaid invoices
* suppliers' statements
• unmatched receiving reports
The pattern for understatement (or completeness) testing can be summarised as follows:

Reciprocal ____ Supporting

population evidence

Intermediate
documentation

Figure in the
accounts

Traditionally directional testing has been used as a mechanism for reducing the amount of testing done. If in a double
entry bookkeeping system there is a d e b i t for every credit, the trial balance balances and all d e b i t entries (expenses and
assets) are tested for overstatement, and all credit entries (revenue, liabilities, equity a n d reserves) are tested for
understatement, it is possible to draw the conclusion that, if n o misstatements are found, all items are fairly stated.
The 'normal' approach adopted, therefore, is to test debits for overstatement a n d credits for understatement.
However, note that the majority of high-profile corporate scandals (including Enron) have involved the overstatement of
income rather than its understatement. Money laundering schemes would also tend to show similar characteristics. It is
important therefore to assess the true risks, rather than automatically apply a formula.

Interactive question 1 : Evidence

In respect of a n assurance engagement, which one of the following is the least persuasive method of gathering evidence?
A Inspection of a purchase invoice
B Inspection of a sales invoice
C Inspection of inventory by the auditor
D Reperformance of a supplier statement reconciliation undertaken b y the client
1 .6 Audit of accounting estimates
The auditor often has to audit estimated figures, such as those for product warranties, depreciation, inventory or
receivables allowances, where the values included in the financial statements are not the result of transactions with third
parties (which are fairly reliable) b u t result from judgements made by management. Yet these figures can have a very
significant effect on reported profits.
There is a risk that management may be biased in the judgements it makes when calculating estimated figures. The
auditor must therefore approach these values with professional scepticism regarding the judgements made.
The audit approach required is set out in ISA (UK) 540 (Revised), Auditing Accounting Estimates and Related Disclosures.
Essentially, if risk assessment procedures have identified a risk of material misstatement due to accounting estimates, the
auditor can respond by undertaking one or more of the following methods.

Method Example

Test the process that management used to Management may use a formula to calculate the allowance for
estimate the figure a n d the data o n which it is receivables. The auditor can test this by:
based • checking the calculation
• considering if anything this year is likely to have changed the
esti mate

Use a point estimate The auditors may use a n available o r proprietary model, or introduce
different assumptions, or engage a specialist to develop a model.

Review events occurring up t o the date of the If a settlement is reached after the year end regarding a claim against
auditor's report the company which requires a provision, the auditor can use the
evidence of the agreement to establish the correct figure for the
financial statements. In this case there is usually n o need to use the
other two methods.

Test the operating effectiveness of controls If there are strong controls over the estimation, and the estimate is
over how management made the accounting derived from the routine processing of data b y the entity's accounting
estimate, with associated substantive system.
procedures

Having d o n e the detailed work on the accounting estimate, the auditor checks the reasonableness of the figure a n d then
reaches a conclusion about whether it is fairly stated.
This sort of work is clearly needed in a n audit assignment, where estimates such as provisions required for damages in a
lawsuit might be required, but the work is also very relevant to a number of other types of assurance engagement. Reports
o n a business plan often require an accounting estimate to be checked. The techniques used i n these assignments will b e
the same as for audit assignments.

1.7 Remote auditing

The coronavirus pandemic brought with it a rapid adoption of remote working, including remote auditing. Post-pandemic,
the 'new normal' includes a degree of reversion to in-person reviews, but some remote auditing appears to b e here to
stay. ICAEW has issued a guide on 'Remote auditing', which considers lessons learned o n the practicalities of remote
auditing.

1.7.1 Audit administration

When working remotely, it is possible to use electronic signatures, for example for engagement letters a n d auditor's
reports.
Audits may take longer to perform as a result of remote working, which needs to b e paid for through the audit fee.
Where difficult news needs to be communicated with management, eg, modifications to the auditor's report, then this
may be easier face-to-face. However the auditor must bear in mind any government restrictions and guidance regarding
in-person contact.

1.7.2 Remote team-working

ISA and ISOM requirements to hold discussions may be met by having a remote discussion using video conferencing
software.
IT security is crucial to the functioning of remote working, so firms should make use of solutions such as VPNs, and secure
web portals for reviewing client documentation. It may b e necessary to invest in this area, for example in third party IT
providers.
Obtaining evidence remotely may be more difficult. Auditors need to consider how to make up for a lack of physical
proximity, using alternative procedures where necessary (for example, it may be possible to observe a n inventory count
using drones). Audit staff will need to engage with client staff using video calls as a substitute for face-to-face interactions.
1.7.3 Audit approach and risk assessment
It is likely that audit risk will be assessed as higher as a result of the pandemic, with risks arising from regulations and
going concern problems. Rost-pandemic there will b e a period of settling d o w n to a new normal.

1.7.4 Work on internal controls

The entity's own assessment of control risk is an important starting point for the auditor, a n d this should include risks
arising from remote working.
It is likely that controls will be different, so the auditor will need to review the operation and effectiveness of any new
controls. It will b e important to apply professional scepticism.

1.7.5 ProfessionaI scepticism

The auditor must continue to apply professional scepticism, no matter how sympathetic they may be to the plight of their
clients during the pandemic.
There is also a risk of fraud in relation to government schemes, as well as a heightened risk of the frauds that have always
existed. Entities that are struggling may b e tempted to d o things that they might otherwise not have done.

2 S e l e c t i n g items to test

Section overview

• Assurance providers usually seek evidence from less than 100% of items of the balance o r transaction being tested.
• Every item i n the population of items being sampled must have an equal chance of being selected in the sample.
• The greater the risk of the area being sampled, the higher the sample size will be.
■ When drawing conclusions from sampling, the auditor must identify which discovered misstatements affect the overall
balance.

2J The concept of sampling

Assurance providers d o not normally examine all the information available to them; it would be impractical to d o so and
using sampling will produce valid conclusions provided it is carried out properly.
ISA (UK) 530, Audit Sampling states that: "The objective of the auditor, when using audit sampling, is to provide a
reasonable basis for the auditor to draw conclusions about the population from which the sample is selected."
Remember that the ISA relates specifically to audits, b u t all assurance providers may use sampling.
(ISA (UK) 530: para. 4)

Definitions
Audit sampling: The application of audit procedures to less than 1 0 0 % of items within a population of audit relevance
such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to
draw conclusions about the entire population.
Population: The entire set of data from which a sample is selected and about which an auditor wishes to draw conclusions.

Some testing procedures d o not involve sampling, such as:

• testing all items in a population (100% examination)
■ testing all items with a certain characteristic, as selection is not representative
Assurance providers are unlikely to test 100% of items when carrying out tests of control, but 100% examination may b e
appropriate for certain substantive procedures. For example, if the population is made up of a small number of high value
items and there is a high risk of material misstatement then 100% examination may be appropriate.
The ISA requires distinguishes between statistical sampling and non-statistical methods.

Definitions
Statistical sampling: An approach to sampling that has the following characteristics:
(a) Random selection of the sample items; and
(b) The use of probability theory to evaluate sample results, including measurement of sampling risk.
Non-statistical sampling: A sampling approach that does not have characteristics (a) and (b) is considered non-statistical
CAmnlinn
 The auditor may alternatively select certain items from a population because of specific characteristics they possess. The
results of items selected in this way cannot be projected onto the whole population b u t may be used in conjunction with
other audit evidence concerning the rest of the population.
• High value or key items. The auditor may select high value items or items that are suspicious, unusual o r prone to error.
■ All items over a certain amount. Selecting items this way may mean a large proportion of the population can be
verified b y testing a few items.
* Items to obtain information about the client's business, the nature of transactions, or the client's accounting and
control systems.

2.2 Design of the sample

When designing the sample, ISA (UK) 5 3 0 requires the auditor to 'consider the purpose of the audit procedure a n d the
characteristics of the population from which the sample will b e drawn', and to consider the sampling and selection
methods (ISA (UK) 530: para. 6).
When designing an audit sample, the auditor's consideration includes the specific purpose to be achieved and the
combination of audit procedures that is likely to best achieve that purpose. The auditor also needs to consider the nature
and characteristics of the audit evidence sought and possible deviation o r misstatement conditions. This will help t h e m to
define what constitutes a deviation or misstatement and what population to use for sampling.

Definition
Misstatement: A difference between the amount, classification, presentation, or disclosure of a reported financial
statement item and the amount, classification, presentation, o r disclosure that is required for the item to b e in accordance
with the applicable financial reporting framework. Misstatements can arise from error or fraud.

The population from which the sample is drawn must b e appropriate a n d complete for the specific audit objectives.

gh Context example: Selecting the population

It is crucial that the population the auditor selects and starts from suits the audit test objective.
For example, if the auditor was performing procedures over payroll, a valid test objective would be Jto ensure that only
genuine employees are paid'.
Comparing payroll records with human resources (HR) records would b e a reasonable procedure but the starting
population would have to be the payroll records. The auditor would need to take a sample of names off the payroll a n d
agree their details to the HR records to give comfort that they are real employees. Starting with the HR records as the
p o p u lation wou Id not meet the test objective since tracing the H R record details t o n a m e s o n the payroll just proves those
genuine employees are being paid. It does not help to find fictitious employees that have been a d d e d to the payroll.

Auditors must define the sampling unit in order to obtain an efficient and effective sample to achieve the particular audit
objectives.

Definition
Sampling units: The individual items constituting a population.

Context example: Sampling units

credit entries o n bank statements
sales invoices
receivables balances
a monetary unit (an example of monetary unit sampling is given in section 2.3)

ISA (UK) 530 requires that the auditor "shall select items for the sample in such a way that each sampling unit in the
population has a chance of selection1'. This requires that all items in the population have an opportunity to be selected.
As we saw above, in obtaining evidence, the auditor should use professional judgement to assess audit risk and design
audit procedures to ensure this risk is reduced to a n acceptably low level. In determining the sample size, the auditor shall
determine a sample size sufficient to reduce sampling risk is reduced to an acceptably low level.

Definitions
Sampling risk: The risk that the auditor's conclusion based o n a sample may be different from the conclusion if the entire
population were subjected to the same audit procedure.
Non-sampling risk: The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk.
For example, the use of inappropriate procedures, o r misinterpretation of audit evidence and failure to recognise a
misstatement or deviation.
2.2.1 Factors influencing sample sizes
ISA (UK) 530 gives examples of factors which influence sample sizes for tests of controls and tests of details:

Tests of controls

Factor Effect on sample size

An increase in the extent to which the auditor's risk assessment takes into account Increase
relevant controls

An increase i n the tolerable rate of deviation Decrease

An increase i n the expected rate of deviation of the population to be tested Increase

An increase i n the auditor's desired level of assurance that the tolerable rate of deviation Increase
is not exceeded by the actual rate of deviation in the population

An increase i n the number of sampling units in the population Negligible effect

Tests of details

Factor Effect on sample size

An increase in the auditor's assessment of the risk of material misstatement Increase

An increase in the use of other substantive procedures directed at the same assertion Decrease

An increase in the auditor's desired level of assurance that tolerable misstatement is not Increase
exceeded by actual misstatement in the population

An increase i n tolerable misstatement Decrease

An increase i n the amount of misstatement the auditor expects to find in the population Increase

Stratification of the population when appropriate Decrease

The number of sampling units in the population Negligible effect

The greater the auditor's desired level of assurance that the results of the sample are in fact indicative of the actual
misstatement iin the population, the larger sample sizes have to be. In other words, if the auditor is placing a great deal of
relevance o n this (it is not corroborating other evidence, for example) the higher the sample size will have to be.

Definitions
Tolerable misstatement: Tolerable misstatement is a monetary amount set by the auditor in respect of which the auditor
seeks to obtain an appropriate level of assurance that the monetary amount set by the auditor is not exceeded b y the
actual misstatement in the population.
Tolerable rate of deviation: Tolerable rate of deviation is a rate of deviation from prescribed internal control procedures
set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of
deviation set by the auditor is not exceeded by the actual rate of deviation in the population.

Tolerable misstatement is considered during the planning stage and, for substantive procedures, is related to the auditor's
judgement about materiality. The smaller the tolerable misstatement, the greater the sample size will need to be.
(a) For tests of controls, the auditor makes a n assessment of the expected rate of deviation based o n the auditor's
understanding of the relevant controls or o n the examination of a small number of items from the population. If the
expected rate of deviation is unacceptably high, the auditor will normally decide not to perform tests of controls.
(b) For tests of details, the auditor makes an assessment of the expected misstatement in the population. If the expected
misstatement is high, 100% examination o r use of a large sample size may b e appropriate when performing tests of
details.
The level of sampling risk that the auditor is willing to accept affects the sample size required. The lower the risk the
auditor is willing to accept, the greater the sample size will need to be.

Context example: Designing the sample

Sarah is planning the audit of receivables at Manufacturing Company Limited (MCL). MCL makes all its sales o n credit, and
the receivables ledger is extensive. However, Sarah has judged the area to be low risk as most customers pay their debts
promptly and controls over the receivables ledger and credit control are g o o d . In previous years, testing has revealed that
few misstatements are discovered. She therefore selects a small sample.
 During the course of testing, Sarah discovers a much higher number of misstatements than she was expecting. She
therefore increases her sample and extends her test.

In practice, most auditing firms use computer programs to set sample sizes, based o n risk assessments a n d materiality.

2.3 Selecting the sample

There are a number of selection methods available.
(a) Random selection ensures that all items in the population have an equal chance of selection, eg, by use of random
number tables o r computerised generator.
(b) Systematic selection involves selecting items using a constant interval between selections, t h e first interval having a
random start. When using systematic selection assurance providers must ensure that the population is not structured
in such a manner that the sampling interval corresponds with a particular pattern in the population.
(c) Haphazard selection may b e an alternative to random selection provided assurance providers are satisfied that the
sample is representative of the entire population. This method requires care to guard against making a selection that
is biased, for example towards items that are easily located, as they may not be representative. It should not b e used
if assurance providers are carrying out statistical sampling.
(d) Sequence or block selection. Sequence sampling may b e used to check whether certain items have particular
characteristics. For example, an auditor may use a sample of 5 0 consecutive purchase invoices to check whether a
particular control is applied, rather than picking 50 single invoices spread throughout the year. Sequence sampling
may, however, produce samples that are not representative of the population as a whole, particularly if misstatements
only occurred during a certain part of the period, and hence the misstatements found cannot be projected onto the
rest of the population.
(e) Monetary Unit Sampling (MUS).This is a selection method that ensures that every £1 in a population has an equal
chance of being selected for testing. The advantages of this selection method are that it is easy when computers are
used, a n d that every material item will automatically b e sampled. Disadvantages include the fact that if computers are
not used, it can be time consuming to pick the sample, and that MUS does not cope well with errors of
understatement (as the computer cannot select a £ which is not there) or negative balances.

Professional skills focus; Applying judgement

Different approaches are possible here. The approach taken may depend on a firm's culture as much as anything; other
factors would include the particular client being audited and the kind of data that is available to the audit firm.

Context example: MUS

You are auditing trade accounts receivable and aretesting for overstatement. Total trade account receivables is £500,000
and performance materiality is £50,000. You will select the balances containing each 50,000th £1 from the following
ledger.

Customer Balance Cumulative total Selected

A 30,000 30,000

B 35,000 65,000 Yes

C 45,000 110,000 Yes

D 52,000 162,000 Yes

E 1 3,000 175,000

F 50,000 225,000 Yes

G 23,000 248,000

H 500 248,500

I 41,500 290,000 Yes

J 47,000 337,000 Yes

K 54,000 391,000 Yes

L 1 7,000 408,000 Yes

 M 80,000 488,000 Yes

N 12,000 500,000 Yes

500,000

Material items are shown in bold and have all automatically been selected. The cumulative column helps you to determine
when the next 5O,OOOth £1 has been reached

o Interactive question 2: Factors affecting sample size

When determining a sample size for tests of detail there are a number of factors that a n auditor should take into account
Requirement
For each of the following factors, select whether it would cause the sample size to increase or decrease.

Increase/Decrease

—
Decrease i n the assessed level of tolerable misstatement

Increase in the assessed risk level —

—
Discovery of more misstatements than were anticipated during testing

3 Drawing conclusions from sampling

Section overview

■ The purpose of sampling a set of items was to enable the auditors to project the conclusion to the whole population.
• Auditors must consider the nature of the misstatement and whether it is fair to project that misstatement.
* If the projected misstatement exceeds tolerable misstatement then sampling risk must b e reassessed and further audit
procedures must be considered.

When the auditors have tested a sample of items, they must then draw conclusions from that sample. The purpose of audit
sampling is to enable conclusions to be drawn from an entire population o n the basis of testing a sample drawn from it.
To begin with, the auditors must consider whether the items in question are true misstatements, as they defined them
before the test. For example, when testing receivables, a sampled misposting between customer accounts will not affect
whether the auditors conclude the valuation of total receivables is true and fair.
When the expected audit evidence regarding a specific sample item cannot be found, the auditor shall perform the
procedure o n a replacement item. In such cases, the item is not treated as a misstatement.
The qualitative aspects of misstatements are also considered, including the nature and cause of the misstatement.
Auditors must also consider any possible effects the misstatement might have on other parts of the audit including the
general effect o n the financial statementsand o n the auditors' assessment of the accounting and internal control systems.
Where common features are discovered in misstatements, the auditors may decide to identify all items in the population
that possess the common feature (eg, location), thereby producing a sub-population. Audit procedures could then b e
extended in this area.
O n some occasions the auditor may decide that the misstatement is an anomaly.

Definition
Anomaly: A misstatement or deviation that is demonstrably not representative of misstatements o r deviations in a
population.
To b e considered anomalous, the auditors have to b e certain that the misstatements are not representative of the
population. Extra work will be required to prove that a misstatement is an anomaly.
The auditors must project the misstatement results from the sample onto the relevant population. The auditors will
estimate the probable misstatement in the population by extrapolating the misstatements found in the sample.
For substantive procedures, auditors will then estimate any further misstatement that might not have been detected
because of the imprecision of the technique (in addition to consideration of the qualitative aspects of the errors).
Auditors must also consider the effect of the projected misstatement o n other areas of the audit. The auditors should
compare the projected population misstatement (net of adjustments made by the entity i n the case of substantive
procedures) to the tolerable misstatement taking account of other relevant audit procedures.
If the projected population misstatement exceeds or is close to tolerable misstatement, then the auditors must re-assess
sampling risk. If i t is unacceptable, they shall consider extending auditing procedures or performing alternative
procedures. However, if after alternative procedures the auditors still believe the actual misstatement rate is higher than
the tolerable misstatement rate, they should re-assess control risk if the test is a test of controls; if the test is a substantive
procedures, they should consider whether the financial statements need to b e adjusted.

Professional skills focus: Applying judgement

This is an application of the concept of performance materiality, whereby the auditor assesses the materiality of a
misstatement not just in line with the overall materiality level for the financial statements as a whole, but deploys
materiality in the context of the specific misstatement o r sample in question.

Context example: Drawing conclusions from sampling

Adrian carried out a supplier statement reconciliation o n Peabody Ltd, testing the completeness a n d valuation assertions.
This means that he compared the statements sent by suppliers to Peabody Ltd with the details on Peabody's own
payables ledger. Tolerable misstatement has been set at £10,000. The sample was 1 0 payables ledger balances totalling
£35,024 out of a total of £375,297. Adrian found that of these, eight reconciliations proved that the balance o n the ledger
was correct, one showed that an invoice had been misposted to a different supplier's account and one showed that a n
invoice had not been posted at all.
When considering the results of his sample, Adrian decided that he can disregard the misposting, as, although it means
that two accounts were individually misstated, the overall balance was not affected b y this mistake. In the case of the
invoice that had simply been omitted in error however, Adrian had to conclude that this misstatement of £250, which does
affect the overall total balance, could be repeated in the overall population with the potential for causing material
misstatement. Adrian projected the total population misstatement based o n the sample a n d compared the outcome with
tolerable misstatement. In this case h e found that the projected misstatement of £2,679 was considerably below the
tolerable misstatement of £10,000 a n d concluded that n o further action was required. He concluded from his testing that
the trade payables balance in the financial statements was fairly stated.

Interactive question 3: Drawing conclusions from sampling

Danielle has carried out a receivables circularisation o n Donothing pic to gain evidence about the existence and valuation
of the receivables balance stated in the draft statement of financial position.
Identify whether the following conclusions drawn by her are correct o r not.

True/False

An amount disagreed by Lazy Limited because a payment for an invoice had been
despatched two days before the year e n d and received by Donothing pic shortly
after the year end, d i d not constitute a misstatement for the purposes of drawing a
conclusion for the whole population.

An amount disagreed by Sloth Limited because a credit note had been issued by
Donothing pic a month before the year end did not constitute a misstatement for
the purposes of drawing a conclusion for the whole population.

An amount disagreed by Busy Limited because they had paid the balance some
time earlier, which further enquiry revealed had been posted to a different customer
account, d i d constitute a misstatement for the purposes of drawing a conclusion for
the whole population.
4 Evaluation of misstatements

Section overview

• ISA (U K) 45 0, Evaluation o f Misstatemen ts identified During e A ucfrt re q u i re s t he au d ito r to evaIu ate t h e effect of
identified misstatements o n the audit and evaluate the effect of any uncorrected misstatements o n the financial
statements.
• All non-trivial misstatements must b e communicated to management and if uncorrected, to those charged with
governance.

The auditor is required to evaluate the effect of identified misstatements on the audit in ISA (UK) 450, Evaluation of
Misstatements Identified during the Audit. Under this ISA, the auditor must also evaluate the effect of any uncorrected
misstatements on the financial statements.
During the audit, auditors must accumulate any non-trivial misstatements identified and determine whether the audit plan
or overall audit strategy need to be revised based o n these. Additional audit procedures shall be performed where
management has examined and corrected balances at the auditor's request.
The auditor is required to communicate all misstatements o n a timely basis to the appropriate level of management and
request that management corrects the misstatements. The auditor is required to request a written representation from
management whether they believe the effects of uncorrected misstatements to be immaterial to the financial statements
as a whole. If management have corrected material misstatements, then d o i n g this may help them to fulfil their
governance responsibilities, including reviewing the effectiveness of internal control.
If management refuses to correct some or all of the misstatements then the auditor shall:
• obtain an understanding of management's reasons for not making the corrections
• determine whether uncorrected misstatements are material individually or in aggregate
• communicate individual uncorrected misstatements to those charged with governance and request that these b e
corrected, mentioning any effect o n the opinion i n the auditor's report
• request a written representation from management (and if appropriate those charged with governance) that they
believe the effects of the uncorrected misstatements are immaterial, individually and i n aggregate, to the financial
statements as a whole
In determining whether uncorrected misstatements are material, the auditor must consider the size and nature of the
misstatements, along with the particular circumstances of their occurrence. Certain circumstances may cause the auditor
to evaluate misstatements as material, even if they are lower than materiality for the financial statements as a whole.
Examples of circumstances include, but are not limited to, the extent to which the misstatement:
• affects compliance with regulatory requirements
• affects compliance with debt covenants or other regulatory requirements
“ masks a change i n earnings or other trends
• affects ratios used to evaluate the entity's financial position, results of operations orcash flows
• increases management's compensation, for example by ensuring the requirements for the award of bonuses are met

Interactive question 4: Material misstatements

Which two of the following should b e determined as material uncorrected misstatements?
A An isolated misposting between two supplier accounts which is below materiality
B A misstatement which is below materiality and results in directors' bonus targets being met
C An immaterial misstatement of assets which results in a debt covenant not being breached
D The monthly bank reconciliation was not prepared in August as the cashier was o n holiday
Summary

Evidence can be obtained by:

* inspection
* observation
* inquiry
* confirmation
* recalculation
* reperformance
* analytical procedures

The strengths and weaknesses of

these methods depend on associated
issues relating to the q uaIity of
evidence - for example, of whom the
inquiry was made, client staff or third
parties

Evidence will often be obtained from

a sample of a population, rather than
testing every item within it

Factors affecting sample size To draw a conclusion from a

include: sample, auditors must distinguish
• the degree of assessed risk between true misstatements and
other misstatements
• the level of tolerable
misstatement

Auditors must communicate

misstatements to management
and request that these be
corrected
 Further question practice

1 Knowledge diagnostic
Before you move o n to question practice, confirm you are able to answer the following questions having studied this
chapter If not, you are advised to revisit the relevant learning from the topic indicated.

Confirm your learning Yes/No

(1 ) Can you define audit data analytics? (Topic 1 )

(2) Can you explain the procedures by which audit evidence may b e obtained? (Topic 1)

(3) Can you explain the four principal methods for auditing accounting estimates? (Topic 1 )

(4) Can you define sampling risk? (Topic 2)

(5) D o you understand the factors influencing sample sizes and whether they increase o r decrease
sample size? (Topic 2)

2 Chapter Self-test question practice

Aim to complete all self-test questions at the e n d of this chapter. Once completed, attempt all questions in Chapter 1 1 of
the Assurance Question Bank and refer back to the learning i n this chapter for any questions which you d o not answer
correctly and the suggested solution has not provided sufficient explanation to answer all your queries. Once you have
attempted these questions, you can move onto the next chapter. Written representations.

Technical reference

1 Evidence
• Procedures to obtain evidence - ISA (UK) 500.A1 4 - A25
- Ana lytical p rocedu res - ISA (UK) 520, ISA (UK) 3 1 5.
• Accounting estimates - ISA (UK) 540.1 3

2 Selecting items to test

- The concept of sampling - ISA (UK) 500.A54 + ISA (UK) 530.4 - 5
• Design of the sample - ISA (UK) 530.5 - 8 , Appx 2, Appx 3
• Selecting the sample - ISA (UK) 5 3 0 Appx 1

3 Drawing conclusions from sampling - ISA (UK) 530.1 4, A1 8 - A23

4 Evaluation of misstatements - ISA ( U K) 450.5 - 1 5 + ISA (UK) 450.A1 6

Self-test questions

Answer the following questions,

1 Which one of the following procedures would give the most persuasive evidence that a control operated as the assurance
providers had been advised?
A Inspection of the controls handbook
B Inquiry of the staff operating the control
C Observation of the staff operating the control
D Reperformance of the control by audit staff
2 Indicate the purpose of the primary test for each type of account in directional testing.

Overstatement/U nderstatement

—
Assets

—
Liabilities

Income —

Expense —

3 Identify the significant relationships in the list of items below

(a) Payables (b) Interest (c) Purchases (d) Revenue

(e) Amortisation (f) Loans ( g j Receivables (h) Intangibles

4 Identify whether the following statements are true o r false.

The risk that the auditor's conclusion, based o n a sample, may b e different from the conclusion if the entire population
were subjected to the same audit procedure is sampling risk.
A False
B True
The risk that the auditor might use inappropriate procedures o r might misinterpret audit evidence and thus fail to
recognise a misstatement or deviation is non-sampling risk.
C False
D True

5 Identify whether the following examples of sample selection are random, haphazard o r systematic.

Random/Haphazard/Systematic

—
Barry is selecting a sample from the list of receivables balances. He
selects the second, a n d thereafter every 7th balance.

—
Carol is selecting a number of purchase invoices to carry out a
directional test. She selects t h e m by flicking through the files and
selecting a n invoice occasionally.

Now go back to the Introduction and ensure that you have achieved the Learning outcomes listed for this chapter.
Answers to Interactive questions

Answer to Interactive question 1

The correct answer is:
B Inspection of a sales invoice
A sales invoice is an internally generated document and therefore provides a poor source of evidence. It would be
better to obtain information about sales from the customers.

Answer to Interactive question 2

Increase/Decrease

Decrease i n the assessed level of tolerable misstatement Increase

Increase in the assessed risk level Increase

Discovery of more misstatements than were anticipated during testing Increase

They would all cause the sample size to increase.

Answer to Interactive question 3

True/False

An amount disagreed by Lazy Limited because a payment for an invoice had been True - this is just a timing
despatched two days before the year e n d and received by Donothing pic shortly difference.
after the year end, d i d not constitute a misstatement for the purposes of drawing a
conclusion for the whole population.

An amount disagreed by Sloth Limited because a credit note had been issued by False - this i ndicates that the
Donothing pic a month before the year end did not constitute a misstatement for credit note may not have been
the purposes of drawing a conclusion for the whole population. processed to the receivables
ledger, which would be an error
that could also b e true of other
potential credits due o n the
ledger.

An amount disagreed by Busy Limited because they had paid the balance some False - this error does not affect
time earlier, which further enquiry revealed had been posted to a different customer the overall balance o n the ledger.
account, d i d constitute a misstatement for the purposes of drawing a conclusion for
the whole population.

Answer to Interactive question 4

The correct answers are:
B A misstatement which is below materiality and results in directors' bonus targets being met
C An immaterial misstatement of assets which results in a debt covenant not being breached
Although these two items are below materiality, the particular circumstances surrounding their occurrence make them
material misstatements. The last item relates to a test of controls.
 Answers to Self-test q u e s t i o n s

1 D Reperform a nee of the control by audit staff

Overstatemen t/U nd erstatement

Assets Overstatement

Liabilities Understatement

Income Understatement

Expense Overstatement

3 (a)and(c)
(b) and (f)
(d) a n d ( g )
(e) and (h)

4 B True
D True

Random/Haphazard/Systematic

Barry is selecting a sample from the list of receivables balances. He Systematic

selects the second, a n d thereafter every 7th balance.

Carol is selecting a number of purchase invoices to carry out a Haphazard

directional test. She selects t h e m by flicking through the files and
selecting a n invoice occasionally.