Audit sampling is one of two areas of audit procedures that are heavily tested on the auditing and attestation (AUD) test. Audit sampling involves applying an audit procedure to less than 100 percent of the items that make up an account balance or class of transactions. An audit procedure evaluates some characteristic of the account balance or transaction.
Sampling basics
Sampling is an audit tool that allows the CPA to review only a sample, or portion, of the items under audit. Because the accountant isn’t auditing every item, the CPA firm is able to save time and expense. There is, however, sampling risk for a CPA firm that uses sampling.
This is the risk that the results found using the sample don’t reflect the results that would be found if the entire set of items were reviewed. The auditor strives to use a sample of items that has the same attributes as the entire set of items.
With attribute sampling, the auditor tests a procedure for an attribute. You can think of the attribute as a desired outcome.
An auditor may take a sample of inspection tag numbers. The CPA can check the inspection tag list to see whether a shipping department employee initialed the tag. That step is the attribute or desired outcome for each item. If an item shipped to a client doesn’t have a shipping tag initial, the accountant would consider that a deviation.
Sample size represents the number of items selected for the sample, and population is the entire set of items that you’re testing. If the rate of deviations found in the sample is much different from the deviation rate in the population, the sampling procedure has a high level of sampling risk.
The amount of sampling risk varies inversely with the size of the sample. In other words, a larger sample size means less sampling risk. As you increase your sample size, your groups of items will have attributes that are closer to the attributes of the entire population.
In addition to sampling risk, CPAs work with nonsampling risk. These risks aren’t related to sampling. The auditor, for example, may choose a sampling procedure that doesn’t detect a material misstatement in the account balance under audit. In this case, the procedure does not relate closely to the potential error in the accounting records.
Auditors use the word agree to refer to a specific task that relates to audit work. In the context of performing an audit, the word agree means to compare two pieces of audit evidence to make sure they’re the same.
Comparing risks related to sampling
Two types of risk relate to substantive testing, and two types are connected to tests of controls. Keeping these risks straight for the AUD test can be challenging. Take some time to compare the different types of sampling risks.
Substantive testing is gathering evidence to determine the extent of misstatement in the client’s accounting records. The CPA is concerned with two types of sampling risk related to substantive testing:
Risk of incorrect acceptance: The risk that the sample supports the conclusion that the balance is not materially misstated when it actually is misstated
Risk of incorrect rejection: The risk that the sample supports the conclusion that the balance is materially misstated when it actually isn’t misstated
Suppose that you’re testing to ensure that each shipping receipt agrees to a purchase order. This procedure helps to determine whether every incoming shipment of product was properly approved for purchase. Suppose that your sample supports the conclusion that incoming shipments are approved.
The entire population of shipments, however, reveals that the numbers of shipments supported by a purchase order is materially incorrect. The number of unapproved shipments is relevant when compared to total shipments. The sample didn’t reflect the results of the entire population, and the sample was incorrectly accepted.
Now suppose that the sample included a material number of exceptions. Many shipments weren’t matched with a purchase order. For the entire population, however, the number of shipments missing a purchase order isn’t material. If the auditor concludes that the balance is materially incorrect, that’s an example of incorrect rejection.
Keep in mind that a material misstatement can be one item or the sum of multiple items that add up to a materially misstated amount. Suppose, for example, that a programming glitch causes each invoice to be generated with a $20 error that reduces the amount owed. So each invoice is $20 too low.
If only a few invoices are wrong, the total amount isn’t material. If however, a company issues thousands of incorrect invoices, the total dollar amount of misstatement may be material.
You can also implement sampling procedures for tests of controls, which test the effectiveness of internal controls. When using tests of controls, a CPA is concerned with control risk. Control risk is the risk that an internal control doesn’t detect or correct a misstatement. CPAs are concerned with two types of control risk:
Risk of assessing control risk too low: The risk that the assessed level of control risk, based on the sample, is lower than the true effectiveness of the control
Risk of assessing control risk too high: The risk that the assessed level of control risk, based on the sample, is higher than the true effectiveness of the control
You can relate these sampling errors to audit effectiveness and efficiency:
Inefficiency: If you incorrectly reject an audit sample or assess the control risk as too high, the decision affects audit efficiency. Both of the conclusions would cause an auditor to perform more audit procedures — procedures that are unnecessary.
Ineffectiveness: On the other hand, if you incorrectly accept an audit sample or assess the control risk as too low, the decision affects audit effectiveness. These conclusions would cause an auditor to rely on the already completed audit work when additional procedures are necessary.