CH-10 Audit Sampling – Auditing: An International Approach : Book Guide

CHAPTER 10 Audit Sampling SOLUTIONS FOR REVIEW CHECKPOINTS 10-1 Audit sampling is the examination of less than 100% of a population (usually of account balances such as accounts receivables, payables). Sampling is synonymous with testing. A population is the set of all the elements that constitute an account balance or class of transactions. Each of the elements is a population unit; and when an auditor selects a sample, each element is called a sampling unit. A sample is a set of sampling units. 10-2 The auditor decides on materiality and risk whereas the amount of sampling done can be determined by formula (if representative statistical sampling is the objective). Even when less formal representative sampling or non- representative sampling is the objective, materiality and risk still have key roles to play in determining the amount of sampling (extent of testing). 10-3 Generally, audit assurance = 1 – audit risk, assuming sufficiency of evidence is the only consideration. 10-4 Sampling affects the sufficiency of evidence to support an audit opinion. 10-5 Enquiry, analytical procedures, observation 10-6 Confirmations, inventory or other counts, testing of transactions. 10-7 To improve audit efficiency, to make more accurate (objective) the measure of risk involved in testing, to better control the risks associated with testing. 10-8 Sampling vs. 100% exam, representative vs. non-representative sampling, and statistical vs non-statistical representative sampling. 10-9 Yes, they all mean the same thing in that they are less than a 100% examination of a population. 10-10 Statistical sampling requires a representative sampling objective in which each population unit must have an predictable chance of selection. In non-statistical sampling there is no guarantee that each population unit has a predictable chance of being selected. Note, however, that a population unit depends on how a population is defined. For example, an accounts receivable population can be viewed as a population of accounts, each account potentially having different values. Or the accounts receivable can be viewed as a population of dollar (monetary) units, with each unit having exactly the same value. This illustrates that even when using “scientific” statistical methodology we are still applying critical thinking concepts such as effect of perspective. 10-11 In representative testing the goal is to be able to accurately extrapolate the results to the entire population. In non- representative testing the goal is something else, e.g., looking for fraud in particular population units. Client factors include the size of the population in question, the nature of the account (cash is normally tested 100%), and the quality of the client’s record keeping—the auditor needs to be reasonably confident that the records are complete in order to plan a representative sample. 10-12 A statistical representative test provides a predictable (usually an equal or proportionate to size) probability of selection for each population unit—this is the assumption on which all the statistical formulas are based. In turn this allows an objective measure of the sampling risk associated with the test. This is not possible with a non- statistical representative test. The auditor may think the result is representative in his or her professional judgment but if the auditor had to provide reasons in the audit working papers they may be considered less convincing (e.g., less scientific) than the more formalized statistical sampling theory. This is especially true if auditors in the future will be held more accountable for their judgments, as is indicated by recent trends in CPAB and PCAOB reports. This is why debiasing training may become more important in non-statistical representative sampling in future: such training provides another good reason for accepting auditor judgments on non-statistical representative selection of items. 10-13 There are no formulas that can be used to generalize the results of a non-representative test. 10-14 Nonsampling risk is the probability of making a wrong decision about a population of data. It arises from all sources other than the probability that a "representative sample" actually does not represent the population. Sources of nonsampling error, hence nonsampling risk include: a) Misjudging the inherent risk b) Misjudging the control risk c) Human error 1. Poor choices of procedures 2. Mistakes in procedural applications 3. Failure to recognize a deviation or error 4. Signing off on work not actually performed Examples of nonsampling risk: Performing inappropriate procedures. Failure to consider test results adequately. Neglecting the importance of analytical review. Failure to maintain control over audit procedures. Lack of professional skepticism. 10-15 Sampling risk is the risk that a random sample with the purpose of representative testing will not give a representative result. 10-16 Sampling risk exists in both statistical and non-statistical sampling. This follows from the definition of sampling risk and noting that the definition is not dependent on statistical sampling being used. The big difference is that it is sampling risk is more objectively measurable in statistical sampling. 10-17 Sampling risk can be avoided only with a 100% examination. 10-18 Non-sampling risk can be avoided in theory with proper care and training. 10-19 Non-sampling risk because this is where due care can be questioned most critically. It would be unusual to question the auditor’s level of planned sampling risk. 10-20 Test of control audit programs are used to audit compliance with internal controls procedures. Account balance audit programs are used to audit the dollar amounts and disclosures in financial statements. 10-21 Tests of controls are testing procedures to assess whether controls are operating effectively. A test of control procedure is a statement of a) Identification of a population from which sampling units are to be drawn b) Expression of an action taken to produce evidence about a client control procedure. 10-22 Sales may be billed before goods are shipped or services delivered thus recording non-existent sales. 10-23 Compliance deviations should be defined in advance so auditors will know what to look for and will know one when they see it. Seven Examples--Based on Seven General Control Objectives: Objective Example 1. Validity 1. Sale recorded without supporting shipping orders. 2. Authorization 2. Lack of credit manager approval for a credit sale. 3. Accuracy 3. Mathematical errors in sales invoice calculations. 4. Classification 4. Sales classified in wrong product line revenue account. 5. Proper Period 5. Sales recorded in month (quarter, year) before the actual shipment. 6. Accounting 6. Sales charges fail to be posted to a customer's account. 7. Completeness 7. Shipments fail to be billed to customers and recorded as sales and receivables. 10-24 and 10.25 Judgments affecting sample size for test of controls auditing. Judgment Influence on sample size 1. Acceptable risk of assessing control risk too low Inverse. The greater the acceptable risk, the smaller the sample. 2. Acceptable risk of assessing control risk too high Inverse. The greater the acceptable risk, the smaller the sample. 3. Tolerable deviation rate Inverse. The higher the tolerable rate, the smaller the sample. 4. Expected population deviation rate (an estimate rather than a judgment) Direct. The higher the expected rate, the larger the sample. The sample size is also directly related to the population size, although the influence is generally minor. The larger the population, the larger the sample, but not much. 10-26 Four sample selection methods: 1. Unrestricted random sampling: Associate unique random numbers from a printed table or generated by a computer to units in the population. 2. Systematic random sampling Take one (or more) random starts in the physical representation of the population, then select that unit and every kth (k = population size/sample size, and k is multiplied by the number of random starts) until the population is entirely scanned. 3. Haphazard selection: Use any unsystematic way of selecting sample units without imposing a bias for or against units in the population. 4. Block sampling: Select one or more contiguous sets (series) of transactions, for example, a short numerical sequence, or the transactions in a day, week or month. 10-27 The risk of assessing the control risk too low has the potential of affecting audit effectiveness, thus damaging the quality of the audit for users. Professionally, in light of responsibility to users, effectiveness is more important than efficiency, which is affected by the risk of assessing the control risk too high. 10.28 When test of controls auditing is timed early, an audit manager must decide what to do about the remaining period (for example, the period October through December after doing test of controls auditing in September for a December 31 year-end audit). Depending upon the circumstances indicated by several sources of information mentioned in the text, an audit manager can decide to (1) continue the test of controls audit work because knowledge of the state of control performance is necessary to justify restriction of other audit work, (2) stop further test of controls audit work because (a) compliance evidence derived from other procedures provides sufficient evidence or (b) information shows the control has failed, control risk is high, and other work will not be restricted. Whatever the final judgment, considerations of audit effectiveness and efficiency should always be uppermost in the audit manager's mind. 10-29 Expanded risk model: AR = IR x CR x AP x TD Solve for TD, when: .048 = 1.0 x .4 x .6 x TD TD = .048 = .2 1.0 x .4 s .6 The tolerable misstatement ($10,000) and estimated standard deviation ($25.00) are "noise" in the question. 10-30 If control risk increases then there is a higher risk of client undetected material misstatement and the risk of incorrect acceptance (RIA) must be decreased to compensate if overall audit risk is to remain at the planned level. 10-31 Alpha risk results in unnecessary additional testing whereas beta risk is the risk that the auditor fails to detect a material misstatement, i.e., the auditor is ineffective. 10-32 An incorrect acceptance decision directly impairs the effectiveness of an audit. Auditors wrap up the work and the material misstatement appears in the financial statements. An incorrect rejection decision impairs the efficiency of an audit. Further investigation of the cause and amount of misstatement provides a chance to reverse the initial decision error. 10-33 The tolerable misstatement (judged for the audit of a particular account balance) should not be more than the monetary misstatement considered material to the overall financial statements. Also, the aggregation of multiple tolerable misstatement amounts for several different balances under audit must be equal to or less than the amount of monetary misstatement considered material to the overall statements. 10-34 The appropriate general set of objectives is the objective(s) of obtaining evidence about each of the client's assertions in the financial balance. In general, the assertions are about: Existence or occurrence (and cutoff) Completeness (and cutoff) Rights and obligations (ownership, ownership) Valuation or allocation Presentation and disclosure 10-35 Two main audit purposes for stratifying a population when sampling for variables (monetary) measurement: a) Some units may be individually significant (e.g., large) and taking sampling risk with respect to them is not a good idea. b) Auditors may want to achieve audit coverage of a large proportion of dollars in the balance by choosing the largest units (a protective sampling objective, which is closely related to avoiding sampling risk). 10-36 In quantitative terms, the important thing is to audit all the sample units. You cannot simply discard one that is hard to audit in favor of adding to the sample a customer whose balance is easy to audit. This action might bias the sample. If considering the entire balance to be misstated will not alter your evaluation conclusion, then you do not need to work on it any more. Your evaluation conclusion might be to accept the book value, as long as the account counted in error is not big enough to change the conclusion. Your evaluation conclusion might already be to reject the book value, and considering another account to be misstated just reinforces the decision. If considering the entire balance to be misstated would change an acceptance evaluation to a rejection evaluation, you need to do something about it. Since the example seems to describe a dead end, you may need to select more accounts (expand the sample) and perform the procedures on them (excluding confirmation) and reevaluate the results. The auditor should also consider qualitative issues such as why a population unit is not auditable via a given procedure. This is the essence of skepticism and critical thinking. If there exist good reasons in the circumstances why a population unit is not auditable, then the auditor can consider the quantitative approach given above. 10-37 The three basic steps in quantitative evaluation are these: 1. Figure the total amount of actual misstatement found in the sample. This amount is called the known misstatement. 2. Project the known misstatement to the population. The projected amount is called the likely misstatement. 3. Compare the likely misstatement (also called the projected misstatement) to the tolerable misstatement for the account, and consider the a) Risk of incorrect acceptance that likely misstatement could be less than tolerable misstatement even though the actual misstatement in the population is greater, or the b) Risk of incorrect acceptance that likely misstatement could be greater than tolerable misstatement even though the actual misstatement in the population is smaller. 10-38 The non-statistical measurements described in Chapter 10 leave only one avenue for "accounting for further misstatement": Apply experience and professional judgment to decide if further misstatement could be large enough to prevent an acceptance decision. If the projected likely misstatement is a great deal less than the amount considered material, an auditor could judge that further misstatement, if known, would not affect acceptance. If projected likely misstatement is close to the amount considered material, maybe acceptance is not warranted. This is essentially a summary of the AuG-41, appendix which is reproduced below. With statistical calculations, the further misstatement can be measured directly (see appendix Ch. 10B on Connect). AUG-41 Appendix: ABBREVIATIONS IM Identified misstatements LAM Likely aggregate misstatement MAT Threshold of materiality Situation 1 In this situation (the one most frequently encountered in practice), the level of likely aggregate misstatement is substantially less than materiality. Because of this, it is extremely unlikely that the level of maximum possible misstatement would be quantitatively material. Accordingly, the auditor would need to consider the effect of the qualitative factors set out in paragraph 24 to assess whether the misstatement should be considered material. Depending on the outcome of that assessment, either an unqualified opinion or a qualified opinion might be given. Situation 2 The level of likely aggregate misstatement is close to materiality. In this situation, on the one hand, the auditor's best estimate (based on likely aggregate misstatement) is that the financial statements are not materially misstated. On the other hand, the existence of further possible misstatements that might cause the financial statements to be materially misstated cannot be ignored. Usually, the auditor would recommend that misstatements be corrected to reduce the level of likely aggregate misstatement to the point where, clearly, an unqualified opinion could be given. The auditor might also consider attempting to reduce his or her assessment of further possible misstatements through the performance of additional auditing procedures. If these approaches do not resolve the matter, the auditor will have to exercise his or her professional judgment in deciding whether an unqualified opinion is appropriate. Situation 3 Identified misstatements are less than materiality but the level of likely aggregate misstatement exceeds materiality. When the level of likely aggregate misstatement exceeds materiality, although it is not conclusive, the auditor's best estimate is that the financial statements are materially misstated. Before concluding that a reservation of opinion is necessary, however, the auditor would urge management to correct misstatements to reduce the level of likely aggregate misstatement sufficiently below materiality to enable an unqualified opinion to be given. Situation 4 Levels of both identified and likely aggregate misstatement exceed materiality. In this situation, if a reservation of opinion is to be avoided, management will have to correct misstatements to reduce the level of likely aggregate misstatements sufficiently below materiality to enable an unqualified opinion to be given. 10.39 Account balances can be audited, at least in part, at an interim date. When account balance audit work is done before the company's year-end date, auditors must extend the interim-date audit conclusion to the balance-sheet date. The process of extending the audit conclusion amounts to nothing more (and nothing less) than performing substantive-purpose audit procedures on the transactions in the remaining period and on the year-end balance to produce sufficient competent evidence for a decision about the year-end balance. Additional considerations include: a) If the company's internal control over transactions that produce the balance under audit are not particularly strong, you should time the substantive detail work at year-end instead of at interim. b) If control risk is high, then the substantive work on the remaining period will need to be extensive. c) If rapidly changing business conditions might predispose managers to misstate the accounts (try to slip one by the auditors), the work should be timed at year-end. In most cases, careful scanning of transactions and analytical review comparisons should be performed on transactions that occur after the interim dare. As an example, accounts receivable confirmation can be done at an interim date. Subsequently, efforts must be made to ascertain whether controls continue to be strong. You must scan the transactions of the remaining period, audit any new large balances, and update work on collectibility, especially with analysis of cash received after the year-end. SOLUTIONS FOR EXERCISES AND PROBLEMS EP10-1 Sampling and Nonsampling Applications TO: Mason & Jarr, CPAs FROM: Consultant-Advisor DATE: SUBJECT: Application of audit sampling standards At your request, I have reviewed the audit work in the case files you provided. Herein are my conclusions about proper application of the audit sampling standards. a) Accounting System Familiarization Work The sample of three purchase orders and subsequent tracing the cash disbursement documents and procedures is not considered "audit sampling,". The work was properly done for the purpose of obtaining a preliminary understanding of the control structure, not for making a judgment about the effectiveness of control procedures. Audit sampling standards apply to samples taken for the purpose of reaching a conclusion about a whole population of data--in this case the cash disbursements controls--and not to work done to obtain a general understanding of a control structure. b) Inventory Count Accuracy Test The sample of inventory items for recounting was a sampling application. Ms. Jarr took the sample for the purpose of making an overall judgment of the accuracy of the counting procedure. The sample did not meet requirements because it appears not to have been representative. Only the largest-quantity items were chosen, and the others were ignored. These items were probably the most likely to be miscounted. Extending the judgment that the 200 were not counted well enough to the other 800 was not warranted. c) Short-Term Debt Outstanding The audit of all seven of the outstanding commercial paper note series was not a sampling application. Audit sampling is the application of audit procedures to less than 100 percent of the items in a balance. This work covered all the items. d) Client Representations Audit sampling is not involved in the procedure of obtaining written client representations. Appropriate written representations can be obtained from the persons with highest authority, and they need not be obtained from less authoritative persons. Written representations are not a selection of less than 100 percent of events from a larger population. They constitute the entire record of relevant written client representations. EP10-2 Test of Controls Audit Procedures Objectives and Deviations 1. Credit Approval: a) Objective- Determine whether credit is approved in accordance with company policy b) Deviation- Absence of notation of approval or disapproval on customers' orders 2. Validity of Sales and Proper Period Recording a) Objectives- (i) Determine whether recorded sales invoices are supported by written notices of shipment, (ii) Determine whether the sales record date is the same as the shipment date. b) Deviations- (i) Absence of written shipment notice, (ii) Sales record date and shipment date are not the same. 3. Accuracy of Sales Invoices a) Objectives- Determine whether (i) Quantities on shipping notices and invoices are the same, (ii) Unit prices on the invoices are correct (catalog), and (iii) Invoice arithmetic is correct. b) Deviations- (i) Quantities do not match, (ii) Wrong prices, (iii) Mathematical mistakes. 4. Classification of Sales a) Objective- Determine whether invoices are properly coded "9" for intercompany sales. b) Deviation- (i) Invoice to an affiliated company not marked "9" and (ii) Invoice to an outside customer marked "9". EP10-3 Timing of Test of Control Audit Procedures TO: Audit Manager FROM: Auditor Magann DATE: October 1 SUBJECT: Interim evaluation of control over cash disbursement authorization I audited 80 cash disbursements as of September 30 for compliance with the company control procedure requiring authorization of cash disbursements. I found no deviations. Had this audit sampling been performed at December 31 for the entire year's disbursements, I would be prepared to assign a low control risk (20 percent). This good evaluation would enable us to perform the planned analytical procedures to expenses and perform the level of inventory observation work specified in the preliminary audit program. With a higher control risk, the audit team would need to do more work in both areas. EP10-3 Magann memo to Audit Manager, October 1, Page 2 Requirements According to auditing standards, the audit team needs to determine whether the authorization control procedure worked as well during October-December period as it did for the period January-September. I think the audit team should audit the other 20 disbursements to find out. Options 1. The audit team cannot elect to forgo all further work on the control for the October-December remaining period. 2. The audit team can complete the sampling application by auditing the other 20 sampling units selected at random. This approach will probably be the least costly because not much time will be required to audit 20 for compliance. 3. The audit team could make inquiries about authorization control performance during October-December. However, the only useful information thus obtained would be news that the control is no longer performed. Then we would know to do more of the other audit work. Declarations from client personnel that the control "worked just fine" would not be good evidence of continued compliance. 4. The three-month length of the remaining period is enough for concern. The audit team should not merely presume the control continued to operate effectively. 5. If the dollar amount of transactions affected by the disbursement authorization control were substantially reduced, the audit team would not need to be so concerned about the control. However, cash disbursements are not likely to become unimportant in the circumstances. 6. The audit team could forgo auditing the 20 disbursements and take its chances that the planned amount of analytical procedures for expenses and work on inventory observation would also reveal any control breakdown in October-December. I do not recommend such action in the circumstances because (a) we ought to evaluate control risk in order to plan the extent of the other work, (b) the cost of auditing 20 disbursements is not high, (c) audit completion might be delayed if we find out about a control breakdown too late, and (d) in these circumstances the dual-purpose nature of the other work may turn out to be circular and inefficient. I trust I have made my preference for completing the test of controls audit of the sample of cash disbursements clear. I think this work should be done no earlier than December 20. EP10-4 Calculate Sample Deviation Rates Sample Sizes 30 60 80 90 120 Missing sales invoice 0.00% 0.00% 0.00% 0.00% 0.00% Missing bill of lading 0.00% 0.00% 0.00% 0.00% 0.00% No credit approval 0.00% 5.00% 7.50% 8.89% 8.33% Wrong prices used 0.00% 0.00% 0.00% 0.00% 1.67% Wrong quantity billed 3.33% 3.33% 5.00% 4.44% 3.33% Wrong invoice arithmetic 0.00% 0.00% 0.00% 0.00% 0.83% Wrong invoice date 0.00% 0.00% 0.00% 0.00% 0.00% Posted to wrong account 0.00% 0.00% 0.00% 0.00% 0.00% Sample Sizes 160 220 240 260 300 Missing sales invoice 0.00% 0.00% 0.00% 0.00% 0.00% Missing bill of lading 0.63% 0.91% 0.83% 1.15% 1.00% No credit approval 8.75% 7.73% 9.58% 10.00% 10.33% Wrong prices used 2.50% 3.64% 3.75% 3.46% 4.00% Wrong quantity billed 3.13% 2.27% 2.08% 1.92% 1.67% Wrong invoice arithmetic 1.25% 0.91% 0.83% 0.77% 1.00% Wrong invoice date 1.25% 0.91% 0.83% 0.77% 0.67% Posted to wrong account 0.00% 0.00% 0.00% 0.00% 0.00% The data in this problem is the same as obtained from evaluating all the samples in Kingston problem 7.27. The sample deviation rates are in the 10 sampling data sheets presented with the solution to Problem 7.27. EP10-5 Stratified Calculation of Projected Likely Misstatement Using the Ratio Method Sample Results Recorded Recorded Error PLM Stratum Amount Sample Amount Amount* (ratio) 1 $100,000 6 $100,000 - $ 600 - $ 600 2 $ 75,068 23 $ 21,700 - $ 274 - $ 948 3 $ 75,008 22 $ 9,476 - $ 66 - $ 522 4 $ 75,412 22 $ 4,692 - $ 88 - $1,414 5 $ 74,512 23 $ 1,973 $ 23 $ 869 $400,000 96 $137,841 - $1,005 - $2,615 1: -600/100,000 x 100,000 = -600 2: -274/21,700 x 5,068 = -948 3: -66/9,476 x 75,008 = -522 4: -88/4,692 x 75,412 = -1,414 5: 23/1,973 x 74,512 = 869 EP10-6 Determining the Risk of Incorrect Acceptance Fred puts inherent and control risk together and calls them a "50-50 proposition," so inherent risk can be taken to be 1.0 and control risk to be 0.50. Jack says it's too bad analytical procedures do not reduce the audit risk in this situation, so analytical review risk seems to be 1.0. Fred says the firm policy is to set audit risk very low. Students may think "very low" means different things. The solution below takes audit risk to be 0.01. TD = AR (=0.01) = 0.02 IR (=1.0) x CR (=0.50) x AP (=1.0) This test of detail risk seems to be quite small, suggesting a large sample size. If the risk were larger, the sample size would be smaller. If it were smaller, the sample size would be larger. SOLUTIONS FOR DISCUSSION CASES DC10-1 a) Critique of Last Year’s Circularization Sample Selection- The method of sampling chosen in 1996 was only specific items and not representative. The selection was made according to size and therefore cannot be considered representative. It would be difficult to prove that testing only the 50 highest items gives an indication as to the reasonableness of the entire population. Coverage- By sampling the 50 largest balances, the company only obtained a coverage of 20% or $2,600,000 out of $13,000,000 total. Since, as in the above, the sample was not representative, there still exists a high possibility the lower balances in the A/R trail balance may be misstated. Errors Discovered- In 1996 the errors discovered amounted to $190,000 out of $2,600,000, or approximately 7%. No attempt was made to project the errors over the remaining population or adjust: Materiality- pretax income $3,900,000 at 5% = $195,000 Asset $26,000,000 at 1/2% = $130,000 Based on this, the above error of $190,000 would in my mind be considered material should have been adjusted. Overdue Accounts- In determining samples, no mention or consideration was given to overdue accounts. It would be apparent that those accounts past due are more likely to be uncollectible independent of their total value. No Mention of Risk Assessment- As stated in the case Cajuzzi “loathe” to write off bad accounts. With this knowledge of the client, the 20X3 audit should have considered this in determining the extent of testing or materiality of the section. This lends more credence to the fact overdue accounts may be uncollectible. Linkage- No mention of compliance testing or effect this would have had on the amount of substantive testing was provided. More testing- In light of the errors, the auditor in 1996 should have increased his sample and required adjustment or considered revision if no adjustment made. b) Random Sampling Random sampling is a method of sampling whereby an attempt is made to choose the sample in such a way that its characteristics represent the characteristics of the entire population. The results of any representative testing may be projected over the entire sample. It is the fundamental principle of sampling theory as testing is designed to reduce work; in other words, the auditor does not look at the entire population but draws a conclusion about the whole population from a sample. If the sample is not representative, then the objective of sampling cannot be met. Non-random selection is appropriate when there are items in the population whose testing is warranted because of certain specific characteristics. For example, items of an unusually large amount, or items occurring at a specific time period, may be good candidates for non-representative sampling. When the auditor can gain better assurance regarding the population characteristic by using non-random sampling, it should be used instead of representative sampling. c) Sampling Error Sampling error is the risk that the sample results are not representative of the true population characteristic. It can be controlled by increasing sample size (including using a lower precision limit and/or a higher confidence level). Non-sampling error results when the auditor forms the wrong conclusion from the sample even though the sample was representative of the population. This type of error can be controlled by designing appropriate auditing procedures, using competent people to perform audit, using due care, and proper supervision and training of assistants. d) Sampling Plan- Variable 1) Assess risk including inherent, control and audit risks as well as overall risk. 2) Decide the level of assurance required from the circularization. 3) Determine materiality for A/R precision based on accepted error and confidence level. 4) Define the objective of the test: to determine if A/R balances are reasonable. 5) Define the population: A/R Trial Balance. 6) Determine method of selection: statistical or judgmental. 7) If statistical will we use dollar unit or two strata sampling due to size. 8) Determine any key items based on size, method of recording, etc. (e.g. all A/R accounts over $150,000 or over 91 days due). DC10-2 Evaluation of Confirmation Results Evidence Analysis and further procedures required 1. 8 confirms -no further work required returned indicating full agreement 2. confirm returned -check A/R subledger to verify number shown -O/S balance as receivable Nov. not Dec. -if amount shown is December, consider telephoning customer to discuss a discrepancy, if exists and reasons for it - consider examining payments received by Delta after year payment may have been in-transit at year end -potential misappropriation of cash receipt 3. confirm correct -check credit memo cutoff to determine if but Jan/96 memo related to goods that were received credit memo before year end and therefore memo should have been issued then -if goods were returned in January (as evidenced by receiving report) then receivable is correct 4. confirm-open -verify receivable balance by subsequent invoice system payments, tracing to shipping document signed by customer indicating goods were received or confirm specific invoice(s) 5. confirm-discount -probably correct, but possible cut-off taken January 1996 error -trace sales discount to relevant period 6. confirms returned -alternative procedures have to be performed marked “no such -consider possibility of non-existent address” customers -telephone customers to obtain verbal confirmation, followed up by written confirmation -consider verification by subsequent payments, tracing to shipping documents 7. confirm- defective -company has confirmed, therefore receivable product exists, however collectibility is questionable -consider collectibility of amount and include in allowance for doubtful accounts if necessary -bring matter to attention of management and enquire if goods were returned 8. confirm not -consider alternate methods of verification returned such as telephoning customer, examining evidence of subsequent payments, or agree to sales and shipping documents 9. negative confirms -clear, nature of confirm is to return if a returned with no disagreement exists, therefore since no notations notation, it appears that no follow-up is required 10-confirm returned -verify difference by examining cash states customer receipts cut-off over year-end and reviewing owed more invoices -ensure all were recorded in the proper periods 11.confirm returned -existence of receivable has been verified balance correct but -valuation may be in question due to requesting extended customer request for credit extension credit terms -this may indicate potential cash collection problems -bring to management’s attention and discuss collectibility of account making provision where necessary 12.confirm returned -confirmation returned indicating existence see us of receivable but collectibility is in question since customer appears unwilling to pay -bring matter to management’s attention and discuss collectibility - include amount in provision if deemed necessary Further Procedures (required to complete the audit of accounts receivable) -confirmation control sheet must be completed and errors found in the sample should be extrapolated over the entire accounts receivable population. -all employee receivables and other credit balances should be examined and noted. Look for unusual activity in the account and note any large amounts outstanding or unusual credit terms and payments history. Reclassify amounts as appropriate (e.g. Abbey). -Babbitt Shipment from Labal should be reallocated to separate account (or balance sheet may show one heading ‘Accounts and notes receivable’ referenced to a further breakdown in the notes Accounts receivable XX Notes receivable XX XXX -the Cadenza balance should be taken out of accounts receivable and set up as a liability (deferred revenue) until shipment of goods have been made. The accounts receivable listing should be reviewed to ensure no other amounts representing deposits are included therein. -receivables not circularized: Dacron - consider current status of collection efforts and subsequent payments, if any -amount may have to be fully or partially included in allowance if collectibility is uncertain Cadaver Inc. - consider reason why management refused to allow circularization since a potential related party may exist, fraud may exist. -consider subsequent payments made by Cadaver and vouching to shipping documents indicating goods were received by customer -perform sales cut-off procedures including tests to ensure that receipts and sales were recorded in the proper periods and tests to ensure that all goods shipped over years end were invoiced and recorded in the proper periods -also test that credit memos were properly issued and recorded for goods returned over the year end -the aged listing should be totaled and cross added -an estimate should be made for bad debt expense and recorded -analytic review should be performed for a test of reasonableness of the final accounts receivable balance and the allowance amount DC10-3 projected likely misstatement = ((162.83)/80)X 1740 = (3541.56). This is a little over half of what is considered material (tolerable)and would likely be acceptable by AUG-41. See solution to 10.38 above for AUG-41 excerpt. DC10-4 a) The sample sizes using the formula (with k=0): n = R/P are as follows. Case 1, n=50. Case 2, n=100. Case 3, n=29. Case 4, n=60. Case 5, n=12. Case 6, n=16. Anything larger than these discovery sample sizes reduces alpha risk, while beta risk (1 – confidence level) remains constant. b) The achieved P or UELs are as follows. Case 1, UEL = .063. Case 2, UEL = .03. Case 3, UEL = .065. Case 4, UEL = .089. Case 5, UEL = .181. Case 6, UEL = .2. c) Unacceptable for cases 1,4, and 6. The auditor can extend testing, insist on an adjustment, re-consider the extent of reliance on controls. d) Sources of error helps auditor asses whether error is intentional or unintentional, and to assess qualitative aspects of internal control (for example, whether a particular individual, department, or time period is affected). e) 1. auditor estimate 2. auditor decision 3. auditor decision 4. auditor decision, or by formula 5. sample result 6. sample result 7. sample result: achieved P or UEL is the maximum error rate at the stated confidence level. SOLUTIONS FOR CRITICAL THINKING QUESTIONS CT 1 By the definition of non-sampling risk to include all other risk beyond sampling risk it is true that the risk of improper application of GAAP is a type of non-sampling risk. In particular, note that accounting risk is a type of non- sampling risk. This illustrates the importance of definitions. All good theories start with definitions. CT 2 Yes, see the application case discussion at the end of the chapter. APPENDIX 10B ADVANCED STATISTICAL SAMPLING CONCEPTS FOR TESTS OF CONTROLS AND TESTS OF BALANCES SOLUTIONS FOR REVIEW CHECKPOINTS 10B.1 Use the model AR = IR x CR x DR to solve for different values of Audit Risk (AR) when internal control risk (CR) is given different values. In all cases IR = 0.90 and DR = 0.10, therefore, AR = 0.90 x CR x 0.10 When CR is AR is 0.10 0.009 or .9 percent 0.50 0.045 or 4.5 percent 0.70 0.063 or 6.3 percent 0.90 0.081 or 8.1 percent 1.00 0.090 or 9.0 percent 10B.2 Roberts' method in equation form is: ( RIA at assessed RIA at maximum ) Incremental RIA = RACRTL x ( control risk - control risk ) The method produces low RACRTL at the low control risk levels and high RACRTL at the higher control risk levels. The logic of the method is: "At the lower control risk levels RACRTL should be small because assessing control risk quite low makes a big difference in the substantive sample size and hence in the risk of incorrect acceptance in the substantive balance-audit work, but at the higher control risk levels the RACRTL can be high because assessing control risk slightly too low does not affect the substantive sample size and risk of incorrect acceptance very much." 10B.3 Assessing the control risk too low causes auditors to assign less control risk (CR) in planning procedures than proper evaluation would cause them to assign. The result could be (1) inadvertently conducting less audit work than properly necessary and taking more audit risk (AR) than originally contemplated, perhaps to the unpleasant results of failing to detect material misstatements (damaging the effectiveness of the audit) or (2) discovering in the course of the audit work that control is not as good as first believed, causing an increase in the audit work, perhaps at a time when doing to is very costly (damaging the efficiency of the audit). The important considerations when auditing a particular account are questions related to (1) How sensitive is the final substantive audit work to assessing control risk too low?, and (2) Is "recovery"--increasing the substantive audit work at a later date upon discovery of the decision error--more expensive and time consuming than planning more work at the outset (i.e., planning to "overaudit")? 10B.4 Assessing the Control Risk Too High The important consideration involved in judging an acceptable risk of assessing the control risk too high is the efficiency of the audit. Assessing control risk too high causes auditors to think they need to perform a level of substantive work which is greater than a proper evaluation of control would suggest. Assessing control risk too high leads to overauditing. Some auditors may be willing to accept high risks of assessing the control risk too high because they intend to overaudit anyway, and the audit budget can support the work. Other auditors want to minimize their work (within acceptable professional bounds of audit risk) and thus want to minimize the risk (probability) of overauditing by mistake. Technically, the risk of assessing control risk too high in relation to an attribute sample is the probability of finding in the sample (n) one deviation more than the "acceptable number" for the sampling plan. For example, if the plan called for a sample of 100 units and a tolerable rate of 3 percent at a .10 risk of assessing control risk too low, the "acceptable number" is zero deviations. The probability of finding 1 or more deviations when the population rate is actually 2 percent is: Probability (x > 0 : n = 100, r = .02) = 1 - (1 - r)n = 1 - (1 - 0.2)100 = .867 or 86.7 percent 10B.5 Probability (x > 0 : n = 100, r = .005 ) = (1 - r)n = 1 - (1 - .005)100 = 0.394 or 39.4 percent 10B.6 The "connection" is a direct relationship between control risk and the tolerable deviation rate. (1) When larger values are planned for control risk (say, 0.95, 0.90) in an audit plan, more analytical procedure and test of detail work will be done. Auditors will not rely very much on internal controls. Therefore, not much help is expected from the controls anyway, so the tolerable deviation rate can be larger. The direct relation is: The higher he control risk, the higher the tolerable deviation rate can be. (2) When lower values are assigned to control risk (say, 0.10, 0.20) in an audit plan, less analytical procedure and test of detail work will be done. Auditors intend to rely on internal accounting controls. Therefore, effective compliance with control policies and procedures is important, and the tolerable deviation rate ought to be low. The direct relation is: The higher the planned control risk, the higher the tolerable deviation rate can be. 10B.7 The connection between tolerable dollar misstatement assigned for the substantive audit of a balance and tolerable deviation rate used in a test of controls sample is the smoke/fire multiplier judgment. It is the factor by which auditors believe transactions can be exposed to control deviations yet not create dollar-for-dollar misstatements in the related account balance. 10B.8 Professional Judgments and Estimates in Test of Controls Attribute Sampling a. Risk of Assessing Control Risk Too Low (RACRTL) is a matter of judgment about the importance ("key") characteristic of a particular client control procedure. An auditor can take more risk of assessing control risk too low on unimportant controls than on important ("key") ones. Alternatively, the risk of assessing control risk too low can be considered a constant (say, .10) and the importance of a control can be measured in terms of a smaller or larger tolerable rate. A more logical approach is to use Robert's method to derive RACRTL from the separate judgment of an "incremental risk of incorrect acceptance" for the related substantive audit. b. Risk of Assessing Control Risk Too High is a matter of judgment abut the efficiency of an audit engagement. The risk can be quite high when the audit team is willing to do extensive substantive work anyway. If the work budget is tight, auditors need to find objective ways (e.g., larger test of controls audit samples) to mitigate the risk. c. Tolerable Deviation Rate is a judgment about how many control deviations can exist in the population, yet the control can still be considered effective. Auditors need to be careful about brushing aside findings of deviations. The smoke/fire multiplier is a judgmental connection of the tolerable misstatement in the substantive sample with the tolerable deviation rate in the test of controls sample. d. Expected Deviation Rate in the Population is an estimate, usually based on assumptions or sketchy information, of the imbedded incidence of control deviations. The only use of this estimate in classical attribute sampling is to figure a sample size in advance. The statistical evaluation (CUL calculation) does not use it. e. Population Definition might be called a judgment about identification of the population of control performances that correspond to an audit objective. For example, an auditor would want to be sure he is sampling from a file of recorded documents if his objective is to audit the controls over transaction validity. 10B.9 To figure a test of controls sample size using the Appendix 10B R-value tables, you need to know: FACT: population size, for finite correction if it is fewer than 1000. JUDGMENT: tolerable deviation rate JUDGMENT: risk of assessing control risk too low (RACRTL) ESTIMATE: estimated deviation number or rate. The risk of assessing control risk too high (RACRTH) is not used in the calculation. 10B.10 Enter Appendix 20A for BETA = 5 percent (confidence level = 95 percent) And use N = R/P with R(K=.3, BETA=.05), N= 7.76/(.09)=87 10B.11 To figure a test of controls sample size using the R Value Table poisson risk factors, you need to know: FACT: population size, for finite correction if it is fewer than 1000. JUDGMENT: tolerable deviation rate. * These two are needed to get the correct poisson risk factor: * JUDGMENT: risk of assessing control risk too low (RACRTL) * ESTIMATE: estimated deviation number or rate. The risk of assessing control risk too high (RACRTH) is not used in the calculation. 10B.12 Enter Appendix R-Value table for BETA = 5 percent. N= R(k=2, BETA=.05)/ P= 6.31/.09= 70 10B.13 Based on the specifications of risk of assessing control risk too low, tolerable deviation rate and expected population deviation rate, sample sizes would be determined independently for the two populations in the subdivision. If the criteria are at least as stringent for each of the two as they would be for the undivided population, the sum of the two sample sizes would be at least twice the size of the sample figured for the single population (provided both subdivided populations have 1,000 or more units). This is because the formula is used twice, once for each population. 10B.14 No, with any random number table arrangement, you can use 1,2,3,4,5,6, or more random digits wherever they appear in the printed table. 10B.15 1. Divide the population size by the sample size. obtaining a quotient k. 2. Obtain a random start in the file and select every kth item for inclusion in the sample. 3. If the end of the file is reached, return to the beginning of the file to complete the selection. * When multiple random starts are taken (say, 5), the sampling interval is 5 x k instead of k. 10B.16 The UEL is the estimated worst likely deviation rate in the population, with the probability = risk of assessing control risk too low that the actual population deviation rate is even higher. 10B.17 Using the Poisson risk factor equation: UEL = Poisson risk factor for 3 errors, BETA=35% = 4.45 = 9.7% Sample Size 46 10B.18 The discovery sampling table probability is the probability of finding at least one defined deviation in a sample of a given size, provided the population deviation rate is equal to the critical rate of occurrence. 10B.19 The links that connect test of controls sample planning with substantive balance-audit sample planning are these: (1) the smoke/fire multiplier judgment that relates tolerable dollar misstatement in the substantive balance- audit sample to the anchor tolerable deviation rate in the test of controls sample. (2) Roberts' method of calculating RACRTL that relates an audit judgment of incremental risk of incorrect acceptance for the substantive balance-audit sample to the risk of incorrect acceptance consequences of assessing control risk too low. (3) considering the cost of the substantive balance-audit sample to decide the test of controls sample size and the planned control risk assessment. 10B.20 Choose the one that produces the lowest total cost of test of controls sampling and substantive balance-audit sampling. 10B.21 The objective of test of control with attribute sampling is to produce evidence about the rate of deviation from company control procedures for the purpose of assessing the control risk. Measuring the dollar effect of control deviations is a secondary consideration. The objective of a test of a balance with dollar-value sampling is to produce direct evidence of dollar amounts of error in the account. This is called dollar-value sampling to indicate that the important unit of measure is dollar amounts. Sometimes, dollar-value sampling is called variables sampling just to distinguish it from attributes sampling and the control risk assessment objective. 10B.22 Use of the audit risk model to calculate RIA does not remove audit judgment from the risk determination process because all the elements of the model are auditors' judgments and assessments. 10B.23 Yes, the benefit from using the audit risk model to calculate RIA is that it captures the independent nature of different audit considerations in its multiplication form, and it enables different auditors who have the same judgments to produce the same RIA. 10B.24 TD = AR = 0.015 = 0.20 IR x CR x AP 0.50 x 0.30 x 0.50 You can ask students to illustrate why this comes out the same as the one in the textbook illustration where TD = AR = 0.03 = 0.20 IR x CR x AP 1.0 x 0.30 x 0.50 10B.25 An incorrect acceptance decision directly impairs the effectiveness of an audit. Auditors wrap up the work and the material misstatement appears in the financial statements. An incorrect rejection decision impairs the efficiency of an audit. Further investigation of the cause and amount of misstatement provides a chance to reverse the initial decision error. 10B.26 The important considerations are cost/benefit and audit efficiency. The "model" is unique to each audit engagement and to each account because costs and relationships will differ from client to client. 10B.27 Generally accepted auditing standards define and mention the risk of incorrect rejection, but GAAS takes no "position" on it. GAAS offers no model or method for thinking about RIR. GAAS concentrates attention on the risk of incorrect acceptance and the effectiveness of audit sampling. 10B.28 Some of the other names for types of dollar-unit sampling are: combined attributes-variables sampling (CAV), cumulative monetary amount sampling (CMA), monetary unit sampling (MUS), and sampling with probability proportional to size (PPS). 10B.29 The unique feature of dollar-unit (DUS) sampling is its definition of the population as the number of dollars in an account balance or class of transactions. Thus, for any given account balance (recorded amount, book balance) the population is defined as the number of dollars. With this definition of the population, the audit is theoretically conducted on a sample of dollar units, and each of these sampling units is either right or wrong. 10B.30 Advantages: 1. An estimate of a normal distribution standard deviation is not required. 2. A minimum number of errors is not required for statistical accuracy. 3. Sample sizes are generally small (efficient). 4. Stratification is accomplished automatically. Disadvantages: 1. The DUS assignment of dollar amounts to errors is conservative (high) because rigorous mathematical proof of DUS upper error limit calculations has not yet been accomplished. 2. DUS is not designed to evaluate financial account understatement very well. (No sampling estimator is considered very effective for understatement error, however.) 3. Expanding a DUS sample is difficult when preliminary results indicate a decision that a balance is materially misstated. 10B.31 DUS resembles attribute sampling for control deviations in the definition of an error--a dollar is either right or wrong (modified later in connection with tainting calculations). Also, the population is defined as units (dollar) of a uniform size, instead of the varied sizes of logical units, such as customer account balances. 10B.32 Larger. DUS sample size varies directly with population size (recorded amount) 10B.33 Smaller. DUS sample size varies inversely with the amount of risk of incorrect acceptance. (The RF becomes smaller.) 10B.34 Larger. Larger expected misstatement reduces the planned precision P which is the denominator in the sample size planning formula. 10B.35 Smaller. DUS sample size varies inversely with the amount of tolerable misstatement. 10B.36 The identification of individually significant logical units in an account balance has the effect of reducing the size of the recorded amount population for dollar-unit (DUS) sampling. The individually significant units are removed for 100% audit, and the remainder is the population to be sampled. 10B.37 When a $1 unit is selected at random, it "hooks" the logical unit that contains it, making the logical unit the object of the audit. Since larger logical units have more $1-units in them, they are more likely to be chosen in the sample, thus producing a dollar total for the sample larger than the dollar total that would be obtained in an unrestricted random sample in which the logical unit was the sampling unit (because in the latter case, the smaller logical units would have an equally likely chance of selection). 10B.38 When two dollar units for the sample fall in the same logical unit, the logical unit is "selected twice." When results are evaluated, any error taint in this logical unit is counted twice. 10B.39 Audit of $600,000 with sample of 100. ASI = $6,000. Calculate the UEL at various RIA: RIA Risk Factor UEL 0.05 3.00 $ 18,000 0.10 2.31 $ 13,860 0.25 1.39 $ 8,340 0.50 0.70 $ 4,200 10B.40 Audit of $600,000 with sample of 100. ASI = $6,000. Calculate the UEL at various RIA: What is the interpretation of each UEL? RIA Risk Factor UEL Interpretation: Probability is 0.05 3.00 $ 18,000 5% that actual error exceeds $18,000 0.10 2.31 $ 13,860 10% that actual error exceeds $13,860 0.25 1.39 $ 8,340 25% that actual error exceeds $ 8,340 0.50 0.70 $ 4,200 50% that actual error exceeds $ 4,200 10B.41 UEL CALCULATION (RIA = 0.48) Basic Error Likely Error Average and PGW Tainting Sampling Dollar Factors x Percentage x Interval = Measurement 1. Basic error (0) 0.73 100.00% $ 3,125 $ 2,281 2. Most likely error: First error 1.00 90.00% $ 3,125 $2,813 Second error 1.00 80.00% $ 3,125 2,500 Third error 1.00 75.00% $ 3,125 2,344 Projected likely error $ 7,657 3. Precision gap widening; First error 0.01 90.00% $ 3,125 $ 28 Second error 0.02 80.00% $ 3,125 50 Third error 0.01 75.00% $ 3,125 23 $ 101 Total upper error limit (0.48 risk of incorrect acceptance) $10,039 Interpretation: The probability is 48% that the error in the account exceeds $10,039. UEL CALCULATION (RIA = 0.05) Basic Error Likely Error Average and PGW Tainting Sampling Dollar Factors x Percentage x Interval = Measurement 1. Basic error (0) 3.00 100.00% $ 3,125 $ 9,375 2. Most likely error: First error 1.00 90.00% $ 3,125 $2,813 Second error 1.00 80.00% $ 3,125 2,500 Third error 1.00 75.00% $ 3,125 2,344 Projected likely error $ 7,657 3. Precision gap widening; First error 0.75 90.00% $ 3,125 $2,109 Second error 0.55 80.00% $ 3,125 1,375 Third error 0.46 75.00% $ 3,125 1,078 $ 4,562 Total upper error limit (0.05 risk of incorrect acceptance) $21,594 Interpretation: The probability is 5% that the error in the account exceeds $21,594. 10B.42 The one best measure of a sample-based amount for adjustment, arguably, is the projected likely error (provided the projection is made from a sufficiently large sample). The PLM assumes that the error found in the sample is representative of the error in the remainder of the population, and estimates the amount of error that might be found if the entire population were audited. 10B.43 The auditing profession members cannot even agree on where to go for lunch, much less agree on a tough concept like sample-based measurement of misstatement amounts in a population of data. Audit situations are all different. The errors in one account must be considered in combination with errors in other accounts. After all, the first pass at an overall materiality criterion is itself not well defined, and the assignment of tolerable misstatement to individual accounts is even less well defined. Reportedly, auditors don't even assess tolerable misstatement anyway. They make ad hoc adjustment decisions in each individual audit and its circumstances. SOLUTIONS FOR EXERCISES AND PROBLEMS EP10B-1 Behavioral Decision Case: Determining the Best Evidence Representation This case is one of Bob Ashton's behavioral decision cases (Accounting Review, January, 1984, pp. 78-97. He give credit to W. Uecker and W. Kinney, "Judgment Evaluation of Sample Results: A Study of the Type and Severity of Errors Made by Practicing CPAs," Accounting, Organizations and Society, vol. 2, no. 3 (1977), pp. 269-75. The "answer" below is taken from Ashton. NOTE TO INSTRUCTOR: Take a look at this answer. You may want to get the students to discuss cases 1,2, and 3 first, then give them a chance to think about Cases 4 and 5. See if they can be fooled to change their minds to choose the larger samples for Cases 4 and 5, then discuss them. In this exercise, two pieces of information are available for each of the three pairs of sample outcomes: (1) the sample size, and (2) the sample deviation rate. While sample size is independent of population parameters, sample deviation rate is representative of the population characteristic of interest, i.e. the population deviation rate. Use of the representativeness heuristic could cause one to ignore the size of the sample, and to base choices solely on the sample deviation rate. Thus one might choose Sample A in Case 1 and Sample B in Cases 2 and 3, because their sample deviation rates are lower. The calculation of achieved precision P=R/n show, however, that none of these three sample outcomes provides adequate assurance that the population deviation rate is below five percent, even at 90 percent confidence [10 percent risk of assessing control risk too low]. The other member of each pair (choices B,A,A) does provide the desired assurance at a 95 percent confidence level [5 percent risk of assessing control risk too low]. Thus reliance on the representativeness of the sample outcomes could lead one to choose the weaker evidence in these cases. Notice that the correct choice in Cases 1,2, and 3 is the larger sample. It might be tempting to conclude that this will always be true, i.e. that larger samples are always superior to smaller samples. But this simplification will not always work either. Consider Cases 4 and 5. The correct answers are the smaller samples. Interestingly, use of the representativeness heuristic (i.e. focusing on the smaller error rates) would lead to the correct choices in these two instances, but would result in incorrect choices in the first three pairs of sample outcomes. This illustrates that while use of simplifying heuristics can lead to good decisions, it can also lead the decision maker astray. EP10B-2 Behavioral Decision Case: Estimating a Frequency This case is one of Bob Ashton's behavioral decision cases (Accounting Review, January, 1984, pp. 78-97. He gives credit to M. Gibbins, "Human Inference, Heuristics and Auditors' Judgment Processes," Proceedings of the CICA Auditing Research Symposium, Laval University (1977). The answer below is taken from Ashton. The best answer to this exercise is the smaller department. This department processes only 15 invoices per day, while the larger department processes 45. The smaller department is more likely to have more days in which the number of invoices specifying discounts deviates from the average of 50 percent, since sampling variability is greater for small samples than for larger samples. [It takes only 9 invoices in the smaller department to exceed the 60 percent variation, while it takes 27 in the larger department.] People who use the representativeness heuristic, however, often do not consider the size of the sample, because the degree to which a sample statistic resembles the population does not depend on sample size. Consequently, the perceived likelihood of a sample statistic will be independent of sample size, and people may incorrectly choose "about the same" as the best answer. EP10B-3 Calculating Risk of Assessing Control Risk Too High The proper question is: What is the probability of finding 4 or more deviations in a sample of 80 when the actual rate in the population is exactly 4 percent? Use the Poisson approximation to calculate the probability of finding no (zero) deviations, then 1 deviation, then 2, then 3. The sum of these probabilities is the probability of finding 3 or fewer. Thus the probability of finding 4 or more is 1 minus the sum. Look at the equation below. The term "np" is 80 x .04 = 3.2. The term "x" is 0, 1, 2, 3. P (0;3.2) = 0.0408 Probability of zero deviations in sample of 80 P (1;3.2) = 0.1305 Probability of one deviation in sample of 80 P (2;3.2) = 0.2088 Probability of two deviations in sample of 80 P (3;3.2) = 0.2227 Probability of three deviations in sample of 80 Sum = 0.6028 Probability of finding 3 or fewer when actual rate is 4 percent. 1 - Sum = 0.3972 Probability of finding 4 or more when the actual rate is 4 percent. The risk of assessing control risk too high is 39.72 percent. Using the Poisson approximation formula, the computed risk of finding zero deviation when the actual deviation rate in the population is 3 percent is: Computed risk:=x=0 2.718(80*.03)(80*0.03)0 = 0.091 0! The computerized risk probability of finding no deviations in a sample of 80 when the population deviation rate is 3 percent is 9.1 percent. Therefore, the probability is 1-9.1 percent = 90.9 percent of finding 1 or more deviations in a sample of 80 when the actual population deviation is 3 percent. Therefore, the auditor who assesses a higher control risk when one deviation is found is accepting a 90.9 percent risk of assessing the control risk too high. If the actual population rate were only 2 percent, the Poisson probability (computed risk) of finding zero deviations in a sample of 80 would be 20.2 percent. So the risk of assessing control risk too high would be 1-20.2 percent = 79.8 percent. Turning to the problem of controlling the risk of assessing control risk too high in the same example, suppose you decide to sample 140 units so finding 1 deviation could still give you UEL of 3 percent at 10 percent risk of assessing control risk too low. The Poisson probability of finding two or more deviations when the actual population deviation rate is less than 3 percent (say, 2 percent) is 0.7689, calculated as follows: 1. First calculate the probability (risk) of finding 0 and 1 deviations: Pp(0:140 x 0.02)=[2.718-2.8(2.8)0]/0! = 0.0608 Pp(1:140 x 0.02)=[2.718-2.8(2.8)1]/1! = 0.1703 Pp(x=0,1:140 x 0.02) = 0.2311 2. Calculate the probability (risk) of finding two or more deviations: Since the probability of finding zero or one is 0.2311, the probability of finding two or more is 0.7689 = 1-0.2311. Thus, the risk of assessing control risk too high when the actual population deviation rate is a little less than the tolerable rate is improved to 76.89 percent with a sample of 140, from the 79.8 percent risk with a sample of 80. The improvement is not much, but the example points out how a larger sample size reduces risk. Most attribute sampling tables contain probabilities calculated using the binomial equation. The binomial equation approximates fairly closely the hypergeometric equation which is mathematically accurate for finite populations and for sampling-without-replacement methods. The hypergeometric equation is even more difficult to solve than the binomial equation. The Poisson distribution approximates fairly closely the binomial distribution, and it is easier to calculate using a pocket calculator capable of raising numbers to a power. Auditors can use the equation shown below to calculate risk because the Poisson distribution is a limiting case of the binomial distribution when the population is large and the deviation rate is low (commonly found in audit situations). Note: Even if the deviation rate is high the Poisson distribution provides a conservative (i.e. overestimates) the actual deviation rate. Pp(x;np)= e-np(np)x X! where: Pp(x;np)=Poisson probability of finding exactly x number of deviations in a sample having np expected number of deviations e= Base of natural logarithms, approximately 2.718 n= Sample size p= Hypothesized deviations rate x= Number of deviations The computed risk of finding a given number of deviations is a cumulative function: Computed risk = x e-np(np)x x! For example, consider the illustration in Chapter 20 concerning the risk of assessing control risk too high. When the procedure of vouching a random sample of 80 invoices to supporting shipping orders was performed, the auditor found no deviations (no cases of missing shipping orders). The example says the probability (risk) is 10 percent that the actual population deviation rate is equal to or greater EP10B-4 Sample Size Relationships a. Tolerable deviation rate = 0.05 Expected population deviation rate = zero. Sample Size Risk of Assessing Control Population > 1,000 Population = 500 Risk Too Low 0.01 93 76 0.05 60 54 0.10 47 45 b. Acceptable risk of assessing control risk too low = 0.10 (BETA RISK) Expected population deviation rate = 0.01 Sample Size Tolerable Dev. Rate Population > 1,000 Population = 500 0.10 26 25 0.08 33 31 0.05 58 52 0.03 116 95 0.02 231 159 c. Acceptable risk of assessing control risk too low = 0.10 (BETA RISK) Tolerable deviation rate = 0.10 Sample Size Expected Population Deviation Rate Population > 1,000 Population = 500 0.01 26 25 0.02 29 28 0.04 39 37 0.07 77 68 0.09 231 159 d. The population size-adjusted sample sizes are figured using the formula n = n' 1 + (n' /N) where n' is the sample size in using Appendix 20A and R=NP N = 500 population size n = sample size adjusted for population size EP10B-5 Exercises in Sample Selection a. The first 5 usable numbers (using the path down the column and then to the top of next column) are: 1609, 3342, 2287, 3542, and 1421. Note that 14 numbers were reviewed to get 5, and 9 were discarded. b. The first 5 usable five-digit numbers (using the path down the column and then to top of next column) are: 02921, 05303, 08845, 05851, and 09531. Note that 26 numbers were reviewed to get 5, and 21 five-digit numbers were discards. This selection can be made more efficient by converting the random number to 4 digits to correspond with the number of digits in the population size. There will be fewer discards if you subtract 2220 from the beginning and ending numbers and use the sequence 0000 to 9099. Using the first 4 digits and starting at the same place: Random numbers Add back 2220 Random check number 2041 + 2220 = 4261 2870 + 2220 = 5099 7457 + 2220 = 9677 6261 + 2220 = 8481 7568 + 2220 = 9788 This method is random and there was only one discard to get 5 usable numbers. c. 1. Choosing a month at random does not generate a random sample of the year's vouchers. This is a type of block sample and is not acceptable for statistical validity (but may be acceptable for judgmental sample). 2. Random 7-digit numbers would generate a random sample, but there would be a large number of discards. This method is not efficient. 3. Ten vouchers from each month is an acceptable choice if and only if an equal number of vouchers were recorded each month. This method can be modified by calculating the relative number of vouchers each month and selecting that proportion of the vouchers from that month. For example, if 4,520 vouchers (10%) were issued in January, then select 12 sample vouchers (10% of 120) from January. d. In case (a), select every 100th sales invoice (5,000/50 = 100) starting with number 1609. The next four numbers are 1709, 1809, 1909, 2009. The selection may also be made by starting at the front of the file with a random number between 1 and 100, then selecting every 100th item. In case (b), select every 91st check (9,100/100 = 91) starting with number 02921. The next four are 03012, 03103, 03194, 03285. As in case (a) other random starts are possible. In case (c), select every 376th voucher (45,200/120 = 376) starting with number 03-01102. The second number is 03-01478. Successive numbers may spill over into the April file. The auditor has had to count to the end and then continue the count in succeeding months. EP10B-6 Imagination in Sample Selection a. Sample from Checking Accounts with Overlapping Numbers * Let checks in Account #2 be represented by the check numbers 0001 - 6000 (6,000 checks). * Let checks in Account #1 be represented by numbers 6001 - 9000 (obtained by adding the constant 2368 to the actual numbering sequence of 3633 - 6632). The new sequence contains 3,000 numbers, the same as the original number of checks. * When a 4-digit random number between 0001 and 6000 is selected, it identifies a check in Account #2. * When a 4-digit random number between 6001 and 9000 is selected, subtract the constant 2368, and the remainder identifies a check in Account #1. * Random numbers 9001 - 9999 are discards. * Starting in Appendix 20B, row 1, column 2: Check Selected in Random Discard or Number Constant Account #1 Account #2 9541 Discard 9985 Discard 6815 -2368 4447 2543 NA 2543 5190 NA 5190 1925 NA 1925 0030 NA 0030 b. Sample of Purchase Orders * First convert of 5-digit real sequence (09000 - 13999) to the 4-digit sequence 000 - 4999 by subtracting the constant 09000. * Then let the sequence of numbers from 5000 - 9999 also represent purchase orders in the sequence. * Now all the 4-digit random numbers represent purchase orders, and none will be discards. * You will, however, need to convert each 4-digit random number into a purchase order number. * Starting in Appendix 13-A, row 30, column 3: Random Conversion for Conversion to Purchase Number 5000 - 9999 P.O. Sequence Order No. 4251 NA + 9000 13251 8991 - 5000 + 9000 12991 5077 - 5000 + 9000 09077 9431 - 5000 + 9000 13431 5595 - 5000 + 9000 09595 Note: When sampling without replacement, some numbers will be discards when two of them identify the same purchase order. For example, random numbers 4251 and 9251 both identify purchase order 13251. c. Sample of Perpetual Inventory Records Systematic sampling is probably the most efficient method. You know the list has 3740 item descriptions (74 x 50 + 40). The factor k = 37.4. Take 5 random starts by entering a random number table and choosing a 2- digit random number between 1 and 75 to represent a page, choosing the next 2-digit random number to represent a line, then selecting every 187th description (187 = 5 x 37.4). Repeat the procedure five times. For example, start in Appendix 13-A, row 1, column 1: 3rd item... Page Line 1st item 2nd item 20th item 32 07 p. 32, 1. 7 p. 35, 1. 44 p. 39, 1. 31 59 46 p. 59, 1. 46 p. 63, 1. 32 p. 67, 1. 19 65 35 p. 65, 1. 35 p. 69, 1. 22 p. 73, 1. 9 14 20 p. 14, 1. 20 28 02 p. 28, 1. 02 d. Sample of Physical Inventory The physical selection might involve problems not covered in the exercise--separate selection of high-value items, the physical size of items. This solution is simplistic for ignoring these potential complications. The inventory physical frame is 3-dimensional. It has width (300 rows of shelves), length (75 feet each row) and height (10 tiers in each row of shelves). Two ways to select the sample are: 1. Think of the layout as 22,500 linear feet of shelf rows (300 x 75). Using systematic sampling, take 5 random starts, each time pacing off 1,125 feet (5 x 22,500/100) in a pre-determined path around the warehouse. At each stop, select a random number between 1 and 10 to identify the tier, and select that item. 2. Think of the layout as 300 2-dimensional coordinates. Select 100 of the rows, but be careful about any systematic selection because physical storage may be in some nonrandom pattern. For each selected row, select a random number between 1 and 75 to locate a position on the row. Then select a random number between 1 and 10 to identify a tier and the inventory at that location. EP10B-7 Cases a, b, c: Illustrate effect of different risks of assessing control risk too low. Cases d, e, f: Illustrate effect of larger samples with same sample deviation rate. Cases g, h, i: Illustrate different sample deviation rates. (a) (b) (c) (d) (e) (f) (g) (h) (i) Actual sample deviation rate 2% 2% 2% 2% 2% 2% 10% 6% 0 Computed upper limit (approx.) 5% 4% 3.6% 6.3% 4.6% 3.6% 17% 12% 3% EP10B-8 Discovery of Sampling Calculations (a) (b) (c) (d) (e) (f) (g) (h) (i) Critical rate of occurrence .4% .5% 1.0% 2.0% 1.0% .5% .4% .4% .4% Required relia- bility 99 99 99 99 91 70 70 85 95 Sample size (minimum) 1,000 900 460 240 240 240 300 460 700 EP10B-9 Selecting a Dollar-Unit Sample The solution starts by finding the recorded amount of the total = $38,610. The skip interval is 38,610 / 10 = 3,861. "Random start" at 1,210. Whitney Company Index_____ Inventory Sample Selection Prepared by___Date___ Sept 30, 20XX Reviewed by___Date___ Account Account Modified Dollar Logical Number Balance Accumulator Accumulator Selected Unit 1 1,750 - 1,210 1st 1,210 2 1,492 2,561 - 1.300 3,862nd 1,492 3 994 - 306 4 629 323 - 3,538 7,723rd 629 5 2,272 - 1,266 6 1,163 - 103 7 1,255 1,152 - 2,709 11,584th 1,255 8 3,761 1,052 - 2,809 15,445th 3,761 9 1,956 - 853 10 1,393 540 - 3,321 19,306th 1,393 11 884 - 2,437 12 729 - 1,708 13 937 - 771 14 5,938 5,167 1,306 23,167* 5,938 - 2,555 27,028* 15 2,001 - 554 16 222 - 332 17 1,738 1,406 - 2,455 30,889th 1,738 18 1,228 - 1,227 19 2,577 1,350 - 2,511 34,750th 2,577 20 1,126 - 1,385 21 565 - 820 22 2,319 1,499 - 2,362 38,611th 2,319 23 1,681 - 681 38,610 * Two dollar units in the same logical unit. Total of logical units in the sample of 10 dollar units 22,312 EP10B-10 When RIA is greater than .5 one has to question the usefulness of the particular statistical test. The risk model yields even more problematic treasures if IR x CR x AP is less than or equal to AR. This makes RIA equal to or greater than 1 (i.e. RIA is more than 100% !) when RIA = AR/(IR x CR x AP). The model, therefore, suggests that tests of details may not be necessary. All the evidence thus rests on internal control, inherent risk (the subjective probability estimate of misstatement getting into the accounting in the first place), and the effectiveness of analytical procedures. Auditing theory and practice maintains that some effective substantive procedures should be performed--perhaps including a minimum sample size for tests of details in addition to substantive analytical procedures. SOLUTIONS FOR DISCUSSION CASES DC10B-1 Mistakes in Sampling Application Mistake Explanation 1. The statistical criteria call for a sample of 160, not 100. 1. He apparently read Appendix 13-B.2 for the 1% expected rate instead of for 2%. 2. He used two test months. 2. Even a selection of two months does not make the sample representative of the year's population. 3. He stratified the population, but did not adjust the total sample size accordingly. 3. Nothing is wrong with stratification, but in this case the sample size in each stratum would be about 160. 4. He apparently did not define the error attribute carefully before starting the audit work. He did not follow up sufficiently on the errors that he did find. 4. Indicated by his after-the-fact rationalization of the two errors into non-errors. In fact the pay rate error has dollar-value impact that he made no effort to recognize (i.e.), liability for underpayment of wages). 5. He improperly combined a stratified sample into a single evaluation. 5. When stratification is done properly, the two samples should be evaluated independently. 6. The reviewers (senior and partner) were not competent to review the statistical application. 6. This is not Tom's mistake, but it's worthwhile to point out that competence is as necessary at the review level as it is at the operational level. DC10B-2 Determine a Test of Controls Sample Size Test of controls sample size = 75, with plan to assess control risk = .10 and audit minimum (25) substantive balance- audit sample. This choice gives the lowest total cost if control risk is actually assessed at .10. EXHIBIT for DC10B-2 GOODWIN MANUFACTURING COMPANY Test of Control Balance-Audit Control Risk Categories CR TDR RIA RACRTL n[c] Cost n[s] Cost TOTAL .10 .04 .50 .05 75 $ 900 25 $ 625 $1,525 Low control .20 .06 .28 .09 40 $ 480 46 $1,150 $1,630 risk .30 .08 .19 .15 24 $ 288 60 $1,500 $1,788 .40 .10 .14 .25 14 $ 168 71 $1,775 $1,943 Moderate .50 .12 .11 .40 8 $ 96 80 $2,000 $2,096 control risk .60 .14 .09 .50 5 $ 60 87 $2,175 $2,235 .70 .16 .08 .50 4 $ 48 91 $2,275 $2,323 Control risk .80 .18 .07 .50 4 $ 48 96 $2,400 $2,448 below maximum .90 .20 .06 .50 4 $ 48 101 $2,525 $2,573 Maximum risk 1.00 .22 .06 .50 3 $ 36 101 $2,525 $2,561 Audit risk = .05 Inherent risk = 1.0 Analytical procedures risk = .90 [detection probability = .10] RIA = (AR=.05)/[(IR=1.0) x CR x (AP=.90)] Anchor TDR = 7 x 2,000,000 = .03 for CR = .05 467,000,000 RACRTL = .02 for each RIA for each CR RIA - .06 DC10B-3 Relation of Dollar-Unit Sample Sizes to Audit Risk Model CONTROL RISK INFLUENCE ON SUBSTANTIVE BALANCE-AUDIT SAMPLE SIZE AR = .05 AR = .10 AR = .05 AR = .05 IR = 1.00 IR = 1.00 IR = .50 IR = 1.00 AP = 1.00 AP = 1.00 AP = 1.00 AP = .50 (CR) RIA n(s) RIA n(s) RIA n(s) RIA n(s) .10 0.50 21 .50 21 .50 21 .50 21 .20 0.25 42 .50 21 .50 21 .50 21 .30 0.167 53 .33 33 .33 33 .33 33 .40 0.125 61 .25 42 .25 42 .25 42 .50 0.10 69 .20 48 .20 48 .20 48 .60 0.083 76 .17 53 .17 53 .17 53 .70 0.071 80 .14 59 .14 59 .14 59 .80 0.0625 84 .13 61 .13 61 .13 61 .90 0.0556 87 .11 66 .11 66 .11 66 1.00 0.05 90 .10 69 .10 69 .10 69 Discussion: Comparing the first two sets at left: Larger audit risk produces smaller samples throughout the entire range of control risks. Comparing the three sets at the right: Doubling the audit risk from .05 to .10 has the same effect on RIA and sample size as assessing half the IR or AP. Comparing the two sets at the left: The same change in IR and AP have the same effect on RIA and sample size. DC10B-4 Determining an Efficient Risk of Incorrect Rejection (DUS) For each of the control risk levels, calculate the expected cost savings from auditing the initial alternative (minimum) sample. Assume that the action in the event of a rejection decision is to expand the work by selecting additional units up to the number in the base sample. Alternative Control "Base" Alternative (Minimum) Cost Savings Risk Sample RIR Sample $8(nb-na)-$19(nb-na)(RIRa-.01) 0.20 80 .02 41 $312 - $ 7 = $305 0.30 96 .02 53 $344 - $10 = $334 0.40 107 .03 62 $360 - $17 = $343 0.50 116 .03 68 $384 - $18 = $366 0.60 122 .03 74 $384 - $18 = $366 0.70 128 .03 78 $400 - $19 = $381 0.80 133 .03 82 $408 - $19 = $389 0.90 137 .03 86 $408 - $19 = $389 1.00 141 .03 89 $416 - $20 = $396 Discuss the potential audit efficiencies and possible inefficiencies from beginning the audit work with the alternative (minimum) sample size. The potential audit efficiency is achieving the cost savings scheduled above. Depending on the control risk level planned for assessment, the savings could range from $305 to $396. The large savings arise from the very small increase in RIR for the alternative (minimum) sample sizes. These sample sizes were obtained by a method that is fairly insensitive to RIR changes. The alternative sample sizes are actually minimum samples that also fit the criterion of alternative RIR from .02 and .03 to .50. In other words, in this attribute-type dollar-unit sample, the alternative sample sizes are the minimum sample sizes, no matter what RIR greater than .02 and .03 are specified. (Note to instructors: I am not sure that very many students, except the mathematicians, will be interested in this phenomenon.) The solutions for different sample sizes will be similar in form, although the numbers will be different. DC10B-5 Comparison of Sampling Methods (a) Unrestricted random sample of 10 accounts RANDOM UNIT SAMPLE WRONG WRONG WRONG MONETARY AUDIT ACCT # BALANCE QUANT'Y MATH DATE ERROR AMOUNT 2 $346 $0 $346 5 $1,555 $600 $600 $955 7 $1,906 $200 $200 $1,706 14 $178 $0 $178 20 $141 $0 $141 28 $193 $11 $11 $182 32 $503 $115 $115 $388 35 $157 $0 $157 42 $91 $0 $91 46 $156 $0 $156 Number 10 1 1 2 Total $5,226 $200 $11 $715 $926 $4,300 Average $522.60 $92.60 $430.00 Std Dev $619.56 $181.00 $488.43 Ratio 0.177190 (b) Systematic random selection of 10 accounts SYSTEMATIC RANDOM SAMPLE WRONG WRONG WRONG MONETARY AUDIT ACCT # BALANCE QUANT'Y MATH DATE ERROR AMOUNT 3 $1,301 $0 $1,301 5 $1,555 $600 $600 $955 3 $320 $0 $320 15 $188 $0 $188 23 $145 $0 $145 25 $461 $111 $111 $350 33 $500 $107 $107 $393 35 $157 $0 $157 43 $65 $0 $65 45 $470 $117 $117 $353 Number 10 1 0 3 Total $5,162 $111 $0 $824 $935 $4,227 Average $516.20 $93.50 $422.70 Std Dev $481.36 $176.08 $375.11 Ratio 0.181131 (c) Systematic random dollar-unit selection of 10 dollars SYSTEMATIC DOLLAR-UNIT SAMPLE WRONG WRONG WRONG MONETARY AUDIT ACCT # BALANCE QUANT'Y MATH DATE ERROR AMOUNT TAINTS 3 $1,301 $0 $1,301 0.00% 3 $1,301 $0 $1,301 0.00% 5 $1,555 $600 $600 $955 38.59% 7 $1,906 $200 $200 $1,706 10.49% 15 $188 $0 188 0.00% 23 $145 $0 $145 0.00% 28 $193 11 $11 $182 5.70% 36 $388 $117 $0 $388 0.00% 45 $470 $117 $353 24.89% 50 $268 $0 $268 0.00% Number 10 1 1 2 Total $6,414 $200 $11 $717 $928 $5,486 Average $641.40 $92.80 $548.60 (d) With a sample of 10, the average sampling interval is $1,752. Account number 7, with a balance of $1,906, will always be included in a dollar-unit sample of 10. (e) Table comparing sampling methods TABLE COMPARING RESULTS OF SAMPLES Random Systematic Dollar Unit Unit Unit Sample Sample Sample Population size 50 50 $17,523.00 Recorded total $17,523.00 $17,523.00 $17,523.00 Sample size 10 10 10 Recorded amount in sample $5,226.00 $5,162.00 $6,414.00 Number of error accounts in sample 4 4 4 Monetary misstatement in sample $926.00 $935.00 $928.00 Average misstatement in sample $92.60 $93.50 N/A Error ratio 0.1772 0.1811 N/A Projected misstatement $1,396.00 Difference method $4,630.00 $4,675.00 Ratio method $3,105.00 $3,173.00 Upper error limit at 2.0 % risk of incorrect acceptance Z(B) = 2.05 (Difference method) $9,930.50 $9,975.50 $9,322.00 (f) Calculation of upper error limit Dollar-Unit Projected Misstatement Sampling Projected Factor Taint Interval Error Basic error 3.91 100.00% $1,752 $ 6,850 First error 1.00 38.59% $1,752 $ 676 Second error 1.00 24.89% $1,752 436 Third error 1.00 10.49% $1,752 184 Fourth error 1.00 5.70% $1,752 100 Projected error $ 1,396 Gap Widening: First error 0.92 38.59% $1,752 $ 622 Second error 0.69 24.89% $1,752 301 Third error 0.56 10.49% $1,752 103 Fourth error 0.50 5.70% $1,752 50 Upper error limit (.02 risk of incorrect acceptance) $ 9,322 Solution Manual for Auditing: An International Approach Wally J. Smieliauskas, Kathryn Kate Bewley 9780071051415