Statistical sampling involves the use of techniques from which mathematically constructed conclusions regarding the population can be drawn.

Transcription

1 SECTION I.3B AUDIT ENGAGEMENT SAMPLING Intrductin: In frming an audit pinin auditrs frequently d nt examine all f the infrmatin available as it may be impractical and valid cnclusins can be reached using audit sampling. Sampling is ne audit technique amng thers which the Internal Auditr may chse in rder t btain apprpriate evidence t supprt audit cnclusins. Where the ppulatin t be examined is small, it may be mre cst effective t test all items rather than nly a sample. Definitins: Audit sampling is defined as the applicatin f audit prcedures t less than 100% f the ppulatin t enable the auditr t evaluate audit evidence abut sme characteristic f the items selected t frm r assist in frming a cnclusin cncerning the ppulatin. Statistical sampling invlves the use f techniques frm which mathematically cnstructed cnclusins regarding the ppulatin can be drawn. Nn statistical sampling is nt statistically based and results shuld nt be extraplated ver the ppulatin as the sample is unlikely t be representative f the ppulatin. Ref. Plicy and Practice Requirements IIA Standards and Other References 1 Plicy: When designing audit prcedures, the Internal Auditr shall determine apprpriate means f selecting items fr testing. The means available t the Internal Auditr are: Selecting all items (100% examinatin) Selecting specific items (judgment sampling) Statistical sampling Discussin: The decisin as t which apprach t use will depend n prfessinal judgment. The Versin: August 15, 2009 Page I.3B: 1

2 2 2:1 Internal Auditr needs t be satisfied that the methds selected are effective in prviding apprpriate evidence t supprt cnclusins n the related audit bjective. Plicy: When using statistical r nn statistical sampling methds as part f assurance engagement prcedures, the Internal Auditr shall design and select an audit sample, perfrm audit prcedures and evaluate sample results t btain sufficient, reliable, relevant and useful audit evidence. When designing the size and structure f an audit sample, Internal Auditrs shall cnsider the specific audit bjectives, the nature f the ppulatin and the sampling and selectin methds. The auditr shuld cnsider the need t invlve apprpriate specialists in the design and analysis f samples. Discussin: Sampling Unit The sampling unit will depend n the purpse f the sample. Fr cmpliance testing f cntrls, attribute sampling is typically used, where the sampling unit is an event r transactin (e.g., a cntrl such as an authrizatin n an invice). Fr substantive testing, variable r estimatin sampling is frequently used where the sampling unit is ften mnetary. Audit bjectives The Internal Auditr shuld cnsider the specific audit bjectives t be achieved and the audit prcedures that are mst likely t achieve thse bjectives. When audit sampling is apprpriate, cnsideratin shuld be given t the nature f the audit evidence sught and pssible errr cnditins. Ppulatin The ppulatin is the entire set f Versin: August 15, 2009 Page I.3B: 2

3 data frm which the auditr wishes t sample in rder t reach a cnclusin n the ppulatin. Therefre the ppulatin frm which the sample is drawn has t be apprpriate and verified as cmplete fr the specific audit bjective. Stratificatin T assist in the efficient and effective design f the sample, stratificatin may be apprpriate. Stratificatin is the prcess f dividing a ppulatin int sub ppulatins with similar characteristics explicitly defined s that each sampling unit can belng t nly ne stratum. Sample size When determining sample size, the Internal Auditr shuld cnsider the sampling risk, the amunt f the errr that wuld be acceptable and the extent t which errrs are expected. Sampling risk Sampling risk arises frm the pssibility that the Internal Auditr s cnclusin may be different frm the cnclusin that wuld be reached if the entire ppulatin were subjected t the same audit prcedure. There are tw types f sampling risk: The risk f incrrect acceptance the risk that material misstatement is assessed as unlikely, when in fact the ppulatin is materially misstated The risk f incrrect rejectin the risk that material misstatement is assessed as likely, when in fact the ppulatin is nt materially misstated The level f sampling risk that the Internal Auditr is willing t accept affects sample size the lwer the sampling risk desired, the larger the sample will need t be. Sampling risk shuld be cnsidered in relatin t the audit risk mdel and its cmpnents, inherent risk, cntrl risk, and Versin: August 15, 2009 Page I.3B: 3

4 2:2 detectin risk. Tlerable errr Tlerable errr is the maximum errr in the ppulatin that auditrs are willing t accept and still cnclude that the audit bjective has been achieved. Fr substantive tests, tlerable errr is related t the auditr s judgment abut materiality. In cmpliance tests, it is the maximum rate f deviatin frm a prescribed cntrl prcedure that the auditr is willing t accept. Expected errr If the Internal Auditr expects errrs t be present in the ppulatin, a larger sample than when n errr is expected rdinarily has t be examined t cnclude that the actual errr in the ppulatin is nt greater than the planned tlerable errr. Smaller sample sizes are justified when the ppulatin is expected t be errr free. When determining the expected errr in a ppulatin, the auditr shuld cnsider matters as errr levels identified in previus audits, changes in the rganizatin s prcedures and evidence available frm an internal cntrl evaluatin and results frm analytical review prcedures. The Internal Auditr shall use a recgnized sampling methd, apprpriate t the audit bjectives, when selecting samples. Discussin: There are three cmmnly used sampling methds which Internal Auditrs may select: Statistical Sampling Methds Randm sampling ensures that all cmbinatins f sampling units in the ppulatin have an equal chance f selectin. Systematic sampling invlves selecting Versin: August 15, 2009 Page I.3B: 4

5 sampling units using a fixed interval between selectins, the first interval having a randm start. Examples include Mnetary Unit Sampling r Value Weighted selectin where each individual mnetary value (e.g., $1) in the ppulatin is given an equal chance f selectin. As the individual mnetary unit cannt rdinarily be examined separately, the item which includes that mnetary unit is selected fr examinatin. This methd systematically weights the selectin in favr f the larger amunts but still gives every mnetary value an equal pprtunity fr selectin. Anther example includes selecting every nth unit. Nn Statistical Sampling Methd Judgmental sampling in which the auditr places a bias n the sample (e.g., all sampling units ver a certain value, all fr a specific type f exceptin, all negatives, all new users, etc.). It shuld be nted that a judgmental sample is nt statistically based and results shuld nt be extraplated ver the ppulatin as the sample is unlikely t be representative f the ppulatin. Where sampling is chsen because f a large ppulatin r because the Internal Auditr needs t shw t the audit client that there was n bias in the sample selectin, a statistical sampling methd is preferred. Hwever judgment sampling can be an efficient way f identifying prblems in the items being tested when time is limited r the fcus is n demnstrating the existence f prblems in a ppulatin (e.g. cntrl weaknesses) where it is nt expected that the audit will als definitively determine the extent f the prblem this being referred back t management t investigate. There is a furth nn statistical methd Versin: August 15, 2009 Page I.3B: 5

6 2:3 Haphazard sampling in which the auditr selects the sample withut fllwing a structured technique, hwever aviding any cnscius bias r predictability. Analysis f a haphazard sample can nt be relied upn t frm a cnclusin n the ppulatin. Judgmental sampling is the preferred nnstatistical sampling methd. A type f haphazard sampling is blck selectin (eg selecting all transactins in certain mnths). Blck selectin cannt be relied upn t frm a cnclusin n the verall ppulatin. T maintain audit independence, the Internal Auditr shall ensure the infrmatin n the ppulatin being sampled is cmplete and shuld cntrl the selectin f the sample 2:4 2:5 Discussin: Where the sample is selected frm financial transactins ver a perid, the auditr needs t establish that the ttal transactins frm which the sample is being drawn are cmplete. Audit sftware may be used t extract ppulatins frm financial systems see sectin I.3C n cntrlling this prcess. The Internal Auditr shall btain a clear understanding, befre testing, f what cnditins cnstitute an errr by reference t the audit bjectives f the prcedure. Having perfrmed, n each sample item, thse audit prcedures which are apprpriate t the particular audit bjective, the Internal Auditr shall analyze any pssible errrs detected in the sample t determine whether they are actually Versin: August 15, 2009 Page I.3B: 6

7 2:6 2:7 errrs and if apprpriate the nature and cause f the errrs. Fr thse that are assessed as errrs, if the sampling methd used is statistically based then the errrs shuld be prjected as apprpriate t the ppulatin. Discussin: Any pssible errrs detected shuld be reviewed t determine whether they are actually errrs. The auditr shuld cnsider the qualitative aspects f the errrs. These include the nature and cause f the errr and the pssible effect f the errr n the ther phases f the audit. Errrs that are the result f the breakdwn f an autmated prcess rdinarily have wider implicatins fr errr rates than human errr. The Internal Auditr shall cnsider whether errrs in the ppulatin might exceed the tlerable errr by cmparing the prjected ppulatin errr t the tlerable errr, taking int accunt the results f ther audit prcedures relevant t the audit bjective. When the prjected ppulatin errr exceeds the tlerable errr, the auditr shuld reassess the sampling risk and if that risk is unacceptable, cnsider extending the audit prcedure r perfrming alternative audit prcedures. The audit wrking papers shall include sufficient detail t describe clearly the sampling bjective and the sampling prcess used. The wrking papers shuld include the surce f the ppulatin, the sampling methd used, sampling parameters (e.g., randm start number r methd by which randm start was btained, sampling interval), items selected, details f audit tests perfrmed and cnclusins reached. Versin: August 15, 2009 Page I.3B: 7