Auditing and Assurance Principles

CHAPTER ELEVEN
BASIC AUDIT AND SAMPLING CONCEPTS
It requires less effort to do the right things and succeed, than to do the wrong things and fail.
- Anonymous

Learning Objectives
After studying this chapter, you should be able to:
 Define audit sampling.
 Explain the different risk considerations in obtaining audit evidence.
 Differentiate statistical from non-statistical sampling.
 Discuss sampling approaches and other means of testing.
 Illustrate sampling for tests of controls.
 Illustrate sampling for substantive tests.
 Discuss the common projection techniques for sampling in substantive tests.
 Identify other sampling considerations.

Introduction
PSA 500 (Redrafted), Audit Evidence states that:
When designing tests of controls and tests of details, the auditor shall determine means
of selecting items for testing that are effective in meeting the purpose of the audit
procedure1.
Actually, the means of selecting items for testing which are available to the auditor are:
1. Selecting all items (100% examination)
2. Selecting specific items
3. Audit sampling.
The decision as to which approach to use will depend on the circumstances, and the
application of any one or combination of the above means may be appropriate in
particular circumstances. While the decision as to which means, or combination or
means, to use is made on the basis of the risk of material misstatement related to the
assertion being tested and audit efficiency, the auditor needs to be satisfied that
methods used are effective in providing sufficient appropriate audit evidence to meet the
objectives of the audit procedure.

1
PSA 500 (Redrafted), par. 10

399
Chapter Eleven – Basic Audit Sampling Concepts

Selecting all items (100% examination)

The auditor may decide that it will be most appropriate to examine the entire population
of items that make up a class of transactions or account balance (or a stratum within that
population). 100% examination is unlikely in the case of tests of controls; however, it is more
common for tests of details. For example, 100% examination may be appropriate when the
population constitutes a small number of large value of items, when there is a significant risk
and other means do not provide sufficient appropriate audit evidence, or when the repetitive
nature of a circulation or other process performed automatically by an information system
makes a 100% examination cost effective, for example, through the use of computer-assisted
audit techniques (CAATs).

Selecting Specific Items

The auditor may decide to select specific items from a population based on such factors
as the auditor’s understanding of the entity, the assessed risk of material misstatement, and the
characteristics of the population being tested. The judgmental selection of specific items is
subject to non-sampling risk. Specific items selected may include those mentioned in Table 11-
12:

Table 11-1
Selecting Specific Items

Description
The auditor may decide to select specific items within a population because
High value or key they are of high value, or exhibit some other characteristics, for example
items items that are suspicious, unusual, particularly risk-prone or that have a
history of error.
The auditor may decide to examine items whose values exceed a certain
All items over a amount so as to verify a large proportion of the total amount of class of
certain amount transactions or account balance.
Items to obtain The auditor may examine items to obtain information about matters such as
information the nature of the entity, the nature of transactions, and internal control.
Items to test control The auditor may examine judgment to select and examine specific items to
activities determine whether or not a particular control activity is being performed.

While selective examination of specific items from a class of transactions or account

balance will often be an efficient means of gathering audit evidence, it does not constitute audit
sampling. The results of audit procedures applied to items selected in this way cannot be
projected to the entire population. The auditor considers the need

2
PAS 500 (Redrafted), par. A54

400
 Auditing and Assurance Principles

to obtain sufficient appropriate audit evidence regarding the remainder of the population when
that remainder is material.

Audit Sampling
Audit sampling involves the application of audit procedures to less than 100% of items
within a class of transactions or account balance such that all sampling units have a chance of
selection in order to provide the auditor with a reasonable basis on which to draw conclusions
about the entire population3. Audit sampling can use either a statistical or a non-statistical
approach.
The following terms are used in this chapter:
1. Error – means either control deviations, when performing tests of controls, or
misstatements, when performing tests of details.
a. Deviation – difference between what was expected, based on the documentation
of controls, and what actually occurred. Deviations are stated in terms of
percentages.
b. Misstatements – difference between the amount computed by the auditor and the
amount actually recorded or reflected in the accounting records. Misstatements
are presented in terms of monetary amount.
2. Total error – the rate of deviation or total misstatement.
3. Expected error – the error that the auditor expects to be present in the population.
4. Anomaly – an error that arises from an isolated event that has not recurred other than on
specifically identifiable occasions and is therefore not representative of errors in the
population.
5. Population – the entire set of data from which a sample is selected and about which the
auditor wishes to draw conclusions. A population may be divided into strata, or sub-
populations, with each stratum being examined separately. The term population is used
to include the term stratum.
6. Sampling unit – the individual items constituting a population, for example checks listed
in deposit slips, credit entries on bank statements, sales invoices or debtor’s balances,
or a monetary unit.

Audit Sampling
Audit sampling Is based on the premise that a sample can be sufficiently representative
of an audit population to warrant valid and reliable conclusions without testing the entire
population. An audit population may consist of all the items within a class of transactions,
such as all credit sales processed for a specified period, or all the transactions constituting
an account balances, such as accounts receivable.

3
Ibid., par. 5(a)

401
Chapter Eleven – Basic Audit Sampling Concepts

A population may be divided into strata, or sub-population, with each stratum being
examined separately. The term population is used to include the term stratum. Audit sampling
can be classified in relation to audit procedures.

Risk Assessment Procedures

The auditor performs risk assessment procedures to obtain an understanding of the
entity and its environment, including its internal control. Ordinarily, risk assessment procedures
do not involve the use of audit sampling. However, the auditor often plans and performs tests of
controls concurrently with obtaining an understanding of the design of controls and determining
whether they have been implemented.

Tests of Control
Tests of controls are performed when the auditor’s risk assessment includes an
expectation of the operating effectiveness of controls. Based on the auditor’s understanding of
internal control, the auditor identifies the characteristics or attributes that indicate performance
of a control, as well as possible deviation conditions which indicate departures from adequate
performance. The presence or absence of attributes can then be tested by the auditor. Audit
sampling for tests of controls is generally appropriate when application of the control leaves
audit evidence of performance (for example, initials of the credit manager on a sales invoice
indicating credit approval, or evidence of authorization of data input to a microcomputer based
data processing system.

Substantive Procedures
Substantive procedures are concerned with amounts and are of two types: tests of
details of classes of transactions, account balances, and disclosures and substantive analytical
procedures. The purpose of substantive procedures is to obtain audit evidence to detect
material misstatements at the assertion level. In the context of substantive procedures, audit
sampling and other means of selecting items for testing, relate only to tests of details. When
performing tests of details, audit sampling and other means of selecting items for testing and
gathering audit evidence may be used to verify one or more assertions about a financial
statement amount (for example, the existence of accounts receivable), or to make an
independent estimate of some amount (for example, the value of obsolete inventories).

Audit Sampling and Audit Risk

Audit risk as the likelihood that an auditor may unknowingly fail to modify his or her
opinion on materially misstated financial statements. Audit risk is a combination of two
components:
1. The risk that material errors will occur in the process by which financial statements are
developed (risk of material misstatement); and

402
 Auditing and Assurance Principles

2. The risk that any material errors that occur will not be detected by the auditor (detection risk).

Risk of Material Misstatement

The risk of material misstatement can be illustratively shown as follows:
Exhibit 11-1
Risk of Material Misstatement

Risk of material misstatement

Inherent Risk Control Risk

Inherent risk represents the susceptibility of an account balance to errors that, when
combined with errors in other accounts, could be material and that are not monitored by related
control procedures. For example, inherent risk is higher for liquid assets, such as cash, than for
non-liquid assets, such as property, plant, and equipment. Because neither control risk nor
inherent risk is directly controllable by an auditor, the risk that material errors will occur – the
first component of audit risk – is not directly controllable by the auditor.
Control risk represents the likelihood that errors could occur, and could be material when
combined with errors in other accounts, but will not be prevented or detected by the entity’s
internal control structure. For example, control risk would be increased if an entity did not
maintain effective physical controls over blank check.
Detection Risk
Detection risk is the likelihood that errors could occur and could be material when
combined with errors in other accounts, but will not be detected by the auditor’s procedures.
The risk that material errors will not be detected is directly controllable by the auditor through
substantive tests of details and other substantive audit procedures. Detection risk may be
further subdivided into: sampling risk and non-sampling risk. Detection risk and its sub-
components can be illustratively shown as follows:
Exhibit 11-2
Detection Risk

Detection Risk

Sampling Risk Non-Sampling Risk

403
Chapter Eleven – Basic Audit Sampling Concepts

The risk that material errors may occur and remain undetected is influenced by two
categories of uncertainties:
1. Sampling risk – uncertainties related to sampling. Sampling risk arises from the
possibility that the auditor’s conclusion, based in a sample may be different from the
conclusion reached if the entire population were subjected to the same audit procedure4.
Sampling risk results from the fact that a particular audit sample may not be
representative of the population tested. That is, the sample may contain
disproportionately more or fewer control deviations or monetary differences than exist in
the class of transactions or account balance as a whole, suggesting that the auditor’s
conclusions may be different if the entire population were sample size, sampling risk
varies inversely with sample size: the greater the sample size, the smaller the sampling
risk. This relationship is quite logical, because if sample size were increased to include
all the items in a population, there would be no sampling and therefore no sampling risk.
2. Non-sampling risk – uncertainties arising from factors unrelated to sampling. Non-
sampling risk includes all aspects for audit risk not due to sampling.

Sampling Risk in Tests of Controls

Two aspects of sampling risk are critical in test of controls:
1. Risk of assessing control risk too high (or the risk of under reliance). This is the risk that
a sample deviation rate supports assessing control risk at the maximum when, unknown
to the auditor, the true deviation rate in the population supports assessing control risk
below the maximum.
2. Risk of assessing control risk too low (or the of over reliance). This is the risk that a
sample does support assessing control risk below the maximum when, unknown to the
auditor, the true deviation rate in the population supports assessing control risk at the
maximum.
See examples of both types of sampling risks below:
Example – Risk of Assessing Control Risk Too High
If, based on an unrepresentative sample, an auditor estimated a 5 percent rate of deviation
but was willing to tolerate 3 percent, and the true, but unknown, population rate of
deviation was really 2 percent. In this example, the auditor would probably conclude that
the control is not effective; therefore, he would assess a higher level of control risk in
determining the nature, timing, and extent of substantive tests, because the sample
indicated a higher.

4
Sampling risk may be eliminated by testing 100% of the population.

404
 Auditing and Assurance Principles

Unknown to the auditor, he or she would actually be assessing control risk too high
because the true population deviation rate (i.e., 2 percent) is less than the tolerable rate
which is 3 percent.
It can be concluded that assessing control risk too high results in over-auditing (doing
more substantive tests than necessary). Assessing control risk too high affects the efficiency
(time, effort, and cost) of the audit.
Assessing control risk too high results in inefficiency: when an auditor concludes that a
control is ineffective and therefore that control risk is high, he ordinarily sets a lower acceptable
detection risk and expands the scope of substantive tests to compensate for the perceived
control deficiency. If the expanded scope of substantive tests is unjustified, the audit will be less
efficient since more substantive tests will be performed than necessary.
Example – Risk of Assessing Control Risk Too Low
If, based on an unrepresentative sample, an auditor estimated a 5 percent rate of deviation
but was willing to tolerate 7 percent, and the true, but unknown, population rate was
really 8 percent. In this example, the auditor would conclude that the control is effective;
therefore, he or she would assess a lower level of control risk in determining the nature,
timing, and extend to substantive tests, because the sample indicated fewer deviations
(i.e., 5 percent) than the auditor was willing to tolerate (7 percent). However, unknown to
the auditor, he would actually be assessing control risk too low since the true population
rate (i.e., 8 percent) exceeds the tolerable rate (7 percent).
It can be concluded that assessing control risk too low results in under-auditing (doing
less substantive tests than necessary). Assessing control risk too low affects the effectiveness
of the audit (i.e., errors in the financial statements may remain undetected) because the scope
of substantive tests will be restricted under the erroneous assumption that the control is
effective and control risk in low, thus, the substantive tests may be ineffective in detecting
material misstatements.

Sampling Risk in Substantive Tests

Two aspects of sampling risk are critical in substantive tests:
1. Risk of incorrect rejection is the risk that a sample supports the conclusion that a
recorded account balance is materially misstated when, unknown to the auditor, the
account is not materially misstated. Like the risk of assessing control risk too high in
attribute sampling, the risk of incorrect rejection related to the efficiency of an audit,
because an initially erroneous conclusion that an account balance is misstated would
ordinarily be revised

405
Chapter Eleven – Basic Audit Sampling Concepts

When the auditor considers other evidence or performs additional audit procedures. For
example, an auditor would ordinarily revise an initial conclusion that Cost of Goods Sold
is misstated if a physical inventory observation and inventory price testing revealed that
Inventory was not misstated, and other procedures revealed that Accounts Receivable
and Sales were not misstated.
2. Risk of incorrect acceptance, in contrast, is the risk that a sample supports the
conclusion that a recorded account balance is not materially misstated when, unknown
to the auditor, the account is materially misstated. Like the risk of assessing control risk
too low in attribute sampling, the risk of incorrect acceptance relates to audit
effectiveness and is particularly critical to an auditor, because incorrectly accepting a
misstated account balance could result in financial statements that are materially
misstated and therefore misleading.

Non-Sampling Risk
Non-sampling risk includes all aspects of audit risk not due to sampling. It includes the
possibility of selecting audit procedures that are not appropriate to achieve the specific
objective. For example, non-sampling risk could result from human errors, such as failing to
detect errors contained within sample items or overlooking or misinterpreting errors that are
detected. Several factors can serve to reduce non-sampling risk, including proper planning and
supervision and encouraging effective firm-wide quality control.

Risk Considerations in Obtaining Audit Evidence

Sampling risk and non-sampling risk can affect the components of the risk of material
misstatement. For example, when performing tests of controls, the auditor may find no errors in
a sample and conclude population is, in fact, unacceptably high (sampling risk). Or there may
be errors in the sample which the auditor fails to recognize (non-sampling risk). With respect to
substantive procedures, the auditor may use a variety of methods to reduce detection risk to an
acceptable level.
Depending on their nature, these methods will be subject to sampling and/or non-
sampling risks. For example, the auditor may choose an inappropriate substantive analytical
procedure (non-sampling risk) or may find only minor misstatements in a test of details when, in
fact, the population misstatement is greater than the tolerable amount (sampling risk). For both
tests of controls and substantive tests of details, sampling risk can be reduced by increasing
sample size, while non-sampling risk can be reduced by proper engagement planning
supervision and review.

406
 Auditing and Assurance Principles

General Approaches to Audit Sampling

Statistical Sampling
Statistical sampling plans apply the laws of probability to aid an auditor in designing an
efficient sample, in measuring the sufficiency of evidence obtained, and in evaluating the
sample results. It is a mathematically derived tool that provides the auditor with an objective
basis for expressing conclusions about a population characteristic based upon a sample of
items from the population. Table 11-2 shows the advantages and disadvantages of statistical
sampling:

Table 11-2
Advantages and Disadvantages of Statistical Sampling
Advantages of Statistical Sampling
1. It aids an auditor in determining the sample size required to meet given objectives.
2. It provides more objective audit evidence.
3. It allows an auditor to measure precision, reliability, and sampling error.

Disadvantages of Statistical Sampling

1. There is a danger of accepting statistical evidence at face value, without sufficient skepticism.
2. The cost of statistical sampling would exceed the benefits.
3. Statistical sampling may be less appropriate in some cases than non-statistical sampling or
other audit procedures for gathering evidence.

Non-Statistical Sampling
Non-statistical sampling plans rely exclusively on subjective judgment to determine
sample size and evaluate sample results. It is an auditor-derived tool for examining a sample of
items from a population. The auditor uses judgment in deciding which items should be included
in the sample. It is not appropriate to use judgment in selecting items for a sample and then use
statistical sampling techniques to express a conclusion about the population. Judgment
sampling is preferable to statistical sampling when the auditor desires to perform some
operation on the sample items only (for example, find and correct errors).
A properly designed non-statistical sampling application can provide results as effective
as those from a properly designed statistical sampling application. There is, however, one
critical difference between a statistical and a non-statistical sampling application: statistical
sampling allows an auditor to measure sampling risk. Statistical sampling plan measure the risk
that a sample is not representative of a population; it provides a mathematical measurement of
the degree of uncertainty; non-statistical sampling plans do not.

407
Chapter Eleven – Basic Audit Sampling Concepts

Statistical or non-statistical?
The choice between a statistical and a non-statistical sampling plan is based primarily on
the auditor’s assessment of the relative costs and benefits. For example, an auditor might use
non-statistical sampling if the cost of selecting a statistical random sample was deemed too
high. However, an auditor might consider the cost justifiable if the related controls were critical,
and a measure of sampling risk was therefore deemed essential.
Note that the choice between a statistical and non-statistical sampling plan is made
independent of the selection of audit procedures. Audit sampling, whether statistical or non-
statistical, is merely a means accomplishing audit procedures.

Sampling Selection Method

The objective of audit sampling is to draw conclusions about one or more population
characteristics without testing the entire population. Even with the most carefully designed
sampling plan, there is still a degree of uncertainty about whether sample results are
representative of the population. A sample can be evaluated in terms of probability only if the
sample is randomly selected and thus free from sampling bias. If each item in a population is
not given an equal chance of selection, the sample would be biased toward the population items
with the greater chance of selection. Some common methods of sample selection are presented
below5:
Random-Number Sampling
This method utilizes random-number tables or computer-generated random numbers to
select sampling units from a population. Random-number tables contain columns and rows of
randomly generated digits. An auditor begins at any digit in the table – a random start – and
proceeds along a column or row or diagonally, selecting digits corresponding to identification
numbers on the sampling units (e.g., invoice numbers or check numbers). If the sampling units
do not have identifying numbers, the audit assigns numbers to each population item.
To minimize potential bias in starting-point selection, an auditor could periodically
proceed to anew starting point while selecting the sample. Random-number sampling is
appropriate both for statistical and non-statistical sampling plans.
Systematic-sampling
This involves selecting every nth item from a population of sequentially ordered items.
Systematic sampling eliminates the need to establish correspondence between population items
and random digits, and therefore is useful when population items lack identification numbers.
The number of sequential items to skip when selecting a

5
See the Appendices to PSA 530.

408
 Auditing and Assurance Principles

Sample systematically is determined by dividing population size by sample size. Systematic

selection is useful for non-statistical sampling, and if the starting point is selected at random, it
can be useful for statistical sampling.
Block selection (cluster sampling)6
This method involves selecting a group of items arranged contiguously within a larger
grouping of sampling units. For example, a block sample could consist of all invoices processed
during the months of January to March. Block sampling often results in excessively high
sampling risk. Although a block sample could be designed with enough blocks to minimize
sampling risk, testing large numbers of blocks is likely to be inefficient. Thus, an auditor should
not use block sampling for either statistical or non-statistical sampling, unless he or she
exercises considerable care in controlling sampling risk.
Haphazard sampling
Haphazard sampling consists of sampling units selected without special reasons, but
also without conscious bias. For example, a haphazard sample could consist of 90 items
selected simply by pulling invoices from a file cabinet drawer. Like block sampling, haphazard
sampling may fail to select samples that are wholly representative of the population tested.
Although it may be useful for non-statistical sampling, haphazard sampling is not appropriate for
statistical sampling.

Audit Sampling Considerations

Characteristics of Interest
When designing an audit sample, the auditor should consider the objectives of the audit
procedure and the attributes of the population from which the sample will be drawn. The
characteristic of interest depends on the type of the test that will be performed on the sample
selected.
Appropriateness and Completeness of the Population
It is important for the auditor to ensure that the population is appropriate to the objective
of the audit procedure, and complete.
Appropriateness involves the consideration of the direction of testing. For example, if the
auditor’s objective is to test for overstatement of accounts payable, the population could be
defined as the accounts payable listing. On the other hand, when testing for understatement of
accounts payable, the population is not the accounts payable listing but rather subsequent
disbursements, unpaid

6
This is the least desirable sample selection method.

409
Chapter Eleven – Basic Audit Sampling Concepts

Table 11-3
Characteristics of Interest

Procedure Characteristics of Interest Description

Test of controls
Substantive tests
The number of times a deviation from the
Deviation or
prescribed internal control occurs in the
occurrence rate
sample.
The monetary amount of misstatement in
Misstatements an account balance.

invoices, suppliers’ misstatements, unmatched receiving reports or other populations that

provide audit evidence of understatement of accounts payable.
If the auditor intends to select payment vouchers from a file, conclusions cannot be
drawn about all vouchers for the period unless the auditor is satisfied that all vouchers have in
fact been filed (i.e., complete). Similarly, if the auditor intends to use the sample to draw
conclusions about whether a control activity operated effectively during the financial reporting
period, the population needs to include all relevant items from throughout the entire period. A
different approach may be to satisfy population and use sampling only to draw conclusions,
about the control activity during, say, the first 10 months of the year, and to use alternative
audit procedures or a separate sample regarding the remaining two months.
Internally Generated Information
The auditor is required to obtain audit evidence about the accuracy and completeness of
information produced by the entity’s information system when that information is used in
performing audit procedures. When performing audit sampling, the auditor performs audit
procedures to ensure that the information upon which the audit sampling is performed is
sufficiently complete and accurate.

Stratification
Audit efficiency may be improved if the auditor stratifies a population by dividing it into
discrete sub-populations which have an identifying characteristic. The objective of stratification
is to reduce the variability of items within each stratum and therefore allow sample size to be
reduced without a proportional increase in sampling risk. Sub-populations need to be carefully
defined such that any sampling unit can only belong to one stratum.
When performing tests of details, a class of transaction or account balance or is often
stratified by monetary value. This allows greater audit effort to be directed to the larger value
items which may contain the greatest potential monetary error in terms of overstatement.
Similarly, a population may be stratified according to a particular

410
 Auditing and Assurance Principles

Characteristic that indicates a higher risk of error, for example, when testing the valuation of
accounts receivable, balances may be stratified by age.
The results of audit procedures applied to a sample of items within a stratum can only be
projected to the items that make up that stratum. To draw a conclusion on the entire population,
the auditor will need to consider the risk of material misstatement in relation to whatever other
strata make up the entire population.
Example: 20% of the items in a population may make up 90% of the value of an account
balance. The auditor may decide to examine a sample of these items. The auditor evaluates the
results of this sample and reaches a conclusion on the 90% of value separately from the remaining
10% (on which a further sample or other means of gathering audit evidence will be used, or
which may be considered immaterial.

Value-Weighted Selection
It will often be efficient in performing tests of details, particularly when testing for
overstatements, to identify the sampling unit as the individual monetary units (for example,
pesos) that make up a class of transactions or account balance. Having selected specific
monetary units from within the population, for example, the accounts receivable balance, the
auditor then examines the particular items, for example, individual balances, that contain those
monetary units. This approach to defining the sampling unit ensures that audit effort is directed
to the larger value items because they have a greater chance of selection, and can result in
smaller sample sizes. This approach is ordinarily used in conjunction with the systematic
method of sample selection and is most efficient when selecting items using CAATs.

Attributes Sampling
The procedures for attributes sampling are presented below:
1. Determine the objective(s) of the test.
2. Define the attribute (characteristic of a control) and deviation (absence of an attribute)
conditions.
3. Define the population.
4. Choose an audit sampling approach/technique.
5. Determine the sample size and the sample selection method.
6. Perform the sampling plan.
7. Evaluate sample results.
8. Comply with documentation requirements.

411
Chapter Eleven – Basic Audit Sampling Concepts

Sample Size for Tests of Controls

Table 11-4 enumerates the following factors that affect the sample size for tests of
controls. The following are factors that the auditor considers when determining the sample size
for a test of control. These factors need to be considered together.
Table 11-4
Factors Affecting Sample Size for Tests of Controls

Effect on
Factors
sample size
An increase in the auditor’s intended reliance on accounting and internal
Increase
control system.
An increase in the rate of deviation from the prescribed control procedure that
Decrease
the auditor is willing to accept (Tolerable deviation rate).
An increase in the rate of deviation from the prescribed control procedure that
Increase
the auditor expects to find in the population (Expected deviation rate).
An increase in the auditor’s required confidence level (or conversely, a
decrease in the risk that the auditor will conclude that the control risk is lower
Increase
than the actual control risk in the population – risk of assessing control risk
too low).
Negligible
An increase in the number of sampling units in the population.
Effect

1. The extent to which the risk of material misstatement is reduced by the operating
effectiveness of controls. The more assurance the auditor intends to obtain from the
operating effectiveness of controls, the lower the auditor’s assessment of the risk of
material misstatement will be, and the larger the sample size will need to be. When the
auditor’s assessment of the risk of material misstatement at the assertion level includes
an expectation of the operating effectiveness of controls, the auditor is required to
perform tests of controls. Other things being equal, the more the auditor relies on the
operating effectiveness of controls in the risk assessment, the greater is the extent of the
auditor’s tests of controls (and therefore, the sample size is increased).
2. The rate of deviation from the prescribed control activity the auditor is willing to
accept (tolerable error). The lower the rate of deviation that the auditor is willing to
accept, the larger the sample size needs to be.
3. The rate of deviation from the prescribed control activity the auditor expects to
find in the population (expected error). The higher the rate of deviation that the
auditor expects, the larger the size needs to be so as to be in a position to make a
reasonable estimate of the actual rate of deviation. Factors relevant to the auditor’s
consideration of the expected error rate include the auditor’s understanding of the
business (in particular,

412
 Auditing and Assurance Principles

risk assessment procedures undertaken to obtain an understanding of internal control), changes

in personnel or in internal control, the results of audit procedures applied in prior periods and the
results of other audit procedures. High expected error rates ordinarily warrant title, if any,
reduction of the assessed risk of material misstatement, and therefore in such circumstances
tests of controls would ordinarily be omitted.
4. The auditor’s required confidence level. The greater the degree of confidence that the
auditor requires that the results of the sample are in fact indicative of the actual
incidence of error in the population, the larger the sample size needs to be.
5. The number of sampling units in the population. For large populations, the actual
size of the population has little, if any, effect on sample size. For small populations
however, audit sampling is often not as efficient as alternative means of obtaining
sufficient appropriate audit evidence.
Other Sampling Applications for Tests of Controls
Sequential sampling is used when the auditor expects very few deviations within the
population being tested. Under this method, the auditor has no fixed sample size. After testing a
sample, the auditor makes a decision whether to stop testing or to continue with the sampling
plan (hence the name stop-or-go sampling).
Discovery sampling is most appropriate when no deviations are expected within the
population (thus, even a single deviation is a cause for concern). This is normally used when the
auditor suspects fraud. Discovery sampling involves the determination of a sample size which is
sufficient to discover at least one deviation to confirm whether fraud has occurred.
Basic example on evaluation of samples while performing tests of controls
An external auditor is testing the authorization controls over purchases. Accordingly, the auditor decided
to sample purchase invoices and trace them to the related approved purchase orders. Suppose that the
auditor decided that based on an understanding of the client’s internal control and the auditor’s judgment,
the auditor

 expects that there are three purchases with improper authorization (deviations) for every 100
purchase transactions (i.e., expected population deviation rate is 3%);
 believes that he can tolerate up to six deviations for every 100 purchase transactions (i.e.,
tolerable deviation rate is 6%);
Accordingly, the auditor assesses control risk at a LESS THAN HIGH because the expected population
deviation rate (3%) is less than the tolerable deviation rate (5%).
The auditor selected 100 samples and noted four deviations in the sample (sample deviation rate is 4%).

413
Chapter Eleven – Basic Audit Sampling Concepts

If non-statistical sampling is used, the sample deviation rate shall be compared against the tolerable
deviation rate and evaluated as follows:
If SDR = or < TDR controls may be effective (CR = Less than High)
If SDR > TDR controls are not effective (CR = High)

In the above example, SDR of 4% is less than the TDR of 6%; hence, the conclusion is that the
authorization controls over purchases are effective.
If statistical sampling is used, the auditor must first consider the effect of sampling risk. Assume that in
the above example, the appropriate allowance for sampling risk is 1%.
The sample deviation rate shall first be added to the allowance for sampling risk (4% + 1%) to compute
the upper deviation rate (5%). Then the upper deviation rate shall be compared against the tolerable
deviation rate and evaluated as follows:
If UDR = or < TDR controls may be effective (CR = Less than High)
If UDR > TDR controls are not effective (UDR = High)

In the above example, the UDR of 5% is less than the TDR of 6%; hence, the conclusion is that the
authorization controls over purchases are effective.

Variables Sampling
The procedures for variables sampling are presented below:
1. Determine the objective(s) of the test.
2. Define “fair presentation” and “material misstatement”.
3. Define population.
4. Choose an audit sampling approach/technique.
5. Determine the sample size and the sample selection method.
6. Perform the sampling plan.
7. Evaluate sample results.
8. Comply with documentation requirements.
Sample size for Substantive Tests
Table 11-5 presents factors that the auditor considers when determining the
sample size for sampling in substantive audit procedures. These factors need to be
considered together.

414
 Auditing and Assurance Principles

Table 11-5
Factors Affecting Sample Size for Substantive Tests

Effect on
Factors
sample size
An increase in the auditor’s assessment of inherent risk. Increase
An increase in the auditor’s assessment of control risk (or a decrease in
Increase
reliance on internal controls).
An increase in the use of other substantive procedures directed at the same
Decrease
financial statement assertion.
An increase in the auditor’s required confidence level (or conversely, a
decrease in the risk that the auditor will conclude that a material error does Increase
not exist, when in fact it does – risk of incorrect acceptance).
An increase in the total error that the auditor us willing to accept (tolerable
Decrease
error.
An increase in the amount of error the auditor expects to find in the
Increase
population (expected error).
Stratification of the population when appropriate. Decrease
Negligible
The number or sampling units in the population.
Effect

1. The auditor’s assessment of the risk of material misstatement. The higher the
auditor’s assessment of the risk of material misstatement, the larger the sample size
needs to be. The auditor’s assessment of the risk of material misstatement is affected by
inherent risk and control risk.

For example, if the auditor does not perform tests of controls, the auditor’s risk
assessment cannot be reduced for the effective operation of internal controls with
respect to the particular assertion. Therefore, in order to reduce audit risk to an
acceptably low level, the auditor needs a low detection risk and will rely more on
substantive procedures. The more audit evidence that is obtained from tests of details
(that is, the lower the detection risk), the larger the sample size will need to be.
2. The use of other substantive procedures directed at the same assertion. The more
the auditor is relying on other substantive procedures (tests of details or substantive
analytical procedures) to reduce to an acceptable level the detection risk regarding a
particular class of transactions or account balance, the less assurance the auditor will
require from sampling and, therefore, the smaller the sample size can be.

415
Chapter Eleven – Basic Audit Sampling Concepts

3. The auditor’s required confidence level. The greater the degree of confidence that the
auditor requires that the results of the sample are in fact indicative of the actual amount
of error in the population, the larger the sample size needs to be.
4. The total error the auditor is willing to accept (tolerable error). The lower the total
error that the auditor is willing to accept, the larger the sample size needs to be.
5. The amount of error the auditor expects to find in the population (expected error).
The greater the amount of error the auditor expects to find in the population, the larger
the sample size needs to be in order to make a reasonable estimate of the actual
amount of error in the population. Factors relevant to the auditor’s consideration of the
expected error amount include the extent to which item values are determined
subjectively, the results of risk assessment procedures, the results of tests of control, the
results of audit procedures applied in prior periods, and the results of other substantive
procedures.
6. Stratification. When there is a wide range (variability) in the monetary size of items in
the population. It may be useful to group items of similar size into separate sub-
populations or strata. This is referred to as stratification. When a population can be
appropriately stratified, the aggregate of the sample sized from the strata generally will
be less than the sample size that would have been required to attain a given level of
sampling risk, had one sample been drawn from the whole population.
7. The number of sampling units in the population. For large populations, the actual
size of the population has little, if any, effect on sample size. Thus, for small populations,
audit sampling is often not as efficient as alternative means of obtaining sufficient
appropriate audit evidence. (However, when using monetary unit sampling, an increase
in the monetary value of the population increases sample size, unless this is offset by a
proportional increase in materiality.)

Nature and Cause of Errors

The auditor should consider the sample results, the nature and cause of any errors
identified, and their possible effect on the particular audit objective and on other areas of the
audit.
When performing tests of controls, the auditor is primarily concerned with obtaining audit
evidence that controls operated effectively throughout the period of reliance. This includes
obtaining audit evidence about how controls were applied at relevant times during the period
under audit, the consistency with which they were applied, and by whom or by what means they
were applied. The concept of effectiveness of the operation of controls recognizes that some
errors in the way controls are applied by the entity may occur. However, when such errors are
identified, the auditor makes specific

416
 Auditing and Assurance Principles

inquiries to understand these matter and also needs to consider matters such as7:
a. The direct effect of identified errors on the financial statements; and
b. The effectiveness of internal control and their effect on the audit approach when, for
example, the errors result from management override of a control.
In these cases, the auditor determines whether the tests of controls performed provide an
appropriate basis for use as audit evidence, whether additional tests of controls are
necessary, or whether the potential risks of misstatement need to be addressed using
substantive procedures.
In analyzing the errors discovered, the auditor may observe that many have a common
feature, for example, type of transaction, location, product line or period of time. In such
circumstances, the auditor may decide to identify all items in the population that possess the
common feature, such errors may be intentional, and may indicate the possibility of fraud.
Sometimes, the auditor may be able to establish that an error arises from an isolated
event that has not recurred other than on specifically identifiable occasions and is therefore
not representative of similar errors in the population (an anomalous error). To be considered
an anomalous error, the auditor has to have a high degree of certainty that such error is not
representative of the population. The auditor obtains this certainty by performing additional
audit procedures. The additional audit procedures depend on the situation, but are adequate
to provide the auditor with sufficient appropriate audit evidence that the error does not affect
the remaining part of the population. One example is an error caused by a computer
breakdown that is known to have occurred on only one day during the period.
In that case, the auditor assesses the effect of the breakdown, for example by examining
specific transactions processed on that day, and considers the effect of the cause of the
breakdown on audit procedures and conclusions. Another example is an error that is found
to be caused by use of an incorrect formula in calculating all inventory values at on
particular branch. To establish that this is an anomalous error, the auditor needs to ensure
the correct formula has been used at other branches.

7
Ibid., par. 48

417
Chapter Eleven – Basic Audit Sampling Concepts

Projecting Errors
Projections for Tests of Controls
For tests of controls, no explicit projection of errors is necessary since the sample error
rate is also projected rate of error for the population as a whole.
Projections for Substantive Tests
For tests of details, the auditor should project monetary errors found in the sample to the
population, and should consider the effect of the projected error on the particular audit
objective and on other areas of the audit. The auditor projects the total error for the
population to obtain a broad view of the scale of errors, and to compare this to the tolerable
error. For tests of details, tolerable error is the tolerable misstatement, and will be an amount
less than or equal to the auditor’s materiality used for the individual class of transactions or
account balances being audited.
Anomalous Errors
When an error has been established as an anomalous error, it may be excluded when
projecting sample errors to the population. The effect of any such error, if uncorrected, still
needs to be considered in addition to the projection of the non-anomalous errors.
Stratification
If a class of transactions or account balance has been divided into strata, the error is
projected for each stratum separately. Projected errors plus anomalous errors for each
stratum are then combined when considering the possible effect of errors on the total class
of transactions or account balance.
Commonly Used Projection Techniques
Commonly used projection techniques are difference estimation, ratio estimation, and
mean-per-unit estimation.
Difference estimation is used to measure the estimated total misstatement amount in a
population when there is both a recorded value and an audited value for each item in the
sample. This method frequently results in smaller sample sized than any other method, and
it is relatively easy to use. The use of difference estimation is appropriate when the
misstatement in an account is not affected by the book value of the item being examined.
Ratio estimation is similar to difference estimation except that the point estimate of the
population misstatement is determined by multiplying the portion of sample amount
misstated times the total recorded population book value. The ratio estimates results in even
smaller sample sizes than difference estimation if the size of the misstatements in the
population is proportionate to the recorded value of the population items. The use of ratio
estimation is appropriate when the misstatement in an account is directly proportional to its
book value.

418
 Auditing and Assurance Principles

Under mean-per-unit estimation, the auditor is concerned with the audited value rather
than the misstatement amount of each item in the sample. Except for the definition of what
is being measured, this method is calculated in exactly the same manner as the difference
estimate. The point estimate of the audited value is the average audited value of items in the
sample times the population size. The computed precision interval is computed on the basis
of the audited value of the sample items rather than the misstatements. The use of mean-
per-unit estimation is appropriate when individual populations do not have recorded values.
Comprehensive example on projection of errors
An external auditor sent out positive confirmation requests to 2,000 customers. Population size is
4,800 accounts, with a total recorded value of P380,000. Presented below are the summary results of
the examination of confirmation replies received from customers.
Book value of samples selected P159,960
Audited value of samples selected 151,360
Difference P 8,600

Average/mean book value (P159,960/2,000) P80 (rounded)

Average/mean audited value (P151,360/2,000) P76 (rounded)
Ratio estimation
1. Compute for the ratio of sample audited value to sample book value
Sample Audited Value (SAV) P151,360
Sample Book Value (SBV) 159,960
Answer: 94.62% or 95% (rounded)
2. Compute for the Estimated Audited Value (EAV) or estimated population audited value (EPAV)
= ratio x Population Book Value (PBV)
= 0.9462 x P380,000
Answer: P359,556

3. Compute for the sample misstatement

= SAV – SBV
= P151,360 – P159,960
Answer: P8,600 overstated

4. Compute for the projected misstatement

= EPAV – PBV
= P359,556 – P380,000
Answer: P20,444 overstated

419
Chapter Eleven – Basic Audit Sampling Concepts

Difference estimation
1. Compute for the average difference between SAV and SBV
= Average or mean audited value – Average or mean book value
= P76 – P80
Answer: P4 overstated

2. Compute for projected misstatement

= Average difference (number1) x number of items in the population
= P4 x 4,800 accounts
Answer: P19,200 overstated

3. Compute for the EPAV

= PBV ± projected misstatement
= P380,000 – P19,200 overstatement
Answer: P360,800

Mean-per-unit (MPU) estimation

1. Compute for EPAV
= Average or mean audited value x number of items in the population
= P76 x 4,800 accounts
Answer: P364,800

Note: Assume that there is an allowance for sampling risk amounting to ±P40,000, then the
EPAV would be in the range of P324,800 and P404,800.

Probability-Proportional-to-Size (PPS) Sampling

Sample selection of individual peso amounts in a population by the use of random or
systematic sample selection. PPS sampling is a sampling technique that uses attribute a
sampling theory to evaluate the results when a large number of transactions are captured within
a single account. In PPS sampling, the auditor randomly selects individual pesos from a
population and then audits the balances, transactions, or documents – called logical units – that
include the pesos selected. Each peso in the population has an equal chance of being selected,
but the likelihood of selecting any one logical unit for testing is directly proportional to its size.
PPS sampling is most appropriate when no errors are expected (although it is also appropriate
when one or few errors are expected); and testing for overstatement (normally for assets and
income).

420
 Auditing and Assurance Principles

Evaluating the Sample Results

The auditor should evaluate the sample results to determine whether the assessment of
the relevant characteristic of the population is confirmed or needs to be revised 8. In the case of
tests of controls, an unexpectedly high sample error rate may lead to an increase in the
assessed risk of material misstatement, unless further audit evidence substantiating the initial
assessment is obtained. In the case of tests of details, an unexpectedly high error amount in a
sample may cause the auditor to believe that a class of transactions or account balances is
materially misstated, in the absence of further audit evidence that no material misstatement
exists.
If the total amount of projected error plus anomalous error is less than but close to that
which the auditor deems tolerable, the auditor considers the persuasiveness of the sample
results in the light of other audit procedures, and may consider it appropriate to obtain additional
audit evidence. The total of projected error plus anomalous error is the auditor’s best estimate of
error in the population. However, sampling results are affected by sampling risk. Thus when the
best estimate of error is close to the tolerable error, the auditor recognizes the risk that a
different sample would result in a different best estimate that could exceed the tolerable error.
Considering the results of other audit procedures helps the auditor to assess this risk, while the
risk is reduced if additional audit evidence is obtained.
If the evaluation of sample results indicates that the assessment of the relevant
characteristic of the population needs to be revised, the auditor may:
1. Request management to investigate identified errors and the potential for further errors,
and to male any necessary adjustments; and/or
2. Modify the nature, timing and extent of further audit procedures. For example, in the
case of tests of controls, the auditor might extend the sample size, test an alternative
control or modify related substantive procedures; and/or
3. Consider the effect on the audit report.

8
PSA 230, par. 54

421
Chapter Eleven – Basic Audit Sampling Concepts

Summary of Learning Objectives

1. Define audit sampling. Audit sampling (sampling) involves the application of audit
procedures to less than 100% of items within a class of transactions or account balance
such that all sampling units have a chance of selection.
2. Explain the different risk consideration in obtaining audit evidence. When testing
less than 100% of the items in a population, the audit is subject to sampling risk. Even if
the auditor tests 100% of the population, the auditor still has to contend with non-
sampling risk. As a rule, sampling risk is reduced by increasing the sample size, while
non-sampling risk is reduced through proper planning and supervision of the audit work.
Sampling risk may apply to tests of controls (risk of overreliance and risk of
underreliance) and to substantive tests (risk of incorrect rejection and risk of incorrect
acceptance).
3. Differentiate statistical from non-statistical sampling. Statistical sampling involves
the use of probability theory allows for the measurement of sampling risk. Non-statistical
sampling relies on subjective judgment to determine sample size and evaluate sample
results.
4. Discuss sampling approaches and other means of testing. Sampling approaches
may be statistical or non-statistical. Other means of testing include 100% examination,
selecting specific items, or audit sampling.
5. Illustrate sampling for tests of controls. Sampling for tests of controls usually involves
the use of an attribute sampling plan. Under this plan, the following procedures are
performed:
a. Determine the objective(s) of the test.
b. Define the attribute and deviation conditions.
c. Define the population.
d. Choose an audit sampling approach/technique.
e. Determine the sample size and sample selection method.
f. Perform the sampling plan.
g. Evaluate sample results.
h. Comply with documentation requirements.
6. Illustrate sampling for substantive tests. Sampling for substantive tests usually
involves the use of a variable sampling plan. Under this plan, the following procedures
are performed:
a. Determine the objective(s) of the test.
b. Define “fair presentation” and “material misstatement”.
c. Define the population.
d. Choose an audit sampling approach/technique.
e. Determine the sample size and sample selection method.

422
 Auditing and Assurance Principles

f. Perform the sampling plan.

g. Evaluate sample results.
h. Comply with documentation requirements.
7. Discuss the common projection techniques for sampling in substantive tests. The
common projection techniques used for sampling in substantive tests are: difference
estimation and ratio estimation. Difference estimation is used to measure the estimated
total misstatement amount in a population when there is both a recorded value and an
audited value for each item in the sample. Ratio estimation is similar to difference
estimation except that the point estimate of the population misstatement is determined
by multiplying the portion of sample amount misstated times the total recorded
population book value. Under mean-per-unit estimation, the auditor is concerned with
the audited value rather than the misstatement amount of each item in the sample.
8. Define PPS sampling. In PPS sampling, the auditor randomly selects individual pesos
from a population and then audits the balances, transaction, or documents – called
logical units – that include the pesos selected. Each peso in the population has an equal
chance of being selected, but the likelihood of selecting any one logical unit for testing is
directly proportional to its size.
9. Identify other sampling consideration. PSA 530 (Redrafted) includes the following
consideration when performing audit sampling:
a. Nature and causes of errors
b. Projecting errors
c. Evaluating sample results

Important Terms and Concepts

100% Examination Population
Anomaly Probability-proportional-to-size (PPS)
Attribute Projection
Attributes sampling plan Random-number sampling
Audit risk Ratio estimation
Audit sampling Risk of assessing control risk too high
Block selection Risk of assessing control risk too low
Control risk Risk of incorrect acceptance
Detection risk Risk of incorrect rejection
Deviation Risk of material misstatement
Difference estimation Sampling risk
Discovery sampling Sampling unit
Expected error Selecting specific items
Error Sequential sampling
Haphazard sampling Statistical sampling
Inherent risk Stratification
Mean-per-unit estimation Systematic sampling
Misstatement Total error
Non-sampling risk Value-weighted selection
Non-statistical sampling Variables sampling plan

423
Chapter Eleven – Basic Audit Sampling Concepts

400