Audit Sampling--A Practical Approach

By Donald A. Schwartz, JD, CPA, National University, San Diego, CA

Thou shalt gather sufficient competent evidential matter to afford thee a reasonable basis for an opinion...--the 3rd auditing commandment for
fieldwork.

Katherine Smith, CPA, has been engaged by Media Enterprises to perform a financial statement audit of Tri-City Publishing Co., a family-owned newspaper publishing company Media is planning to acquire. In planning the audit of the $1,650,000 account's receivable balance, Smith finds there are approximately 950 accounts with positive balances. Of these, all but a handful are relatively small amounts, averaging under $1,500.

Though Smith has never had occasion to use statistical sampling, she feels that under these circumstances (first-time audit, Tri-City's motivation to maximize profits, Media's reliance on Smith's opinion), a statistical approach would likely provide greater assurance and better workpaper documentation to support having gathered "sufficient competent evidential matter," than the purely judgmental approach she normally uses.

Diligently reviewing a guide to audit sampling, Smith is reminded of a statistical sampling method called probability- proportional-to-size, a name she vaguely remembers from her college days. PPS sampling, states the guide, is generally easier to use than classical variables sampling, and may be especially useful for accounts receivable. Ideal! But when she reads about the tedious adding machine process (adding machine process?) for selecting the sample, her enthusiasm begins to wane. It disappears altogether when she gets to the part that reads...

One approach to calculating the allowance for sampling risk is to rank the projected misstatements in descending order and calculate the incremental allowance for sampling risk for each misstatement by 1) multiplying the projected misstatement for each misstatement occurring in a logical unit a recorded amount that is less than the sampling interval by the incremental change in the reliability factor and 2) subtracting the related projected misstatement.

That does it. It's back to low-tech judgmental sampling for Katherine Smith-- she will be relying entirely on her own professional judgment in deciding on a sufficient sample size and in applying test results to the population. (While such an approach is often called judgmental sampling, a better descriptor would be unstructured nonstatistical sampling, since even statistical sampling is preponderantly judgmental.)

What Smith, and many diligent practitioners like her, may not realize is that the two extremes, statistical sampling and unstructured nonstatistical sampling, are not their only choices! There is a middle ground. In the 1994 edition of their book Audit Sampling­An Introduction, authors Dan Guy, Douglas Carmichael, and Ray Whittington point out that there are two distinctly different approaches to nonstatistical sampling, a formal or structured approach, and an informal or unstructured approach. A structured approach to nonstatistical sampling is presented in the Accounting and Audit Guide on Audit Sampling (AICPA, 1983). That guide has recently been revised and expanded to include a number of rule-of-thumb formulas and illustrative worksheet forms. It will soon be issued as an Auditing Procedures Study, which is a nonauthoritative practice aid.

By basing the determination of sample size and the evaluation of the sample results on the underlying mathematics of a statistical plan, structured nonstatistical sampling offers much the same benefit as statistical sampling, in essence, greater confidence and objectivity--but without the rigorous requirements imposed by statistical sampling.

Structured Nonstatistical Sampling--With an Assist from the Computer

Presented here is the middle ground, the structured nonstatistical approach, as expanded and illustrated in the new Auditing Procedures Study. It is presented in the context of a computer spreadsheet model that contains worksheet forms (input screens), lookup tables, and arithmetic formulas similar to those presented in the study. When the user responds to the input prompts, the program instantaneously displays the results, such as sample size and projected misstatement. When completed, the worksheet screens are printed in the form of workpaper documentation, as illustrated in the exhibits that follow.

In offering rules-of-thumb for determining tolerable misstatement, sample size, and the like, there is the danger some users might apply them in rote mechanical fashion--that is, without adequate consideration of important qualifiers such as inherent risk factors, population characteristics, and the like. The Auditing Procedures Study incorporates appropriate qualifiers throughout its discussion. Correspondingly, the computer program provides "help screens" to identify important factors to be considered before adopting the results of a particular table or
formula.

The Process

The process for the substantive testing of a large population normally includes the following:

* Identify the individually significant or key items to be audited 100%.

* Decide whether the audit of all individually significant items is sufficient, or if the remaining population should be
tested, whether by analytical or other substantive test procedures, or by audit
sampling.

* If sampling of the remaining population is needed, design an effective sampling plan.

By definition, an individually significant item is one in which a potential misstatement could individually equal or exceed the tolerable misstatement amount. Thus, the individually significant item threshold amount should never be greater than the tolerable misstatement amount--though it can be any amount that is smaller. In turn, tolerable misstatement is essentially planning materiality at the account balance or class-of-transactions level. Appendix C of the Auditing Procedures Study explains each of these three concepts, and provides rule-of-thumb tables and percentages to aid the auditor in determining an appropriate amount for each of the three. The computer model uses similar tables and percentages in arriving at rule-of-thumb amounts for planning materiality, tolerable misstatement, and individually significant (key item) thresholds.

Assuming all individually significant items will be examined, the auditor must then decide whether to sample the remaining population. If the remaining balance can be adequately audited by other procedures such as analytical procedures, or if the auditor considers the risk of material misstatement in the remaining balance to be sufficiently low to justify omission of audit procedures altogether, sampling of the remaining balance may not be necessary.

If the auditor decides a sampling of the remaining balance is necessary, the sampling process can be summarized as
follows:

1) Determine an appropriate sample size.

2) Select and examine sample items.

3) Evaluate the sampling results: project the misstatement in the account balance, and take appropriate action.

Sample Size

The auditor must decide how large a sample is needed to assure an acceptably low sampling risk. In the case of a structured nonstatistical sampling plan, the following elements need to be considered:

* The tolerable misstatement amount,

* The degree to which the auditor is relying on this procedure (e.g., confirmation of accounts receivable balances) to test the targeted assertions (e.g., existence and gross valuation).

* The auditor's assessment of inherent risk (expressed in the computer model as LOW, MODerate, or MAX) and control risk (expressed as LOW, MOD, SBM, or MAX. SBM refers to slightly below maximum).

Since tolerable misstatement and reliance on this procedure have already been determined in arriving at the individually significant or key item amount, the assessments of inherent and control risk are the only remaining variables. The illustration in Exhibit 1 shows the workpaper for key item amount and sample size after Smith entered max for the assessed level of inherent risk, and SBM (slightly below maximum) for the assessed level of control risk.

The computer model uses a table to combine the inherent risk and control risk into a single combined level of inherent and control risk. Based on this combined level of inherent and control risk, an appropriate "risk factor" is selected from a lookup table and applied to the population amount (in this case, the $1,175,500 remaining receivable balance) divided by the tolerable misstatement ($50,000), to arrive at a sample size of 63 items out of a stratified population of 943 items.

By stratifying a population into two or more groups or strata, a smaller sample will be required. In most cases, it is practical to stratify the population into two strata--one stratum to contain larger amount items, the other to contain smaller amount items. The dividing point is the mean or average item amount.

Select and Examine

Though nonstatistical sampling does not require the use of a random-based selection method, random number selection offers the greatest likelihood of a representative sample, since each item in the population has the same mathematical probability of being selected.

Having defined what she would consider to be a misstatement, Smith then selected and examined the sample, investigated differences, documented her findings and summarized them as shown in the table below.

Evaluate the Results and Project the Misstatement

Earlier, in the planning phase of the audit, Smith had applied rule-of-thumb percentages to arrive at planning materiality and tolerable misstatement. This being a first-time audit, Smith decided to use a somewhat smaller amount for tolerable misstatement ($50,000) than the amount suggested by the rule-of-thumb tables. After investigating the differences indicated by customer responses to confirmation requests, Smith found one $3,280 misstatement among the 42 sample items selected from the 205 larger balances contained in Stratum 1; she also found two misstatements totaling $530 among the 21 items selected from the 738 smaller balances contained in Stratum 2. The question now is whether Smith's findings support the $1,175,500 remaining balance of accounts receivable. Or, does the $3,810 of misstatement found in the sample suggest an unacceptably high risk that misstatement in the $1,175,500 exceeds the tolerable misstatement of $50,000?

In this regard, SAS 39 (AU 350) states, "The auditor should project the misstatement results of the sample to the population from which the sample was selected." The computer-produced workpaper shown in Exhibit 2 illustrates this process and shows that, indeed, after considering a suitable (rule-of-thumb) allowance for sampling risk, the results of the sample suggest there may be too high a risk of material misstatement. An accompanying "help screen" provided Smith with guidance as to possible courses of action.

Advantages of Structured Nonstatistical Sampling

In situations where audit sampling is appropriate, a structured nonstatistical sampling approach could provide the best of both worlds; i.e., the advantages of statistical sampling without its high degree of rigor or cost. In their book on audit sampling, Guy, Carmichael, and Whittington refer to practical advantages reported by auditors using statistical sampling. These same advantages apply to structured nonstatistical sampling as well:

* Less likelihood of overauditing or underauditing,

* Audit work is more objective and defensible,

* Better working paper documentation, and

* Greater confidence by the auditor in his or her audit opinion.

Later in the book, the authors suggest the following additional advantages to the structured approach in comparison to unstructured nonstatistical sampling:

* Whereas staff personnel can be trained in the structured approach, there is essentially no systematic way to train personnel in the use of an unstructured approach. Under the latter, "an auditor can gain some sense of the qualitative relationships among sample size and the factors that SAS 39 (AU 350) requires to be considered only through experience."

* A structured approach affords greater consistency and uniformity which, in turn, results in more reliable estimates of audit hours and fees.

* In a peer review, the workpapers will clearly demonstrate compliance with the requirements of SAS 39 (AU 350), which apply to all audit samples.

* It is more likely the auditor will recognize unacceptable sampling risk.

Although the sampling process is not complicated, technical jargon may make it appear so to the first-time user. By delegating the technical aspects of audit sampling to the computer, the auditor is left with those judgment calls, such as tolerable misstatement threshold and risk assessment, that need to be addressed regardless of which approach is adopted.

Moreover, if client data can be downloaded into the sampling software, the computer can analyze the data for optimization of the individually significant (key item) amount, stratify the population, consecutively number the population items, generate random numbers and select the sample items, apply a probability-proportional-to-size selection method where appropriate, and perform other procedures that can further reduce audit time substantially. *

The computer program referred to in this article is available under Downloads on the home page of The CPA Journal (http://www.cpaj.com).

EXHIBIT 1

WORKPAPER FOR KEY ITEM AMOUNT AND SAMPLE SIZE

---

EXHIBIT 2

WORKPAPER FOR EVALUATION OF TEST REULTS