What is Audit Sampling?
Why do auditors use audit sampling to determine material misstatements in financial statements? Why not just test every single item and every transaction? Many people often think that auditing every single transaction is ideal, but that is actually not the case. Sampling can be defined as the process of examining only part of a set of data/population, sufficient to gain reasonable assurance regarding the entire data/population.
Auditors use sampling mainly because they are not seeking absolute certainty – instead, they are looking for reasonable assurance. Additionally, examining all data may still not provide absolute certainty. Consider the completeness assertion: even if we audit everything, we don’t know if we actually are auditing everything, because there may be transactions that are missing from the general ledger. Finally, there are cost-benefit reasons for using sampling.
Sampling Risk and Non-Sampling Risk
Auditors always try their best to pick a sample that is representative of the population. However, it is not always possible to get a truly representative sample, due to bad luck or pure errors in judgment. Let us clearly understand the difference between sampling risk and non-sampling risk.
|Sampling Risk||Non-Sampling Risk|
|The risk that the auditor reaches an incorrect conclusion because the sample chosen is not representative of the population from which it was drawn||The risk that the auditor reaches an incorrect conclusion for any reason not related to sampling risk|
|The proper sampling method was selected and applied but failed to uncover material misstatements (i.e. unlucky)||Results from auditor failure (lack of due care)|
|Occurs because of the nature of sampling. Auditors can reduce sampling risk but cannot eliminate it entirely||Failure to apply effective or appropriate procedures (i.e. doing the wrong procedure)|
|Sampling risk can be reduced by giving every item an equal chance of selection and/or increasing sample size||Non-sampling risk can be reduced by increasing auditor competence and enhancing supervision of staff.|
Statistical vs. Non-Statistical Sampling
When auditors use sampling, they can choose one of two methods: the statistical approach or the judgmental (non-statistical) approach. The statistical approach uses computer-based technology to come up with sample size numbers and randomly select items from the population. The judgmental approach, on the other hand, employs the auditor’s judgment and experience to come up with a sample size. There are advantages and disadvantages to using each method:
|Statistical Method||Non-Statistical Method|
|The results are objective and defensible because they are clear mathematical results||Avoids the time-consuming and expensive preparatory work and population studies that are required for statistical sampling|
|The audit work is more consistent (less likely to decrease the sample size base on a time budget)|
|Sampling error, also known as further possible misstatements (FPM), can be quantified|
|Avoids over-auditing. Typically for the non-statistical method, there is a tendency to over-audit in case the sample size is too small.|
|Not auditor-specific||Allows for the auditor’s experience and judgment (i.e. more flexible)|
There are numerous kinds of sampling methodologies, two of which are variable sampling and attribute sampling. Variable sampling is typically used for substantive procedures, such as when performing tests of details of balances, while attribute sampling is typically used for tests of internal controls. Attribute sampling is used to estimate the proportion of items in a population that contain a specified attribute of interest.
For example, let’s say that one internal control that the client employs is that two signatures are required to approve a vendor payment. By choosing a sample of 20 items, it was identified that 3 out of 20 failed to follow the internal control because they either contained only one signature or included the wrong signatures. The sample exception rate is 3/20 = 15%, and let’s assume that the auditor’s tolerable exception rate is 6%. Because the sample rate is greater than the tolerable rate, the control risk is assessed to be higher than it was originally estimated to be.
We hope you have enjoyed reading CFI’s guide to audit sampling. CFI offers the global Certified Financial Analyst program. To learn more, see the following CFI resources.