 in this presentation we will discuss audit sampling as it relates to internal controls anytime we think of sampling what we want to think of is that we have a population of first a word from our sponsor yeah actually we're sponsoring ourselves on this one because apparently the merchandisers they don't want to be seen with us but but that's okay whatever because our merchandise is better than their stupid stuff anyways like our trust me i'm an accountant product line yeah it's paramount that you let people know that you're an accountant because apparently we're among the only ones equipped with the number crunching skills to answer society's current deep complex and nuanced questions if you would like a commercial free experience consider subscribing to our website at accountinginstruction.com or accountinginstruction.thinkific.com of information we're trying to determine something or test something about that population we want to test not the entire population but some sample some subset of the population in hopes that we get information that is representative of the entire population and we can compare this oftentimes to things like polls if they're opinion polls people take opinion polls and you often read about opinion polls the opinion polls is going to be the opinion of some subset of a group that has been asked particular questions or characteristics in some format and the hope is that that poll is going to be representative of the entire population we are in essence doing the same things within an audit but within an audit we need to determine what the population it is that we're that we're trying to sample what the specific characteristic is that we are sampling and we will apply sampling to the controls oftentimes when we're testing the controls and then we might apply sampling to certain types of tests with regards to substantive tests so here we're thinking about audit sampling we're thinking about the tests of controls both statistical and non-statistical method of audit sampling are permitted by auditing standards we will talk more about what these two items are but just note that the statistical method is going to be a more precise type of method than a non-statistical method however it's going to be more costly in order to apply a statistical method so we'll get into more depth in the future on that note that in other words we would typically think that the statistical method would be the better method most of the times because it's more precise however non-statistical methods are still acceptable and may be appropriate given the circumstances the number of times an auditor needs to apply sampling techniques to gather audit evidence has gone down because of two developments well-controlled automated accounting systems and powerful audit software to download and examine entire populations of data in other words if we're testing types of items that are going to be very repetitive in nature if we have a well designed computer system then the computer system will be able to calculate that information with a high degree of accuracy whereas in the past if it was done by hand then we would have to go through and do more testing because it would be more likely that there would be more errors so the automation of things that are going to be systemized or standardized means that we can usually rely on the system and check to make sure that the inputs are correct and if they are and it's a very standardized or set process of calculations then the computer can be fairly relied on in terms of the control and less subset of tested less testing or less sampling than would be necessary we also have powerful software that can be used on the audit side which can download entire sets of information so in that case if we just basically were able to input entire sets of information as opposed to us manually going through that information and then set in the computer system that we are looking for certain criteria which are fixed then the computer if we have the those criteria that are very fixed and they're able for the computer to go through the computer can go through large amounts of data and look for standard sets of items that would be standardized for a computer to do if that's the type of testing that would be needed we can basically test the entire population given the fact that we have the computer power and we can basically give the inputs which are all standardized for the computer to do that type of information sampling is still necessary to some extent for the reasons below so we're not going to be able to eliminate all the sampling for example control processes often require human involvement so anytime you have human involvement if it's not just an automated type of system then there's going to be room for error and that means that we're going to have to go through the samples in order to do the testing in that circumstance testing procedures often require the auditor to physically inspect an asset so if the auditor has to physically inspect something then of course that's going to be something that has to be done by the auditor not automated in some cases auditors are required to obtain and evaluate evidence from third parties so third parties outside of the organization audit data analytics are only as good as the quality of the underlying data the data that goes into that system often the completeness accuracy and validity of the underlying data needs to be tested and sampling can be effective and efficient technique in other words once the data is in the system if it's going to be set to a set standard of control so the system can then process it from that point then the system is likely to take that data and do what is necessary in a systematic way but the input that's going to be going into the system then is where we would want to check because that's where the errors could happen because obviously the calculations that the computer will be going through will be only as good as the inputs that are put into that computer audit data analytics often identify a large number of potential exceptions that the auditor can test using sampling as well key concepts that will be included as we think about sampling will be the audit sample the sampling risk the confidence level and the tolerable and expected error looking at these terms in more detail started with audit sampling audit sampling selection and evaluation of less than 100% of items in a population of audit selected in such a way that the auditor expects the sample to be representative of the population and therefore likely to provide a reasonable basis for conclusion about the population in total so again audit sampling selection in evaluation of less than 100% of items within a population so we have a population which of course represents 100% we want to take something other than 100% of it because we don't want to test the entire population selected in such a way that the auditor expects the sample to be representative of the population so how do we do that the traditional way is to have a random kind of sample selection however we might use other types of methods depending what we are testing on so we but the key point here is it needs to be representative and therefore likely to provide a reasonable basis for conclusion about the population as a total so then we're going to test that subset and we're hoping that we can then apply that subset testing to the population in total then we have sampling to risk possibility that the sample drawn is not representative of the population so that's going to be one of the risks we have so if we have an entire population we pull a sample from it our hope is that that sample is representative just a smaller kind of representation of the entire population so that we can draw conclusions on the smaller sample taking less time that we can then apply to the entire population but if that sample is not representative of the entire population then we're going to have we're going to come to a problem we're going to come up to the wrong conclusion possibly so sampling risk has two types the first type of the sampling risk is in a test of internal controls it is a risk that the sample supports a conclusion that the control is not operating effectively when the reality is that it is operating effectively it is also called the risk of underreliance so let's go through that again in the test of internal controls it is a risk that the sample supports so the sample that we're testing supports the conclusion that the control is not operating effectively so we're going to say the control is not effective considering the sample when in reality it is operating effectively because it's not representative of the entire population as a whole that's going to be our problem in substantive testing it is the risk that the sample indicates that the recorded balance is materially misstated when the reality is it is not so in substantive testing then it is the risk that the sample indicates that the recorded balance is materially misstated problem materially misstated when the reality is that it is not now the the other side of it the other type would be of the sampling risk is In a test of internal controls, it is the risk that the sample supports a conclusion that the control is operating effectively, that it is operating effectively, when the reality is that it is not operating effectively. So in that case, we'd say the sample was wrong. We tested it because it wasn't representative of the entire population. We gave it a clean go here on the control when it was not good. This is also called the risk of overreliance. In substantive testing, it is the risk that the sample supports a recorded balance of supports the recorded balance. So basically says that it's not materially misstated when it is really materially misstated sampling risk factors in determining the sample size. So these are going to be factors to determine the sample size. If we're thinking about, okay, now we want to pick some size that's going to be smaller than the population so that we can test it. The question is, well, how big of a population do we need or how big of a sample size do we need in order to be representative of the entire population? So we have some components of that including confidence level, tolerable error and expected error. The confidence level represents the desired level of assurance in the results. So in other words, what's the desired level of assurance that we need? The tolerable error is the acceptable defect rate. So that's going to be the acceptable rate of defect. We'll get into a little more detail on these definitions shortly. And the expected error is the historical defect rate. Now we'll take a look at some of these in more detail starting with the confidence level. So the confidence level complement of the sample risk. For example, the auditor might set the sample risk for a particular sampling application at 6%. So if we set the sample risk at 6%, that means that the confidence level would be 94%, 100% minus the 6%. Tolerable and expected error. So the sample size is determined largely by how much the tolerable error, the amount of tolerable error is greater than the expected error. So tolerable error over the expected error or greater than the expected error, once the desired confidence level is established. Precision at the planning stage of the audit sampling, that's the difference between the expected and tolerable deviation rates and the allowance for sampling risk, that's going to be the term auditing standards used to refer to precision. So in other words, again, we're defining basically in essence precision at the planning stage of the audit sampling, that is the difference between the expected and tolerable deviation rates, the allowance for sampling risk, that's the term that auditing standards use to refer to precision.