 Hello, and welcome to this session in which we would look at attribute sampling and how to compute the sample size. This is an extremely important topic on the CPA exam and in your auditing course. Understanding what attribute sampling, which is something that relate to internal control, is extremely critical for your success on the CPA exam. Now, if you are studying for your CPA exam or if you are an accounting student, by all means, check out my website, farhatlectures.com. I don't replace your Becker, Roger, Gleam or Wiley or any other CPA course. I don't intend to do so. What I can be is a useful addition to your CPA review course. I can add 10 to 15 points to your CPA exam score by explaining the material a little bit more in details, slower, I don't assume any prior knowledge. So here's your risk. If you want to try me out, my subscription is $29.99. You can try it for a month, see if it helps. I mean, you can look at this recording and see if it's going to help you or not. That's your risk. Your potential gain is passing the exam. Are you willing to take that risk? So this is the difference between me and a CPA review course. I move much slower, much more in details. I don't assume anything. And please check out my website. If not for anything, just to check out how well is your university doing on the CPA exam. I do also have other accounting, tax and finance courses. Please connect with me only then and only then you can see review by other students who use my system to pass the exam recommendations and reviews by students. Please like this recording and share it. Connect with me on Instagram and Facebook. So the first thing we want to know about attribute sampling, once you hear the word attribute, think about internal control. We talked a lot about internal control in this session. In this session specifically, we're going to be looking at internal control from a statistical one. We test internal control. So why do we need to test internal control? What's the purpose of this? Why do we bother testing internal control? Well, the reason is to determine whether we are going to rely or not rely. So simply put, are we going to rely on the internal control or are we not going to rely? Now, we're going to go back to this RMM, risk of material misstatement, and basically back to the audit risk model. And hopefully you remember this, but I'm going to just review it with you real quick. Remember, the audit risk model is AR, the audit risk equal to... And if you don't know this, please go back to that recording, control risk times inherent risk times detection risk. And remember, control risk and inherent risk, they're called risk of material misstatement. And remember the relationship between RMM and detection risk, they are inversely related. When one goes up, the other one goes down. Basically, if you want to imagine this on a seesaw, if this is RMM and this is detection risk, when this goes up, let me show you in a different color. If this goes up, detection risk goes down. And the opposite is true. If RMM goes down, detection risk goes up. Detection risk goes up. So make sure you want to know the relationship and you want to know a lot about the audit risk model because it's part of your CPA exam. But I covered this in a separate recording, but make sure to know the basic relationship just for the purpose of this recording. So we are counting on the internal control. So if we decided to rely on the internal control, then we are relying, we are counting on it. Why? So why do we do all of this? We'll try to reduce our substantive testing. If their internal control is good, we have, we do less work. We do less work from our perspective. So we only test the control. We only test the control if we believe they are properly designed and obviously working. If they are not designed, properly designed and properly working, we don't look for failing control. We just ignore the control and we don't rely on the internal control. If we believe they have good control, we will test them. So auditors are interested in the following type of exception and attribute sampling. We're looking for any deviation from the client established controls. So the client says, this is our internal control. Look at them. See if they are designed properly. See if they are working properly. Now what we're looking for is we are looking to see how well they are working properly. We're looking for any deviation, any instance where they are not working properly. Like what are we looking for? Examples of attributes. Well, are we looking to see if all credit sales are approved by someone other than the person making the sales? So this is a good internal control, whether it's yes or no. If it's yes, that's good, but we want, the design is good, but can we see a proof for every sales on credit? We have this approval. Does shipment of goods always come before billing? Do we ship? Then we build. Well, we have to look at documents to find out if that's happening or not. Are all checks authorized signed by an authority person? Or can anybody else sign the check? We need to look at the checks to find out. We need to inspect the checks. Are good only purchased from approved vendors? And all the answers usually in the internal control in the real world, it has to be yes. Now they are yes, but you have to collect the evidence to find out if there's any deviation from what they are doing. So the design is good. Are they working properly in the real world? Okay, so this is the basic idea. Now we have to learn about important, extremely important concept starting now until the end of this recording about sampling for internal control. When we do sampling, when we do testing of internal control, we're going to learn about terms that we use during the planning phase and some terms that we use when we're actually conducting the sampling and evaluating the results. So this is the planning phase. So we have three terms here that we have to be familiar with. The first term is the tolerable exception or deviation rate, TER or TDR, and that's said by the auditor. In some textbook, they call them tolerable exception rate and some tolerable deviation rate and different CPA review companies, they call them differently. Basically, it's the exception rate. It's a percentage. Rate means it's a percentage that the auditor will permit in the population and still be willing to conclude the control is operating in the transaction established during planning is acceptable. So simply put, how much are we willing to tolerate and errors and deviation from that control and still think that the control is good. Okay, now we're going to set different exception rate for different controls. Now, the higher we set this rate, the easier to clear the control. Simply put, if we say we're going to set the deviation rate at 3% versus 10%. 3% means that control is important. We cannot tolerate a lot of mistakes. Let's assume we're dealing with transaction that has high value. Well, we cannot tolerate any errors 3%. If we are dealing with an internal control that's not as important, we might be able to tolerate set the tolerable deviation rate at a higher rate. So we have to understand how this affects the sampling. If we choose a lower tolerable exception or deviation rate, it means more work we have to do. So simply put, make sure you take notes of this. We're going to at the end look at how all of these effects sampling, but simply put, lower TR, it means more and more sampling. And the opposite is true. If you're willing to tolerate more, then you don't have to do more work. You will do less of it. For the purpose of our example, because I'm going to go through a comprehensive example, make a note of it, our tolerable exception rate is 7%. We set it at 7%. Again, we set this rate. We're willing to accept 7% in this control and still think it's working properly. The second concept, the acceptable risk of overreliance or ARO. We need to understand what this is. It's the risk. It's the risk that the auditor is willing to take, accept, willing to take of accepting a control as effective when the true population exception is greater than the tolerable exception rate. So remember, you set the tolerable exception rate at 7%. Now you're going to sample. And when you sample, you take a risk. The true population exception could be 12%. You don't know. If you know the true population exception, then why do all the sampling? You don't know this true population sample. That's the problem. The problem is you don't know the true population sample. So here you are really taking a risk. That's the problem. You are taking a risk. Let me just highlight what I need to highlight here. You're taking a risk. So why do we set it at 0, 5, or 10? What does that mean? If we set this ARO at 0, which is we don't, but if we set it at 0, it means we cannot take any risk. What does that mean? It means you have to order to look at everything 100%. But you don't do so. That's why I chose 0, just to kind of give you the idea that if you set my ARO at 0, it means look at everything. Now, let's move from 0 to 5%. What does that mean? 5%. It means you are taking a 5% chance. You could be wrong. You could be wrong. You are taking a 95% chance that your numbers are good. Your numbers are good. Let's assume you go from 5% to 10%. Now, you are taking more of a chance. Now, you are saying I am 90% confidence that what I'm doing when I'm testing this internal control, my true population rate is not higher than the tolerable exception rate. I'm taking a 90% chance. Well, if you take a more chance, if you take more chance, you can lower your sample because you are taking more of a chance. If you said, you know, I'm willing to my ARO to be 20%, well, guess what? I could be 20% wrong, but I am willing to accept that risk. Okay. Therefore, I don't have to do a lot of work. So higher ARO, the lower is the sample. The lower is the sample. And usually that will be given to you whether you are a college student or a CPA candidate that the table will be given to you. Now we have to deal with something called estimated population exception rate. What is that? Again, it's a percentage. It's the exception rate. It's a percentage that the auditor expect to find in the population before testing. They would say we're going to expect to find a certain number. Now, the higher we expect to find, generally speaking, it will drive our sample up. So if we expect to find more errors, we're going to have to have a higher sample because there's a lot of errors in this population. This usually drives the sample higher and the opposite is true. Now, can it be more? Can this number, can EPER, the expect estimated population rate, can this number be higher than tolerable exception rate? If it is higher, don't sample this. You cannot rely on the control. So if we set the ER at 7%, if we accept 10%, then don't do any work. If you expect to find 10% and you can only tolerate 7%, you just say, I'm not going to use those internal control because I cannot tolerate more than 7% and I expect to find 10%. So that cannot be the case. For the purpose of our example, we're going to set it at 4%. So remember, the TER is 7% and the estimated population exception rate is 4%. Because we're going to go back and look at these numbers, so I want you to copy them there. Now we're going to look at terms that we use sampling terms in the evaluation phase. And we're going to be assuming we're going to be working with a sample of 100 and soon we're going to learn how to compute that sample. Sample of 100. First, we have to know the exception. How many exception or errors did we find exceptions or exceptions or errors? We could find more than one error. So for our purposes, we're going to say the exception from our attribute and the sample is 1. Now we have a sample of 100, a count receivable. We're looking for the manager's approval, credit manager's approval for the sale and we find one sale where the manager did not approve it. 100 samples, 1. Now we're going to be computing the exception deviation rate. Rate is a percentage. Simply put, it's the percentage of item in a population that include the deviation. So 1 over 100, which is for the purpose of our sample is 1%. Okay? 1%. Now we need to compute something called the computed upper deviation rate or cure. How do we compute cure? What is cure first? What is cure? Cure is the upper limit of the probable population exception rate. So because we are sampling, remember, we selected 100 of, I don't know how many, maybe 1000. We did find 1%. But this is only sampling. So we, because we're sampling, there could be more mistakes. How do we find the probability of having more mistakes? What's the highest exception rate in the population giving an ARO? Now this one we have to compute. There's a table and not compute, we have to find in a table. So let me show you how to find this number in the table. So this is the table. First of all, make sure you are using the, especially on the CPA exam. We are using an ARO of 5%, 5% of risk of over reliance. The sample size we are dealing with, here's the sample size is 100. And actual number of exception found is 1 and the rate is 4.7. Simply put, what we can say is the upper deviation rate or the upper exception rate is 4.7. It means this is the probability because again, we sampled, but we're going to assume, although we found one, we could have up to 4.7. This is what's our upper exception rate. Okay, we found one, but we could go up to 4.7. Now, once you have this number, as long as this number, okay, if the TDR, tolerable exception rate is higher, we accept, remember the TDR or the TER, what we said, we can tolerate 7. And what we're saying here, we found one, but we think it could be 4.7. Guess what? We are still below what we can tolerate. Therefore, we accept the control as working properly. We accept the control as working properly. Now, we need to learn how to find a sample in attribute sampling. How to find a sample, but here's the formula in the sample equal to R divided by TER, tolerable exception rate. Now, what is R? R is something called the precision factor. How precise do we want to be? Let's think about this number. So we're going to take a number divided by tolerable exception rate and find the sampling. Okay, how precise do you want to be? How precise do you want to be? Let's think about it. Let's assume you are working in the election and you want the election results, your sample to be plus or minus 2%. So you are willing to be precise within 2%, plus or minus 2%. Well, let's assume you want to be plus or minus 1% rather than 2%. What do you have to do if you go from 2 to 1? Well, if you go from 2% to 1%, you want to be more precise. What's going to happen is you're in your sample that's going to go up. If you want to be more precise, you have to do more work. You have to do more sampling. Let's assume you're willing. They said, don't worry, you can be within 10% precise, which is not really precise at all. Then you don't have to go out there and collect more samples. You could collect less samples and simply put, let's look at some figures just to see from a mathematical perspective. If r is 10 and the tolerable exception rate is 2, your sample size will be 5. Let's assume you are willing to take on more precision. If you get 10, 20 divided by 2, if you want to be more precise, if you go from 10 to 20, if you want to be more precise, your sample would equal to 10. If you want to be more precise, you want to have more samples. You collect more samples. Let's keep the n is the same, r is the same. Let's assume you're going to go from 2, you can tolerate, rather than 2, you can tolerate 5 exception rate. Well, guess what? Your sample goes down. Remember what we talked about earlier. If we can tolerate more mistakes, tolerable exception rate, if this goes up, remember n goes down. Make sure you know those relationships. Remember, when it comes to r, if you want to be more precise, you do more work. If you want to be less precise, you do less work. Make sure to know these relationships. And usually r is giving in another course, as well as on the CPA exam, it's a number that's giving. But remember, it's influenced by the expected deviation rate. The more deviation you find, the more you are going to sample. Now, remember, ter is the tolerable exception rate or the tolerable deviation rate. The same thing, again, depending on the textbook that you use. Now, let me show you how the sample size is affected using different factors. Let me go ahead into the next slide. Let's assume we are working with a 5% risk of overreliance. And let's assume, for the sake of illustration, we are dealing estimated population rate, exception rate, 1%. Okay, so we estimate the population exception rate to be 1%. Notice, what's the relationship between the expected population rate and the sampling? Notice, if we go from 1 to 2, and let's assume we are dealing with tolerable exception rate of 5. If we go from 1, 1, notice we need, for 1, a sample of 93. If the estimated population exception rate is higher, 2, notice we keep tolerable exception rate the same. We'll have, we'll need 153, not 181. No, it's 181. So notice, as EPER goes up, everything else is equal, your N will go up. Okay, if you expect to find more, if your estimated population expectation to have more errors, you have to widen your net. You have to collect more samples. Now, let's look at the tolerable exception rate. So notice, if we are dealing with an estimated population exception rate of 1, and now we're going to go from 3%, we can tolerate 3% versus 4%. If we go from 3% to 4%, notice, if our tolerable exception rate goes up, if we can tolerate more, we can accept less of an N. Notice, as we go move along, tolerable exception rate, as we're moving from 1 to 2 to 3 to 4 to 5, if we are willing to accept more, we have to do less work. We have to do less work. And the last thing I'm going to talk about, which is already talked about, is if you are relying 5% reliance or 10%, this is a table for 10%, 10% reliance. Let's go back. So let's assume we are dealing with, again, estimated population exception rate of 1, and the tolerable exception rate is 4. Therefore, our sample is 156, given a 5% risk of overreliance. And I'm going to go to the next slide. I'm going to go with 1 and 4, but I'm going to change the table. What do you think is going to happen? If I'm willing to accept more risk, I should have a lower sample. Let's see. So this is the 10% table, 1, 4. And notice, I only have to collect 96 sample versus 156. Notice, as my, the risk of overreliance goes up, I'm taking more risk. Therefore, my population, I have to do simply less, less work. So hopefully this recording, help you understand this important topic for your CPA exam. Like you cannot take any chances with this topic. I do, you know, you could view, I did work a couple examples about this. Make sure you view them. Make sure to know the relationship between all these accounts. But at the end of the day, not accounts, all these terms, at the end of the day, I would like to remind you to check out my website, or at lectures.com. Once again, I'm not going to replace your CPA review course. I explained this in details. So it will help you when you take your CPA review course. It will help you do a better job. And that's what I'll try to do. Think of me as the person that's prepping you for your prep course, for your CPA prep course. Study hard. Good luck and stay safe.