The auditor is frequently aware of account balances and transactions that are more likely to include errors. He takes this knowledge into account while constructing his methods, which include audit sampling. The auditor will typically have no specific knowledge of other account balances and transactions that, in his opinion, must be evaluated in order to meet his audit goals. Audit sampling is extremely helpful in these situations. Let’s see more about audit sampling methods, guidance, and examples that auditors can utilize in their auditing.
What is Audit Sampling?
Audit sampling is the application of an audit technique to a subset of an account balance or class of transactions. The sampling method employed should produce an equal chance of selecting each unit in the sample. The goal here is to assess some part of the information. When population numbers are huge, audit sampling is required since inspecting the entire population would be extremely inefficient. Audit sampling can be done in a variety of ways, including the methods listed below.
What Types of Audit Sampling Methods Are There?
When doing control tests in SOC 1 and SOC 2 examinations, four types of audit sampling methods are used. The type of population, how it was formed, and the population size can all influence the audit sampling approach used for testing. The four major types are as follows:
#1. Simple Random Sampling
Each unit has the same chance of being chosen. This type of sampling is readily achieved by assigning a number to each item in the population and then using a random number generator to select numbers from the population’s range at random (there are online tools for this, apps, and even Excel formulas can be used to generate random numbers).
#2. Systematic Sampling
This method picks samples based on internals calculated by dividing the population of units by the sample size. For example, if there are 250 items in the population and 25 will be chosen for testing, 250 divided by 25 equals 10, implying that every tenth item in the population will be chosen for testing.
#3. Random Sampling
Similar to simple random sampling, but without the aid of random number generators or tools, selections are made from the population without bias.
#4. Block Sampling
Represents contiguous population items, for example, the five most recent transactions in a population or the five most recent occurrences might be chosen for testing. Block sampling would entail testing the entire population.
So, every SOC evaluation should use one or more of these sampling methods for population testing. Only a walkthrough or query would be insufficient to examine all controls.
Other Auditing Sampling Methods
- Personal Opinion
The auditor chooses items based on her own opinion, maybe choosing items with higher monetary values or that appear to have a higher level of risk connected with them.
- Sampling stratification
The auditor divides the population into portions (such as high and low value) and then chooses from each section.
The Goal of Audit Sampling
Audit sampling must be employed regardless of whether the audit is internal, external, or government in order for auditors to finish their audits without spending resources scrutinizing every single item. The following are the audit sampling objectives:
- Collect enough evidence to form an audit opinion.
- Reduce the amount of resources you consume.
- Assist auditors in issuing a conclusive audit opinion.
- Detect any potential inaccuracies or fraud.
- Demonstrate that auditors completed their audit completely in compliance with auditing standards.
- It is utilized as a research tool
The Importance of Audit Sampling
It is not possible to audit and inspect every single item in the financial statements when auditing them. It will be quite expensive and will require a significant amount of money and time.
Audit sampling enables auditors to draw conclusions and give fair opinions based on predetermined objectives without having to examine all items in financial statements. The auditors will only verify selected things and will deduce their view on the total population of items through sampling.
Forms of Sampling
Sampling comes in two forms:
#1. Audit sampling based on statistics
Statistical audit sampling is a sampling methodology in which the auditor selects objects to be inspected using statistical methods such as random sampling. When there are a large number of objects or transactions on file, random sampling is performed.
So, consider a corporation that has over 100 inventory transactions on its books. Because of the large number of transactions, statistical sampling is advised.
For example, in statistical sampling, ten items are chosen at random from the overall population. As a result, every single item in the 100 has an equal chance of being chosen and checked for correctness. Again, auditors profit since they can still issue an audit opinion while not having to verify all 100 transactions.
#2. Audit sampling without statistical significance
Non-statistical audit sampling items are not chosen at random, as opposed to statistical audit sampling. They are instead picked based on the auditor’s discretion, and the results of the testing from the choices are not utilized to draw the conclusion for the full population.
In the previous example, ten inventory transactions can be used to get an opinion on all 100 transactions. Non-statistical audit sampling allows auditors to choose items based on criteria such as:
- The worth of objects (for example, items worth more than $100,000).
- Items containing particular information (e.g., items related to a certain company)
Explaining Auditing
Auditing is the process of verifying and examining a company’s financial records. Its purpose is to ensure that financial transactions are accurately and fairly reported on the books.
Because financial statements are created internally by businesses and organizations, there is a high danger of manipulation and fraudulent activity in the process.
Types of Auditing
Auditing is essential for ensuring that businesses present their financial statements fairly and honestly. Auditing is classified into three types:
- Internal Audits – Internal audits are undertaken by an organization’s internal staff, although they are typically not distributed outside of the corporation.
- External Audits – Because internal audits may be impacted by conflicts of interest, external audits are undertaken by outside parties who are perceived to have more neutral perspectives.
- Government Audits – Government audits are conducted by government agencies to guarantee that financial accounts are correct. In the United States, the Internal Revenue Service (IRS) conducts audits to ensure the correctness of taxpayers’ tax returns. The Canada Revenue Agency is the IRS’s Canadian counterpart (CRA).
The Importance of Auditing
Financial statements are created in accordance with accounting rules and are intended to give key decision-makers useful information. However, the information offered must be factual and balanced.
Auditing is necessary to verify that entities are not misrepresenting their financial statements and that relevant stakeholders are not making choices based on incorrect financial statements. It is critical for building confidence and efficiency in the financial system.
Sampling Methods: Statistical vs. Non-statistical
Statistical sampling necessitates the selection of samples at random, which is typically accomplished by utilizing a technology that generates random numbers. The aforementioned simple random sampling procedure would be classified as statistical sampling.
When selecting samples, non-statistical sampling allows an auditor to utilize professional judgment. When a population is very small, non-statistical methods make a lot more sense than investing time in setting up a statistical sample. While non-statistical sampling provides for auditor discretion, an auditor should always exercise caution when picking samples.
What is the Optimal Sample Size?
When establishing sample size, a variety of criteria must be taken into account.
- The population size being tested.
- The danger of control. All of the controls that the auditor has chosen to test are significant, but there is a spectrum of relevance for each control. It is critical to examine the effects (both qualitative and quantitative) if a control is not functioning properly.
- How many deviations/failures are acceptable in testing the specified control.
Examples of Audit Sampling
Example 1: You are given a population of all employees, which consists of 389 persons, and you want to ensure that all employees are receiving security awareness training. According to the table, if no variations are expected, the first sample size would be 25, and basic random or haphazard sampling would be used. If it is discovered that one of the 25 people chosen did not attend training, the sample will be increased to 40 people. If another variation is discovered, the sample will be increased to 60. However, if another deviation is discovered, sampling will be halted, and it will be decided that the control is ineffective.
Example 2: The controls being tested specify that a monthly reconciliation is conducted, and you want to ensure that it was completed and evaluated by a manager on a monthly basis. You would choose three months for testing. Using haphazard sampling, you would select three months from the year to test. Because the population is smaller, any deviations would represent a failure of the control’s operational effectiveness.
Summary
The AICPA’s guidance on audit sampling is quite detailed. SOC auditors should examine their audit sampling methods to ensure they are in accordance with AICPA guidance while conducting examinations.
Audit Sampling FAQs
Why do we do audit sampling?
Audit sampling enables auditors to draw conclusions and give fair opinions based on predetermined objectives without having to examine all items in financial statements. The auditors will only verify selected things and will deduce their view on the total population of items through sampling.
How do you determine audit sample size?
Some auditors adopt a rule of thumb of testing a sample size of around 10% of the population for populations between 52 and 250 items, although the size is subject to professional judgment, which would incorporate specific engagement risk assessment concerns.
What is population in audit sampling?
The term “population” refers to the whole set of data from which a sample is drawn and from which the auditor seeks to draw conclusions. A population is, for example, all of the things in a class of transactions or account balance.
Can internal auditors use sampling?
The internal auditor should choose sample items in such a way that the sample is representative of the population. This necessitates that all items or sampling units in the population have a chance of being chosen.