Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 32 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
32
Dung lượng
181,5 KB
Nội dung
Module F - Attribute Sampling MODULE F Attribute Sampling LEARNING OBJECTIVES Review Checkpoints Exercises, Problems, and Simulations Identify the objectives of attribute sampling, define deviation conditions, and define the population for an attribute sampling application 1, 2, 3, 51, 53, 54, 55, 71 (partial), 73 (parts a – b), 74 (parts a – b), 75 (part a), 76 (partial), 77 (partial), 79 Understand how various factors influence the size of an attribute sample 5, 6, 52 (partial), 71 (partial), 72 (parts a – b), 75 (parts b – c), 76 (partial), 77 (partial), 78, 79 Determine the sample size for an attribute sampling application 8, 52 (partial), 60, 61, 62, 63, 64, 71 (partial), 72 (part c), 74 (part c), 75 (parts d – e), 80 (partial) Identify various methods of selecting an attribute sample 10, 11, 12 56 (partial), 57, 58, 59, 71 (partial), 73 (parts c-d), 74 (part d) Evaluate the results of an attribute sampling application by determining the upper limit deviation rate (ULDR) 13, 14, 15, 16, 17, 18, 19, 20, 21, 22 52 (partial), 56 (partial), 65, 66, 67, 68, 69, 70, 71 (partial), 72 (parts d – f), 73 (part d), 74 (parts e – g), 75 (parts f – h), 77 (parts g-h), 80 (partial) Define sequential sampling and discovery sampling and identify when these types of sampling applications would be used 23, 24 Understand how to apply nonstatistical sampling to attribute testing 24, 25 MODF-1 74 Module F - Attribute Sampling SOLUTIONS FOR REVIEW CHECKPOINTS F.1 Attribute sampling is a method of sampling used to determine the extent to which some characteristic (or attribute) exists within a population of interest Attribute sampling is used by the auditor in performing tests of controls to determine the operating effectiveness of internal control policies and procedures F.2 The auditor’s objective in attribute sampling is to determine the operating effectiveness of key controls that influence the financial statement assertions of interest As a result, the financial statement assertions ultimately determine which control(s) are tested and are the subject of the auditor’s attribute sampling application F.3 Deviation conditions represent situations in which key controls are not functioning as intended Deviation conditions are important in an attribute sampling application because they provide the auditor with evidence regarding the operating effectiveness of the client’s internal control F.4 An appropriate definition of the population is important because auditor conclusions can only be extended to the population from which the sample is selected F.5 a Sampling risk is the risk that the decision made by the auditor based on the sample is different from the decision that would have been made if the entire population were examined b The tolerable deviation rate is the maximum rate of deviations permissible by the auditor without modifying the reliance on an internal control policy or procedure c The expected deviation rate is the anticipated rate of deviations in the client’s internal control policies or procedures The sampling risk and tolerable deviation rate are determined judgmentally by the auditor based on the planned level of control risk (as the planned level of control risk is lower, the sampling risk and tolerable deviation rate should be lower) and the desired level of assurance The expected deviation rate is assessed by the auditor based on either prior experience with the client (for recurring engagements) or a small pilot sample of controls (for first-year engagements) F.6 The risk of assessing control risk too high (risk of underreliance) occurs when the auditor’s sample indicates that the control is not functioning effectively when, in fact, it is functioning effectively When this risk occurs, the auditor’s adjusted sample deviation rate exceeds the tolerable deviation rate However, unknown to the auditor, the true population deviation rate is less than the tolerable deviation rate The risk of assessing control risk too low (risk of overreliance) occurs when the auditor’s sample indicates that the control is functioning effectively when, in fact, it is not functioning effectively When this risk occurs, the auditor’s adjusted sample deviation rate is less than the tolerable deviation rate However, unknown to the auditor, the true population deviation rate exceeds the tolerable deviation rate MODF-2 Module F - Attribute Sampling F.7 The risk of assessing control risk too low is more important because this risk may result in a less effective audit being performed That is, the auditor may not perform a sufficient level of substantive procedures upon which to base the opinion on the financial statements F.8 a Sample size has an inverse relationship with sampling risk; that is, as the acceptable sampling risk decreases, sample size increases F.9 b Sample size has an inverse relationship with the tolerable deviation rate; that is, as the tolerable deviation rate decreases, sample size increases c Sample size has a direct relationship with the expected deviation rate; that is, as the expected deviation rate increases, sample size increases In an attribute sampling application, the sample size is determined as follows: Based on the acceptable level of the risk of assessing control risk too low, select the appropriate sample size table Identify the row of the table corresponding to the expected deviation rate for the control being examined Identify the column of the table representing the assessed tolerable deviation rate for the control being examined Determine the sample size by identifying the junction of the row from step (2) and the column from step (3) F.10 When selecting sample items, the auditor should take steps to ensure that the sample is representative of the population from which it is drawn For example, the auditor should select potential applications of control procedures performed throughout the year, performed for larger and smaller dollar amounts, performed by different individuals, and related to transactions with different parties or individuals in different geographic areas F.11 Tests of controls are procedures performed by the auditor to determine the operating effectiveness of the client’s key internal controls The auditor’s goal in performing tests of controls is to determine the rate at which the client’s controls are not functioning as intended, or the sample deviation rate F.12 If the auditor is unable to find an item that provides evidence of the client’s performance of a control, that item is classified as a deviation F.13 The sample deviation rate is the rate of deviations from key controls noted by the auditor in the sample It can be calculated by dividing the number of deviations by the sample size F.14 The upper limit deviation rate is an adjusted rate of deviations that provides a conservative measure of the population deviation rate This measure allows the auditor to control the exposure to sampling risk to acceptable levels The upper limit deviation rate is the rate of deviation that has a (1 minus the risk of assessing control risk too low) probability of equaling or exceeding the true population deviation rate Conversely, there is a (risk of assessing control risk too low) probability that the true population deviation rate exceeds the upper limit deviation rate MODF-3 Module F - Attribute Sampling F.15 F.16 The upper limit deviation rate is determined based on the risk of assessing control risk too low, sample size, and number of deviations Since the sample size and number of deviations determine the sample deviation rate, the upper limit deviation rate is essentially based on the sample deviation rate and the risk of assessing control risk too low The upper limit deviation rate is determined as follows: Based on the acceptable risk of assessing control risk too low, select the appropriate evaluation table Read down the “sample size” column to find the row representing the appropriate sample size Identify the column corresponding to the number of deviations found by the auditor The upper limit deviation rate is the value found at the intersection of the row in step (2) and the column in step (3) F.17 If the sample size examined by the auditor is not included in the AICPA sample evaluation tables, the auditor could (1) select additional items for examination to provide the auditor with the next highest sample size included on the tables, (2) evaluate the results of the sample using a smaller (more conservative) sample size, or (3) interpolate the table values and estimate a upper limit deviation rate for the number of items examined F.18 Since the sample deviation rate is percent (6 deviations 100 items = percent) and the upper limit deviation rate is 8.3 percent, the allowance for sampling risk is 2.3 percent (8.3 percent - 6.0 percent = 2.3 percent) F.19 If the upper limit deviation rate is less than the tolerable deviation rate, the auditor would conclude that the control is functioning effectively If the upper limit deviation rate is greater than or equal to the tolerable deviation rate, the auditor would conclude that the control is not functioning effectively F.20 If the upper limit deviation rate is less than the tolerable deviation rate, the auditor can choose to rely on internal control at planned levels F.21 If the upper limit deviation rate is greater than or equal to the tolerable deviation rate, the auditor can reduce the reliance on internal control and increase control risk or expand the sample to achieve an observed upper limit deviation rate less than the tolerable deviation rate However, expanding the sample is generally not an effective response MODF-4 Module F - Attribute Sampling F.22 Information that is typically documented in an attribute sampling application includes: Information on the objective of sampling, definition of deviation conditions, and definition of the population from which the sample was selected The levels of the risk of assessing control risk too low, tolerable deviation rate, and expected deviation rate, along with the rationale for these assessments The sample size determined based on the factors discussed above Information on the selection of sample items and a listing of items selected and examined by the auditor Results of the tests of controls performed on each item selected Information regarding the number of deviations and the upper limit deviation rate The auditor’s conclusion with respect to the operating effectiveness of the control and implications of this operating effectiveness on the auditor’s reliance on internal control and substantive procedures F.23 Sequential sampling is a sampling plan in which an initial sample is selected and the auditor (1) draws a final conclusion regarding the effectiveness of the control policy or procedure or (2) selects additional items before drawing a final conclusion regarding the effectiveness of the control policy or procedure The primary advantage of sequential sampling is that these types of plans may allow the auditor to form a conclusion on internal control with a relatively small sample size The primary disadvantage of sequential sampling is that the allowable rate of deviations in the sample is lower than that in a fixed sampling plan (i.e., sequential sampling is more conservative) In addition, sequential sampling may ultimately result in auditors examining an extremely large number of items if they decide to expand the sample F.24 Discovery sampling is a form of attribute sampling that is used when deviations from controls are very critical, yet are expected to occur at a relatively low rate Discovery sampling should be used when a control is extremely important for the auditor’s examination or when the auditor is suspicious of the existence of fraud F 25 Step five, selecting the sample, may be performed differently for nonstatistical sampling than for statistical sampling As nonstatistical sampling does not make use of tables based on probabilities, the sample is not required to be selected randomly Haphazard or block selection may be used as well as random or sequential selection However, it is step seven, evaluating sample results where the primary difference between the two methods arises F 26 Auditors first calculate the sample deviation rate If the sample deviation rate is greater than the tolerable deviation rate, the auditor can conclude that the control is not working effectively and revised planned detection risk However, if the sample deviation rate is less than tolerable deviation rate, auditors cannot conclude that the control is operating effectively They must use professional judgment to estimate the allowance for sampling risk to determine the likely deviation rate in the population MODF-5 Module F - Attribute Sampling SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS F.27 F.28 a Incorrect b Correct c d Incorrect Incorrect a Correct Determining preliminary levels of materiality is related to variables sampling Attribute sampling selects occurrences of key controls for the auditor to examine using tests of controls Substantive procedures are related to variables sampling Searching for the possible occurrence of subsequent events is not an example of sampling b identified c d identified Incorrect Identifying key controls is necessary when determining the objective of sampling Prior to defining a deviation condition, the key controls must be Incorrect Incorrect Prior to defining the population, the key controls must be identified Prior to determining the sample size, the key controls must be F.29 a Incorrect b Correct c Incorrect d Incorrect The tolerable deviation rate has an inverse relationship with sample size The expected deviation rate has a direct relationship with sample size; the tolerable deviation rate has an inverse relationship with sample size The expected deviation rate has a direct relationship with sample size; the tolerable deviation rate has an inverse relationship with sample size The expected deviation rate has a direct relationship with sample size a Incorrect b Incorrect c Correct d Incorrect a b Incorrect Incorrect c Correct d Incorrect F.30 F.31 F.32 The auditor does not control the RACTH in an attribute sampling application The auditor does not control the RACTH in an attribute sampling application; however, the auditor does control the RACTL The auditor does not control the RACTH in an attribute sampling application; however, the auditor does control the RACTL The auditor controls the RACTL in an attribute sampling application Both sampling risks result in incorrect decisions by the auditor The risk of assessing control risk too high is related to the study and evaluation of internal control The risk of assessing control risk too low may result in the failure to control audit risk to acceptable levels Performing tests during an interim period does not influence the risk of assessing control risk too high Note to instructor: Since this question asks students to identify the statement that will not result in an increased sample size, the response labeled “correct” will not result in an increased sample size and those labeled “incorrect” will result in an increased sample size a Incorrect b Correct c d Incorrect Incorrect Reducing the risk of assessing control risk too low will result in a larger sample size Increasing the tolerable deviation rate will reduce (not increase) the sample size Increasing the expected deviation rate will result in a larger sample size Choice (b) above will not result in a larger sample size MODF-6 Module F - Attribute Sampling F.33 a b c d Incorrect Incorrect Incorrect Correct From the AICPA sampling tables, the sample size is 195 From the AICPA sampling tables, the sample size is 195 From the AICPA sampling tables, the sample size is 195 From the AICPA sampling tables, the sample size is 195 F.34 a Incorrect b Incorrect c Incorrect d Correct RACTL increases as control risk increases; as a result, a 1% RACTL cannot logically be associated with a control risk of 0.80 RACTL increases as a function of control risk; as a result, a 10% RACTL cannot logically be associated with a control risk of 0.20 if a 1% control risk is assigned to a control risk of 0.50 RACTL increases as a function of control risk; as a result, a 10% RACTL cannot logically be associated with a control risk of 0.50 if a 5% RACTL is assigned to a control risk of 0.80 RACTL increases as control risk increases; this series is consistent with this relationship a Incorrect b Incorrect c Incorrect d Correct a b Correct Incorrect c Incorrect d Incorrect a b c d Incorrect Incorrect Incorrect Correct F.35 F.36 F.37 From the AICPA sample evaluation tables, the upper limit deviation rate is 6.9 percent From the AICPA sample evaluation tables, the upper limit deviation rate is 6.9 percent From the AICPA sample evaluation tables, the upper limit deviation rate is 6.9 percent From the AICPA sample evaluation tables, the upper limit deviation rate is 6.9 percent This is the correct interpretation of the upper limit deviation rate The probability that the actual deviation rate in the population is lower than the upper limit deviation rate is (1 minus the risk of assessing control risk too low) The upper limit deviation rate does not provide an estimate with certainty; in addition, the probability that the actual deviation rate in the population is lower than the upper limit deviation rate is (1 minus the risk of assessing control risk too low) The upper limit deviation rate does not provide an estimate with certainty See (d) below See (d) below See (d) below Without knowledge of the risk of assessing control risk too low, it is impossible to calculate the upper limit deviation rate for a sample of 100 transactions with one deviation For example, with a risk of assessing control risk too low of percent, the upper limit deviation rate is 4.7 and options (a), (b), and (c) would not allow the auditor to assess control risk at the appropriate level However, if the risk of assessing control risk too low is 10 percent, the upper limit deviation rate would be 3.9 and choice (c) would allow the auditor to assess control risk at the appropriate level MODF-7 Module F - Attribute Sampling F.38 F.39 F.40 F.41 F.42 a Incorrect b Correct c Incorrect d Incorrect a Incorrect b Incorrect c Correct d Incorrect a Incorrect b Correct c Incorrect d Incorrect a Incorrect b Incorrect c Incorrect d Correct a b Incorrect Correct c d Incorrect Incorrect Because the upper limit deviation rate exceeds the tolerable deviation rate, the auditor cannot support a control risk assessment based on the tolerable deviation rate The auditor should increase control risk because the upper limit deviation rate exceeds the tolerable deviation rate Despite the fact that the upper limit deviation rate exceeds the tolerable deviation rate, the auditor can support a control risk assessment at less than the maximum level Control risk should be increased not decreased Selecting customer accounts for confirmation as a part of the audit of accounts receivable would use variables sampling Selecting inventory items for verification as a part of the audit of inventory would use variables sampling Selecting purchase orders for indication of authorization is a test of controls that would use attribute sampling Selecting additions to property, plant and equipment for verification would use variables sampling The auditor would compare the tolerable deviation rate to the sum of the allowance for sampling risk and sample deviation rate (not expected deviation rate) In this example, the sample deviation rate of percent (5 125 = percent) plus the allowance for sampling risk of percent equals the upper limit deviation rate (7 percent) Since the upper limit deviation rate exceeds the tolerable deviation rate of percent, the auditor should assess a higher control risk The expected deviation rate is not considered in evaluating the results of the sample The sample results would support a low control risk assessment if the sample deviation rate plus the allowance for sampling risk is less than (not greater than) the tolerable deviation rate From the AICPA sample evaluation tables, the upper limit deviation rate is 12.8 percent From the AICPA sample evaluation tables, the upper limit deviation rate is 12.8 percent From the AICPA sample evaluation tables, the upper limit deviation rate is 12.8 percent From the AICPA sample evaluation tables, the upper limit deviation rate is 12.8 percent See the response to choice (b) The auditor noted deviations in the 90 items examined; therefore, the sample deviation rate is 7.8 percent (7 90 = 7.8 percent) If the ULDR is 12.8 percent (see the answer to F.38), the allowance for sampling risk would be 5.0 percent (12.8 percent – 7.8 percent = 5.0 percent) See the response to choice (b) See the response to choice (b) MODF-8 Module F - Attribute Sampling F.43 a Incorrect b Correct c d Incorrect Incorrect F.44 a b c d Incorrect Incorrect Incorrect Correct See the response to choice (d) See the response to choice (d) See the response to choice (d) While (a), (b), and (c) are correct responses, (d) is a more appropriate response because it includes all possible alternatives for the auditor F.45 a Incorrect b Incorrect c Correct d Incorrect The upper limit deviation rate is the sum of the sample deviation rate (and not the expected deviation rate) and the allowance for sampling risk The upper limit deviation rate is the sum of the sample deviation rate (and not the risk to assessing control risk too high) and allowance for sampling risk The upper limit deviation rate is the sum of the sample deviation rate and the allowance for sampling risk The upper limit deviation rate is the sum of the sample deviation rate (and not the tolerable deviation rate) and the allowance for sampling risk a Incorrect b Incorrect c Incorrect d Correct a Incorrect b Incorrect c Correct d Incorrect F.46 F.47 The tolerable deviation rate must exceed the upper limit deviation rate in order for the auditor to rely on internal control as planned The tolerable deviation rate must exceed the upper limit deviation rate in order for the auditor to rely on internal control as planned The expected deviation rate is not used in evaluating sample results The expected deviation rate is not used in evaluating sample results The allowance for sampling risk is based on the allowable risk of assessing control risk too low The expected deviation rate is based on the auditor’s experience in prior audits or a pilot sample of controls The sample deviation rate is based on the number of deviations and the sample size The tolerable deviation rate is based on the auditor’s reliance on internal control When using attribute sampling, the auditor determines a single sample size When using discovery sampling, the auditor determines a single sample size When using sequential sampling, an initial sample is selected and decisions related to expanding that sample are based on the results of the initial sample When using statistical sampling, the auditor determines a single sample size MODF-9 Module F - Attribute Sampling F.48 F.49 F.50 a Incorrect b Correct c d Incorrect Incorrect a Incorrect b Incorrect c Incorrect d Correct a Incorrect b Incorrect c Correct d Incorrect While a form of attribute sampling would be appropriate, the low level of deviations and importance of ensuring that deviations occur at extremely low levels would make the use of discovery sampling more appropriate Discovery sampling is used when the rate of deviations is anticipated to be low and the auditor desires a high level of assurance that deviations occur at a low rate Sequential sampling would not be used in this situation While a form of attribute sampling would be appropriate, the low level of deviations and importance of ensuring that deviations occur at extremely low levels would make the use of discovery sampling more appropriate In deciding whether to rely on internal control as planned, the upper limit deviation rate is compared to the tolerable deviation rate, not the risk of assessing control risk too low While the upper limit deviation rate (6.5 percent) does exceed the tolerable deviation rate (6 percent), you would reduce reliance on internal control, not rely on internal control as planned In deciding whether to rely on internal control as planned, the upper limit deviation rate is compared to the tolerable deviation rate, not the risk of assessing control risk too low Because the upper limit deviation rate (6.5 percent) exceeds the tolerable deviation rate (6 percent), you would reduce reliance on the internal control from planned levels Auditing standards clearly state the sample sizes using nonstatistical sampling should be comparable to sample sizes from statistical sampling Auditors must consider an allowance for sampling risk when using nonstatistical sampling Using nonstatistical sampling is generally less complicated than statistical sampling Only answer c is true SOLUTIONS FOR EXERCISES, PROBLEMS, AND SIMULATIONS F.51 Test of Controls Objectives and Deviations Credit Approval a Objective: Determine whether credit is approved in accordance with company policy b Deviation: Absence of notation of approval or disapproval on customers’ orders MODF-10 Module F - Attribute Sampling F.59 Because invoices are filed manually by customer classification, this population cannot be easily rearranged in random order An additional concern is the fact that the invoices are not arranged in a random order with respect to sales volume In this situation, if the proportion of high volume customers is relatively small, the use of systematic selection may result in this entire classification being bypassed by McNeal This situation is similar to (1), with the exception that McNeal will not have direct access to the sales invoices This introduces the concern that Branyon’s personnel will not provide invoices to McNeal that reflect deviations from internal control policies and procedures McNeal should insist on visiting the off-site location and personally select the invoices for examination Sample Selection (part c, Continued) Because invoices are maintained electronically, McNeal can arrange the population in whatever order he wishes Since the electronic file of invoices is currently arranged by customer name (which would ordinarily be random), it appears that McNeal may proceed using systematic selection without considering any further matters McNeal can satisfy himself that the population is complete by using a CAATT to total the invoices in the file and compare the total to the general ledger balance F.60 Sample Size Determination a Using the sample size tables for a percent risk of assessing control risk too low, percent expected deviation rate, and percent tolerable deviation rate results in a sample size of 84 items b The risk of assessing control risk too low would be determined judgmentally by Landry based on the level of control risk (as the level of control risk is lower, the risk of assessing control risk too low should be established at lower levels) The expected deviation rate is established based on prior audits (for recurring engagements) or a pilot sample of controls (for first-year engagements) The tolerable deviation rate is established based on the level of control risk (as the level of control risk is lower, the tolerable deviation rate should be established at lower levels) c The revised sample size is 58 items d Because the acceptable risk of assessing control risk too low has increased, Landry’s sample does not need to be as effective as when acceptable risk of assessing control risk too low is lower (the original level of percent) As a result, Landry can examine a smaller sample MODF-18 Module F - Attribute Sampling F.61 Sample Size Determination a b c d Sample size = 42 Sample size = 129 Sample size = 195 Sample size = 32 Comparing the appropriate sample sizes in (a) and (b), the only difference in sample size is related to an increase in the expected deviation rate from percent in (a) to percent in (b) As a result, the increase in sample size from 42 to 129 indicates that the expected deviation rate has a direct relationship with sample size Comparing the appropriate sample sizes in (b) and (c), the only difference in sample size is related to a decrease in the tolerable deviation rate from percent in (b) to percent in (c) As a result, the increase in sample size from 129 to 195 indicates that the tolerable deviation rate has an inverse relationship with sample size Comparing the appropriate sample sizes in (a) and (d), the only difference in sample size is related to an increase in the risk of assessing control risk too low from percent in (a) to 10 percent in (d) As a result, the decrease in sample size from 42 to 32 indicates that the risk of assessing control risk too low has an inverse relationship with sample size F.62 Sample Size Determination a b c d Sample size = 156 Sample size = 192 Sample size = 103 Sample size = 132 Comparing the appropriate sample sizes in (a) and (b), the only difference in sample size is related to an increase in the expected deviation rate from percent in (a) to 1.5 percent in (b) As a result, the increase in sample size from 156 to 192 indicates that the expected deviation rate has a direct relationship with sample size Comparing the appropriate sample sizes in (b) and (c), the only difference in sample size is related to an increase in the tolerable deviation rate from percent in (b) to percent in (c) As a result, the decrease in sample size from 192 to 103 indicates that the tolerable deviation rate has an inverse relationship with sample size Comparing the appropriate sample sizes in (b) and (d), the only difference in sample size is related to an increase in the risk of assessing control risk too low from percent in (b) to 10 percent in (d) As a result, the decrease in sample size from 192 to 132 indicates that the risk of assessing control risk too low has an inverse relationship with sample size F.63 Sample Size Determination a b c d 66 percent 3.25 percent percent MODF-19 Module F - Attribute Sampling F.64 Sample Size Determination a Cambridge should consider the expected deviation rate, risk of assessing control risk too low, and tolerable deviation rate in determining the necessary sample size These factors are determined as follows: Expected deviation rate: Determined based on prior audits (for recurring engagements) or a pilot sample of controls (for first-year engagements) Risk of assessing control risk too low: Determined based on the level of control risk Tolerable deviation rate: Determined based on the level of control risk and desired degree of assurance F.64 b Cambridge would determine sample size as follows: (1) select appropriate sample size table based on risk of assessing control risk too low; (2) identify the row of the table corresponding to the expected deviation rate; (3) identify the column of the table corresponding to the assessed tolerable deviation rate; and, (4) determine the sample size by identifying the junction of the row from step and the column from step c Based on an expected deviation rate of percent, a risk of assessing control risk too low of 10 percent, and a tolerable deviation rate of percent, the appropriate sample size is 64 Sample Size Determination (Continued) d Changes in the size of the population not affect any of the factors used to determine sample size or sample size itself Remediation of control deficiencies would reduce the expected deviation rate, which would result in a smaller sample size Turnover of personnel in the purchasing function would increase the expected deviation rate, which would result in a larger sample size The reduction in control risk would influence both the risk of assessing control risk too low (decrease) and the tolerable deviation rate (decrease) Both of these factors would result in a larger sample size Increases in control risk would influence both the risk of assessing control risk too low (increase) and the tolerable deviation rate (increase) Both of these factors would result in a smaller sample size In most cases, the addition of new vendors should not influence any of the factors affecting sample size or sample size itself A case could be made that some additional deviations would occur as the vendor listing is being modified, which would increase the expected deviation rate and result in a larger sample size MODF-20 Module F - Attribute Sampling e If Cambridge increases her reliance on internal control, she will reduce the necessary level of control risk, which will ultimately decrease the acceptable risk of assessing control risk too low and tolerable deviation rate Both of these factors will result in a larger sample size Therefore, one impact of increasing the reliance on internal control is that Cambridge will incur additional costs in the form of tests of controls In addition, the lower tolerable deviation rate that would be required in this situation increases the likelihood that her tests of controls will not support the planned level of control risk However, the advantage to Cambridge of increasing her reliance on internal control is cost savings in the form of less extensive substantive procedures If Cambridge maintains her reliance on internal control at planned levels, the extent of her tests of controls will not be affected and will be lower than the necessary level if she increased her reliance on internal control However, she will need to perform more extensive substantive procedures f F.65 When deciding whether to increase her reliance on internal control, Cambridge should consider the likelihood that her tests of controls would support an increased level of reliance on internal control as well as the relative cost savings (in the form of less extensive substantive procedures) that this increased reliance on internal control would provide Sample Results Evaluation a Sample Deviation Rate = No of Deviations Sample Size Sample Deviation Rate = 60 = 0.05 or percent b Using the sample evaluation table, the upper limit deviation rate is 12.5 percent Allowance for Sampling Risk = Upper limit deviation rate - Sample Deviation Rate Allowance for Sampling Risk = 12.5 percent - percent = 7.5 percent F.66 c The upper limit deviation rate considers the likelihood that the sample selected by the auditor may under represent the deviation rate in the population The upper limit deviation rate provides a conservative measure of the population deviation rate to control the auditor’s exposure to sampling risk to acceptable levels d Because the upper limit deviation rate (12.5 percent) exceeds the tolerable deviation rate (6 percent), Joan would conclude that the control is not functioning effectively At this point, she could either reduce her planned level of reliance on internal control or expand the sample to examine a larger number of controls e Using the sample evaluation table for a 10 percent risk of assessing control risk too low yields a upper limit deviation rate of 10.8 percent; while lower than the upper limit deviation rate determined for a percent risk of assessing control risk too low (12.5 percent), this upper limit deviation rate still exceeds the tolerable deviation rate of percent As a result, Joan would still conclude that the control is not functioning effectively Sample Results Evaluation a (1) (2) (3) Sample deviation rate = 60 = 6.7 percent ULDR = 14.7 percent Allowance for sampling risk = 14.7 percent – 6.7 percent = 8.0 percent MODF-21 Module F - Attribute Sampling b (1) (2) (3) Sample deviation rate = 60 = 10 percent ULDR = 18.8 percent Allowance for sampling risk = 18.8 percent – 10 percent = 8.8 percent c (1) (2) (3) Sample deviation rate = 60 = 10 percent ULDR = 16.9 percent Allowance for sampling risk = 16.9 percent – 10 percent = 6.9 percent Comparing the ULDR in (a) and (b), the only difference in the ULDR is related to an increase in the number of deviations from in (a) to in (b) As a result, the increase in ULDR from 14.7 percent to 18.8 percent indicates that the number of deviations (and sample deviation rate) has a direct relationship with the ULDR Comparing the ULDR in (b) and (c), the only difference in the ULDR is related to an increase in the risk of assessing control risk too low from percent in (b) to 10 percent in (c) As a result, the decrease in the ULDR from 18.8 percent to 16.9 percent indicates that the risk of assessing control risk too low has an inverse relationship with the ULDR F.67 Sample Results Evaluation a (1) (2) (3) Sample deviation rate = 100 = 8.0 percent ULDR = 14.0 percent Allowance for sampling risk = 14.0 percent – 8.0 percent = 6.0 percent b (1) (2) (3) Sample deviation rate = 100 = 4.0 percent ULDR = 9.0 percent Allowance for sampling risk = 9.0 percent – 4.0 percent = 5.0 percent c (1) (2) (3) Sample deviation rate = 100 = 8.0 percent ULDR = 12.7 percent Allowance for sampling risk = 12.7 percent – 8.0 percent = 4.7 percent Comparing the ULDR in (a) and (b), the only difference in the ULDR is related to a decrease in the number of deviations from in (a) to in (b) As a result, the decrease in ULDR from 14.0 percent to 9.0 percent indicates that the number of deviations (and sample deviation rate) has a direct relationship with the ULDR Comparing the ULDR in (a) and (c), the only difference in the ULDR is related to an increase in the risk of assessing control risk too low from percent in (a) to 10 percent in (c) As a result, the decrease in the ULDR from 14.0 percent to 12.7 percent indicates that the risk of assessing control risk too low has an inverse relationship with the ULDR MODF-22 Module F - Attribute Sampling F.68 F.69 Sample Results Evaluation a Sample deviation rate = 30 = 0.0667 or 6.7 percent b Upper limit deviation rate = 19.6 percent c Allowance for sampling risk = 19.6 percent – 6.7 percent = 12.9 percent d Using deviations, a risk of assessing control risk too low of percent, and an upper limit deviation rate of 12.6 percent yields a sample size of 70 e Sample deviation rate = 70 (see (d) above) = 0.057 or 5.7 percent f Allowance for sampling risk = 12.6 percent – 5.7 percent = 6.9 percent g No of deviations = 200 x 0.025 = h Upper limit deviation rate = 4.6 percent i Sample deviation rate = 50 = percent j [Note: The student must complete (k) prior to completing (j)] Reviewing the sample evaluation tables for deviations, a sample size of 50, and an upper limit deviation rate of 12.1% reveals a risk of assessing control risk too low of percent k Upper limit deviation rate = 8.1 percent + percent = 12.1 percent Sample Results Evaluation This case is one of Robert Ashton’s behavioral decision cases (Accounting Review, January, 1984, pp 78-97) He gives credit to W Uecker and W Kinney, “Judgment Evaluation of Sample Results: A Study of the Type and Severity of Errors Made by Practicing CPAs,” Accounting, Organizations and Society, Vol 2, No (1977), pp 269-75 The “answer” below is taken from Ashton’s study (with modifications) NOTE TO INSTRUCTOR: Take a look at this answer You may want to get the students to discuss Cases 1, 2, and first, then give them a chance to think about Cases and See if they can be fooled to change their minds to choose the larger samples for Cases and 5, and then discuss them In this exercise, information about the sample size and sample deviation rates is available for each pair of outcomes While sample size is independent of population parameters, sample deviation rate is representative of the population characteristic of interest (i.e., the population deviation rate) Use of the representativeness heuristic could cause one to ignore the size of the sample, and to base choices solely on the sample deviation rate Thus one might choose Sample A in Case and Sample B in Case and 3, because their sample deviation rates are lower MODF-23 Module F - Attribute Sampling The AICPA sample evaluation tables show, however, that none of these three sample outcomes provides adequate assurance that the population deviation rate is below percent The other sample outcome (Sample B in Case and Sample A in Case and 3) does provide the desired assurance at a 95 percent confidence level (5 percent risk of assessing control risk too low) Thus reliance on the representativeness of the sample outcomes could lead one to choose the weaker evidence in these cases Notice that the correct choice in Cases 1, 2, and is the larger sample It might be tempting to conclude that this will always be true (that is, larger samples are always superior to smaller samples) But this simplification will not always work either Consider Cases and The correct answers are the smaller samples (although neither sample provides desired assurance in Case 5) Interestingly, use of the representativeness heuristic (i.e., focusing on the lower deviation rates) would lead to the correct choices in these two instances, but would result in incorrect choices in the first three pairs of sample outcomes This illustrates that while use of simplifying heuristics can lead to good decisions, it can also lead the decision maker into making sub optimal decisions F.70 Sample Results Evaluation a Based on a sample size of 90 (rounded down from 93), a risk of assessing control risk too low of percent, and zero deviations, the sample deviation rate is percent (0 ÷ 93 = percent) and the upper limit deviation rate (using the AICPA sample evaluation tables) is 3.3 percent b The difference between the sample deviation rate and upper limit deviation rate is the allowance for sampling risk The allowance for sampling risk controls the risk of assessing control risk too low to acceptable levels and reflects the possibility that Jackson has selected a nonrepresentative sample c Because the upper limit deviation rate (3.3 percent) is less than the tolerable deviation rate (5 percent), Jackson would conclude that the control is operating effectively and choose to rely on the internal control as planned d If deviations were identified, the sample deviation rate is 3.2 percent (3 ÷ 93 = 3.2 percent) and the upper limit deviation rate (using the AICPA sampling tables) is 8.4 percent Because the upper limit deviation rate of 8.4 percent exceeds the tolerable deviation rate of percent, Jackson would conclude that the control is not operating effectively and choose to reduce reliance on the internal control from planned levels e For a risk of assessing control risk too low of percent and a sample size of 90, the upper limit deviation rate is 3.3 percent if zero deviations are found and 5.2 percent if one deviation is found As a result, the maximum number of deviations that Jackson could permit without reducing his reliance on internal control is zero, since the upper limit deviation rate for one deviation (5.2 percent) exceeds the tolerable deviation rate f For a risk of assessing control risk too low of 10 percent and a sample size of 90, the upper limit deviation rate is 2.6 percent if zero deviations are found, 4.3 percent if one deviation is found, and 5.9 percent if two deviations are found As a result, the maximum number of deviations that Jackson could permit without reducing his reliance on internal control is one, since the upper limit deviation rate for two deviations (5.9 percent) exceeds the tolerable deviation rate MODF-24 Module F - Attribute Sampling This analysis reveals lower upper limit deviation rates compared to those for a percent risk of assessing control risk too low This difference results from the fact that Jackson is accepting a higher level of sampling risk, which reduces the allowance for sampling risk Simply stated, a lower risk of assessing control risk too low provides Jackson with a more conservative (higher) upper limit deviation rate F.71 Evaluating a Sampling Application Mistake Explanation The statistical criteria call for a sample of 181, not 100 Tom Barton apparently did not use AICPA sampling tables in determining sample size or misread the AICPA sampling tables Tom Barton used two test months for his selection of sample items A selection of two months does not make the sample representative of the year’s population; checks should be examined for selections from months throughout the year Tom Barton did not define the deviation conditions carefully before beginning his sampling application Tom subsequently decided that the two deviations he found were not control deviations Tom Barton did not follow up sufficiently on the deviations he found The pay rate mistake has dollar-value impact that Tom made no effort to recognize (i.e., liability for underpayment of wages) Tom Barton improperly combined a stratified sample into a single evaluation When stratification is done properly, the two samples should be evaluated independently The reviewers (senior and partner) were not competent to review the statistical application This is not Tom’s mistake, but it is worthwhile to point out that competence is as necessary at the review level as it is at the performance level MODF-25 Module F - Attribute Sampling F.72 Comprehensive Attribute Sampling a The risk of assessing control risk too low would be determined judgmentally by Dodge based on the level of control risk (as the level of control risk is lower, the risk of assessing control risk too low should be established at lower levels) The expected deviation rate is established by Dodge based on prior audits (for recurring engagements) or a pilot sample of controls (for first-year engagements) The tolerable deviation rate is established by Dodge based on the level of control risk (as the level of control risk is lower, the tolerable deviation rate should be established at lower levels) and the desired degree of assurance F.73 b If Dodge wishes to place additional reliance on this control, she would reduce the risk of assessing control risk too low and the tolerable deviation rate Dodge’s decision to place additional reliance on the control would not influence the level of the expected deviation rate c Using the AICPA sample size tables, the appropriate sample size corresponding to a risk of assessing control risk too low of percent, an expected deviation rate of 2.75 percent, and a tolerable deviation rate of percent would be 109 items d Sample deviation rate = No of deviations Sample size Sample deviation rate = 109 = 0.037 or 3.7 percent (rounded) e Using a percent risk of assessing control risk too low, deviations, and a sample size of 100 (the next highest sample size on the table), the upper limit deviation rate is 9.0 percent f Because the upper limit deviation rate (9.0 percent) exceeds the tolerable deviation rate (7.0 percent), Dodge would not be able to conclude that the control is functioning effectively She would either reduce her reliance on internal control (increase the assessed level of control risk) or select additional items and reevaluate the results of her tests of controls Comprehensive Attribute Sampling a A deviation would be defined as a situation in which the receiving reports not have an indication that they have been verified by Rock’s receiving personnel (this indication is in the form of marks adjacent to the quantities verified and a signature on the receiving report) b The population would be defined as all receiving reports prepared during the year (or period) under audit The completeness of the population would be verified by identifying the document numbers corresponding to the first and last receiving reports prepared by Rock’s personnel during the year (or period) under audit c Rock’s electronic listing can be used to select items for examination using the following selection methods: MODF-26 Module F - Attribute Sampling Unrestricted random selection: Alicia could use computer programs to identify 192 random numbers that correspond to receiving reports and select the related reports F.73 Systematic random selection: Alicia could use computer programs to randomly select a starting point in the population and select every nth (corresponding to the sampling interval) receiving report in the population Comprehensive Attribute Sampling (part c, Continued) Haphazard selection: Alicia could nonsystematically select receiving reports from the electronic listing without any rationale for including or excluding various receiving reports Block selection: Alicia could use computer programs to reorganize the electronic listing to select receiving reports prepared by certain individuals, for certain types of vendors, or during certain dates The primary precaution that should be taken by Alicia is to be sure that the electronic listing is randomly arranged, particularly if systematic random selection is used d Sample deviation rate = 100 = 2.0 percent Because the sample deviation rate is lower than the tolerable deviation rate (4 percent), Alicia might rely on the internal control as planned However, since the sample deviation rate is higher than the expected deviation rate (1.5 percent), she might decide to increase her sample size Sample deviation rate = 100 = 4.0 percent Upper limit deviation rate = 9.0 percent Allowance for sampling risk = 9.0 percent – 4.0 percent = 5.0 percent Because the sample deviation rate equals the tolerable deviation rate (4 percent), Alicia could not rely on the internal control as planned There has to be some allowance for sampling risk, which would place the upper limit deviation rate over the tolerable deviation rate Alicia would need to reduce her reliance on internal control or expand her sample to examine additional items Sample deviation rate = 10 100 = 10.0 percent Upper limit deviation rate = 16.4 percent Allowance for sampling risk = 16.4 percent – 10.0 percent = 6.4 percent Because the sample deviation rate exceeds the tolerable deviation rate (4 percent), Alicia could not rely on the internal control as planned and would need to reduce her reliance on internal control or expand her sample to examine additional items MODF-27 Module F - Attribute Sampling e Increasing the risk of assessing control risk too low from percent to 10 percent would affect both the sample size selected for examination (by decreasing the sample size) and the calculation of the upper limit deviation rate used to evaluate the sample (by decreasing the upper limit deviation rate) The advantages of increasing the risk of assessing control risk too low is that Alicia would examine a smaller sample and would have a higher likelihood (all other factors held constant) of obtaining results that would allow her to rely on Rock’s internal control The primary disadvantage is that Alicia would increase the likelihood that she is inappropriately relying on Rock’s internal control and, ultimately, failing to control audit risk at the acceptable level F.74 F.75 Nonstatistical Attribute Sampling a Nonstatiscal sampling differs from statistical sampling in that it does not allow measurement of sampling risk Therefore, samples may be selected using nonrandom techniques such as haphazard or block sampling b Because nonrandom techniques can be used, nonstatistical sampling is often faster and easier to perform c Curtis can select her sample by any method since she is not using statistical sampling Thus, she can select a block of invoices or she can choose 50 invoices haphazardly, She can also use random or systematic selection She must, however, be careful to try to obtain a representative sample d Because Curtis's expected deviation rate is zero and her sample deviation rate is 2% (150), Curtis must either expand her sample size or increase control risk Increasing control risk will lead to decreased detection risk and expanded substantive procedures Audit Simulation: Comprehensive Attribute Sampling a Based on the parameters identified by the staff accountant, it appears that a sample size of 55 invoices was appropriate In addition, the calculation of the upper limit deviation rate and decision to reduce reliance on the control policy was also appropriate b In the prior audit, your firm was unable to conclude that the control was operating effectively with a 10 percent risk of assessing control risk too low Given this finding, as well as the fact that you did not observe any major changes or remediation with respect to these controls in the current year, it seems unlikely that an increased reliance on the control policy is viable c To increase the reliance on this control policy in the current audit, you will need to reduce both the risk of assessing control risk too low and the tolerable deviation rate The result of these actions will be a larger sample size MODF-28 Module F - Attribute Sampling d Using a risk of assessing control risk too low of percent, a tolerable deviation rate of percent, and an expected deviation rate of percent, the sample size in the current audit is 78 items As anticipated, this is a larger sample size than that used in the prior audit (55 items) e While it is impossible to determine the exact increase resulting from changes in these individual factors, the sample size for the prior audit and changes in the parameters in the current audit are as follows (RACTL = risk of assessing control risk too low, EDR = expected deviation rate, TDR = tolerable deviation rate): (1) RACTL = 10 percent, EDR = percent, TDR = percent: (2) RACTL = percent, EDR = percent, TDR = percent: (3) RACTL = 10 percent, EDR = percent, TDR = percent: F.75 55 items 66 items 64 items The parameters in set represents those used in last year’s audit Note that reducing the risk of assessing control risk too low from 10 percent to percent (set 2) results in an increase in the sample size of 11 items (66 items – 55 items = 11 items) Reducing the tolerable deviation rate from percent to percent (comparing sets (1) and (3) above) results in an increase in the sample size of items (64 items – 55 items = items) As a result, changes in both factors independently result in an increase in the sample size Audit Simulation: Comprehensive Attribute Sampling (part e, Continued) You should note that the final sample size for the current set of parameters (noted in (d)) is 78 items This sample size is larger than the sample size obtained by adding the individual effect(s) of decreasing the risk of assessing control risk too low and decreasing the tolerable deviation rate, indicating that the interactive effects of these changes are greater than the individual effects f Based on a sample size of 100 items and a risk of assessing control risk too low of percent, the upper limit deviation rate for zero deviations is percent, the upper limit deviation rate for one deviation is 4.7 percent, and the upper limit deviation rate for two deviations is 6.2 percent Because the tolerable deviation rate is percent, you would need to find one or fewer deviations to rely on the control policy at the planned level Given the rate of deviations noted in last year’s audit, as well as the lack of changes in internal control or remediation with respect to these controls during the current year, increasing your reliance on internal control does not appear to be feasible g Based on a sample size of 100 items and a risk of assessing control risk too low of 10 percent, the upper limit deviation rate for zero deviations is 2.3 percent, the upper limit deviation rate for one deviation is 3.9 percent, the upper limit deviation rate for two deviations is 5.3 percent, and the upper limit deviation rate for three deviations is 6.6 percent For a tolerable deviation rate of percent, you could allow up to two deviations and choose to rely on the control at the planned level h The upper limit deviation rate is inversely related to the risk of assessing control risk too low; that is, as the risk of assessing control risk too low decreases, the upper limit deviation rate increases (and vice versa) From a practical standpoint, this means that, for higher levels of the risk of assessing control risk too low, the auditor can observe a higher number of deviations and still rely on internal control at the planned level MODF-29 Module F - Attribute Sampling F.76 F.76 F.77 Audit Simulation: General Attribute Sampling a Joe’s statement is not correct Generally accepted auditing standards permit the use of either statistical sampling or nonstatistical sampling (AU 350.04) b Joe’s statement is not correct Control risk should be determined prior to the determination of detection risk In fact, the level of detection risk will be dependent upon the assessed level of control risk (AU 312.32, AU 319.03, and AU 319.05) c Joe’s statement is correct The risk of assessing control risk too low relates to the effectiveness of an audit If control risk is assessed at inappropriately low levels, the extent of substantive procedures will not be sufficient to control audit risk to acceptable levels (AU 350.14) d Joe’s statement is not correct While segregation of duties is an important control, sampling is generally not appropriate for controls that not provide documentary evidence (such as segregation of duties) (AU 350.32) e Joe’s statement is correct As the degree of assurance required by a control increases, the necessary tolerable deviation rate decreases (AU 350.34) f Joe’s statement is not correct Joe needs to consider the sampling risk that may be present in this situation (AU 350.41) Audit Simulation: General Attribute Sampling (Continued) g Joe’s statement is not correct While all deviations have the same effect on the upper limit deviation rate, it is important for auditors to consider qualitative aspects of deviations, such as (1) whether deviations are intentional or unintentional and (2) the possible relationship of the deviation to other phases of the audit (AU 350.42) h Joe's statement is not correct Even when the upper limit deviation rate is lower than the tolerable deviation rate, auditors must be careful to follow up on all deviations to understand their cause Audit Simulation: Comprehensive Attribute Sampling a Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity’s internal control (AU 312.21) John would assess control risk at the maximum level because his risk assessment procedures have not identified any effective controls relevant to the assertion or because testing the operating effectiveness of controls would be inefficient However, he needs to be satisfied that performing only substantive procedures for the relevant assertions would be effective in reducing detection risk to an acceptably low level (AU 318.08) John would assess control risk at less than the maximum level when controls pertain to an assertion, controls are likely to be effective, and doing so would be more efficient than performing only substantive procedures (AU 318) MODF-30 Module F - Attribute Sampling b The three objectives of internal control are financial reporting, operations, and compliance The five components of internal control are the control environment, risk assessment, control activities, information and communications, and monitoring (AU 314.41) The combination of objectives and components that is most closely related to attribute sampling is the control activities related to the financial reporting objective, since this objective relates to the fairness of the company’s financial statements (AU314.48) c The two broad types of sampling risk related to attribute sampling are (AU 350.12): The risk of assessing control risk too low is the likelihood that the auditor’s sample provides evidence that the client’s controls are functioning effectively when the population would indicate they are not functioning effectively The risk of assessing control risk too high is the risk that the auditor’s sample provides evidence that the client’s controls are not functioning effectively when the population would indicate that they are functioning effectively The risk of assessing control risk too low exposes John to effectiveness losses, in terms of impacting his ability to detect material misstatements The risk of assessing control risk too high exposes John to efficiency losses, through performing additional substantive procedures (AU 350.13 – AU 350.14) d F.77 John should consider (1) the relationship of the sample to the objective of the tests of controls, (2) the maximum rate of deviations from prescribed controls that would support his planned assessed level of control risk (tolerable deviation rate), (3) the allowable risk of assessing control risk too low, and (4) characteristics of the population (AU 350.31) Audit Simulation: Comprehensive Attribute Sampling (Continued) e The tolerable deviation rate is the maximum rate of deviations from the prescribed control that the auditor would be willing to accept without altering his planned assessed level of control risk (AU 350.34) In assessing the appropriate level of the tolerable deviation rate, John should consider the level of control risk and the degree of assurance desired by the audit evidence in the sample (AU 350.34) f In establishing the acceptable level of sampling risk, John should consider the degree of assurance desired from his tests of controls As the degree of assurance desired from his tests of controls is higher, John would assess sampling risk at lower levels (AU 350.37) g If John cannot locate an item for examination, he should consider the reasons for this limitation and ordinarily consider these items to be deviations (AU 350.40) h John should consider whether additional evidence to support a further reduction in control risk is likely to be available and whether it would be efficient to perform tests of controls to obtain that evidence (AU 319.87) MODF-31 Module F - Attribute Sampling F.78 Kaplan CPA Exam Simulation: Factors Affecting Sample Size The audit team initially had anticipated an error rate for this particular procedure of percent but, upon further review, decided that the anticipated error rate should be only percent Sample size should be decreased The audit team initially had believed that an upper deviation rate of up to percent could be tolerated Upon further review, the tolerable deviation rate has been increased by the team to percent Sample size should be decreased The audit team had originally anticipated that misstatement in the reported balance of accounts receivable of up to $26,000 could be tolerated However, upon further review, that amount has been increase to $31,000 No impact on this sample size Initially, the audit team felt that it needed for the allowable risk of over relying on this particular control procedure to be relatively low Later, though, upon further review of other available controls, the team decided that the allowable risk could be a bit higher F.79 Sample size should be decreased Kaplan CPA Exam Simulation: Communications Regarding Sampling Terminology To: The President of the Hardi Company From: Partner, Lee & Associates CPAs Sampling refers to making a decision about a whole (a population) by testing only a part of that group (called a sample) In practice and from a cost-benefit point of view, it is usually not beneficial for auditors to audit every single transaction or piece of evidence in order to provide reasonable assurance Sampling risk is the chance that an auditor's conclusion will be wrong because only a portion of the population was examined Sampling risk is the chance that a sample may not be representative of the population An attributes sampling plan requires the auditor to formulate an expected deviation rate for the control activity being tested The expected deviation rate is based on many factors, including the complexity of the activity, the results found in previous audits and any changes in circumstances which would reasonably increase the deviation (i.e errors or defects) rate The more deviations that are anticipated, the larger the sample must be F.80 ACL Assignment Go to the ACL Web site at www.mhhe.com/louwers3e, click on ”ACL Assignments” and review the solution for Module F MODF-32 ... generate the appropriate number of random numbers between 12,794 and 38,121 Janice would select a random starting point (a number somewhere between 12,794 and 38,121) and bypass a fixed number of items... receives custody of the goods and services related to the transaction While it may have been necessitated because of urgency, the goods and services could have been received by another party This would... characteristics may be bypassed for selection c Because invoices are filed manually by date, this population cannot easily be rearranged in random order However, since the invoices are arranged by date, the