CHAPTER18 AUDIT SAMPLING FOR TESTS OF CONTROLS I Review Questions A test of control procedure is a statement of a b Identification of a population from which sampling units are to be drawn Expression of an action taken to produce evidence about a client control procedure Compliance deviations should be defined in advance so auditors will know what to look for and will know one when they see it Seven Examples – Based on Seven General Control Objectives: Objective Example Validity Sale recorded without supporting shipping orders Authorization Lack of credit manager approval for a credit sale Accuracy Mathematical errors in sales invoice calculations Classification Sales classified in wrong product line revenue account Proper Period Sales recorded in month (quarter, year) before the actual shipment Accounting Sales charges fail to be posted to a customer’s account Completeness Shipments fail to be billed to customers and recorded as sales and receivables Judgments affecting sample size for test of controls auditing Judgment Acceptable risk of assessing control risk too low Influence on sample size Inverse The greater the acceptable risk, the smaller the sample 18-2 Solutions Manual - Assurance Principles, Professional Ethics… Acceptable risk of assessing control risk too high Inverse The greater the acceptable risk, the smaller the sample Tolerable deviation rate Inverse The higher the tolerable rate, the smaller the sample Expected population deviation rate (an estimate rather than a judgment) Direct The higher the expected rate, the larger the sample The sample size is also directly related to the population size, although the influence is generally minor The larger the population, the larger the sample, but not much The risk of assessing the control risk too low has the potential of affecting audit effectiveness, thus damaging the quality of the audit for users Professionally, in light of responsibility to users, effectiveness is more important than efficiency, which is affected by the risk of assessing the control risk too high Expanded risk model: AR = IR x CR x AP x TD Solve for TD, when: 048 = 1.0 x x x TD TD = 048 1.0 x x = The tolerable misstatement (P10,000) and estimated standard deviation (P25.00) are “noise” in the question The “connection” is a direct relationship between control risk and the tolerable deviation rate (1) When larger values are planned for control risk (say, 0.95, 0.90) in an audit plan, more analytical procedure and test of detail work will be done Auditors will not rely very much on internal controls Therefore, not much help is expected from the controls anyway, so the tolerable deviation rate can be larger The direct relation is: The higher the control risk, the higher the tolerable deviation rate can be (2) When lower values are assigned to control risk (say, 0.10, 0.20) in an audit plan, less analytical procedure and test of detail work will be done Auditors intend to rely on internal accounting controls Therefore, effective compliance with control policies and procedures is important, and the tolerable deviation rate ought to be low The direct relation is: The higher the planned control risk, the higher the tolerable deviation rate can be Audit Sampling for Tests of Controls 18-3 Based on the specifications of risk of assessing control risk too low, tolerable deviation rate and expected population deviation rate, sample sizes would be determined independently for the two populations in the subdivision If the criteria are at least as stringent for each of the two as they would be for the undivided population, the sum of the two sample sizes would be at least twice the size of the sample figured for the single population (provided both subdivided populations have 1,000 or more units) Further reduction of the assessed level of control risk is justified only when the upper occurrence limit is