Solution manual auditing and services 2e by louwers MODF
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (382.66 KB, 32 trang )
Module F - Attribute Sampling
MODULE F
Attribute Sampling
LEARNING OBJECTIVES
Review
Checkpoints
Exercises, Problems,
and Simulations
1.
Identify the objectives of attribute sampling,
define deviation conditions, and define the
population for an attribute sampling
application.
1, 2, 3, 4
51, 53, 54, 55, 71 (partial),
73 (parts a – b), 74 (parts a
– b), 75 (part a), 76
(partial), 77 (partial), 79
2.
Understand how various factors influence the
size of an attribute sample.
5, 6, 7
52 (partial), 71 (partial), 72
(parts a – b), 75 (parts b –
c), 76 (partial), 77 (partial),
78, 79
3.
Determine the sample size for an attribute
sampling application.
8, 9
52 (partial), 60, 61, 62,
63, 64, 71 (partial), 72
(part c), 74 (part c), 75
(parts d – e), 80 (partial)
4.
Identify various methods of selecting an
attribute sample.
10, 11, 12
56 (partial), 57, 58, 59, 71
(partial), 73 (parts c-d), 74
(part d)
5.
Evaluate the results of an attribute sampling
application by determining the upper limit
deviation rate (ULDR).
13, 14, 15, 16,
17, 18, 19, 20,
21, 22
52 (partial), 56 (partial),
65, 66, 67, 68, 69, 70, 71
(partial), 72 (parts d – f),
73 (part d), 74 (parts e –
g), 75 (parts f – h), 77
(parts g-h), 80 (partial)
6.
Define sequential sampling and discovery
sampling and identify when these types of
sampling applications would be used.
23, 24
7.
Understand how to apply nonstatistical
sampling to attribute testing.
24, 25
MODF-1
74
Module F - Attribute Sampling
SOLUTIONS FOR REVIEW CHECKPOINTS
F.1
Attribute sampling is a method of sampling used to determine the extent to which some
characteristic (or attribute) exists within a population of interest. Attribute sampling is used by the
auditor in performing tests of controls to determine the operating effectiveness of internal control
policies and procedures.
F.2
The auditor’s objective in attribute sampling is to determine the operating effectiveness of key
controls that influence the financial statement assertions of interest. As a result, the financial
statement assertions ultimately determine which control(s) are tested and are the subject of the
auditor’s attribute sampling application.
F.3
Deviation conditions represent situations in which key controls are not functioning as intended.
Deviation conditions are important in an attribute sampling application because they provide the
auditor with evidence regarding the operating effectiveness of the client’s internal control.
F.4
An appropriate definition of the population is important because auditor conclusions can only be
extended to the population from which the sample is selected.
F.5
a.
Sampling risk is the risk that the decision made by the auditor based on the sample is
different from the decision that would have been made if the entire population were
examined.
b.
The tolerable deviation rate is the maximum rate of deviations permissible by the auditor
without modifying the reliance on an internal control policy or procedure.
c.
The expected deviation rate is the anticipated rate of deviations in the client’s internal
control policies or procedures.
The sampling risk and tolerable deviation rate are determined judgmentally by the auditor based
on the planned level of control risk (as the planned level of control risk is lower, the sampling risk
and tolerable deviation rate should be lower) and the desired level of assurance.
The expected deviation rate is assessed by the auditor based on either prior experience with the
client (for recurring engagements) or a small pilot sample of controls (for first-year engagements).
F.6
The risk of assessing control risk too high (risk of underreliance) occurs when the auditor’s sample
indicates that the control is not functioning effectively when, in fact, it is functioning effectively.
When this risk occurs, the auditor’s adjusted sample deviation rate exceeds the tolerable deviation
rate. However, unknown to the auditor, the true population deviation rate is less than the tolerable
deviation rate.
The risk of assessing control risk too low (risk of overreliance) occurs when the auditor’s sample
indicates that the control is functioning effectively when, in fact, it is not functioning effectively.
When this risk occurs, the auditor’s adjusted sample deviation rate is less than the tolerable
deviation rate. However, unknown to the auditor, the true population deviation rate exceeds the
tolerable deviation rate.
MODF-2
Module F - Attribute Sampling
F.7
The risk of assessing control risk too low is more important because this risk may result in a less
effective audit being performed. That is, the auditor may not perform a sufficient level of
substantive procedures upon which to base the opinion on the financial statements.
F.8
a.
Sample size has an inverse relationship with sampling risk; that is, as the acceptable
sampling risk decreases, sample size increases.
F.9
b.
Sample size has an inverse relationship with the tolerable deviation rate; that is, as the
tolerable deviation rate decreases, sample size increases.
c.
Sample size has a direct relationship with the expected deviation rate; that is, as the
expected deviation rate increases, sample size increases.
In an attribute sampling application, the sample size is determined as follows:
1.
Based on the acceptable level of the risk of assessing control risk too low, select the
appropriate sample size table.
2.
Identify the row of the table corresponding to the expected deviation rate for the control
being examined.
3.
Identify the column of the table representing the assessed tolerable deviation rate for the
control being examined.
4.
Determine the sample size by identifying the junction of the row from step (2) and the
column from step (3).
F.10
When selecting sample items, the auditor should take steps to ensure that the sample is
representative of the population from which it is drawn. For example, the auditor should select
potential applications of control procedures performed throughout the year, performed for larger
and smaller dollar amounts, performed by different individuals, and related to transactions with
different parties or individuals in different geographic areas.
F.11
Tests of controls are procedures performed by the auditor to determine the operating effectiveness
of the client’s key internal controls. The auditor’s goal in performing tests of controls is to
determine the rate at which the client’s controls are not functioning as intended, or the sample
deviation rate.
F.12
If the auditor is unable to find an item that provides evidence of the client’s performance of a
control, that item is classified as a deviation.
F.13
The sample deviation rate is the rate of deviations from key controls noted by the auditor in the
sample. It can be calculated by dividing the number of deviations by the sample size.
F.14
The upper limit deviation rate is an adjusted rate of deviations that provides a conservative
measure of the population deviation rate. This measure allows the auditor to control the exposure
to sampling risk to acceptable levels.
The upper limit deviation rate is the rate of deviation that has a (1 minus the risk of assessing
control risk too low) probability of equaling or exceeding the true population deviation rate.
Conversely, there is a (risk of assessing control risk too low) probability that the true population
deviation rate exceeds the upper limit deviation rate.
MODF-3
Module F - Attribute Sampling
F.15
F.16
The upper limit deviation rate is determined based on the risk of assessing control risk too low,
sample size, and number of deviations. Since the sample size and number of deviations determine
the sample deviation rate, the upper limit deviation rate is essentially based on the sample
deviation rate and the risk of assessing control risk too low.
The upper limit deviation rate is determined as follows:
1.
2.
3.
4.
Based on the acceptable risk of assessing control risk too low, select the appropriate
evaluation table.
Read down the “sample size” column to find the row representing the appropriate sample
size.
Identify the column corresponding to the number of deviations found by the auditor.
The upper limit deviation rate is the value found at the intersection of the row in step (2)
and the column in step (3).
F.17
If the sample size examined by the auditor is not included in the AICPA sample evaluation tables,
the auditor could (1) select additional items for examination to provide the auditor with the next
highest sample size included on the tables, (2) evaluate the results of the sample using a smaller
(more conservative) sample size, or (3) interpolate the table values and estimate a upper limit
deviation rate for the number of items examined.
F.18
Since the sample deviation rate is 6 percent (6 deviations 100 items = 6 percent) and the upper
limit deviation rate is 8.3 percent, the allowance for sampling risk is 2.3 percent (8.3 percent - 6.0
percent = 2.3 percent).
F.19
If the upper limit deviation rate is less than the tolerable deviation rate, the auditor would conclude
that the control is functioning effectively. If the upper limit deviation rate is greater than or equal
to the tolerable deviation rate, the auditor would conclude that the control is not functioning
effectively.
F.20
If the upper limit deviation rate is less than the tolerable deviation rate, the auditor can choose to
rely on internal control at planned levels.
F.21
If the upper limit deviation rate is greater than or equal to the tolerable deviation rate, the auditor
can reduce the reliance on internal control and increase control risk or expand the sample to
achieve an observed upper limit deviation rate less than the tolerable deviation rate. However,
expanding the sample is generally not an effective response.
MODF-4
Module F - Attribute Sampling
F.22
Information that is typically documented in an attribute sampling application includes:
Information on the objective of sampling, definition of deviation conditions, and
definition of the population from which the sample was selected.
The levels of the risk of assessing control risk too low, tolerable deviation rate, and
expected deviation rate, along with the rationale for these assessments.
The sample size determined based on the factors discussed above.
Information on the selection of sample items and a listing of items selected and examined
by the auditor.
Results of the tests of controls performed on each item selected.
Information regarding the number of deviations and the upper limit deviation rate.
The auditor’s conclusion with respect to the operating effectiveness of the control and
implications of this operating effectiveness on the auditor’s reliance on internal control
and substantive procedures
F.23
Sequential sampling is a sampling plan in which an initial sample is selected and the auditor (1)
draws a final conclusion regarding the effectiveness of the control policy or procedure or (2) selects
additional items before drawing a final conclusion regarding the effectiveness of the control policy or
procedure.
The primary advantage of sequential sampling is that these types of plans may allow the auditor to
form a conclusion on internal control with a relatively small sample size. The primary
disadvantage of sequential sampling is that the allowable rate of deviations in the sample is lower
than that in a fixed sampling plan (i.e., sequential sampling is more conservative). In addition,
sequential sampling may ultimately result in auditors examining an extremely large number of
items if they decide to expand the sample.
F.24
Discovery sampling is a form of attribute sampling that is used when deviations from controls are
very critical, yet are expected to occur at a relatively low rate. Discovery sampling should be used
when a control is extremely important for the auditor’s examination or when the auditor is
suspicious of the existence of fraud.
F. 25
Step five, selecting the sample, may be performed differently for nonstatistical sampling than for
statistical sampling. As nonstatistical sampling does not make use of tables based on probabilities,
the sample is not required to be selected randomly. Haphazard or block selection may be used as
well as random or sequential selection. However, it is step seven, evaluating sample results where
the primary difference between the two methods arises.
F. 26
Auditors first calculate the sample deviation rate. If the sample deviation rate is greater than the
tolerable deviation rate, the auditor can conclude that the control is not working effectively and
revised planned detection risk. However, if the sample deviation rate is less than tolerable
deviation rate, auditors cannot conclude that the control is operating effectively. They must use
professional judgment to estimate the allowance for sampling risk to determine the likely
deviation rate in the population.
MODF-5
Module F - Attribute Sampling
SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS
F.27
F.28
a.
Incorrect
b.
Correct
c.
d.
Incorrect
Incorrect
a.
Correct
Determining preliminary levels of materiality is related to variables
sampling.
Attribute sampling selects occurrences of key controls for the auditor to
examine using tests of controls.
Substantive procedures are related to variables sampling.
Searching for the possible occurrence of subsequent events is not an
example of sampling.
b.
identified.
c.
d.
identified.
Incorrect
Identifying key controls is necessary when determining the objective of
sampling.
Prior to defining a deviation condition, the key controls must be
Incorrect
Incorrect
Prior to defining the population, the key controls must be identified.
Prior to determining the sample size, the key controls must be
F.29
a.
Incorrect
b.
Correct
c.
Incorrect
d.
Incorrect
The tolerable deviation rate has an inverse relationship with sample
size.
The expected deviation rate has a direct relationship with sample size;
the tolerable deviation rate has an inverse relationship with sample size.
The expected deviation rate has a direct relationship with sample size;
the tolerable deviation rate has an inverse relationship with sample size.
The expected deviation rate has a direct relationship with sample size.
a.
Incorrect
b.
Incorrect
c.
Correct
d.
Incorrect
a.
b.
Incorrect
Incorrect
c.
Correct
d.
Incorrect
F.30
F.31
F.32
The auditor does not control the RACTH in an attribute sampling
application.
The auditor does not control the RACTH in an attribute sampling
application; however, the auditor does control the RACTL.
The auditor does not control the RACTH in an attribute sampling
application; however, the auditor does control the RACTL.
The auditor controls the RACTL in an attribute sampling application.
Both sampling risks result in incorrect decisions by the auditor.
The risk of assessing control risk too high is related to the study and
evaluation of internal control
The risk of assessing control risk too low may result in the failure to
control audit risk to acceptable levels.
Performing tests during an interim period does not influence the risk of
assessing control risk too high.
Note to instructor: Since this question asks students to identify the statement that will not result in
an increased sample size, the response labeled “correct” will not result in an increased sample
size and those labeled “incorrect” will result in an increased sample size.
a.
Incorrect
b.
Correct
c.
d.
Incorrect
Incorrect
Reducing the risk of assessing control risk too low will result in a larger
sample size.
Increasing the tolerable deviation rate will reduce (not increase) the
sample size.
Increasing the expected deviation rate will result in a larger sample size
Choice (b) above will not result in a larger sample size.
MODF-6
Module F - Attribute Sampling
F.33
a.
b.
c.
d.
Incorrect
Incorrect
Incorrect
Correct
From the AICPA sampling tables, the sample size is 195.
From the AICPA sampling tables, the sample size is 195.
From the AICPA sampling tables, the sample size is 195.
From the AICPA sampling tables, the sample size is 195.
F.34
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
RACTL increases as control risk increases; as a result, a 1% RACTL
cannot logically be associated with a control risk of 0.80.
RACTL increases as a function of control risk; as a result, a 10%
RACTL cannot logically be associated with a control risk of 0.20 if a
1% control risk is assigned to a control risk of 0.50.
RACTL increases as a function of control risk; as a result, a 10%
RACTL cannot logically be associated with a control risk of 0.50 if a
5% RACTL is assigned to a control risk of 0.80.
RACTL increases as control risk increases; this series is consistent with
this relationship.
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
b.
Correct
Incorrect
c.
Incorrect
d.
Incorrect
a.
b.
c.
d.
Incorrect
Incorrect
Incorrect
Correct
F.35
F.36
F.37
From the AICPA sample evaluation tables, the upper limit deviation
rate is 6.9 percent.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 6.9 percent.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 6.9 percent.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 6.9 percent.
This is the correct interpretation of the upper limit deviation rate.
The probability that the actual deviation rate in the population is lower
than the upper limit deviation rate is (1 minus the risk of assessing
control risk too low).
The upper limit deviation rate does not provide an estimate with
certainty; in addition, the probability that the actual deviation rate in the
population is lower than the upper limit deviation rate is (1 minus the
risk of assessing control risk too low).
The upper limit deviation rate does not provide an estimate with
certainty.
See (d) below.
See (d) below.
See (d) below.
Without knowledge of the risk of assessing control risk too low, it is
impossible to calculate the upper limit deviation rate for a sample of
100 transactions with one deviation. For example, with a risk of
assessing control risk too low of 5 percent, the upper limit deviation
rate is 4.7 and options (a), (b), and (c) would not allow the auditor to
assess control risk at the appropriate level. However, if the risk of
assessing control risk too low is 10 percent, the upper limit deviation
rate would be 3.9 and choice (c) would allow the auditor to assess
control risk at the appropriate level.
MODF-7
Module F - Attribute Sampling
F.38
F.39
F.40
F.41
F.42
a.
Incorrect
b.
Correct
c.
Incorrect
d.
Incorrect
a.
Incorrect
b.
Incorrect
c.
Correct
d.
Incorrect
a.
Incorrect
b.
Correct
c.
Incorrect
d.
Incorrect
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
b.
Incorrect
Correct
c.
d.
Incorrect
Incorrect
Because the upper limit deviation rate exceeds the tolerable deviation
rate, the auditor cannot support a control risk assessment based on the
tolerable deviation rate.
The auditor should increase control risk because the upper limit
deviation rate exceeds the tolerable deviation rate.
Despite the fact that the upper limit deviation rate exceeds the tolerable
deviation rate, the auditor can support a control risk assessment at less
than the maximum level.
Control risk should be increased not decreased.
Selecting customer accounts for confirmation as a part of the audit of
accounts receivable would use variables sampling.
Selecting inventory items for verification as a part of the audit of
inventory would use variables sampling.
Selecting purchase orders for indication of authorization is a test of
controls that would use attribute sampling.
Selecting additions to property, plant and equipment for verification
would use variables sampling.
The auditor would compare the tolerable deviation rate to the sum of
the allowance for sampling risk and sample deviation rate (not expected
deviation rate).
In this example, the sample deviation rate of 4 percent (5 125 = 4
percent) plus the allowance for sampling risk of 3 percent equals the
upper limit deviation rate (7 percent). Since the upper limit deviation
rate exceeds the tolerable deviation rate of 5 percent, the auditor should
assess a higher control risk.
The expected deviation rate is not considered in evaluating the results
of the sample.
The sample results would support a low control risk assessment if the
sample deviation rate plus the allowance for sampling risk is less than
(not greater than) the tolerable deviation rate.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 12.8 percent.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 12.8 percent.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 12.8 percent.
From the AICPA sample evaluation tables, the upper limit deviation
rate is 12.8 percent.
See the response to choice (b).
The auditor noted 7 deviations in the 90 items examined; therefore, the
sample deviation rate is 7.8 percent (7 90 = 7.8 percent). If the ULDR
is 12.8 percent (see the answer to F.38), the allowance for sampling risk
would be 5.0 percent (12.8 percent – 7.8 percent = 5.0 percent).
See the response to choice (b).
See the response to choice (b).
MODF-8
Module F - Attribute Sampling
F.43
a.
Incorrect
b.
Correct
c.
d.
Incorrect
Incorrect
F.44
a.
b.
c.
d.
Incorrect
Incorrect
Incorrect
Correct
See the response to choice (d).
See the response to choice (d).
See the response to choice (d).
While (a), (b), and (c) are correct responses, (d) is a more appropriate
response because it includes all possible alternatives for the auditor.
F.45
a.
Incorrect
b.
Incorrect
c.
Correct
d.
Incorrect
The upper limit deviation rate is the sum of the sample deviation rate
(and not the expected deviation rate) and the allowance for sampling
risk.
The upper limit deviation rate is the sum of the sample deviation rate
(and not the risk to assessing control risk too high) and allowance for
sampling risk.
The upper limit deviation rate is the sum of the sample deviation rate
and the allowance for sampling risk.
The upper limit deviation rate is the sum of the sample deviation rate
(and not the tolerable deviation rate) and the allowance for sampling
risk.
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
Incorrect
b.
Incorrect
c.
Correct
d.
Incorrect
F.46
F.47
The tolerable deviation rate must exceed the upper limit deviation rate
in order for the auditor to rely on internal control as planned.
The tolerable deviation rate must exceed the upper limit deviation rate
in order for the auditor to rely on internal control as planned.
The expected deviation rate is not used in evaluating sample results.
The expected deviation rate is not used in evaluating sample results.
The allowance for sampling risk is based on the allowable risk of
assessing control risk too low.
The expected deviation rate is based on the auditor’s experience in
prior audits or a pilot sample of controls.
The sample deviation rate is based on the number of deviations and the
sample size.
The tolerable deviation rate is based on the auditor’s reliance on
internal control.
When using attribute sampling, the auditor determines a single sample
size.
When using discovery sampling, the auditor determines a single sample
size.
When using sequential sampling, an initial sample is selected and
decisions related to expanding that sample are based on the results of
the initial sample.
When using statistical sampling, the auditor determines a single sample
size.
MODF-9
Module F - Attribute Sampling
F.48
F.49
F.50
a.
Incorrect
b.
Correct
c.
d.
Incorrect
Incorrect
a.
Incorrect
b.
Incorrect
c.
Incorrect
d.
Correct
a.
Incorrect
b.
Incorrect
c.
Correct
d.
Incorrect
While a form of attribute sampling would be appropriate, the low level
of deviations and importance of ensuring that deviations occur at
extremely low levels would make the use of discovery sampling more
appropriate.
Discovery sampling is used when the rate of deviations is anticipated to
be low and the auditor desires a high level of assurance that deviations
occur at a low rate.
Sequential sampling would not be used in this situation.
While a form of attribute sampling would be appropriate, the low level
of deviations and importance of ensuring that deviations occur at
extremely low levels would make the use of discovery sampling more
appropriate.
In deciding whether to rely on internal control as planned, the upper
limit deviation rate is compared to the tolerable deviation rate, not the
risk of assessing control risk too low.
While the upper limit deviation rate (6.5 percent) does exceed the
tolerable deviation rate (6 percent), you would reduce reliance on
internal control, not rely on internal control as planned.
In deciding whether to rely on internal control as planned, the upper
limit deviation rate is compared to the tolerable deviation rate, not the
risk of assessing control risk too low.
Because the upper limit deviation rate (6.5 percent) exceeds the
tolerable deviation rate (6 percent), you would reduce reliance on the
internal control from planned levels.
Auditing standards clearly state the sample sizes using nonstatistical
sampling should be comparable to sample sizes from statistical
sampling
Auditors must consider an allowance for sampling risk when using
nonstatistical sampling.
Using nonstatistical sampling is generally less complicated than
statistical sampling.
Only answer c. is true.
SOLUTIONS FOR EXERCISES, PROBLEMS, AND SIMULATIONS
F.51 Test of Controls Objectives and Deviations
1.
Credit Approval
a.
Objective: Determine whether credit is approved in accordance with company
policy.
b.
Deviation: Absence of notation of approval or disapproval on customers’ orders.
MODF-10
Module F - Attribute Sampling
2.
3.
4.
F.52
Validity of Sales and Proper Period Recording
a.
Objective: Determine whether (i) recorded sales invoices are supported by
written notices of shipment, (ii) the sales record date is the same as the shipment
date.
b.
Deviation: (i) Absence of written shipment notice, (ii) Sales record date and
shipment date are not the same.
Accuracy of Sales Invoices
a.
Objective: Determine whether (i) quantities on shipping notices and invoices are
the same, (ii) unit prices on the invoices are correct and agree with catalog
prices, and (iii) invoices are arithmetically correct
b.
Deviation: (i) Quantities on shipping notices and invoices do not match; (ii) Unit
prices do not agree with catalog prices, (iii) Invoices include mathematical
mistakes.
Classification of Sales
a.
Objective: Determine whether invoices are properly coded for intercompany
sales.
b.
Deviation: (i) Invoice to an affiliated company not marked “9” and (ii) Invoice
to an outside customer marked “9”.
General Attribute Sampling
1.
Holyfield has incorrectly identified the population. By identifying the population as all
invoiced sales and selecting sales invoices for examination, Holyfield will begin with a
transaction that has been billed. The correct definition of the population if Holyfield
wishes to verify that all shipments have been billed would be the population of shipping
documents.
2.
Holyfield’s action in this situation is correct The risk of assessing control risk too low
should be established at lower levels when a higher degree of reliance on Top Rank’s
internal control is planned.
3.
Holyfield’s action in this situation is correct While prior audits provide a guideline for
establishing the expected deviation rate, Holyfield should consider any changes occurring
since that time. While it is impossible to determine whether a 1 percent expected
deviation rate is appropriate, it is certainly reasonable to reduce the expected deviation
rate from that used in prior years if improvements in the processing of transactions have
occurred.
MODF-11
Module F - Attribute Sampling
F.52
F.53
General Attribute Sampling (Continued)
4.
Holyfield’s action in this situation is partially correct While the initial sample size of 156
is appropriate for the parameters specified in the Top Rank engagement, it is not
appropriate to adjust this sample size for the size of the population. AICPA sample size
tables assume a large population in determining sample size. In addition, based on
statistical theory, once a population reaches a certain size, increases in the size of the
population have a minimal effect on sample size.
5.
Holyfield’s action in this situation is incorrect The sum of the sample deviation rate and
allowance for sampling risk (the upper limit deviation rate) should be compared to the
tolerable deviation rate, and not the risk of assessing control risk too low.
Examples of Deviations
a.
b.
F.54
1.
While not technically conforming to the control policy, the fact that some
indication was placed next to the quantities suggests that this would not be
classified as a deviation.
2.
Professional standards are explicit in noting that a missing document should be
classified as a deviation.
3.
The fact that the invoice is marked as “VOID” provides some evidence that the
shipment was not made; accordingly, it does not appear that this would be
classified as a deviation. However, the invoice should be replaced with another
randomly selected invoice.
4.
While the quantities may have been properly checked, the fact that this is not
noted on an item-by-item basis may indicate that the employee hurriedly
reviewed the invoice and did not perform the work. This would likely be
classified as a deviation.
5.
The fact that check marks were only placed adjacent to items located in the same
location of the warehouse indicates that only these quantities were verified.
Accordingly, this invoice would be classified as a deviation.
The fallacy in assuming that the controls relating to the remaining 95 invoices were being
performed properly is that an employee could merely place a check mark on the invoice
without reviewing the quantities (because of time pressure, lack of care, etc.).
Examples of Deviations
a.
Shown below are the most common tests of controls that could be used for the particular
control described. Other possible tests of controls are acceptable, but would typically
provide weaker evidence (for example, an auditor could observe various controls related
to documentary evidence, but inspecting the documentary evidence generally provides
stronger evidence as to the operating effectiveness of the control).
1.
Observe the segregation of duties or inquire of appropriate individuals as to the
segregation of duties.
MODF-12
Module F - Attribute Sampling
2.
Inspect documentary evidence of approval of purchase orders by appropriate
personnel.
3.
F.54
Inspect documentary evidence of matching vendor invoices to purchase orders
by appropriate personnel.
Examples of Deviations (part a, Continued)
b.
c.
4.
Inspect documentary evidence of mathematical verification of vendor invoices
by appropriate personnel.
5.
For a sample of cash disbursements, identify an appropriately approved and
mathematically verified vendor invoice.
1.
Individual(s) performing incompatible duties of authorizing the purchase,
preparing the purchase order, and receiving goods and services being purchased.
2.
Failure of individuals verifying approval of purchases to include their initials on
the purchase order.
3.
Failure of individuals matching vendor invoices to purchase orders to include
notation of the purchase order number on the vendor invoice.
4.
Failure of individuals mathematically verifying vendor invoices to include their
initials on the invoice.
5.
Existence of a payment for an unapproved vendor invoice.
1.
This should be classified as a deviation. The fact that this was a “one time”
occurrence does not compensate for the potential problems that arise when the
individual who authorizes a transaction also receives custody of the goods and
services related to the transaction. While it may have been necessitated because
of urgency, the goods and services could have been received by another party.
2.
This would likely not be classified as a deviation. In this particular instance,
while the individual did not strictly comply with the control policy, her signature
suggests that the purchase order was reviewed and appropriate verified.
3.
The classification of this item is debatable. On one hand, the fact that the words
“OK, approved” were written suggests that client personnel reviewed the
purchase order related to the vendor invoice. However, the fact that the specific
purchase order number was not noted may indicate that the purchase order was
not examined or was examined in a hurried manner. This would likely be
classified as a deviation, primarily because the purchase order number was not
included.
MODF-13
Module F - Attribute Sampling
4.
Professional standards are explicit in stating that a missing document should be
classified as a deviation. Therefore, the failure to locate the vendor invoice
should be classified as a deviation.
5.
This would not be classified as a deviation, since each of the invoices included
in the payment were properly authorized by Parker’s personnel.
d.
F.55
Once identified by Perry, the number of deviations (along with the acceptable level of the
risk of assessing control risk too low and the sample size) are used to calculate the upper
limit deviation rate. The upper limit deviation rate is then compared to the tolerable
deviation rate. If the upper limit deviation rate exceeds the tolerable deviation rate, Perry
would conclude that the control is not functioning effectively; in response, Perry would
reduce the planned level of reliance on internal control and increase control risk. If the
upper limit deviation rate is less than the tolerable deviation rate, Perry would conclude
that the control is functioning effectively, rely on internal control as planned, and
maintain control risk at planned levels.
Examples of Deviations
a.
A deviation is an instance in which the client and/or its personnel do not follow
prescribed controls. An example of a deviation from this control would be a sale
processed to a customer without an approved credit authorization.
b.
The audit team considers deviations in (1) determining the necessary sample size and (2)
evaluating the sample results.
In determining the necessary sample size, the audit team considers both the extent of
deviations that are likely to be present in the population (expected deviation rate) as well
as the maximum rate of deviations permissible without modifying the planned reliance on
internal controls(tolerable deviation rate).
In evaluating sample results, the audit team considers the number of deviations actually
identified during the tests of controls as well as the tolerable deviation rate.
c.
The audit team would select a sample of sales made to customers and verify the existence
of a credit authorization.
d.
1.
2.
Because these deviations were inadvertent mistakes and omissions, Jones would
not have increased concern about these deviations beyond their impact on the
ability to rely on the internal control policy. The fact that they were made by a
number of different employees and occurred throughout the period indicates that
they may be the result of careless behavior on the part of Hicks’ employees and
may suggest the need for a greater level of emphasis on important control
policies by management.
Like (1), the inadvertent nature of these deviations does not increase Jones’ concern
about the deviations beyond their impact on his ability to rely on the internal
control policy. In this case, the fact that they were made by one individual
during his first month with Hicks Company suggests that they were a result of
his inexperience and not carelessness.
MODF-14
Module F - Attribute Sampling
3.
Because these deviations were the result of intentional actions on the part of Hicks
Company’s employees, they should be discussed with the client and its audit
committee. The audit team should consider why employees committed these
actions, and the effect on the financial statements of their actions. This would
certainly increase the auditor's assessment of risk of material misstatement.
F.56 Timing of Test of Controls and Sample Selection
TO:
FROM:
DATE:
SUBJECT:
Audit Manager
Auditor Hill
October 1
Interim evaluation of control over cash disbursement authorization
I audited 80 cash disbursements as of September 30 for compliance with the company control
procedure requiring authorization of cash disbursements. I found no deviations. Had this audit
sampling been performed at December 31 for the entire year’s disbursements, I would be prepared
to assign a low control risk (20 percent). This favorable evaluation would enable us to perform the
planned analytical procedures to expenses and perform the level of inventory observation work
specified in the preliminary audit program. With a higher control risk, the audit team would need
to do more work in both areas.
Requirements
According to auditing standards, the audit team needs to determine whether the authorization
control procedure worked as well during October-December period as it did for the period
January-September. I think the audit team should audit the other 20 disbursements to make this
determination.
Options
1.
The audit team cannot elect to forgo all further work on the control for the October-December
remaining period.
2.
The audit team can complete the sampling application by examining 20 additional sampling
units selected at random. This approach will probably be the least costly because it will
be relatively easy to evaluate the additional 20 sampling units to determine whether the
control is functioning effectively.
3.
The audit team could make inquiries about the operating effectiveness of the authorization
control during the time period from October-December. However, declarations from
client personnel that the control “was functioning just fine” would not be good evidence
of continued operating effectiveness. Unless this inquiry reveals that the control is no
longer performed, inquiry would not provide much information.
4.
The three-month length of the remaining period is enough for concern. The audit team should
not merely presume the control continued to operate effectively during this period.
MODF-15
Module F - Attribute Sampling
F.57
5.
If the dollar amount of transactions affected by the operating effectiveness of the
authorization control were substantially reduced, the audit team would not need to be as
concerned about the control. However, cash disbursements are not likely to become
unimportant under these circumstances.
6.
The audit team could forgo examining an additional 20 items and take its chances that the
planned amount of analytical procedures for expenses and work on inventory observation
would also reveal any control breakdown in October-December. I do not recommend
such action in the circumstances because (a) we should evaluate control risk in order to
plan the extent of the other work, (b) the cost of examining an additional 20 items is not
high, (c) audit completion might be delayed if we detect a control breakdown later in the
audit, and (d) in these circumstances the dual-purpose nature of the other work may turn
out to be circular and inefficient.
I trust I have made my preference for completing the test of controls for the authorization control
related to cash disbursements clear. I think this work should be done no earlier than December 20.
Sample Selection
a.
In this case, the challenge is the fact that the checking accounts have overlapping check
numbers. Checks written on Account 2 could be considered as numbers 0001 through
6,000 and checks written on Account 1 could be considered as 6001 through 9000
(simply add 2,368 to each check number).
For unrestricted random selection, you could identify random numbers between 1 and
9,000 and select the associated check. For systematic random selection, you would
choose a random starting point, calculate the sampling interval, and proceed through the
population of checks.
b.
In this case, the challenge is that random numbers 1 through 8,999 would be discarded in
an unrestricted random selection method. You could convert the five-digit sequence
(9,000 – 13,999) to a four-digit sequence by subtracting the constant 8,999 from each
purchase order number. This would yield purchase orders numbered 0001 through 5,000.
If the above adjustments are made, when using unrestricted random selection, identifying
random numbers between 0001 and 5,000 would provide you with the item selected. If
you are concerned about discarding random numbers 5,001 through 9,999, you could
create a duplicate set of purchase order numbers by adding the constant 5,000 to each
number. As a result, item 1 would have two random numbers: 0001 and 5,001. However,
you should be certain not to select the same item using two different random numbers.
With respect to systematic random selection, you would choose a random starting point,
calculate the sampling interval, and proceed through the population of purchase orders.
However, you would not create a duplicate set of purchase orders; when you reached the
end of the population; you merely begin applying the sampling interval to the beginning
of the population until the appropriate number of items is selected.
c.
In this case, the challenge is the sheer magnitude of the listing and the time it would take
to select the sample. You can think of this listing as containing a total of 3,750 records
[(74 pages x 50 items = 3,700) + 40 items on last page = 3,740 items].
MODF-16
Module F - Attribute Sampling
If unrestricted random selection is used, you would identify random numbers
corresponding to items 0001 through 3,740. While this is relatively straightforward, the
physical act of moving through the population is quite time consuming. If you are
concerned about discarding random numbers 3,741 through 9,999, you could create a
duplicate set of inventory line numbers by adding the constant 3,741 to each number. As
a result, item 1 would have two random numbers: 0001 and 3,742. However, you should
be certain not to select the same item using two different random numbers.
If systematic random selection is used, you would choose a random starting point,
calculate the sampling interval, and proceed through the perpetual inventory records.
Depending upon the sample size, you may be able to bypass entire pages of the perpetual
inventory records.
F.58
Sample Selection
Based on the document numbers on the receiving reports, a total of 25,327 receiving
reports (#38121 – #12794 = 25327) were issued during the year.
1.
Janice would select 50, 100, or 500 random numbers from a random number table or
computer program and match those numbers to items in the population. For ease of
selection, a computer program could be requested to generate the appropriate number of
random numbers between 12,794 and 38,121.
2.
Janice would select a random starting point (a number somewhere between 12,794 and
38,121) and bypass a fixed number of items based on the sampling interval, as follows:
Sample size of 50:
Sample size of 100:
Sample size of 500:
F.59
25,327 50 items = 507 items
25,327 100 items = 254 items
25,327 500 items = 51 items
Sample Selection
a.
For McNeal’s sample of invoices to be representative of the population of sales invoices,
the sales invoices should (1) have been prepared throughout the year, (2) represent
transactions of larger and smaller dollar amounts, (3) have been prepared by different
individuals, and (4) represent sales made to different types of customers and/or customers
in different geographic areas.
b.
Because systematic selection bypasses a fixed number of items within the population, it is
important that the population be arranged in random order. If the population is not
arranged in random order, a large number of items possessing similar characteristics may
be bypassed for selection.
c.
1.
Because invoices are filed manually by date, this population cannot easily be
rearranged in random order. However, since the invoices are arranged by date,
the population is likely to be in random order. Unless the sales made by Branyon
differ systematically across dates (for example, all of the large dollar sales are
made in one relatively short period of time), this would not introduce any
additional issues with respect to the use of systematic selection. However,
McNeal must satisfy himself that the invoices in the files represent the complete
population of sales.
MODF-17
Module F - Attribute Sampling
F.59
2.
Because invoices are filed manually by customer classification, this population
cannot be easily rearranged in random order. An additional concern is the fact
that the invoices are not arranged in a random order with respect to sales
volume. In this situation, if the proportion of high volume customers is relatively
small, the use of systematic selection may result in this entire classification
being bypassed by McNeal.
3.
This situation is similar to (1), with the exception that McNeal will not have
direct access to the sales invoices. This introduces the concern that Branyon’s
personnel will not provide invoices to McNeal that reflect deviations from
internal control policies and procedures. McNeal should insist on visiting the
off-site location and personally select the invoices for examination.
Sample Selection (part c, Continued)
Because invoices are maintained electronically, McNeal can arrange the population in whatever
order he wishes. Since the electronic file of invoices is currently arranged by customer name
(which would ordinarily be random), it appears that McNeal may proceed using systematic
selection without considering any further matters. McNeal can satisfy himself that the population
is complete by using a CAATT to total the invoices in the file and compare the total to the general
ledger balance.
F.60
Sample Size Determination
a.
Using the sample size tables for a 5 percent risk of assessing control risk too low, 3
percent expected deviation rate, and 9 percent tolerable deviation rate results in a sample
size of 84 items.
b.
The risk of assessing control risk too low would be determined judgmentally by Landry
based on the level of control risk (as the level of control risk is lower, the risk of
assessing control risk too low should be established at lower levels).
The expected deviation rate is established based on prior audits (for recurring
engagements) or a pilot sample of controls (for first-year engagements).
The tolerable deviation rate is established based on the level of control risk (as the level
of control risk is lower, the tolerable deviation rate should be established at lower levels).
c.
The revised sample size is 58 items.
d.
Because the acceptable risk of assessing control risk too low has increased, Landry’s
sample does not need to be as effective as when acceptable risk of assessing control risk
too low is lower (the original level of 5 percent). As a result, Landry can examine a
smaller sample.
MODF-18
Module F - Attribute Sampling
F.61
Sample Size Determination
a.
b.
c.
d.
Sample size = 42
Sample size = 129
Sample size = 195
Sample size = 32
Comparing the appropriate sample sizes in (a) and (b), the only difference in sample size is related
to an increase in the expected deviation rate from 0 percent in (a) to 3 percent in (b). As a result,
the increase in sample size from 42 to 129 indicates that the expected deviation rate has a direct
relationship with sample size.
Comparing the appropriate sample sizes in (b) and (c), the only difference in sample size is related
to a decrease in the tolerable deviation rate from 7 percent in (b) to 6 percent in (c). As a result, the
increase in sample size from 129 to 195 indicates that the tolerable deviation rate has an inverse
relationship with sample size.
Comparing the appropriate sample sizes in (a) and (d), the only difference in sample size is related
to an increase in the risk of assessing control risk too low from 5 percent in (a) to 10 percent in (d).
As a result, the decrease in sample size from 42 to 32 indicates that the risk of assessing control
risk too low has an inverse relationship with sample size.
F.62
Sample Size Determination
a.
b.
c.
d.
Sample size = 156
Sample size = 192
Sample size = 103
Sample size = 132
Comparing the appropriate sample sizes in (a) and (b), the only difference in sample size is related
to an increase in the expected deviation rate from 1 percent in (a) to 1.5 percent in (b). As a result,
the increase in sample size from 156 to 192 indicates that the expected deviation rate has a direct
relationship with sample size.
Comparing the appropriate sample sizes in (b) and (c), the only difference in sample size is related
to an increase in the tolerable deviation rate from 4 percent in (b) to 6 percent in (c). As a result,
the decrease in sample size from 192 to 103 indicates that the tolerable deviation rate has an
inverse relationship with sample size.
Comparing the appropriate sample sizes in (b) and (d), the only difference in sample size is related
to an increase in the risk of assessing control risk too low from 5 percent in (b) to 10 percent in
(d). As a result, the decrease in sample size from 192 to 132 indicates that the risk of assessing
control risk too low has an inverse relationship with sample size.
F.63
Sample Size Determination
a.
b.
c.
d.
66
9 percent
3.25 percent
5 percent
MODF-19
Module F - Attribute Sampling
F.64
Sample Size Determination
a.
Cambridge should consider the expected deviation rate, risk of assessing control risk
too low, and tolerable deviation rate in determining the necessary sample size. These
factors are determined as follows:
Expected deviation rate: Determined based on prior audits (for recurring engagements) or
a pilot sample of controls (for first-year engagements).
Risk of assessing control risk too low: Determined based on the level of control risk.
Tolerable deviation rate: Determined based on the level of control risk and desired degree
of assurance.
F.64
b.
Cambridge would determine sample size as follows: (1) select appropriate sample size
table based on risk of assessing control risk too low; (2) identify the row of the table
corresponding to the expected deviation rate; (3) identify the column of the table
corresponding to the assessed tolerable deviation rate; and, (4) determine the sample size
by identifying the junction of the row from step 2 and the column from step 3.
c.
Based on an expected deviation rate of 1 percent, a risk of assessing control risk too low
of 10 percent, and a tolerable deviation rate of 6 percent, the appropriate sample size is
64.
Sample Size Determination (Continued)
d.
1.
Changes in the size of the population do not affect any of the factors used to
determine sample size or sample size itself.
2.
Remediation of control deficiencies would reduce the expected deviation rate,
which would result in a smaller sample size.
3.
Turnover of personnel in the purchasing function would increase the expected
deviation rate, which would result in a larger sample size.
4.
The reduction in control risk would influence both the risk of assessing control
risk too low (decrease) and the tolerable deviation rate (decrease). Both of these
factors would result in a larger sample size.
5.
Increases in control risk would influence both the risk of assessing control risk
too low (increase) and the tolerable deviation rate (increase). Both of these
factors would result in a smaller sample size.
6.
In most cases, the addition of new vendors should not influence any of the
factors affecting sample size or sample size itself. A case could be made that
some additional deviations would occur as the vendor listing is being modified,
which would increase the expected deviation rate and result in a larger sample
size.
MODF-20
Module F - Attribute Sampling
e.
If Cambridge increases her reliance on internal control, she will reduce the necessary
level of control risk, which will ultimately decrease the acceptable risk of assessing
control risk too low and tolerable deviation rate. Both of these factors will result in a
larger sample size. Therefore, one impact of increasing the reliance on internal control is
that Cambridge will incur additional costs in the form of tests of controls. In addition, the
lower tolerable deviation rate that would be required in this situation increases the
likelihood that her tests of controls will not support the planned level of control risk.
However, the advantage to Cambridge of increasing her reliance on internal control is
cost savings in the form of less extensive substantive procedures.
If Cambridge maintains her reliance on internal control at planned levels, the extent of
her tests of controls will not be affected and will be lower than the necessary level if she
increased her reliance on internal control. However, she will need to perform more
extensive substantive procedures.
f.
F.65
When deciding whether to increase her reliance on internal control, Cambridge should
consider the likelihood that her tests of controls would support an increased level of
reliance on internal control as well as the relative cost savings (in the form of less
extensive substantive procedures) that this increased reliance on internal control would
provide.
Sample Results Evaluation
a.
Sample Deviation Rate = No. of Deviations Sample Size
Sample Deviation Rate = 3 60 = 0.05 or 5 percent
b.
Using the sample evaluation table, the upper limit deviation rate is 12.5 percent
Allowance for Sampling Risk = Upper limit deviation rate - Sample Deviation Rate
Allowance for Sampling Risk = 12.5 percent - 5 percent = 7.5 percent
F.66
c.
The upper limit deviation rate considers the likelihood that the sample selected by the
auditor may under represent the deviation rate in the population. The upper limit
deviation rate provides a conservative measure of the population deviation rate to control
the auditor’s exposure to sampling risk to acceptable levels.
d.
Because the upper limit deviation rate (12.5 percent) exceeds the tolerable deviation rate
(6 percent), Joan would conclude that the control is not functioning effectively. At this
point, she could either reduce her planned level of reliance on internal control or expand
the sample to examine a larger number of controls.
e.
Using the sample evaluation table for a 10 percent risk of assessing control risk too low
yields a upper limit deviation rate of 10.8 percent; while lower than the upper limit
deviation rate determined for a 5 percent risk of assessing control risk too low (12.5
percent), this upper limit deviation rate still exceeds the tolerable deviation rate of 6
percent. As a result, Joan would still conclude that the control is not functioning
effectively.
Sample Results Evaluation
a.
(1)
(2)
(3)
Sample deviation rate = 4 60 = 6.7 percent
ULDR = 14.7 percent
Allowance for sampling risk = 14.7 percent – 6.7 percent = 8.0 percent
MODF-21
Module F - Attribute Sampling
b.
(1)
(2)
(3)
Sample deviation rate = 6 60 = 10 percent
ULDR = 18.8 percent
Allowance for sampling risk = 18.8 percent – 10 percent = 8.8 percent
c.
(1)
(2)
(3)
Sample deviation rate = 6 60 = 10 percent
ULDR = 16.9 percent
Allowance for sampling risk = 16.9 percent – 10 percent = 6.9 percent
Comparing the ULDR in (a) and (b), the only difference in the ULDR is related to an increase in
the number of deviations from 4 in (a) to 6 in (b). As a result, the increase in ULDR from 14.7
percent to 18.8 percent indicates that the number of deviations (and sample deviation rate) has a
direct relationship with the ULDR.
Comparing the ULDR in (b) and (c), the only difference in the ULDR is related to an increase in
the risk of assessing control risk too low from 5 percent in (b) to 10 percent in (c). As a result, the
decrease in the ULDR from 18.8 percent to 16.9 percent indicates that the risk of assessing control
risk too low has an inverse relationship with the ULDR.
F.67
Sample Results Evaluation
a.
(1)
(2)
(3)
Sample deviation rate = 8 100 = 8.0 percent
ULDR = 14.0 percent
Allowance for sampling risk = 14.0 percent – 8.0 percent = 6.0 percent
b.
(1)
(2)
(3)
Sample deviation rate = 4 100 = 4.0 percent
ULDR = 9.0 percent
Allowance for sampling risk = 9.0 percent – 4.0 percent = 5.0 percent
c.
(1)
(2)
(3)
Sample deviation rate = 8 100 = 8.0 percent
ULDR = 12.7 percent
Allowance for sampling risk = 12.7 percent – 8.0 percent = 4.7 percent
Comparing the ULDR in (a) and (b), the only difference in the ULDR is related to a decrease in
the number of deviations from 8 in (a) to 4 in (b). As a result, the decrease in ULDR from 14.0
percent to 9.0 percent indicates that the number of deviations (and sample deviation rate) has a
direct relationship with the ULDR.
Comparing the ULDR in (a) and (c), the only difference in the ULDR is related to an increase in
the risk of assessing control risk too low from 5 percent in (a) to 10 percent in (c). As a result, the
decrease in the ULDR from 14.0 percent to 12.7 percent indicates that the risk of assessing control
risk too low has an inverse relationship with the ULDR.
MODF-22
Module F - Attribute Sampling
F.68
F.69
Sample Results Evaluation
a.
Sample deviation rate = 2 30 = 0.0667 or 6.7 percent
b.
Upper limit deviation rate = 19.6 percent
c.
Allowance for sampling risk = 19.6 percent – 6.7 percent = 12.9 percent
d.
Using 4 deviations, a risk of assessing control risk too low of 5 percent, and an upper
limit deviation rate of 12.6 percent yields a sample size of 70.
e.
Sample deviation rate = 4 70 (see (d) above) = 0.057 or 5.7 percent
f.
Allowance for sampling risk = 12.6 percent – 5.7 percent = 6.9 percent
g.
No. of deviations = 200 x 0.025 = 5
h.
Upper limit deviation rate = 4.6 percent
i.
Sample deviation rate = 2 50 = 4 percent
j.
[Note: The student must complete (k) prior to completing (j)] Reviewing the sample
evaluation tables for 2 deviations, a sample size of 50, and an upper limit deviation rate
of 12.1% reveals a risk of assessing control risk too low of 5 percent.
k.
Upper limit deviation rate = 8.1 percent + 4 percent = 12.1 percent
Sample Results Evaluation
This case is one of Robert Ashton’s behavioral decision cases (Accounting Review, January, 1984,
pp. 78-97). He gives credit to W. Uecker and W. Kinney, “Judgment Evaluation of Sample Results:
A Study of the Type and Severity of Errors Made by Practicing CPAs,” Accounting, Organizations
and Society, Vol. 2, No. 3 (1977), pp. 269-75. The “answer” below is taken from Ashton’s study
(with modifications).
NOTE TO INSTRUCTOR: Take a look at this answer. You may want to get the students to discuss
Cases 1, 2, and 3 first, then give them a chance to think about Cases 4 and 5. See if they can be
fooled to change their minds to choose the larger samples for Cases 4 and 5, and then discuss
them.
In this exercise, information about the sample size and sample deviation rates is available for each
pair of outcomes. While sample size is independent of population parameters, sample deviation
rate is representative of the population characteristic of interest (i.e., the population deviation rate).
Use of the representativeness heuristic could cause one to ignore the size of the sample, and to
base choices solely on the sample deviation rate. Thus one might choose Sample A in Case 1 and
Sample B in Case 2 and 3, because their sample deviation rates are lower.
MODF-23
Module F - Attribute Sampling
The AICPA sample evaluation tables show, however, that none of these three sample outcomes
provides adequate assurance that the population deviation rate is below 5 percent. The other
sample outcome (Sample B in Case 1 and Sample A in Case 2 and 3) does provide the desired
assurance at a 95 percent confidence level (5 percent risk of assessing control risk too low). Thus
reliance on the representativeness of the sample outcomes could lead one to choose the weaker
evidence in these cases.
Notice that the correct choice in Cases 1, 2, and 3 is the larger sample. It might be tempting to
conclude that this will always be true (that is, larger samples are always superior to smaller
samples). But this simplification will not always work either. Consider Cases 4 and 5. The correct
answers are the smaller samples (although neither sample provides desired assurance in Case 5).
Interestingly, use of the representativeness heuristic (i.e., focusing on the lower deviation rates)
would lead to the correct choices in these two instances, but would result in incorrect choices in
the first three pairs of sample outcomes. This illustrates that while use of simplifying heuristics
can lead to good decisions, it can also lead the decision maker into making sub optimal decisions.
F.70
Sample Results Evaluation
a.
Based on a sample size of 90 (rounded down from 93), a risk of assessing control risk too
low of 5 percent, and zero deviations, the sample deviation rate is 0 percent (0 ÷ 93 = 0
percent) and the upper limit deviation rate (using the AICPA sample evaluation tables) is
3.3 percent.
b.
The difference between the sample deviation rate and upper limit deviation rate is the
allowance for sampling risk. The allowance for sampling risk controls the risk of
assessing control risk too low to acceptable levels and reflects the possibility that Jackson
has selected a nonrepresentative sample.
c.
Because the upper limit deviation rate (3.3 percent) is less than the tolerable deviation
rate (5 percent), Jackson would conclude that the control is operating effectively and
choose to rely on the internal control as planned.
d.
If 3 deviations were identified, the sample deviation rate is 3.2 percent (3 ÷ 93 = 3.2
percent) and the upper limit deviation rate (using the AICPA sampling tables) is 8.4
percent. Because the upper limit deviation rate of 8.4 percent exceeds the tolerable
deviation rate of 5 percent, Jackson would conclude that the control is not operating
effectively and choose to reduce reliance on the internal control from planned levels.
e.
For a risk of assessing control risk too low of 5 percent and a sample size of 90, the upper
limit deviation rate is 3.3 percent if zero deviations are found and 5.2 percent if one
deviation is found. As a result, the maximum number of deviations that Jackson could
permit without reducing his reliance on internal control is zero, since the upper limit
deviation rate for one deviation (5.2 percent) exceeds the tolerable deviation rate.
f.
For a risk of assessing control risk too low of 10 percent and a sample size of 90, the
upper limit deviation rate is 2.6 percent if zero deviations are found, 4.3 percent if one
deviation is found, and 5.9 percent if two deviations are found. As a result, the maximum
number of deviations that Jackson could permit without reducing his reliance on internal
control is one, since the upper limit deviation rate for two deviations (5.9 percent)
exceeds the tolerable deviation rate.
MODF-24
Module F - Attribute Sampling
This analysis reveals lower upper limit deviation rates compared to those for a 5 percent
risk of assessing control risk too low. This difference results from the fact that Jackson is
accepting a higher level of sampling risk, which reduces the allowance for sampling risk.
Simply stated, a lower risk of assessing control risk too low provides Jackson with a more
conservative (higher) upper limit deviation rate.
F.71 Evaluating a Sampling Application
Mistake
Explanation
1.
The statistical criteria call for a sample of 181,
not 100.
1.
Tom Barton apparently did not use AICPA
sampling tables in determining sample size or
misread the AICPA sampling tables.
2.
Tom Barton used two test months for his
selection of sample items.
2.
A selection of two months does not make the
sample representative of the year’s
population; checks should be examined for
selections from months throughout the year.
3.
Tom Barton did not define the deviation
conditions carefully before beginning his
sampling application.
3.
Tom subsequently decided that the two
deviations he found were not control
deviations.
4.
Tom Barton did not follow up sufficiently on
the deviations he found.
4.
The pay rate mistake has dollar-value impact
that Tom made no effort to recognize (i.e.,
liability for underpayment of wages).
5.
Tom Barton improperly combined a stratified
sample into a single evaluation.
5.
When stratification is done properly, the two
samples should be evaluated independently.
6.
The reviewers (senior and partner) were not
competent to review the statistical application.
6.
This is not Tom’s mistake, but it is
worthwhile to point out that competence is as
necessary at the review level as it is at the
performance level.
MODF-25
