Any other mistakes by the auditor other than sampling risk not a direct consequence of using a sampling approach
Sampling
Application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class
Two Types of Statistical Sampling
Attributes sampling
Variables sampling
Type I Error
The risk of under-reliance on controls or incorrect rejection
Relates to efficiency of audit
Two General Approaches to Sampling
Statistical
Nonstatistical
Sampling Risk
The risk that the sample may not be truly representative of the population
Type II Error
The risk of over-reliance on controls or incorrect acceptance
Relates to effectiveness of audit
Eight Steps in Attributes Sampling Plan
Identify Sampling Objective
Define what Constitutes an Occurrence
Identify Relevant Population
Determine Sampling Method
Determine Sample Size
Select the Sample
Evaluate Results
Document Sampling Procedures
Attributes Sampling Results Necessary for an Auditor to Rely on the Control
Only if the error rate, based on the upper bound of the confidence interval is less than or equal to the stated "tolerable error" rate
Haphazard Sampling
Arbitrary selection, with no "conscious" biases
Statistical Sampling Approaches
Random Number
Systematic
Factors Inversely Related to Sample Size
Tolerable error rate
Risk of over-reliance
Risk of under-reliance
Systematic Sampling
e.g., selecting every nth item
Block Sampling
A group of contiguous items
Items Considered in Identifying the Relevant Population
Relevant time period
Specific sampling unit
Random Number Sampling
Each transaction has the same probability of being selected
Observed Deviation Rate
(# errors)/n
Factors Directly Related to Sample Size
Expected error rate
Population size
Judgmental Sampling Approaches
Block
Haphazard
Items Inversely Related to Variables Sample Size
Allowance for sampling risk
Risk of incorrect acceptance
Risk of incorrect rejection
Items Directly Related to Variables Sample Size
Estimated population standard deviation
Population size
Basic Sample Size Formula
Sample Size = (Estimated population standard deviation x coefficient of reliability x number of items / allowance for sampling risk) squared
Eight Basic Steps in Variables Sampling
Identify sampling objectives
Identify relevant population
Select specific sampling technique
Calculate the sample size
Determine selection method
Conduct the sample
Evaluate sample and project to population
Document the sampling procedures
Two Parameters of a Normal Distribution
Mean
Variance
Results of Stratification
Reduces overall variability within a population
Sampling Techniques
Difference estimation
Ratio estimation
Mean-per-unit estimation
Probability proportionate to size
EDP Duties that Should Be Segregated
Systems analyst
Programmer
Operator
Librarian
Security
Five Categories of General Controls
Organization and operation
Systems development and documentation
Hardware and systems software
Access
Data and procedures
Types of Logic Checks
Limit tests
Validity checks
Missing data checks
Check digits
Application Controls
Related to the specific computer processing applications
Check Digit
A check digit is an arithmetic manipulation of a numerical field that captures the information content of that field and then gets "tacked" onto the end of that numeric field
Types of Physical Safeguards
File labels
File protection rings
File protection plans
Particular Internal Control Considerations in an EDP Environment
Segregation of duties may be undermined
Audit trail may be lacking
Computer processing is uniform
Batch Totals
Totals that actually mean something
Built in Controls for Hardware and Systems Software
Parity check
Echo check
Diagnostic routines
Boundary protection
Types of Control Totals
Batch totals
Hash totals
Record count
Hash Totals
Totals that have no meaningful interpretation
Objective of Processing Application Controls
That the processing of data is accurate and as authorized
Objective of Input Application Controls
That the input of data is accurate and as authorized
Record Count
Keeping track of the number of records processed to determine that the appropriate number was accounted for
General Controls
Controls that have pervasive effects on all the specific applications
Objective of Output Application Controls
That the output of data (and the distribution of any related reports) is accurate and as authorized
Validity Checks
Are the data recognized as legitimate possibilities
Missing Data Checks
Are there any omissions from any fields in which data should have been present