Audit Sampling Guidelines and Reference Materials for Internal Auditors

Slide Note
Embed
Share

Review authoritative guidance for audit sampling and the potential for external auditor reliance on internal auditors. Understand and apply concepts related to audit sampling to project results with certainty. Available reference materials include AICPA Codification of Statements, AICPA Audit Guide, and The Institute of Internal Auditors International Professional Practices Framework. The IPPF standards emphasize the need for auditors to identify sufficient, reliable, relevant, and useful information. Implementation guidance requires internal auditors to select representative samples for generalization of results.


Uploaded on Jul 12, 2024 | 6 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. AUDIT SAMPLING LOUISIANA ASSOCIATION OF COLLEGE AND UNIVERSITY AUDITORS (LACUA) OCTOBER 28, 2022

  2. OBJECTIVES To review authoritative guidance for audit sampling: Potential for external auditor reliance on internal auditors (AU-C 610). To project results of our work with a greater degree of certainty.

  3. OBJECTIVES Guidance on sampling related topics: Understand sampling Apply concepts To respond to questions related to audit sampling.

  4. AVAILABLE REFERENCE MATERIAL AICPA Codification of Statements on Auditing Standards, AU-C 530, Audit Sampling AICPA Codification of Statements on Auditing Standards, AU-C 935, Compliance Audits, .A21

  5. AVAILABLE REFERENCE MATERIAL AICPA Audit Guide, Audit Sampling AICPA Audit Guide, Government Auditing Standards and Single Audits

  6. AVAILABLE REFERENCE MATERIAL The Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) IPPF Practice Guide, Assisting Small Internal Audit Activities in Implementing the Standards

  7. IIA SMALL INTERNAL AUDIT ACTIVITIES One to five auditors Productive hours less than 7,500/year Limited co-sourcing or out-sourcing

  8. IPPF STANDARDS 2310 Auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement s objectives.

  9. IPPF IMPLEMENTATION GUIDANCE If internal auditors choose to select a sample, they are responsible for applying methods to assure that the sample selected represents the whole population and/or time period to which the results will be generalized.

  10. IPPF PRACTICE GUIDE External audit requirements for sampling may not correspond to that of the internal audit activity.

  11. IPPF PRACTICE GUIDE The Standards encourage collaboration with external auditing and such collaboration may include discussion of external audit sampling and scoping parameters. Such discussions in advance of audit plan development and execution may allow for greater reliance on the work of internal auditing.

  12. AUDIT SAMPLING DEFINED (AU-C 530.05) The selection and evaluation of less than 100% of the population of audit relevance such that the auditor expects the items selected (the sample) to be representative of the population and, thus, likely to provide a reasonable basis for conclusions about the population.

  13. AUDIT SAMPLING DEFINED (AU-C 530.05) Representative Sample conclusions, subject to the limitations of sampling risk, are similar to those that would be drawn if the same procedures were applied to the entire population.

  14. SAMPLING RISK DEFINED (AU-C 530.05) The risk that the auditor s conclusion based on the sampling procedures may be different than a conclusion based on applying the same audit procedure to the entire population.

  15. SAMPLING RISK DEFINED (AU-C 530.05) Ineffective sample: Concluding controls are more effective than they actually are, or a material misstatement/material noncompliance does not exist when it does and is: Likely to lead to an inappropriate conclusion. Risk of overreliance Potential audit failure

  16. SAMPLING RISK DEFINED (AU-C 530.05) Inefficient sample: Concluding controls are less effective than they actually are or a material misstatement/material noncompliance exists when it does not. May result in additional work to determine initial conclusions were incorrect. Underreliance.

  17. AUDITOR JUDGMENT IN SAMPLING Auditor judgment is critical for determining/assessing: Risks (differs from the annual internal audit risk assessments)

  18. AUDITOR JUDGMENT IN SAMPLING Auditor judgment is critical for determining: Materiality Performance Materiality and Tolerable Misstatement/Deviation Immaterial Misstatements Trivial Misstatements

  19. AUDITOR JUDGMENT IN SAMPLING However We judgmentally selected a sample of . . . We judgmentally determined to use a sample size of . . . May not be appropriate.

  20. AUDITOR JUDGMENT IN SAMPLING Auditor understanding of population: Allows judgment when determining whether to stratify the population before sampling, or whether to use sampling at all. Determining if population consists primarily of significant transactions. Using substantive analytical procedures to provide sufficient appropriate audit evidence.

  21. AUDITOR JUDGMENT IN SAMPLING DATA ANALYTICS

  22. AUDITOR JUDGMENTIN SAMPLING Acceptable sampling methods: Random (statistical or nonstatistical) Systematic (starting point, then every nth item in the population) Haphazard

  23. AUDITOR JUDGMENTIN SAMPLING Acceptable sampling methods include: Monetary Unit Sampling (statistical) used to assess the amount of monetary misstatement that may exist in a population.

  24. RELEVANT ASSERTIONS (MANAGEMENT S ASSERTIONS)

  25. Account Balances Presentation and Disclosure Classes of Transactions Occurrence/Existence Transactions and events that have been recorded have occurred and pertain to the college/university Assets, liabilities, and equity interests exist Disclosed events and transactions have occurred and pertain to the college/university Rights and Obligations The college/university holds or controls the rights to assets, and liabilities are obligations of the college/university Completeness All transactions and events that should have been recorded have been recorded All assets, liabilities, and equity interests that should have been recorded have been recorded All disclosures that should have been included in the financial statements have been included Accuracy/Valuation and Allocation Amounts related to transactions have been recorded appropriately Assets, liabilities, and equity are included in the financial statements at appropriate amounts Information is disclosed fairly and at appropriate amounts Cut Off Transactions have been recorded in the correct accounting period Classification and Presentation Transactions have been recorded in proper amounts Financial information is appropriately presented and described

  26. AND COMPLIANCE (E.G., LAWSANDREGULATIONS, FEDERALPROGRAMREQUIREMENTS) PCARDS/TRAVEL CARDS? STUDENT FINANCIAL AID?

  27. IS SAMPLING APPROPRIATE Determine if sampling is most appropriate/ effective: Homogeneous population Control tests/substantive tests of details vs substantive analytical procedures? DATA ANALYTICS

  28. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS Homogeneous Population: College/university s tuition and fee revenues totaled $400 million for the fiscal year. Enrollment = 30,000 Full-time COA = $7,500 per semester Sample of 100 students = $750,000 (maximum) Will a substantive analytical procedure provide better, sufficient appropriate substantive evidence?

  29. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS Homogeneous Population: Testing controls (sampling) - effective or efficient? Test of controls with a limited number of transactions through/from the software application? Fewer students? More students? Substantive analytical procedure? Data analytics?

  30. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS Homogeneous Population: Substantive analytical procedure: Published tuition and fee costs per credit hour (A) Validate schedule - i.e., approved and agrees with the fee tables in the software application Student enrollment (B) Break down enrollment by credit hours Tolerable limit (C) Acceptable difference from reported amount

  31. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS Homogeneous Population: A x B Tuition and fees on income statement. Result within C (+ or -)?

  32. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS Homogeneous Population: Evaluate effectiveness: Does the calculation provide evidence that the fee schedule is applied to each student appropriately (provides evidence that controls are effective)? Is the calculated total within the expectation/ tolerable limit (substantive result)? Does the calculation provide assurance that the reported balance is materially correct?

  33. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS Homogeneous Population: If a fee is not correct in the IT system, is sampling individual students necessary? Conclude based on a substantive procedure (calculation)? A $10 fee charged per student is posted in the system as $9.50 maximum error = $15,000 (0.00375%). A $10 fee charged per credit hour (360,000 hours) is posted as $9.50. Maximum error = $180,000 (0.045%). Is either material?

  34. DETERMININGIF AUDIT SAMPLING IS APPROPRIATEFORTHE TESTS PCard/Travel Expenses: Not homogeneous Airfare, hotel, car rental, food, incidentals, etc. Sample? Stratify population? Combination of the two?

  35. DOCUMENTINGTHE SAMPLE

  36. DEFININGTHE OBJECTIVEOFTHE SAMPLE The control or amount (substantive) of the account balance, class of transactions, or disclosure component being tested.

  37. DEFININGTHE OBJECTIVEOFTHE SAMPLE Control To determine whether key controls relating to PCard/travel expenses are in place and operating effectively To support the preliminary risk assessment (identified for each key control), and To determine if the institution has complied with applicable, material purchasing laws/regulations

  38. DEFININGTHE OBJECTIVEOFTHE SAMPLE Substantive To determine if PCard/travel expenses are materially correct.

  39. DEFININGTHE POPULATIONFROM WHICHTHE SAMPLE IS TAKEN Control/Substantive or Both The population is all PCard/travel expenses recorded in the general ledger.

  40. DEFININGTHE POPULATIONFROM WHICHTHE SAMPLE IS TAKEN Control/Substantive or Both Transactions to be included in the population: All expenses coded to travel accounts (e.g., GL accounts 7451-7460). PCard transactions processed through the issuing bank.

  41. DEFININGTHE PERIOD COVEREDFOR THE POPULATION Control/Substantive or Both All expenses as defined above included in the period from July 1, 2021, through June 30, 2022.

  42. CONSIDERATIONOFTHE COMPLETENESSOFTHE POPULATION Control/Substantive or Both Reconcile detail expense transactions processed through AP to the GL accounts. Reconcile PCard transactions to bank statements.

  43. DEFININGTHE SAMPLING UNIT Control/Substantive or Both Any individual transaction from the population from which the sample will be taken.

  44. IDENTIFICATIONOF INDIVIDUALLY SIGNIFICANT ITEMS (STRATIFYING) Substantive (using the same population for control testing) PERCENTOF DOLLARS NUMBER OF UNITS PERCENTOF POPULATION DOLLAR AMOUNT 100% 100% Total population 1,000 $1,000,000 25% 0.375% Total of items excluded from the population (<=$100) 250 $3,750 1.5% 15% Total of items tested separately (i.e., at 100%) 15 $150,000 73.5% 84.625% Remaining population subject to sampling 735 $846,250

  45. IDENTIFICATIONOF INDIVIDUALLY SIGNIFICANT ITEMS (STRATIFYING) Substantive Justify the portion of the population not tested: All transactions <= $100 totaled $3,750, 0.375% of dollars and 25% of transactions Transactions in total are less than the level of immateriality and represent little to no risk of material misstatement for the population as a whole.

  46. DEFININGTHE ERROR Deviation condition (control) or error (substantive - i.e., misstatement/exception): An answer of X to any of the control/ substantive attributes listed at the test.

  47. DETERMINING SAMPLE SIZE Control test: Determine confidence level and risk of overreliance a 95% confidence level results in a 5% risk of overreliance ( 3.38-3.61). Determine the tolerable deviation rate (normally expressed as a percentage). Determine the expected deviation rate the higher the rate, the larger the sample.

  48. DETERMINING SAMPLE SIZE Control test: If practicable, use the Audit Guide Table A-1. Adjust the base sample size if the population is small or if operating controls are infrequent. See the Audit Guide, Tables 3-4 and 3-5 for sample sizes for small populations. Note that for populations of 4 - 52, Table 3-5 suggests sample sizes (requires sample to be documented).

  49. DETERMINING SAMPLE SIZE Substantive test of details: Determine the objective: To determine if PCard/travel expenses are materially correct.

  50. DETERMINING SAMPLE SIZE Substantive test of details: Determine the RMM. Determine analytical procedures risk: Will substantive analytical procedures provide sufficient appropriate audit evidence? Will substantive analytical procedures reduce sample sizes?

More Related Content