F.15 The upper limit deviation rate is determined based on the risk of assessing control risk too low, sample size, and number of deviations.. Since the sample size and number of deviati
Trang 1MODULE F
Attribute Sampling
LEARNING OBJECTIVES
ReviewCheckpoints Exercises, Problems, and Simulations
1 Identify the objectives of attribute sampling,
define deviation conditions, and define the
population for an attribute sampling
application
1, 2, 3, 4 51, 53, 54, 55, 71 (partial),
73 (parts a – b), 74 (parts a – b), 75 (part a), 76 (partial), 77 (partial), 79
2 Understand how various factors influence the
size of an attribute sample
5, 6, 7 52 (partial), 71 (partial), 72
(parts a – b), 75 (parts b – c), 76 (partial), 77 (partial),
78, 79
3 Determine the sample size for an attribute
sampling application 8, 9 52 (partial), 60, 61, 62, 63, 64, 71 (partial), 72
(part c), 74 (part c), 75 (parts d – e), 80 (partial)
4 Identify various methods of selecting an
attribute sample 10, 11, 12 56 (partial), 57, 58, 59, 71 (partial), 73 (parts c-d), 74
(part d)
5 Evaluate the results of an attribute sampling
application by determining the upper limit
deviation rate (ULDR)
73 (part d), 74 (parts e – g), 75 (parts f – h), 77 (parts g-h), 80 (partial)
6 Define sequential sampling and discovery
sampling and identify when these types of
sampling applications would be used
23, 24
Trang 2SOLUTIONS FOR REVIEW CHECKPOINTS
F.1 Attribute sampling is a method of sampling used to determine the extent to which some
characteristic (or attribute) exists within a population of interest Attribute sampling is used by the auditor in performing tests of controls to determine the operating effectiveness of internal control policies and procedures
F.2 The auditor’s objective in attribute sampling is to determine the operating effectiveness of key
controls that influence the financial statement assertions of interest As a result, the financial statement assertions ultimately determine which control(s) are tested and are the subject of the auditor’s attribute sampling application
F.3 Deviation conditions represent situations in which key controls are not functioning as intended
Deviation conditions are important in an attribute sampling application because they provide the auditor with evidence regarding the operating effectiveness of the client’s internal control
F.4 An appropriate definition of the population is important because auditor conclusions can only be
extended to the population from which the sample is selected
F.5 a Sampling risk is the risk that the decision made by the auditor based on the sample is
different from the decision that would have been made if the entire population were examined
b The tolerable deviation rate is the maximum rate of deviations permissible by the auditor
without modifying the reliance on an internal control policy or procedure
c The expected deviation rate is the anticipated rate of deviations in the client’s internal
control policies or procedures
The sampling risk and tolerable deviation rate are determined judgmentally by the auditor based
on the planned level of control risk (as the planned level of control risk is lower, the sampling risk and tolerable deviation rate should be lower) and the desired level of assurance
The expected deviation rate is assessed by the auditor based on either prior experience with the client (for recurring engagements) or a small pilot sample of controls (for first-year engagements).F.6 The risk of assessing control risk too high (risk of underreliance) occurs when the auditor’s sample
indicates that the control is not functioning effectively when, in fact, it is functioning effectively When this risk occurs, the auditor’s adjusted sample deviation rate exceeds the tolerable deviation rate However, unknown to the auditor, the true population deviation rate is less than the tolerable deviation rate
The risk of assessing control risk too low (risk of overreliance) occurs when the auditor’s sample indicates that the control is functioning effectively when, in fact, it is not functioning effectively When this risk occurs, the auditor’s adjusted sample deviation rate is less than the tolerable deviation rate However, unknown to the auditor, the true population deviation rate exceeds the tolerable deviation rate
Trang 3F.7 The risk of assessing control risk too low is more important because this risk may result in a less
effective audit being performed That is, the auditor may not perform a sufficient level of
substantive procedures upon which to base the opinion on the financial statements
F.8 a Sample size has an inverse relationship with sampling risk; that is, as the acceptable sampling risk decreases, sample size increases
b Sample size has an inverse relationship with the tolerable deviation rate; that is, as the
tolerable deviation rate decreases, sample size increases
c Sample size has a direct relationship with the expected deviation rate; that is, as the
expected deviation rate increases, sample size increases
F.9 In an attribute sampling application, the sample size is determined as follows:
1 Based on the acceptable level of the risk of assessing control risk too low, select the
appropriate sample size table
2 Identify the row of the table corresponding to the expected deviation rate for the control
being examined
3 Identify the column of the table representing the assessed tolerable deviation rate for the
control being examined
4 Determine the sample size by identifying the junction of the row from step (2) and the
column from step (3)
F.10 When selecting sample items, the auditor should take steps to ensure that the sample is
representative of the population from which it is drawn For example, the auditor should select potential applications of control procedures performed throughout the year, performed for larger and smaller dollar amounts, performed by different individuals, and related to transactions with different parties or individuals in different geographic areas
F.11 Tests of controls are procedures performed by the auditor to determine the operating effectiveness
of the client’s key internal controls The auditor’s goal in performing tests of controls is to determine the rate at which the client’s controls are not functioning as intended, or the sample deviation rate
F.12 If the auditor is unable to find an item that provides evidence of the client’s performance of a
control, that item is classified as a deviation
F.13 The sample deviation rate is the rate of deviations from key controls noted by the auditor in the
sample It can be calculated by dividing the number of deviations by the sample size
F.14 The upper limit deviation rate is an adjusted rate of deviations that provides a conservative
measure of the population deviation rate This measure allows the auditor to control the exposure
to sampling risk to acceptable levels
Trang 4F.15 The upper limit deviation rate is determined based on the risk of assessing control risk too low,
sample size, and number of deviations Since the sample size and number of deviations determine the sample deviation rate, the upper limit deviation rate is essentially based on the sample
deviation rate and the risk of assessing control risk too low
F.16 The upper limit deviation rate is determined as follows:
1 Based on the acceptable risk of assessing control risk too low, select the appropriate
evaluation table
2 Read down the “sample size” column to find the row representing the appropriate sample
size
3 Identify the column corresponding to the number of deviations found by the auditor
4 The upper limit deviation rate is the value found at the intersection of the row in step (2)
and the column in step (3)
F.17 If the sample size examined by the auditor is not included in the AICPA sample evaluation tables,
the auditor could (1) select additional items for examination to provide the auditor with the next highest sample size included on the tables, (2) evaluate the results of the sample using a smaller (more conservative) sample size, or (3) interpolate the table values and estimate a upper limit deviation rate for the number of items examined
F.18 Since the sample deviation rate is 6 percent (6 deviations 100 items = 6 percent) and the upper
limit deviation rate is 8.3 percent, the allowance for sampling risk is 2.3 percent (8.3 percent - 6.0 percent = 2.3 percent)
F.19 If the upper limit deviation rate is less than the tolerable deviation rate, the auditor would conclude
that the control is functioning effectively If the upper limit deviation rate is greater than or equal
to the tolerable deviation rate, the auditor would conclude that the control is not functioning effectively
F.20 If the upper limit deviation rate is less than the tolerable deviation rate, the auditor can choose to
rely on internal control at planned levels
F.21 If the upper limit deviation rate is greater than or equal to the tolerable deviation rate, the auditor
can reduce the reliance on internal control and increase control risk or expand the sample to achieve an observed upper limit deviation rate less than the tolerable deviation rate However, expanding the sample is generally not an effective response
Trang 5F.22 Information that is typically documented in an attribute sampling application includes:
Information on the objective of sampling, definition of deviation conditions, and
definition of the population from which the sample was selected
The levels of the risk of assessing control risk too low, tolerable deviation rate, and
expected deviation rate, along with the rationale for these assessments
The sample size determined based on the factors discussed above
Information on the selection of sample items and a listing of items selected and examined
by the auditor
Results of the tests of controls performed on each item selected
Information regarding the number of deviations and the upper limit deviation rate
The auditor’s conclusion with respect to the operating effectiveness of the control and
implications of this operating effectiveness on the auditor’s reliance on internal control and substantive procedures
F.23 Sequential sampling is a sampling plan in which an initial sample is selected and the auditor (1) draws a final conclusion regarding the effectiveness of the control policy or procedure or (2) selects additional items before drawing a final conclusion regarding the effectiveness of the control policy or procedure
The primary advantage of sequential sampling is that these types of plans may allow the auditor toform a conclusion on internal control with a relatively small sample size The primary
disadvantage of sequential sampling is that the allowable rate of deviations in the sample is lower than that in a fixed sampling plan (i.e., sequential sampling is more conservative) In addition, sequential sampling may ultimately result in auditors examining an extremely large number of items if they decide to expand the sample
F.24 Discovery sampling is a form of attribute sampling that is used when deviations from controls are
very critical, yet are expected to occur at a relatively low rate Discovery sampling should be used when a control is extremely important for the auditor’s examination or when the auditor is suspicious of the existence of fraud
F 25 Step five, selecting the sample, may be performed differently for nonstatistical sampling than for
statistical sampling As nonstatistical sampling does not make use of tables based on probabilities,the sample is not required to be selected randomly Haphazard or block selection may be used as well as random or sequential selection However, it is step seven, evaluating sample results where the primary difference between the two methods arises
F 26 Auditors first calculate the sample deviation rate If the sample deviation rate is greater than the
tolerable deviation rate, the auditor can conclude that the control is not working effectively and revised planned detection risk However, if the sample deviation rate is less than tolerable
Trang 6SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS
F.27 a Incorrect Determining preliminary levels of materiality is related to variables
sampling
b Correct Attribute sampling selects occurrences of key controls for the auditor to
examine using tests of controls
c Incorrect Substantive procedures are related to variables sampling
d Incorrect Searching for the possible occurrence of subsequent events is not an
c Incorrect Prior to defining the population, the key controls must be identified
d Incorrect Prior to determining the sample size, the key controls must be
identified
F.29 a Incorrect The tolerable deviation rate has an inverse relationship with sample
size
b Correct The expected deviation rate has a direct relationship with sample size;
the tolerable deviation rate has an inverse relationship with sample size
c Incorrect The expected deviation rate has a direct relationship with sample size;
the tolerable deviation rate has an inverse relationship with sample size
d Incorrect The expected deviation rate has a direct relationship with sample size.F.30 a Incorrect The auditor does not control the RACTH in an attribute sampling
application
b Incorrect The auditor does not control the RACTH in an attribute sampling
application; however, the auditor does control the RACTL
c Correct The auditor does not control the RACTH in an attribute sampling
application; however, the auditor does control the RACTL
d Incorrect The auditor controls the RACTL in an attribute sampling application.F.31 a Incorrect Both sampling risks result in incorrect decisions by the auditor
b Incorrect The risk of assessing control risk too high is related to the study and
evaluation of internal control
c Correct The risk of assessing control risk too low may result in the failure to
control audit risk to acceptable levels
d Incorrect Performing tests during an interim period does not influence the risk of
assessing control risk too high
F.32 Note to instructor: Since this question asks students to identify the statement that will not result in
an increased sample size, the response labeled “correct” will not result in an increased sample size and those labeled “incorrect” will result in an increased sample size.
a Incorrect Reducing the risk of assessing control risk too low will result in a larger
sample size
b Correct Increasing the tolerable deviation rate will reduce (not increase) the
sample size
c Incorrect Increasing the expected deviation rate will result in a larger sample size
d Incorrect Choice (b) above will not result in a larger sample size
Trang 7F.33 a Incorrect From the AICPA sampling tables, the sample size is 195.
b Incorrect From the AICPA sampling tables, the sample size is 195
c Incorrect From the AICPA sampling tables, the sample size is 195
d Correct From the AICPA sampling tables, the sample size is 195
F.34 a Incorrect RACTL increases as control risk increases; as a result, a 1% RACTL
cannot logically be associated with a control risk of 0.80
b Incorrect RACTL increases as a function of control risk; as a result, a 10%
RACTL cannot logically be associated with a control risk of 0.20 if a 1% control risk is assigned to a control risk of 0.50
c Incorrect RACTL increases as a function of control risk; as a result, a 10%
RACTL cannot logically be associated with a control risk of 0.50 if a 5% RACTL is assigned to a control risk of 0.80
d Correct RACTL increases as control risk increases; this series is consistent with
F.36 a Correct This is the correct interpretation of the upper limit deviation rate
b Incorrect The probability that the actual deviation rate in the population is lower
than the upper limit deviation rate is (1 minus the risk of assessing control risk too low)
c Incorrect The upper limit deviation rate does not provide an estimate with
certainty; in addition, the probability that the actual deviation rate in thepopulation is lower than the upper limit deviation rate is (1 minus the risk of assessing control risk too low)
d Incorrect The upper limit deviation rate does not provide an estimate with
certainty
b Incorrect See (d) below
c Incorrect See (d) below
d Correct Without knowledge of the risk of assessing control risk too low, it is
impossible to calculate the upper limit deviation rate for a sample of
100 transactions with one deviation For example, with a risk of assessing control risk too low of 5 percent, the upper limit deviation rate is 4.7 and options (a), (b), and (c) would not allow the auditor to assess control risk at the appropriate level However, if the risk of assessing control risk too low is 10 percent, the upper limit deviation rate would be 3.9 and choice (c) would allow the auditor to assess
Trang 8F.38 a Incorrect Because the upper limit deviation rate exceeds the tolerable deviation
rate, the auditor cannot support a control risk assessment based on the tolerable deviation rate
b Correct The auditor should increase control risk because the upper limit
deviation rate exceeds the tolerable deviation rate
c Incorrect Despite the fact that the upper limit deviation rate exceeds the tolerable
deviation rate, the auditor can support a control risk assessment at less than the maximum level
d Incorrect Control risk should be increased not decreased
F.39 a Incorrect Selecting customer accounts for confirmation as a part of the audit of
accounts receivable would use variables sampling
b Incorrect Selecting inventory items for verification as a part of the audit of
inventory would use variables sampling
c Correct Selecting purchase orders for indication of authorization is a test of
controls that would use attribute sampling
d Incorrect Selecting additions to property, plant and equipment for verification
would use variables sampling
F.40 a Incorrect The auditor would compare the tolerable deviation rate to the sum of
the allowance for sampling risk and sample deviation rate (not expecteddeviation rate)
b Correct In this example, the sample deviation rate of 4 percent (5 125 = 4
percent) plus the allowance for sampling risk of 3 percent equals the upper limit deviation rate (7 percent) Since the upper limit deviation rate exceeds the tolerable deviation rate of 5 percent, the auditor shouldassess a higher control risk
c Incorrect The expected deviation rate is not considered in evaluating the results
of the sample
d Incorrect The sample results would support a low control risk assessment if the
sample deviation rate plus the allowance for sampling risk is less than (not greater than) the tolerable deviation rate
F.41 a Incorrect From the AICPA sample evaluation tables, the upper limit deviation
F.42 a Incorrect See the response to choice (b)
b Correct The auditor noted 7 deviations in the 90 items examined; therefore, the
sample deviation rate is 7.8 percent (7 90 = 7.8 percent) If the ULDR
is 12.8 percent (see the answer to F.38), the allowance for sampling riskwould be 5.0 percent (12.8 percent – 7.8 percent = 5.0 percent)
c Incorrect See the response to choice (b)
d Incorrect See the response to choice (b)
Trang 9F.43 a Incorrect The tolerable deviation rate must exceed the upper limit deviation rate
in order for the auditor to rely on internal control as planned
b Correct The tolerable deviation rate must exceed the upper limit deviation rate
in order for the auditor to rely on internal control as planned
c Incorrect The expected deviation rate is not used in evaluating sample results
d Incorrect The expected deviation rate is not used in evaluating sample results.F.44 a Incorrect See the response to choice (d)
b Incorrect See the response to choice (d)
c Incorrect See the response to choice (d)
d Correct While (a), (b), and (c) are correct responses, (d) is a more appropriate
response because it includes all possible alternatives for the auditor.F.45 a Incorrect The upper limit deviation rate is the sum of the sample deviation rate
(and not the expected deviation rate) and the allowance for sampling risk
b Incorrect The upper limit deviation rate is the sum of the sample deviation rate
(and not the risk to assessing control risk too high) and allowance for sampling risk
c Correct The upper limit deviation rate is the sum of the sample deviation rate
and the allowance for sampling risk
d Incorrect The upper limit deviation rate is the sum of the sample deviation rate
(and not the tolerable deviation rate) and the allowance for sampling risk
F.46 a Incorrect The allowance for sampling risk is based on the allowable risk of
assessing control risk too low
b Incorrect The expected deviation rate is based on the auditor’s experience in
prior audits or a pilot sample of controls
c Incorrect The sample deviation rate is based on the number of deviations and the
c Correct When using sequential sampling, an initial sample is selected and
decisions related to expanding that sample are based on the results of the initial sample
d Incorrect When using statistical sampling, the auditor determines a single sample
size
Trang 10F.48 a Incorrect While a form of attribute sampling would be appropriate, the low level
of deviations and importance of ensuring that deviations occur at extremely low levels would make the use of discovery sampling more appropriate
b Correct Discovery sampling is used when the rate of deviations is anticipated to
be low and the auditor desires a high level of assurance that deviations occur at a low rate
c Incorrect Sequential sampling would not be used in this situation
d Incorrect While a form of attribute sampling would be appropriate, the low level
of deviations and importance of ensuring that deviations occur at extremely low levels would make the use of discovery sampling more appropriate
F.49 a Incorrect In deciding whether to rely on internal control as planned, the upper
limit deviation rate is compared to the tolerable deviation rate, not the risk of assessing control risk too low
b Incorrect While the upper limit deviation rate (6.5 percent) does exceed the
tolerable deviation rate (6 percent), you would reduce reliance on
internal control, not rely on internal control as planned
c Incorrect In deciding whether to rely on internal control as planned, the upper
limit deviation rate is compared to the tolerable deviation rate, not the risk of assessing control risk too low
d Correct Because the upper limit deviation rate (6.5 percent) exceeds the
tolerable deviation rate (6 percent), you would reduce reliance on the internal control from planned levels
F.50 a Incorrect Auditing standards clearly state the sample sizes using nonstatistical
sampling should be comparable to sample sizes from statistical sampling
b Incorrect Auditors must consider an allowance for sampling risk when using
nonstatistical sampling
c Correct Using nonstatistical sampling is generally less complicated than
statistical sampling
d Incorrect Only answer c is true
SOLUTIONS FOR EXERCISES, PROBLEMS, AND SIMULATIONS
F.51 Test of Controls Objectives and Deviations
Trang 112 Validity of Sales and Proper Period Recording
a Objective: Determine whether (i) recorded sales invoices are supported by
written notices of shipment, (ii) the sales record date is the same as the shipmentdate
b Deviation: (i) Absence of written shipment notice, (ii) Sales record date and
shipment date are not the same
3 Accuracy of Sales Invoices
a Objective: Determine whether (i) quantities on shipping notices and invoices are
the same, (ii) unit prices on the invoices are correct and agree with catalog prices, and (iii) invoices are arithmetically correct
b Deviation: (i) Quantities on shipping notices and invoices do not match; (ii) Unit
prices do not agree with catalog prices, (iii) Invoices include mathematical mistakes
4 Classification of Sales
a Objective: Determine whether invoices are properly coded for intercompany
sales
b Deviation: (i) Invoice to an affiliated company not marked “9” and (ii) Invoice
to an outside customer marked “9”
F.52 General Attribute Sampling
1 Holyfield has incorrectly identified the population By identifying the population as all
invoiced sales and selecting sales invoices for examination, Holyfield will begin with a transaction that has been billed The correct definition of the population if Holyfield wishes to verify that all shipments have been billed would be the population of shipping documents
2 Holyfield’s action in this situation is correct The risk of assessing control risk too low
should be established at lower levels when a higher degree of reliance on Top Rank’s internal control is planned
3 Holyfield’s action in this situation is correct While prior audits provide a guideline for
establishing the expected deviation rate, Holyfield should consider any changes occurringsince that time While it is impossible to determine whether a 1 percent expected
deviation rate is appropriate, it is certainly reasonable to reduce the expected deviation rate from that used in prior years if improvements in the processing of transactions have occurred
Trang 12F.52 General Attribute Sampling (Continued)
4 Holyfield’s action in this situation is partially correct While the initial sample size of 156
is appropriate for the parameters specified in the Top Rank engagement, it is not appropriate to adjust this sample size for the size of the population AICPA sample size tables assume a large population in determining sample size In addition, based on statistical theory, once a population reaches a certain size, increases in the size of the population have a minimal effect on sample size
5 Holyfield’s action in this situation is incorrect The sum of the sample deviation rate and
allowance for sampling risk (the upper limit deviation rate) should be compared to the
tolerable deviation rate, and not the risk of assessing control risk too low
F.53 Examples of Deviations
a 1 While not technically conforming to the control policy, the fact that some
indication was placed next to the quantities suggests that this would not be classified as a deviation
2 Professional standards are explicit in noting that a missing document should be
classified as a deviation
3 The fact that the invoice is marked as “VOID” provides some evidence that the
shipment was not made; accordingly, it does not appear that this would be classified as a deviation However, the invoice should be replaced with another randomly selected invoice
4 While the quantities may have been properly checked, the fact that this is not
noted on an item-by-item basis may indicate that the employee hurriedly reviewed the invoice and did not perform the work This would likely be classified as a deviation
5 The fact that check marks were only placed adjacent to items located in the same
location of the warehouse indicates that only these quantities were verified Accordingly, this invoice would be classified as a deviation
b The fallacy in assuming that the controls relating to the remaining 95 invoices were being
performed properly is that an employee could merely place a check mark on the invoice without reviewing the quantities (because of time pressure, lack of care, etc.)
F.54 Examples of Deviations
a Shown below are the most common tests of controls that could be used for the particular
control described Other possible tests of controls are acceptable, but would typically provide weaker evidence (for example, an auditor could observe various controls related
to documentary evidence, but inspecting the documentary evidence generally provides stronger evidence as to the operating effectiveness of the control)
1 Observe the segregation of duties or inquire of appropriate individuals as to the
segregation of duties
Trang 132 Inspect documentary evidence of approval of purchase orders by appropriate
personnel
3 Inspect documentary evidence of matching vendor invoices to purchase orders
by appropriate personnel
F.54 Examples of Deviations (part a, Continued)
4 Inspect documentary evidence of mathematical verification of vendor invoices
by appropriate personnel
5 For a sample of cash disbursements, identify an appropriately approved and
mathematically verified vendor invoice
b 1 Individual(s) performing incompatible duties of authorizing the purchase,
preparing the purchase order, and receiving goods and services being purchased
2 Failure of individuals verifying approval of purchases to include their initials on
the purchase order
3 Failure of individuals matching vendor invoices to purchase orders to include
notation of the purchase order number on the vendor invoice
4 Failure of individuals mathematically verifying vendor invoices to include their
initials on the invoice
5 Existence of a payment for an unapproved vendor invoice
c 1 This should be classified as a deviation The fact that this was a “one time”
occurrence does not compensate for the potential problems that arise when the individual who authorizes a transaction also receives custody of the goods and services related to the transaction While it may have been necessitated because
of urgency, the goods and services could have been received by another party
2 This would likely not be classified as a deviation In this particular instance,
while the individual did not strictly comply with the control policy, her signaturesuggests that the purchase order was reviewed and appropriate verified
3 The classification of this item is debatable On one hand, the fact that the words
“OK, approved” were written suggests that client personnel reviewed the purchase order related to the vendor invoice However, the fact that the specific purchase order number was not noted may indicate that the purchase order was not examined or was examined in a hurried manner This would likely be classified as a deviation, primarily because the purchase order number was not included
Trang 144 Professional standards are explicit in stating that a missing document should be
classified as a deviation Therefore, the failure to locate the vendor invoice should be classified as a deviation
5 This would not be classified as a deviation, since each of the invoices included
in the payment were properly authorized by Parker’s personnel
d Once identified by Perry, the number of deviations (along with the acceptable level of the
risk of assessing control risk too low and the sample size) are used to calculate the upper limit deviation rate The upper limit deviation rate is then compared to the tolerable deviation rate If the upper limit deviation rate exceeds the tolerable deviation rate, Perry would conclude that the control is not functioning effectively; in response, Perry would reduce the planned level of reliance on internal control and increase control risk If the upper limit deviation rate is less than the tolerable deviation rate, Perry would conclude that the control is functioning effectively, rely on internal control as planned, and maintain control risk at planned levels
F.55 Examples of Deviations
a A deviation is an instance in which the client and/or its personnel do not follow
prescribed controls An example of a deviation from this control would be a sale processed to a customer without an approved credit authorization
b The audit team considers deviations in (1) determining the necessary sample size and (2)
evaluating the sample results
In determining the necessary sample size, the audit team considers both the extent of deviations that are likely to be present in the population (expected deviation rate) as well
as the maximum rate of deviations permissible without modifying the planned reliance oninternal controls(tolerable deviation rate)
In evaluating sample results, the audit team considers the number of deviations actually identified during the tests of controls as well as the tolerable deviation rate
c The audit team would select a sample of sales made to customers and verify the existence
of a credit authorization
d 1 Because these deviations were inadvertent mistakes and omissions, Jones would
not have increased concern about these deviations beyond their impact on the ability to rely on the internal control policy The fact that they were made by a number of different employees and occurred throughout the period indicates thatthey may be the result of careless behavior on the part of Hicks’ employees and may suggest the need for a greater level of emphasis on important control policies by management
2 Like (1), the inadvertent nature of these deviations does not increase Jones’ concern
about the deviations beyond their impact on his ability to rely on the internal control policy In this case, the fact that they were made by one individual during his first month with Hicks Company suggests that they were a result of his inexperience and not carelessness
Trang 153 Because these deviations were the result of intentional actions on the part of Hicks
Company’s employees, they should be discussed with the client and its audit committee The audit team should consider why employees committed these actions, and the effect on the financial statements of their actions This would certainly increase the auditor's assessment of risk of material misstatement
F.56 Timing of Test of Controls and Sample Selection
SUBJECT: Interim evaluation of control over cash disbursement authorization
I audited 80 cash disbursements as of September 30 for compliance with the company control procedure requiring authorization of cash disbursements I found no deviations Had this audit sampling been performed at December 31 for the entire year’s disbursements, I would be prepared
to assign a low control risk (20 percent) This favorable evaluation would enable us to perform the planned analytical procedures to expenses and perform the level of inventory observation work specified in the preliminary audit program With a higher control risk, the audit team would need
to do more work in both areas
Requirements
According to auditing standards, the audit team needs to determine whether the authorization control procedure worked as well during October-December period as it did for the period January-September I think the audit team should audit the other 20 disbursements to make this determination
Options
1 The audit team cannot elect to forgo all further work on the control for the October-December
remaining period
2 The audit team can complete the sampling application by examining 20 additional sampling
units selected at random This approach will probably be the least costly because it will
be relatively easy to evaluate the additional 20 sampling units to determine whether the control is functioning effectively
3 The audit team could make inquiries about the operating effectiveness of the authorization
control during the time period from October-December However, declarations from client personnel that the control “was functioning just fine” would not be good evidence
of continued operating effectiveness Unless this inquiry reveals that the control is no longer performed, inquiry would not provide much information
4 The three-month length of the remaining period is enough for concern The audit team should
Trang 165 If the dollar amount of transactions affected by the operating effectiveness of the
authorization control were substantially reduced, the audit team would not need to be as concerned about the control However, cash disbursements are not likely to become unimportant under these circumstances
6 The audit team could forgo examining an additional 20 items and take its chances that the
planned amount of analytical procedures for expenses and work on inventory observationwould also reveal any control breakdown in October-December I do not recommend such action in the circumstances because (a) we should evaluate control risk in order to plan the extent of the other work, (b) the cost of examining an additional 20 items is not high, (c) audit completion might be delayed if we detect a control breakdown later in the audit, and (d) in these circumstances the dual-purpose nature of the other work may turn out to be circular and inefficient
I trust I have made my preference for completing the test of controls for the authorization control related to cash disbursements clear I think this work should be done no earlier than December 20.F.57 Sample Selection
a In this case, the challenge is the fact that the checking accounts have overlapping check
numbers Checks written on Account 2 could be considered as numbers 0001 through 6,000 and checks written on Account 1 could be considered as 6001 through 9000 (simply add 2,368 to each check number)
For unrestricted random selection, you could identify random numbers between 1 and 9,000 and select the associated check For systematic random selection, you would choose a random starting point, calculate the sampling interval, and proceed through the population of checks
b In this case, the challenge is that random numbers 1 through 8,999 would be discarded in
an unrestricted random selection method You could convert the five-digit sequence (9,000 – 13,999) to a four-digit sequence by subtracting the constant 8,999 from each purchase order number This would yield purchase orders numbered 0001 through 5,000
If the above adjustments are made, when using unrestricted random selection, identifying random numbers between 0001 and 5,000 would provide you with the item selected If you are concerned about discarding random numbers 5,001 through 9,999, you could create a duplicate set of purchase order numbers by adding the constant 5,000 to each number As a result, item 1 would have two random numbers: 0001 and 5,001 However, you should be certain not to select the same item using two different random numbers.With respect to systematic random selection, you would choose a random starting point, calculate the sampling interval, and proceed through the population of purchase orders However, you would not create a duplicate set of purchase orders; when you reached the end of the population; you merely begin applying the sampling interval to the beginning
of the population until the appropriate number of items is selected
c In this case, the challenge is the sheer magnitude of the listing and the time it would take
to select the sample You can think of this listing as containing a total of 3,750 records [(74 pages x 50 items = 3,700) + 40 items on last page = 3,740 items]