EXPOSURE DRAFT PROPOSED STATEMENT ON AUDITING STANDARDS AUDIT SAMPLING (REDRAFTED)

Transcription

1 EXPOSURE DRAFT PROPOSED STATEMENT ON AUDITING STANDARDS AUDIT SAMPLING (REDRAFTED) (To supersede Statement on Auditing Standards No. 39, Audit Sampling [AICPA, Professional Standards, vol. 1, AU sec. 350]) February 23, 2009 Comments are requested by May 29, 2009 Prepared by the AICPA Auditing Standards Board for comment from persons interested in auditing and reporting issues. Comments should be addressed to Sherry Hazel at

2 Copyright 2009 by American Institute of Certified Public Accountants, Inc. New York, NY Permission is granted to make copies of this work provided that such copies are for personal, intraorganizational, or educational use only and are not sold or disseminated and provided further that each copy bears the following credit line: Copyright 2009 by American Institute of Certified Public Accountants, Inc. Used with permission. 2

3 CONTENTS Page Explanatory Memorandum Introduction... 4 Background... 4 Effective Date... 5 Changes from Existing Standards... 5 Guide for Respondents... 6 Supplements to the Exposure Draft... 6 Comment Period... 7 Auditing Standards Board Members... 8 Vote of the Auditing Standards Board... 9 Exposure Draft Proposed Statement on Auditing Standards Audit Sampling (Redrafted)

4 Explanatory Memorandum Introduction This memorandum provides background to the proposed Statement on Auditing Standards (SAS) Audit Sampling (Redrafted). This proposed SAS would supersede SAS No. 39, Audit Sampling (AICPA, Professional Standards, vol. 1, AU sec. 350). The accompanying proposed SAS represents the redrafting of SAS No. 39 to apply the Auditing Standards Board s (ASB s) clarity drafting conventions and to converge with International Standard on Auditing (ISA) No. 530 (Redrafted), Audit Sampling, as discussed in the following sections. 1 Background Clarity To address concerns over the clarity, length, and complexity of its standards, the ASB is currently making a significant effort to clarify the SASs. The ASB issued a discussion paper, Improving the Clarity of ASB Standards, 2 in March In response to the feedback received on the discussion paper and subsequent discussions with interested parties, the ASB has established clarity drafting conventions and has undertaken to revise all of its SASs in accordance with those conventions. The proposed has been drafted in accordance with the ASB s clarity drafting conventions, which include the following: Establishing objectives for each of the standards Including a definitions section, where relevant, in the standards Separating requirements from application and other explanatory material Numbering application and other explanatory material paragraphs using an A- prefix and presenting them in a separate section that follows the requirements section Using formatting techniques, such as bulleted lists, to enhance readability Including, where appropriate, special considerations relevant to audits of smaller, less complex entities within the text of the standards Including, where appropriate, special considerations relevant to audits of governmental entities within the text of the standards 1 The Clarity Project Explanatory Memorandum provides a more detailed discussion of the Auditing Standards Board s (ASB s) Clarity Project. 2 The discussion paper is available online at proving+the+clarity+of+asb+standards.htm. 4

5 Convergence Consistent with the ASB s strategy to converge its standards with those of the International Auditing and Assurance Standards Board (IAASB), 3 the proposed SAS has been drafted using ISA No. 530 (Redrafted) as a base. Differences between the proposed SAS and ISA No. 530 (Redrafted) for which the ASB believes no compelling reason exists have been eliminated. Differences in objectives, definitions, or requirements between the proposed SAS and ISA No. 530 (Redrafted) are identified in exhibit B to the exposure draft. The ASB has made various changes to the language of the ISA to use terms or phrases that are more commonly used in the United States, and to tailor examples and guidance to be more appropriate to the U.S. environment. The ASB believes that such changes will not create differences between the application of ISA No. 530 (Redrafted) and the application of the proposed SAS. Effective Date The proposed SAS would be effective for audits of financial statements for periods beginning on or after December 15, This effective date is provisional but will not be earlier than December 15, Changes From Existing Standards The proposed SAS does not change or expand SAS No. 39 in any significant respect. To reflect a more principles-based approach to standard setting, certain requirements that are duplicative of broader requirements in SAS No. 39 have been moved to application and other explanatory material, consistent with ISA No. 530 (Redrafted). In the ASB s view, this has not changed the overall effectiveness of the proposed SAS. Issue for Consideration The ASB asks respondents to specifically consider whether the wording of paragraph A17 of the proposed SAS is appropriate as drafted because the application guidance would suggest that only two methods to select nonstatistical sampling exist haphazard or random based selection. Haphazard selection is defined in paragraph 5 of the proposed SAS and examples of random selection techniques are provided in paragraph A5 of the proposed SAS. Should the proposed SAS expand on the application guidance of random based methods to specifically address, for example, block sampling when it is designed to be considered a random based selection? The ASB decided not include block sampling as a selection technique in the proposed SAS because selection techniques are addressed more extensively, and in their proper context, in the AICPA Audit Guide Audit Sampling. Exhibit A of the proposed SAS provides a summary outline of the Audit Guide. 3 The ASB s convergence paper is available online at 5

6 Guide for Respondents The ASB is seeking comments specifically on changes resulting from applying the clarity drafting conventions and converging with the ISA, and their effect on the content of the SAS. Respondents are asked to respond, in particular, to the following questions: 1. Are the auditor s objectives appropriate? 2. Are the revisions made to converge the existing standard with ISA No. 530 (Redrafted) appropriate? 3. Are the differences between the proposed SAS and ISA No. 530 (Redrafted) identified in the exhibit, and other language changes, appropriate? Comments are most helpful when they refer to specific paragraphs, include the reasons for the comments, and, where appropriate, make specific suggestions for any proposed changes to wording. When a respondent agrees with proposals in the exposure draft, it will be helpful for the ASB to be made aware of this view, as well. Written comments on the exposure draft will become part of the public record of the AICPA and will be available for public inspection at the offices of the AICPA after June 30, 2009 for one year. Responses should be sent to Sherry Hazel at shazel@aicpa.org and received by May 29, Supplements to the Exposure Draft To assist respondents in identifying changes and in responding to this request to comment on the proposed SAS, the Audit and Attest Standards staff has the following prepared supplementary material: 1. A matrix document, which compares ISA No. 530 (Redrafted), the proposed SAS, and extant AU section 350. The schedule has four columns containing the following: a. ISA No. 530 (Redrafted) b. The proposed SAS, marked to show differences in language between the ISA and the proposed SAS (new and deleted material are shown in colored track changes) c. The requirements and guidance in extant AU section 350, mapped against the proposed SAS to demonstrate how the material in AU section 350 has been reflected in the proposed SAS d. Comments and rationale 2. A mapping document, which maps the requirements and guidance contained within AU section 350 to the proposed SAS to demonstrate how the material in AU section 350 has been reflected in the proposed SAS. This staff-prepared supplementary material is available on the AICPA Web site at ards/improving+the+clarity+of+asb+standards/default.htm. It is for information purposes 6

7 only and does not form part of the exposure draft; however, it may be useful for respondents in formulating comments. Comment Period The comment period for this exposure draft ends on May 29,

8 Auditing Standards Board ( ) Harold L. Monk, Jr., Chair Ernest F. Baugh, Jr. Sheila M. Birch Jacob J. Cohen Walton T. Conn, Jr. Anthony J. Costantini Charles E. Frasier Nicholas J. Mastracchio, Jr. Jorge Milo Andrew M. Mintzer Thomas A. Ratcliffe Randy C. Roberts Darrel R. Schubert Thomas M. Stemlar Mark H. Taylor Phil D. Wedemeyer Stephanie A. Westington Arthur M. Winstead, Jr. Megan F. Zietsman Audit Sampling Task Force Robert D. Dohrer, Chair Darrel R. Schubert Douglas F. Prawitt Abraham D. Akresh The Auditing Standards Board gratefully acknowledges John A. Fogarty whose insightful perspective about the international standards has been extremely valuable to the project. AICPA Staff Charles E. Landes Vice President Professional Standards and Services Hiram Hasty Technical Manager Audit and Attest Standards 8

9 Vote of the Auditing Standards Board Proposed Statement on Auditing Standards (SAS) Audit Sampling (Redrafted) was adopted by the assenting votes of 18 members of the Auditing Standards Board. Dr. Nicholas J. Mastracchio, Jr. dissented. In dissenting, Dr. Mastracchio provided the following statement: There are only two ways to draw conclusions regarding attributes about a population: 1. Examine the entire population 2. Take a representative sample and project the results to the population: There are two ways to take a sample: 1. Statistical 2. Nonstatistical This SAS limits nonstatistical sampling to a random based method: Haphazard selection. The approximation of random selection without the use of a structured selection technique, such as a random number generator.... With nonstatistical sampling, haphazard, or random based selection is used to select sample items. Therefore, it appears to make any sampling method that the auditor believes is representative but is not random based (a nondefined term in the standard). For example, assume in an audit of a small manufacturing company, the auditor decides to determine whether time sheets agree with the actually paid hours. The auditor arbitrarily selects the first and last weekly pay period of each quarter believing they are representative of the pay activity. The auditor finds no discrepancies and concludes that the hourly pay is based on the correct number of hours. I believe this standard would lead to the conclusion that this procedure was not done in accordance with auditing standards. If the intended consequences are as previously described then the standard should be more specific. If it is not, then paragraph A17 should add the word typically to the sentence on nonstatistical sampling to allow for other representative procedures. The exposure draft is not sufficiently clear concerning representative samples not randomly selected. 9

10 PROPOSED STATEMENT ON AUDITING STANDARDS AUDIT SAMPLING (REDRAFTED) CONTENTS Paragraph Introduction Scope of This Proposed Statement on Auditing Standards Effective Date...3 Objective...4 Definitions...5 Requirements Sample Design, Size, and Selection of Items for Testing Performing Audit Procedures Nature and Cause of Deviations and Misstatements...12 Projecting Misstatements...13 Evaluating Results of Audit Sampling...14 Application and Other Explanatory Material Definitions... A1 A6 Sample Design, Size, and Selection of Items for Testing... A7 A18 Performing Audit Procedures... A19 A21 Nature and Cause of Deviations and Misstatements... A22 A24 Projecting Misstatements... A25 A26 Evaluating Results of Audit Sampling... A27 A29 Exhibit A: Summary Outline of Audit Guide Audit Sampling... A30 Exhibit B: Comparison of Requirements of Proposed Statement on Auditing Standards Audit Sampling (Redrafted) With Requirements of International Standard on Auditing No. 530 (Redrafted), Audit Sampling... A31 10

11 Proposed Statement on Auditing Standards Audit Sampling (Redrafted) Introduction Scope of This Proposed Statement on Auditing Standards 1. This proposed Statement on Auditing Standards (SAS) applies when the auditor has decided to use audit sampling in performing audit procedures. It addresses the auditor s use of statistical and nonstatistical sampling when designing and selecting the audit sample, performing tests of controls and tests of details, and evaluating the results from the sample. 2. This proposed SAS complements the proposed SAS Audit Evidence (Redrafted), which addresses the auditor s responsibility to design and perform audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. Paragraphs A22 A28 of the proposed SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) provide guidance on the means available to the auditor for selecting items for testing, of which audit sampling is one means. Effective Date 3. This proposed SAS is effective for audits of financial statements for periods beginning on or after December 15, Objective 4. The objective of the auditor when using audit sampling is to provide a reasonable basis for the auditor to draw conclusions about the population from which the sample is selected. Definitions 5. For purposes of generally accepted auditing standards, the following terms have the meanings attributed as follows: Audit sampling (sampling). The selection and evaluation of a sample of items from a population of audit relevance such that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population. In this context, representative means that the sample will result in conclusions that, subject to the limitations of sampling risk, are similar to those that would be drawn if the same procedures were applied to the entire population. (Ref: par. A1). 1 This date is provisional but will not be earlier than December 15,

12 Haphazard selection. The approximation of random selection without the use of a structured selection technique, such as a random number generator. It is the selection of sampling units without any intentional bias; that is, without any special reason for including or omitting items from the sample. Haphazard selection does not consist of selecting sampling units in a careless manner and is implemented in a manner such that the auditor expects the resulting sample to be representative of the population. Population. The entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions. Sampling risk. The risk that the auditor s conclusion based on a sample may be different from the conclusion if the entire population was subjected to the same audit procedure. Sampling risk can lead to two types of erroneous conclusions: (Ref: par. A2) a. In the case of a test of controls, that controls are more effective than they actually are or, in the case of a test of details, that a material misstatement does not exist when in fact it does. The auditor is primarily concerned with this type of erroneous conclusion because it affects audit effectiveness and is more likely to lead to an inappropriate audit opinion. b. In the case of a test of controls, that controls are less effective than they actually are or, in the case of a test of details, that a material misstatement exists when in fact it does not. This type of erroneous conclusion affects audit efficiency as it would usually lead to additional work to establish that initial conclusions were incorrect. Nonsampling risk. The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk. (Ref: par. A3) Sampling unit. The individual items constituting a population. (Ref: par. A4) Statistical sampling. An approach to sampling that has the following characteristics: a. Random selection of the sample items (Ref: par. A5) b. The use of an appropriate statistical technique to evaluate sample results, including measurement of sampling risk A sampling approach that does not have characteristics (a) and (b) is considered nonstatistical sampling. Stratification. The process of dividing a population into subpopulations, each of which is a group of sampling units that are intended to have similar characteristics (often monetary value). Tolerable misstatement. A monetary amount set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the monetary amount set by the auditor is not exceeded by the actual misstatement in the population. (Ref: par. A6) 12

13 Tolerable rate of deviation. A rate of deviation from prescribed internal control procedures set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of deviation set by the auditor is not exceeded by the actual rate of deviation in the population. Requirements Sample Design, Size, and Selection of Items for Testing 6. When designing an audit sample, the auditor should consider the purpose of the audit procedure and the characteristics of the population from which the sample will be drawn. (Ref: par. A7 A12) 7. The auditor should determine a sample size sufficient to reduce sampling risk to an acceptably low level. (Ref: par. A13 A15 ) 8. The auditor should select items for the sample in such a way that the auditor can reasonably expect the sample to be free of intentional bias and thus will be representative of the relevant population and likely to provide the auditor a reasonable basis for conclusions about the population. (Ref: par. A16 A18) Performing Audit Procedures 9. The auditor should perform audit procedures, appropriate to the purpose, on each item selected. 10. If the audit procedure is not applicable to the selected item, the auditor should perform the procedure on a replacement item. (Ref: par. A19) 11. If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures, to a selected item, the auditor should treat that item as a deviation from the prescribed control, in the case of tests of controls, or a misstatement, in the case of tests of details. (Ref: par. A20 A21) Nature and Cause of Deviations and Misstatements 12. The auditor should investigate the nature and cause of any deviations or misstatements identified and evaluate their possible effect on the purpose of the audit procedure and on other areas of the audit. (Ref: par. A22 A24) Projecting Misstatements 13. For tests of details, the auditor should project misstatements found in the sample to the population. (Ref: par. A25 A26) Evaluating Results of Audit Sampling 14. The auditor should evaluate a. the results of the sample and (Ref: par. A27 A29) 13

14 b. whether the use of audit sampling has provided a reasonable basis for conclusions about the population that has been tested. (Ref: par. A28 A29) Application and Other Explanatory Material Definitions Audit Sampling (Ref: par. 5) A1. There may be audit procedures that are not considered audit sampling but that involve examination of fewer than 100 percent of the items composing an account balance or class of transactions. For example, an auditor may examine only a few transactions from an account balance or class of transactions to (a) gain an understanding of the nature of an entity's operations or (b) clarify the auditor s understanding of the entity's internal control. In such cases, the guidance in this statement is not applicable. Sampling Risk (Ref: par. 5) A2. The risk of incorrect rejection and the risk of assessing control risk too high relate to the efficiency of the audit. For example, if the auditor's evaluation of an audit sample leads the auditor to the initial erroneous conclusion that a balance is materially misstated when it is not, the application of additional audit procedures and consideration of other audit evidence might lead the auditor to the correct conclusion. Similarly, if the auditor's evaluation of a sample leads him or her to unnecessarily assess control risk too high for an assertion, the auditor might increase the scope of substantive procedures to compensate for the perceived ineffectiveness of the controls. Although the audit may be less efficient in these circumstances, the audit is, nevertheless, effective. Nonsampling Risk (Ref: par. 5) A3. Examples of nonsampling risk include use of inappropriate audit procedures, or misinterpretation of audit evidence and failure to recognize a misstatement or deviation. Nonsampling risk can be reduced to an acceptable level through such factors as adequate planning and supervision (see proposed SAS Planning an Audit [Redrafted]) and proper conduct of a firm's audit practice (see AU section 161, The Relationship of Generally Accepted Auditing Standards to Quality Control Standards [AICPA, Professional Standards, vol. 1]). Sampling Unit (Ref: par. 5) A4. The sampling units might be physical items (for example, checks listed on deposit slips, credit entries on bank statements, sales invoices, or debtors balances) or monetary units. Statistical Sampling (Ref: par. 5) A5. Random selection techniques include the following: a. Simple random b. Systematic random 14

15 c. Monetary unit d. Probability weighted See exhibit A, Summary Outline of Audit Guide, of this proposed SAS. Tolerable Misstatement (Ref: par. 5) A6. The auditor is required by paragraph 11 of the proposed SAS Materiality in Planning and Performing an Audit (Redrafted) to determine performance materiality. Performance materiality is determined in order to address the risk that the aggregate of individually immaterial misstatements may cause the financial statements to be materially misstated and provide a margin for possible undetected misstatements. Tolerable misstatement is the application of performance materiality to a particular sampling procedure. Tolerable misstatement may be the same amount or an amount lower than performance materiality (for example, when the sample population is lower than the account balance). Sample Design, Size, and Selection of Items for Testing Sample Design (Ref: par. 6) A7. Audit sampling enables the auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form or assist in forming a conclusion concerning the population from which the sample is drawn. Audit sampling can be applied using either nonstatistical or statistical sampling approaches. A8. When designing an audit sample, the auditor s consideration includes the specific purpose to be achieved and the combination of audit procedures that is likely to achieve that purpose. Consideration of the nature of the audit evidence sought and possible deviation or misstatement conditions or other characteristics relating to that audit evidence will assist the auditor in defining what constitutes a deviation or misstatement and what population to use for sampling. In fulfilling the requirement of paragraph 8 of the proposed SAS Audit Evidence (Redrafted), when performing audit sampling, the auditor is required to perform audit procedures to obtain evidence that the population from which the audit sample is drawn is complete. A9. The auditor is required by paragraph 17 of the proposed SAS Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standardsto obtain reasonable assurance, which means the auditor should obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor s opinion. As detection risk for substantive procedures directed toward a specific audit objective decreases, the auditor's allowable risk of incorrect acceptance for the substantive tests of details also decreases, and thus the required sample size for the substantive tests of details increases. A10. The auditor s consideration of the purpose of the audit procedure, as required by paragraph 6, includes a clear understanding of what constitutes a deviation or misstatement so that all, and only, those conditions that are relevant to the purpose of the audit procedure are 15

16 included in the evaluation of deviations or projection of misstatements. For example, in a test of details relating to the existence of accounts receivable, such as confirmation, payments made by the customer before the confirmation date but received shortly after that date by the client are not considered a misstatement. Also, an incorrect posting between customer accounts does not affect the total accounts receivable balance. Therefore, it may not be appropriate to consider this a misstatement in evaluating the sample results of this particular audit procedure, even though it may have an important effect on other areas of the audit, such as the assessment of the risk of fraud or the adequacy of the allowance for doubtful accounts. A11. In considering the characteristics of a population for tests of controls, the auditor makes an assessment of the expected rate of deviation based on the auditor s understanding of the relevant controls or on the examination of a small number of items from the population. This assessment is made in order to design an audit sample and to determine sample size. For example, if the expected rate of deviation is unacceptably high, the auditor will normally decide not to perform tests of controls. Similarly, for tests of details, the auditor makes an assessment of the expected misstatement in the population. If the expected misstatement is high, 100 percent examination or use of a large sample size may be appropriate when performing tests of details. A12. In considering the characteristics of the population from which the sample will be drawn, the auditor may determine that stratification or value-weighted selection is appropriate. Sample Size (Ref: par. 7) A13. The level of sampling risk that the auditor is willing to accept affects the sample size required. The lower the risk the auditor is willing to accept, the greater the sample size will need to be. Any items that the auditor has decided to examine 100 percent are not part of the items subject to sampling and thus not subject to sampling risk. Other items that, in the auditor's judgment, need to be tested to fulfill the audit objective, but need not be examined 100 percent, would be subject to sampling. A14. The sample size can be determined by the application of a statistically based formula or through the exercise of professional judgment. Various factors typically influence determination of sample size, as follows: For tests of controls: The tolerable rate of deviation for the population to be tested The expected rate of deviation of the population to be tested The desired level of assurance (complement of risk of overreliance) that the tolerable rate of deviation is not exceeded by the actual rate of deviation in the population; the auditor may decide the desired level of assurance based on the extent to which the auditor's risk assessment takes into account relevant controls The number of sampling units in the population if the population is very small (for example, fewer than 500 sampling units) For substantive tests of details: 16

17 The auditor's desired level of assurance (complement of risk of incorrect acceptance) that tolerable misstatement is not exceeded by actual misstatement in the population; the auditor may decide the desired level of assurance based on the following: The auditor's assessment of the risk of material misstatement The assurance obtained from other substantive procedures directed at the same assertion Tolerable misstatement Expected misstatement for the population Stratification of the population when performed For some sampling methods, the number of sampling units in each stratum A15. The decision whether to use a statistical or nonstatistical sampling approach is a matter for the auditor s judgment; however, sample size is not a valid criterion to decide between statistical and nonstatistical approaches. An auditor who applies statistical sampling uses tables or formulas to compute sample size based on the judgments in paragraph A14. An auditor who applies nonstatistical sampling uses professional judgment to relate the same factors used in statistical sampling in determining the appropriate sample size. Ordinarily, this would result in a sample size comparable to the sample size resulting from an efficient and effectively designed statistical sample, considering the same sampling parameters. This guidance does not suggest that the auditor using nonstatistical sampling also compute a corresponding sample size using an appropriate statistical technique. Selection of Items for Testing (Ref: par. 8) A16. To be considered representative, an audit sample is selected in a manner such that the auditor can reasonably expect that the sample is free of intentional bias or preference. A17. With statistical sampling, sample items are selected in a way that each sampling unit has a known probability of being selected. With nonstatistical sampling, haphazard or random-based selection is used to select sample items. A18. The principal methods of selecting samples are the use of random selection, systematic selection, and haphazard selection. Performing Audit Procedures (Ref: par ) A19. An example of when it is necessary to perform the procedure on a replacement item is when a voided check is selected while testing for evidence of payment authorization. If the auditor is satisfied that the check has been properly voided such that it does not constitute a deviation, an appropriately chosen replacement is examined. Another example is a telephone expense item selected as part of a sample for which a deviation has been defined as a transaction not supported by receiving report; telephone expense may not be expected to be supported by a receiving report. If the auditor has obtained assurance that the transaction is not applicable and does not represent a deviation from the prescribed control, the auditor would replace the item with another transaction for testing the relevant control. 17

18 A20. In some circumstances the auditor may not be able to apply the planned audit procedures to selected sample items; because, for example, the entity might not be able to locate supporting documentation. The auditor's treatment of unexamined items will depend on their effect on the auditor s evaluation of the sample. If the auditor's evaluation of the sample results would not be altered by considering those unexamined items to be misstated, it may not be necessary to examine the items. However, if considering those unexamined items to be misstated would lead to a conclusion that the balance or class contains material misstatement, the auditor may consider alternative audit procedures that would provide sufficient appropriate audit evidence to form a conclusion. AU section 316, Consideration of Fraud in a Financial Statement Audit (AICPA, Professional Standards, vol. 1), also requires the auditor to consider whether the reasons for the auditor s inability to examine the items have implications in relation to assessing risks of material misstatement due to fraud, the assessed level of control risk that the auditor expects to be supported, or the degree of reliance on management representations. A21. An example of a suitable alternative procedure might be the examination of subsequent cash receipts together with evidence of their source and the items they are intended to settle when no reply has been received in response to a positive confirmation request. Nature and Cause of Deviations and Misstatements (Ref: par. 12) A22. In analyzing the deviations and misstatements identified, the auditor may observe that many have a common feature; for example, type of transaction, location, product line, or period of time. In such circumstances, the auditor may decide to identify all items in the population that possess the common feature and extend audit procedures to those items. In addition, such deviations or misstatements may be intentional and may indicate the possibility of fraud. A23. In addition to the evaluation of the frequency and amounts of monetary misstatements, paragraph 11 of the proposed SAS Evaluation of Misstatements Identified During the Audit requires the auditor to consider the qualitative aspects of the misstatements. These include (a) the nature and cause of misstatements, such as whether they are differences in principle or in application, are errors or are caused by fraud, or are due to misunderstanding of instructions, or to carelessness, and (b) the possible relationship of the misstatements to other phases of the audit. The discovery of fraud requires a broader consideration of possible implications than does the discovery of an error. A24. A representative sample is expected to be representative of the population only with respect to the incidence of misstatements or deviations and not necessarily with respect to their nature. The auditor may not assume that the observed incidence of misstatements or deviations in the sample is not representative of the population because a misstatement or deviation included in the sample is caused by unusual circumstances (sometimes referred to as an anomalous or isolated misstatement or deviation). 18

19 Projecting Misstatements (Ref: par. 13) A25. The auditor is required by paragraph 13 to project misstatements for the population to obtain a broad view of the scale of misstatement, but this projection may not be sufficient to determine an amount to be recorded. A26. For tests of controls, no explicit projection of deviations is necessary because the sample deviation rate is also the projected deviation rate for the population as a whole. Paragraphs 18 and A50 of the proposed SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) address when deviations from controls upon which the auditor intends to rely are detected. Evaluating Results of Audit Sampling (Ref: par. 14) A27. For tests of controls, an unexpectedly high sample deviation rate may lead to an increase in the assessed risks of material misstatement unless further audit evidence substantiating the initial assessment is obtained. For tests of details, an unexpectedly high misstatement amount in a sample may cause the auditor to believe that a class of transactions or account balance is materially misstated in the absence of further audit evidence that no material misstatement exists. A28. In the case of tests of details, the projected misstatement is the auditor s best estimate of misstatement in the population. As the projected misstatement approaches or exceeds tolerable misstatement, the more likely it is that actual misstatement in the population may exceed tolerable misstatement. Also, if the projected misstatement is greater than the auditor s expectations of misstatement used to determine the sample size, the auditor may conclude that an unacceptable sampling risk exists that the actual misstatement in the population exceeds the tolerable misstatement. Considering the results of other audit procedures helps the auditor to assess the risk that actual misstatement in the population exceeds tolerable misstatement; and, the risk may be reduced if additional audit evidence is obtained. A29. If the auditor concludes that audit sampling has not provided a reasonable basis for conclusions about the population that has been tested, the auditor may request management to investigate misstatements that have been identified and the potential for further misstatements and to make any necessary adjustments, or tailor the nature, timing, and extent of those further audit procedures to best achieve the required assurance. For example, in the case of tests of controls, the auditor might extend the sample size, test an alternative control, or modify related substantive procedures. Proposed SAS Evaluation of Misstatements Identified During the Audit addresses misstatements identified by the auditor during the audit. 19

20 A30. Exhibit A: Summary Outline of Audit Guide Audit Sampling (Ref: par. A5) 1. The AICPA Audit Guide Audit Sampling provides guidance to help auditors apply audit sampling in accordance with AU section 350, Audit Sampling (AICPA, Professional Standards, vol. 1). The Audit Guide provides practical guidance on the use of nonstatistical and statistical sampling in auditing. In many cases, auditors may apply procedures not involving audit sampling to account balances or classes of transactions. 2. The Audit Guide discusses several approaches to the application of sampling in auditing. It does not discuss the use of sampling if the objective of the application is to develop an original estimate of quantities or amounts. To avoid a complex, highly technical presentation, the Audit Guide does not include guidance on every possible valid method of selecting and evaluating audit samples. It also does not discuss the mathematical formulas underlying statistical sampling because knowledge of statistical sampling formulas, which was once required to apply statistical sampling in auditing, is no longer as important because the formulas are often imbedded in software that assists the auditor in sizing, selecting, and evaluating the sample. The Audit Guide assumes that the auditor uses appropriate and reliable computer programs or tables to perform the calculations and selections necessary for statistical sampling. 3. The Audit Guide is organized as follows: Chapter 1 defines audit sampling and illustrates the difference between procedures that involve audit sampling and those that do not involve audit sampling. Chapter 2 provides overviews of the audit sampling process and the various approaches to audit sampling. Chapter 3 provides guidance on the use of nonstatistical and statistical audit sampling for tests of controls. Chapter 4 provides general guidance on the use of nonstatistical and statistical audit sampling for substantive tests. Chapter 5 provides a case study for nonstatistical sampling applications for substantive procedures. Chapter 6 discusses monetary unit sampling. Chapter 7 discusses classical variables sampling techniques using computer programs. 20

21 Chapters 6 and 7 include case studies illustrating the application of the guidance. The Audit Guide includes the following appendixes: Appendix A: Attributes Statistical Sampling Tables Appendix B: Sequential Sampling for Tests of Controls Appendix C: Monetary Unit Sampling Tables Appendix D: Ratio of Desired Allowance for Sampling Risk of Incorrect Rejection to Tolerable Misstatement Appendix E: Multilocation Sampling Considerations Appendix F: Glossary Appendix G: Major Existing Differences between AICPA Standards and PCAOB Standards Appendix H: Comparison of the Key Provisions of the Risk Assessment Standards to Previous Standards Appendix I: Schedule of Changes Made to the Text from the Previous Edition The Audit Guide provides several quantitative illustrations of sample sizes based on statistical theory that may be helpful to an auditor applying professional judgment and experience in considering the effect of various planning considerations on sample size when using nonstatistical sampling. 21

22 A31. Exhibit B: Comparison of Requirements of Proposed Statement of Auditing Standards Audit Sampling (Redrafted) With Requirements of International Standard on Auditing No. 530 (Redrafted), Audit Sampling This analysis was prepared by the Audit and Attest Standards staff to highlight differences between the proposed Statement on Auditing Standards Audit Sampling (Redrafted) with the International Standard on Auditing (ISA) No. 530 (Redrafted), Audit Sampling, and the rationale therefore. This analysis is not authoritative and is prepared for informational purposes only. It has not been acted on or reviewed by the Auditing Standards Board (ASB). Definition of Audit Sampling The ASB believes that the ISA No. 530 wording defining audit sampling (paragraph 5) to require the auditor to select items such that each item has a chance of selection is too imprecise to be meaningful. The ASB believes that the definition can be improved if the definition (a) focuses on conclusions about the population and (b) includes the fundamental concept of representativeness. As a result, the definition as set out in ISA No. 530 was amended to capture these two concepts. Paragraph 8 of the proposed SAS, which would establish a requirement with respect to the selection of items in a population, was also amended to reflect the revised definition of audit sampling. Definition of Haphazard Section The ASB believes that the auditor s use of haphazard selection is prevalent in audit practice and it is commonly used in the audit literature. Accordingly, a definition of haphazard selection was added in the proposed SAS. Anomalies The ASB decided to delete the requirement in paragraph 13 of ISA No. 530, which addresses the issue of anomalies. The ASB expressed concerns about terms used in paragraph 13 such as, in the extremely rare circumstances and a high degree of certainty. These terms are not used in U.S. generally accepted auditing standards, and the ASB believes their introduction in the proposed SAS could have unintended consequences. The ASB also believes that the deletion of the requirement to deal with anomaly from the proposed SAS will enhance audit quality because misstatements identified by the auditor during audit sampling will be treated in the same manner as any other misstatement identified by the auditor and thus will prevent the misuse of anomalies. Paragraph A24 of the proposed SAS provides application guidance about anomalies. 22

23 Appendixes and Exhibits The ASB decided to delete the appendixes of ISA No. 530 because the application material contained therein is covered by the AICPA Audit Guide Audit Sampling. 23