The following auditing standard is not the current version and does not reflect any amendments effective on or after December 31, 2016. The current version of the auditing standards can be found  here.

AU Section 350

Audit Sampling

(Supersedes Statement on Auditing Standards No. 1, sections 320A, and 320B.)
Source: SAS No. 39; SAS No. 43; SAS No. 45.
See section 9350 for interpretations of this section.
Effective for periods ended on or after June 25, 1983, unless otherwise indicated.

.01

Audit sampling is the application of an audit procedure to less than 100 percent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. fn 1 This section provides guidance for planning, performing, and evaluating audit samples.

.02

The auditor often is aware of account balances and transactions that may be more likely to contain misstatements. fn 2 He considers this knowledge in planning his procedures, including audit sampling. The auditor usually will have no special knowledge about other account balances and transactions that, in his judgment, will need to be tested to fulfill his audit objectives. Audit sampling is especially useful in these cases.

.03

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

There are two general approaches to audit sampling: nonstatistical and statistical. Both approaches require that the auditor use professional judgment in planning, performing, and evaluating a sample and in relating the evidential matter produced by the sample to other evidential matter when forming a conclusion about the related account balance or class of transactions. Either approach to audit sampling can provide sufficient evidential matter when applied properly. This section applies to both nonstatistical and statistical sampling.

[.04]

[Paragraph deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

.05

The sufficiency of evidential matter is related to the design and size of an audit sample, among other factors. The size of a sample necessary to provide sufficient evidential matter depends on both the objectives and the efficiency of the sample. For a given objective, the efficiency of the sample relates to its design; one sample is more efficient than another if it can achieve the same objectives with a smaller sample size. In general, careful design can produce more efficient samples.

.06

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

In a strict sense, the sample evaluation relates only to the likelihood that existing monetary misstatements or deviations from prescribed controls are proportionately included in the sample, not to the auditor's treatment of such items. Thus, the choice of nonstatistical or statistical sampling does not directly affect the auditor's decisions about the auditing procedures to be applied, the appropriateness of the evidential matter obtained with respect to individual items in the sample, or the actions that might be taken in light of the nature and cause of particular misstatements.

Note: Auditing Standard No. 15, Audit Evidence, discusses the appropriateness of audit evidence, and Auditing Standard No. 14, Evaluating Audit Results, discusses the auditor's responsibilities for evaluating the sufficiency and appropriateness of audit evidence.

Uncertainty and Audit Sampling

.07

Some degree of uncertainty is implicit in the concept of "a reasonable basis for an opinion" referred to in the third standard of field work. The justification for accepting some uncertainty arises from the relationship between such factors as the cost and time required to examine all of the data and the adverse consequences of possible erroneous decisions based on the conclusions resulting from examining only a sample of the data. If these factors do not justify the acceptance of some uncertainty, the only alternative is to examine all of the data. Since this is seldom the case, the basic concept of sampling is well established in auditing practice.

[.08]

[Paragraph deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

.09

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Audit risk includes both uncertainties due to sampling and uncertainties due to factors other than sampling. These aspects of audit risk are sampling risk and nonsampling risk, respectively.

Note: Auditing Standard No. 8, Audit Risk, describes audit risk and its components in a financial statement audit – the risk of material misstatement (consisting of inherent risk and control risk) and detection risk.

.10

Sampling risk arises from the possibility that, when a test of controls or a substantive test is restricted to a sample, the auditor's conclusions may be different from the conclusions he would reach if the test were applied in the same way to all items in the account balance or class of transactions. That is, a particular sample may contain proportionately more or less monetary misstatements or deviations from prescribed controls than exist in the balance or class as a whole. For a sample of a specific design, sampling risk varies inversely with sample size: the smaller the sample size, the greater the sampling risk.

.11

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Nonsampling risk includes all the aspects of audit risk that are not due to sampling. An auditor may apply a procedure to all transactions or balances and still fail to detect a material misstatement. Nonsampling risk includes the possibility of selecting audit procedures that are not appropriate to achieve the specific objective. For example, confirming recorded receivables cannot be relied on to reveal unrecorded receivables. Nonsampling risk also arises because the auditor may fail to recognize misstatements included in documents that he examines, which would make that procedure ineffective even if he were to examine all items. Nonsampling risk can be reduced to a negligible level through such factors as adequate planning and supervision and proper conduct of a firm's audit practice (see section 161, The Relationship of Generally Accepted Auditing Standards to Quality Control Standards).

Sampling Risk

.12

The auditor should apply professional judgment in assessing sampling risk. In performing substantive tests of details the auditor is concerned with two aspects of sampling risk:

  • The risk of incorrect acceptance is the risk that the sample supports the conclusion that the recorded account balance is not materially misstated when it is materially misstated.
  • The risk of incorrect rejection is the risk that the sample supports the conclusion that the recorded account balance is materially misstated when it is not materially misstated.

The auditor is also concerned with two aspects of sampling risk in performing tests of controls when sampling is used:

  • The risk of assessing control risk too low is the risk that the assessed level of control risk based on the sample is less than the true operating effectiveness of the control.
  • The risk of assessing control risk too high is the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control.

.13

The risk of incorrect rejection and the risk of assessing control risk too high relate to the efficiency of the audit. For example, if the auditor's evaluation of an audit sample leads him to the initial erroneous conclusion that a balance is materially misstated when it is not, the application of additional audit procedures and consideration of other audit evidence would ordinarily lead the auditor to the correct conclusion. Similarly, if the auditor's evaluation of a sample leads him to unnecessarily assess control risk too high for an assertion, he would ordinarily increase the scope of substantive tests to compensate for the perceived ineffectiveness of the controls. Although the audit may be less efficient in these circumstances, the audit is, nevertheless, effective.

.14

The risk of incorrect acceptance and the risk of assessing control risk too low relate to the effectiveness of an audit in detecting an existing material misstatement. These risks are discussed in the following paragraphs.

Sampling in Substantive Tests of Details

Planning Samples

.15

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Planning involves developing a strategy for conducting an audit of financial statements. See Auditing Standard No. 9, Audit Planning.

.16

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

When planning a particular sample for a substantive test of details, the auditor should consider

  • The relationship of the sample to the relevant audit objective.
  • Tolerable misstatement. (See paragraphs .18-.18A.)
  • The auditor's allowable risk of incorrect acceptance.
  • Characteristics of the population, that is, the items comprising the account balance or class of transactions of interest.

.17

When planning a particular sample, the auditor should consider the specific audit objective to be achieved and should determine that the audit procedure, or combination of procedures, to be applied will achieve that objective. The auditor should determine that the population from which he draws the sample is appropriate for the specific audit objective. For example, an auditor would not be able to detect understatements of an account due to omitted items by sampling the recorded items. An appropriate sampling plan for detecting such understatements would involve selecting from a source in which the omitted items are included. To illustrate, subsequent cash disbursements might be sampled to test recorded accounts payable for understatement because of omitted purchases, or shipping documents might be sampled for understatement of sales due to shipments made but not recorded as sales.

.18

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Evaluation in monetary terms of the results of a sample for a substantive test of details contributes directly to the auditor's purpose, since such an evaluation can be related to his or her judgment of the monetary amount of misstatements that would be material. When planning a sample for a substantive test of details, the auditor should consider how much monetary misstatement in the related account balance or class of transactions may exist, in combination with other misstatements, without causing the financial statements to be materially misstated. This maximum monetary misstatement for the account balance or class of transactions is called tolerable misstatement.

.18A

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004.]

Paragraphs 8 - 9 of Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an Audit, describe the auditor's responsibilities for determining tolerable misstatement at the account or disclosure level. When the population to be sampled constitutes a portion of an account balance or transaction class, the auditor should determine tolerable misstatement for the population to be sampled for purposes of designing the sampling plan. Tolerable misstatement for the population to be sampled ordinarily should be less than tolerable misstatement for the account balance or transaction class to allow for the possibility that misstatement in the portion of the account or transaction class not subject to audit sampling, individually or in combination with other misstatements, would cause the financial statements to be materially misstated.

.19

The second standard of field work states, "A sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed." After assessing and considering the levels of inherent and control risks, the auditor performs substantive tests to restrict detection risk to an acceptable level. As the assessed levels of inherent risk, control risk, and detection risk for other substantive procedures directed toward the same specific audit objective decreases, the auditor's allowable risk of incorrect acceptance for the substantive tests of details increases and, thus, the smaller the required sample size for the substantive tests of details. For example, if inherent and control risks are assessed at the maximum, and no other substantive tests directed toward the same specific audit objectives are performed, the auditor should allow for a low risk of incorrect acceptance for the substantive tests of details. fn 3 Thus, the auditor would select a larger sample size for the tests of details than if he allowed a higher risk of incorrect acceptance.

[.20]

[Paragraph deleted, effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

.21

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

The sufficiency of tests of details for a particular account balance or class of transactions is related to the individual importance of the items examined as well as to the potential for material misstatement. When planning a sample for a substantive test of details, the auditor uses his judgment to determine which items, if any, in an account balance or class of transactions should be individually examined and which items, if any, should be subject to sampling. The auditor should examine those items for which, in his judgment, acceptance of some sampling risk is not justified. For example, these may include items for which potential misstatements could individually equal or exceed the tolerable misstatement. Any items that the auditor has decided to examine 100 percent are not part of the items subject to sampling. Other items that, in the auditor's judgment, need to be tested to fulfill the audit objective but need not be examined 100 percent, would be subject to sampling.

.22

The auditor may be able to reduce the required sample size by separating items subject to sampling into relatively homogeneous groups on the basis of some characteristic related to the specific audit objective. For example, common bases for such groupings are the recorded or book value of the items, the nature of controls related to processing the items, and special considerations associated with certain items. An appropriate number of items is then selected from each group.

.23

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

To determine the number of items to be selected in a sample for a particular substantive test of details, the auditor should take into account tolerable misstatement for the population; the allowable risk of incorrect acceptance (based on the assessments of inherent risk, control risk, and the detection risk related to the substantive analytical procedures or other relevant substantive tests); and the characteristics of the population, including the expected size and frequency of misstatements.

.23A

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004.]

Table 1 of the Appendix describes the effects of the factors discussed in the preceding paragraph on sample sizes in a statistical or nonstatistical sampling approach. When circumstances are similar, the effect on sample size of those factors should be similar regardless of whether a statistical or nonstatistical approach is used. Thus, when a nonstatistical sampling approach is applied properly, the resulting sample size ordinarily will be comparable to, or larger than, the sample size resulting from an efficient and effectively designed statistical sample.

Sample Selection

.24

Sample items should be selected in such a way that the sample can be expected to be representative of the population. Therefore, all items in the population should have an opportunity to be selected. For example, haphazard and random-based selection of items represents two means of obtaining such samples. fn 4

Performance and Evaluation

.25

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Auditing procedures that are appropriate to the particular audit objective should be applied to each sample item. In some circumstances the auditor may not be able to apply the planned audit procedures to selected sample items because, for example, supporting documentation may be missing. The auditor's treatment of unexamined items will depend on their effect on his evaluation of the sample. If the auditor's evaluation of the sample results would not be altered by considering those unexamined items to be misstated, it is not necessary to examine the items. However, if considering those unexamined items to be misstated would lead to a conclusion that the balance or class contains material misstatement, the auditor should consider alternative procedures that would provide him with sufficient evidence to form a conclusion. The auditor also should evaluate whether the reasons for his or her inability to examine the items have (a) implications in relation to his or her risk assessments (including the assessment of fraud risk), (b) implications regarding the integrity of management or employees, and (c) possible effects on other aspects of the audit.

.26

The auditor should project the misstatement results of the sample to the items from which the sample was selected. fn 5fn 6 There are several acceptable ways to project misstatements from a sample. For example, an auditor may have selected a sample of every twentieth item (50 items) from a population containing one thousand items. If he discovered overstatements of $3,000 in that sample, the auditor could project a $60,000 overstatement by dividing the amount of misstatement in the sample by the fraction of total items from the population included in the sample. The auditor should add that projection to the misstatements discovered in any items examined 100 percent. This total projected misstatement should be compared with the tolerable misstatement for the account balance or class of transactions, and appropriate consideration should be given to sampling risk. If the total projected misstatement is less than tolerable misstatement for the account balance or class of transactions, the auditor should consider the risk that such a result might be obtained even though the true monetary misstatement for the population exceeds tolerable misstatement. For example, if the tolerable misstatement in an account balance of $1 million is $50,000 and the total projected misstatement based on an appropriate sample (see paragraph .23) is $10,000, he may be reasonably assured that there is an acceptably low sampling risk that the true monetary misstatement for the population exceeds tolerable misstatement. On the other hand, if the total projected misstatement is close to the tolerable misstatement, the auditor may conclude that there is an unacceptably high risk that the actual misstatements in the population exceed the tolerable misstatement. An auditor uses professional judgment in making such evaluations.

.27

In addition to the evaluation of the frequency and amounts of monetary misstatements, consideration should be given to the qualitative aspects of the misstatements. These include (a) the nature and cause of misstatements, such as whether they are differences in principle or in application, are errors or are caused by fraud, or are due to misunderstanding of instructions or to carelessness, and (b) the possible relationship of the misstatements to other phases of the audit. The discovery of fraud ordinarily requires a broader consideration of possible implications than does the discovery of an error.

.28

If the sample results suggest that the auditor's planning assumptions were incorrect, he should take appropriate action. For example, if monetary misstatements are discovered in a substantive test of details in amounts or frequency that is greater than is consistent with the assessed levels of inherent and control risk, the auditor should alter his risk assessments. The auditor should also consider whether to modify the other audit tests that were designed based upon the inherent and control risk assessments. For example, a large number of misstatements discovered in confirmation of receivables may indicate the need to reconsider the control risk assessment related to the assertions that impacted the design of substantive tests of sales or cash receipts.

.29

The auditor should relate the evaluation of the sample to other relevant audit evidence when forming a conclusion about the related account balance or class of transactions.

.30

Projected misstatement results for all audit sampling applications and all known misstatements from nonsampling applications should be considered in the aggregate along with other relevant audit evidence when the auditor evaluates whether the financial statements taken as a whole may be materially misstated.

Sampling in Tests of Controls

Planning Samples

.31

When planning a particular audit sample for a test of controls, the auditor should consider

  • The relationship of the sample to the objective of the test of controls.
  • The maximum rate of deviations from prescribed controls that would support his planned assessed level of control risk.
  • The auditor's allowable risk of assessing control risk too low.
  • Characteristics of the population, that is, the items comprising the account balance or class of transactions of interest.

.32

For many tests of controls, sampling does not apply. Procedures performed to obtain an understanding of internal control sufficient to plan an audit do not involve sampling. fn 7 Sampling generally is not applicable to tests of controls that depend primarily on appropriate segregation of duties or that otherwise provide no documentary evidence of performance. In addition, sampling may not apply to tests of certain documented controls. Sampling may not apply to tests directed toward obtaining evidence about the design or operation of the control environment or the accounting system. For example, inquiry or observation of explanation of variances from budgets when the auditor does not desire to estimate the rate of deviation from the prescribed control.

.33

When designing samples for tests of controls the auditor ordinarily should plan to evaluate operating effectiveness in terms of deviations from prescribed controls, as to either the rate of such deviations or the monetary amount of the related transactions. fn 8 In this context, pertinent controls are ones that, had they not been included in the design of internal control would have adversely affected the auditor's planned assessed level of control risk. The auditor's overall assessment of control risk for a particular assertion involves combining judgments about the prescribed controls, the deviations from prescribed controls, and the degree of assurance provided by the sample and other tests of controls.

.34

The auditor should determine the maximum rate of deviations from the prescribed control that he would be willing to accept without altering his planned assessed level of control risk. This is the tolerable rate. In determining the tolerable rate, the auditor should consider (a) the planned assessed level of control risk, and (b) the degree of assurance desired by the evidential matter in the sample. For example, if the auditor plans to assess control risk at a low level, and he desires a high degree of assurance from the evidential matter provided by the sample for tests of controls (i.e., not perform other tests of controls for the assertion), he might decide that a tolerable rate of 5 percent or possibly less would be reasonable. If the auditor either plans to assess control risk at a higher level, or he desires assurance from other tests of controls along with that provided by the sample (such as inquiries of appropriate entity personnel or observation of the application of the policy or procedure), the auditor might decide that a tolerable rate of 10 percent or more is reasonable.

.35

In assessing the tolerable rate of deviations, the auditor should consider that, while deviations from pertinent controls increase the risk of material misstatements in the accounting records, such deviations do not necessarily result in misstatements. For example, a recorded disbursement that does not show evidence of required approval may nevertheless be a transaction that is properly authorized and recorded. Deviations would result in misstatements in the accounting records only if the deviations and the misstatements occurred on the same transactions. Deviations from pertinent controls at a given rate ordinarily would be expected to result in misstatements at a lower rate.

.36

In some situations, the risk of material misstatement for an assertion may be related to a combination of controls. If a combination of two or more controls is necessary to affect the risk of material misstatement for an assertion, those controls should be regarded as a single procedure, and deviations from any controls in combination should be evaluated on that basis.

.37

Samples taken to test the operating effectiveness of controls are intended to provide a basis for the auditor to conclude whether the controls are being applied as prescribed. When the degree of assurance desired by the evidential matter in the sample is high, the auditor should allow for a low level of sampling risk (that is, the risk of assessing control risk too low). fn 9

.38

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

To determine the number of items to be selected for a particular sample for a test of controls, the auditor should consider the tolerable rate of deviation from the controls being tested, the likely rate of deviations, and the allowable risk of assessing control risk too low. When circumstances are similar, the effect on sample size of those factors should be similar regardless of whether a statistical or nonstatistical approach is used. Thus, when a nonstatistical sampling approach is applied properly, the resulting sample size ordinarily will be comparable to, or larger than, the sample size resulting from an efficient and effectively designed statistical sample.

Sample Selection

.39

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Sample items should be selected in such a way that the sample can be expected to be representative of the population. Therefore, all items in the population should have an opportunity to be selected. Random-based selection of items represents one means of obtaining such samples. Ideally, the auditor should use a selection method that has the potential for selecting items from the entire period under audit. Paragraphs 44 through 46 of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, describe the auditor's responsibilities for performing procedures between the interim date of testing and period end.

Performance and Evaluation

.40

Auditing procedures that are appropriate to achieve the objective of the test of controls should be applied to each sample item. If the auditor is not able to apply the planned audit procedures or appropriate alternative procedures to selected items, he should consider the reasons for this limitation, and he should ordinarily consider those selected items to be deviations from the prescribed policy or procedure for the purpose of evaluating the sample.

.41

The deviation rate in the sample is the auditor's best estimate of the deviation rate in the population from which it was selected. If the estimated deviation rate is less than the tolerable rate for the population, the auditor should consider the risk that such a result might be obtained even though the true deviation rate for the population exceeds the tolerable rate for the population. For example, if the tolerable rate for a population is 5 percent and no deviations are found in a sample of 60 items, the auditor may conclude that there is an acceptably low sampling risk that the true deviation rate in the population exceeds the tolerable rate of 5 percent. On the other hand, if the sample includes, for example, two or more deviations, the auditor may conclude that there is an unacceptably high sampling risk that the rate of deviations in the population exceeds the tolerable rate of 5 percent. An auditor applies professional judgment in making such an evaluation.

.42

In addition to the evaluation of the frequency of deviations from pertinent procedures, consideration should be given to the qualitative aspects of the deviations. These include (a) the nature and cause of the deviations, such as whether they are errors or irregularities or are due to misunderstanding of instructions or to carelessness, and (b) the possible relationship of the deviations to other phases of the audit. The discovery of an irregularity ordinarily requires a broader consideration of possible implications than does the discovery of an error.

.43

If the auditor concludes that the sample results do not support the planned assessed level of control risk for an assertion, he should re-evaluate the nature, timing, and extent of substantive procedures based on a revised consideration of the assessed level of control risk for the relevant financial statement assertions.

Dual-Purpose Samples

.44

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

In some circumstances, the auditor may design a sample that will be used for dual purposes: as a test of control and as a substantive test. In general, an auditor planning to use a dual-purpose sample would have made a preliminary assessment that there is an acceptably low risk that the rate of deviations from the prescribed control in the population exceeds the tolerable rate. For example, an auditor designing a test of a control over entries in the voucher register may design a related substantive test at a risk level that is based on an expectation of reliance on the control.The size of a sample designed for dual purposes should be the larger of the samples that would otherwise have been designed for the two separate purposes. In evaluating such tests, deviations from the control that was tested and monetary misstatements should be evaluated separately using the risk levels applicable for the respective purposes.

Note: Paragraph 47 of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement, provides additional discussion of the auditor's responsibilities for performing dual-purpose tests.

Selecting a Sampling Approach

.45

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

As discussed in paragraph .03, either a nonstatistical or statistical approach to audit sampling, when properly applied, can provide sufficient evidential matter.

.46

Statistical sampling helps the auditor (a) to design an efficient sample, (b) to measure the sufficiency of the evidential matter obtained, and (c) to evaluate the sample results. By using statistical theory, the auditor can quantify sampling risk to assist himself in limiting it to a level he considers acceptable. However, statistical sampling involves additional costs of training auditors, designing individual samples to meet the statistical requirements, and selecting the items to be examined. Because either nonstatistical or statistical sampling can provide sufficient evidential matter, the auditor chooses between them after considering their relative cost and effectiveness in the circumstances.

Effective Date

.47

This section is effective for audits of financial statements for periods ended on or after June 25, 1983. Earlier application is encouraged. [As amended, effective retroactively to June 25, 1982, by Statement on Auditing Standards No. 43.]


Appendix

Relating the Risk of Incorrect Acceptance for a Substantive Test of Details to Other Sources of Audit Assurance

.48

1.    Audit risk, with respect to a particular account balance or class of transactions, is the risk that there is a monetary misstatement greater than tolerable misstatement affecting an assertion in an account balance or class of transactions that the auditor fails to detect. The auditor uses professional judgment in determining the allowable risk for a particular audit after he consider such factors as the risk of material misstatement in the financial statements, the cost to reduce the risk, and the effect of the potential misstatements on the use and understanding of the financial statements.

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

2.    An auditor assesses inherent and control risk, and plans and performs substantive tests (analytical procedures and substantive tests of details) in whatever combination to reduce audit risk to an appropriate level.

3.    The sufficiency of audit sample sizes, whether nonstatistical or statistical, is influenced by several factors. Table 1 illustrates how several of these factors may affect sample sizes for a substantive test of details. Factors a, b and c in table 1 should be considered together (see paragraph .08). For example, high inherent risk, the lack of effective controls, and the absence of other substantive tests related to the same audit objective ordinarily require larger sample sizes for related substantive tests of details than if there were other sources to provide the basis for assessing inherent or control risks below the maximum, or if other substantive tests related to the same objective were performed. Alternatively, low inherent risk, effective controls, or effective analytical procedures and other relevant substantive tests may lead the auditor to conclude that the sample, if any, needed for an additional test of details can be small.

4.    The following model expresses the general relationship of the risks associated with the auditor's assessment of inherent and control risks, and the effectiveness of analytical procedures (including other relevant substantive tests) and substantive tests of details. The model is not intended to be a mathematical formula including all factors that may influence the determination of individual risk components; however, some auditors find such a model to be useful when planning appropriate risk levels for audit procedures to achieve the auditor's desired audit risk.

AR = IR x CR x AP x TD

An auditor might use this model to obtain an understanding of an appropriate risk of incorrect acceptance for a substantive test of details as follows:

TD = AR/(IR x CR x AP)

AR =    The allowable audit risk that monetary misstatements equal to tolerable misstatement might remain undetected for the account balance or class of transactions and related assertions after the auditor has completed all audit procedures deemed necessary. fn 1 The auditor uses his professional judgment to determine the allowable audit risk after considering factors such as those discussed in paragraph 1 of this appendix.

IR =    Inherent risk is the susceptibility of an assertion to a material misstatement assuming there are no related internal control structure policies or procedures.

CR =    Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity's controls. The auditor may assess control risk at the maximum, or assess control risk below the maximum based on the sufficiency of evidential matter obtained to support the effectiveness of controls. The quantification for this model relates to the auditor's evaluation of the overall effectiveness of those controls that would prevent or detect material misstatements equal to tolerable misstatement in the related account balance or class of transactions. For example, if the auditor believes that pertinent controls would prevent or detect misstatements equal to tolerable misstatement about half the time, he would assess this risk as 50 percent. (CR is not the same as the risk of assessing control risk too low.)

AP =    The auditor's assessment of the risk that analytical procedures and other relevant substantive tests would fail to detect misstatements that could occur in an assertion equal to tolerable misstatement, given that such misstatements occur and are not detected by the internal control structure.

TD =    The allowable risk of incorrect acceptance for the substantive test of details, given that misstatements equal to tolerable misstatement occur in an assertion and are not detected by internal control or analytical procedures and other relevant substantive tests.

5.    The auditor planning a statistical sample can use the relationship in paragraph 4 of this Appendix to assist in planning his allowable risk of incorrect acceptance for a specific substantive test of details. To do so, he selects an acceptable audit risk (AR), and substantively quantifies his judgment of risks IR, CR and AP. Some levels of these risks are implicit in evaluating audit evidence and reaching conclusions. Auditors using the relationship prefer to evaluate these judgment risks explicitly.

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

6.    The relationships between these independent risks are illustrated in table 2. In table 2 it is assumed, for illustrative purposes, that the auditor has chosen an audit risk of 5 percent for an assertion where inherent risk has been assessed at the maximum. Table 2 incorporates the premise that no internal control can be expected to be completely effective in detecting aggregate misstatements equal to tolerable misstatement that might occur. The table also illustrates the fact that the risk level for substantive tests for particular assertions is not an isolated decision. Rather, it is a direct consequence of the auditor's assessments of inherent and control risks, and judgments about the effectiveness of analytical procedures and other relevant substantive tests, and it cannot be properly considered out of this context.

Table 1

Factors Influencing Sample Sizes for a Substantive Test of Details in Sample Planning

 Conditions leading to  
FactorSmaller sample sizeLarger sample sizeRelated factor for substantive sample planning
a. Assessment of inherent risk.Low assessed level of inherent risk.High assessed level of inherent risk.Allowable risk of incorrect acceptance.
b. Assessment of control risk.Low assessed level of control risk.High assessed level of control risk.Allowable risk of incorrect acceptance.
c. Assessment of risk for other substantive tests related to the same assertion (including analytical procedures and other relevant substantive tests).Low assessment of risk associated with other relevant substantive tests.High assessment of risk associated with other relevant substantive tests.Allowable risk of incorrect acceptance.
d. Measure of tolerable misstatement for a specific account.Larger measure of tolerable misstatement.Smaller measure of tolerable misstatement.Tolerable misstatement.
e. Expected size and frequency of misstatements.Smaller misstatements or lower frequency.Larger misstatements or higher frequency.Assessment of population characteristics.
f. Number of items in the population.Virtually no effect on sample size unless population is very small.  

Table 2

Allowable Risk of Incorrect Acceptance (TD)
for Various Assessments of CR and AP; for AR = .05 and IR = 1.0



Auditor's subjective assessment control risk.
Auditor's subjective assessment of risk that analytical procedures and other relevant substantive tests might fail to detect aggregate misstatements equal to tolerable misstatement. 
CRAP 
   10% 30%50%100%
   TD 
 10% ***50% 
 30% *55%33%16% 
 50% *33%20%10% 
 100% 50%16%10%5% 
* The allowable level of AR of 5 percent exceeds the product of IR, CR, and AP, and thus, the planned substantive test of details may not be necessary. 
Note: The table entries for TD are computed from the illustrated model: TD equals AR/(IR x CR x AP). For example, for IR = 1.0, CR = .50, AP = .30, TD = .05/(1.0 x .50 x .30) or .33 (equals 33%). 
Footnotes (AU Section 350 — Audit Sampling):

fn 1 There may be other reasons for an auditor to examine less than 100 percent of the items comprising an account balance or class of transactions. For example, an auditor may examine only a few transactions from an account balance or class of transactions to (a) gain an understanding of the nature of an entity's operations or (b) clarify his understanding of the entity's internal control. In such cases, the guidance in this statement is not applicable.

[The following footnote is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

fn 2 For purposes of this section the use of the term misstatement can include both errors and fraud as appropriate for the design of the sampling application. Errors and fraud are discussed in Auditing Standard No. 14, Evaluating Audit Results.

fn 3 Some auditors prefer to think of risk levels in quantitative terms. For example, in the circumstances described, an auditor might think in terms of a 5 percent risk of incorrect acceptance for the substantive test of details. Risk levels used in sampling applications in other fields are not necessarily relevant in determining appropriate levels for applications in auditing because an audit includes many interrelated tests and sources of evidence.

fn 4 Random-based selection includes, for example, random sampling, stratified random sampling, sampling with probability proportional to size, and systematic sampling (for example, every hundredth item) with one or more random starts.

fn 5 If the auditor has separated the items subject to sampling into relatively homogeneous groups (see paragraph .22), he separately projects the misstatement results of each group and sums them.

[The following footnote is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

fn 6 Paragraphs 10 through 23 of Auditing Standard No. 14, Evaluating Audit Results, discuss the auditor's consideration of differences between the accounting records and the underlying facts and circumstances.

[The following footnote is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

fn 7 The auditor may plan to perform tests of controls concurrently with obtaining an understanding of internal control for the purpose of estimating the rate of deviation from the prescribed controls, as to either the rate of such deviations or monetary amount of the related transactions. Sampling, as defined in this section, applies to such tests of controls.

fn 8 For simplicity the remainder of this section will refer to only the rate of deviations.

fn 9 The auditor who prefers to think of risk levels in quantitative terms might consider, for example, a 5 percent to 10 percent risk of assessing control risk too low.

[The following footnote is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

fn 1 For purposes of this Appendix, the nonsampling risk aspect of audit risk is assumed to be negligible, based on the level of quality controls in effect.