1. Non-sampling Risk
    Any other mistakes by the auditor other than sampling risk not a direct consequence of using a sampling approach
  2. Sampling
    Application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class
  3. Two Types of Statistical Sampling
    • Attributes sampling
    • Variables sampling
  4. Type I Error
    • The risk of under-reliance on controls or incorrect rejection
    • Relates to efficiency of audit
  5. Two General Approaches to Sampling
    • Statistical
    • Nonstatistical
  6. Sampling Risk
    The risk that the sample may not be truly representative of the population
  7. Type II Error
    • The risk of over-reliance on controls or incorrect acceptance
    • Relates to effectiveness of audit
  8. Eight Steps in Attributes Sampling Plan
    • Identify Sampling Objective
    • Define what Constitutes an Occurrence
    • Identify Relevant Population
    • Determine Sampling Method
    • Determine Sample Size
    • Select the Sample
    • Evaluate Results
    • Document Sampling Procedures
  9. Attributes Sampling Results Necessary for an Auditor to Rely on the Control
    Only if the error rate, based on the upper bound of the confidence interval is less than or equal to the stated "tolerable error" rate
  10. Haphazard Sampling
    Arbitrary selection, with no "conscious" biases
  11. Statistical Sampling Approaches
    • Random Number
    • Systematic
  12. Factors Inversely Related to Sample Size
    • Tolerable error rate
    • Risk of over-reliance
    • Risk of under-reliance
  13. Systematic Sampling
    e.g., selecting every nth item
  14. Block Sampling
    A group of contiguous items
  15. Items Considered in Identifying the Relevant Population
    • Relevant time period
    • Specific sampling unit
  16. Random Number Sampling
    Each transaction has the same probability of being selected
  17. Observed Deviation Rate
    (# errors)/n
  18. Factors Directly Related to Sample Size
    • Expected error rate
    • Population size
  19. Judgmental Sampling Approaches
    • Block
    • Haphazard
  20. Items Inversely Related to Variables Sample Size
    • Allowance for sampling risk
    • Risk of incorrect acceptance
    • Risk of incorrect rejection
  21. Items Directly Related to Variables Sample Size
    • Estimated population standard deviation
    • Population size
  22. Basic Sample Size Formula
    Sample Size = (Estimated population standard deviation x coefficient of reliability x number of items / allowance for sampling risk) squared
  23. Eight Basic Steps in Variables Sampling
    • Identify sampling objectives
    • Identify relevant population
    • Select specific sampling technique
    • Calculate the sample size
    • Determine selection method
    • Conduct the sample
    • Evaluate sample and project to population
    • Document the sampling procedures
  24. Two Parameters of a Normal Distribution
    • Mean
    • Variance
  25. Results of Stratification
    Reduces overall variability within a population
  26. Sampling Techniques
    • Difference estimation
    • Ratio estimation
    • Mean-per-unit estimation
    • Probability proportionate to size
  27. EDP Duties that Should Be Segregated
    • Systems analyst
    • Programmer
    • Operator
    • Librarian
    • Security
  28. Five Categories of General Controls
    • Organization and operation
    • Systems development and documentation
    • Hardware and systems software
    • Access
    • Data and procedures
  29. Types of Logic Checks
    • Limit tests
    • Validity checks
    • Missing data checks
    • Check digits
  30. Application Controls
    Related to the specific computer processing applications
  31. Check Digit
    A check digit is an arithmetic manipulation of a numerical field that captures the information content of that field and then gets "tacked" onto the end of that numeric field
  32. Types of Physical Safeguards
    • File labels
    • File protection rings
    • File protection plans
  33. Particular Internal Control Considerations in an EDP Environment
    • Segregation of duties may be undermined
    • Audit trail may be lacking
    • Computer processing is uniform
  34. Batch Totals
    Totals that actually mean something
  35. Built in Controls for Hardware and Systems Software
    • Parity check
    • Echo check
    • Diagnostic routines
    • Boundary protection
  36. Types of Control Totals
    • Batch totals
    • Hash totals
    • Record count
  37. Hash Totals
    Totals that have no meaningful interpretation
  38. Objective of Processing Application Controls
    That the processing of data is accurate and as authorized
  39. Objective of Input Application Controls
    That the input of data is accurate and as authorized
  40. Record Count
    Keeping track of the number of records processed to determine that the appropriate number was accounted for
  41. General Controls
    Controls that have pervasive effects on all the specific applications
  42. Objective of Output Application Controls
    That the output of data (and the distribution of any related reports) is accurate and as authorized
  43. Validity Checks
    Are the data recognized as legitimate possibilities
  44. Missing Data Checks
    Are there any omissions from any fields in which data should have been present
  45. Limit Tests
    Are the data all within some predetermined range
Card Set
Auditing 5