Audit Sampling

The purpose of this chapter is to discuss the following issues:

  • Selecting items for sampling
  • Determining appropriate sample size
  • Determining whether and when to use statistical sampling techniques
  • Differences between auditing techniques required by International Standards on Auditing (ISA) and the Public Corporation Accounting Oversight Board (PCAOB)
  • Implications of these differences in required techniques for auditors

Evolution of the PCAOB Standards on Audit Sampling

The focus of this chapter is audit sampling. Internationally, sampling guidelines are provided by ISA 530 entitled Audit Sampling. The purpose of ISA 530 is to establish standards and provide guidance on the use of audit sampling procedures and other means of selecting items for testing to gather audit evidence. ISA 530 provides key definitions for auditors. In the United States, the original standard in this area was the American Institute of Certified Public Accountants’ (AICPA’s) SAS 39 entitled Audit Sampling. The AICPA subsequently modified this standard and reissued it under the title SAS 39 Audit Sampling Redrafted. Subsequently the Auditing Standards Board (ASB) used this to develop a section (AICPA refers to ASB standards as sections, and we will use the same terminology) entitled Audit Sampling. Subsequently, PCAOB brought Audit Sampling under its aegis as AU 350.

It may be easier to summarize the steps as follows:

  • The original standard on Audit sampling was SAS No. 39 by the AICPA, effective beginning in February 1982.
  • The AICPA subsequently redrafted SAS No. 39. The new standard was referred to as SAS No. 39 Audit sampling (Redrafted).
  • The ASB came up with a section that was numbered 530. ASB section 530 incorporates all the fundamental guidance offered in SAS No. 39 Redrafted and guidance provided by ISA 530.

    The number was intended to be consistent with the ISA standard on Audit sampling entitled ISA 530 Audit sampling. We note this was part of the clarified standards effort. AU 350 was amended by the PCAOB risk standards, Nos. 8 to 15.

  • The PCAOB subsequently took the ASB section 350 under its aegis. It is called AU 350 Audit sampling by the PCAOB.

    This standard governs issues relating to audit sampling now as conducted for SEC-registrant entities.

Techniques for Audit Sampling and Whole Population Selection

When deciding on audit procedures, the auditor is required to determine appropriate means of selecting items for testing. The means that an auditor can:

  • select all items (100 percent examination);
  • select specific items; or
  • audit a sampling.

These techniques will now be discussed in brief.

Selecting All Items (Whole Population Selection)

The auditor could potentially decide to examine all the items that make up a population. This type of 100 percent examination, as noted in paragraph 24 ISA 530 entitled Audit Sampling and Other Testing Procedures, is unlikely in the case of tests of controls. However, it is more common for tests of details. A 100 percent examination is appropriate when (a) the population constitutes a small number of large value items, (b) when there is a significant risk and other means do not provide sufficient audit evidence, or (c) when the repetitive nature of a calculation or other processes performed automatically by an information system makes a 100 percent examination cost effective. Selecting the whole population does not constitute audit sampling.

Selecting Specific Items

Paragraph 25 of ISA 530 states that the auditor may decide to select items from a population based on such factors as (a) the auditor’s understanding of the entity, (b) the assessed risk of material misstatement, and (c) the characteristics of the population being tested. However, we are warned that the judgmental selection of specific items is subject to nonsampling risk. (Nonsampling risk is discussed later in this chapter.) Specific selected items could include the following:

  • High value or key items. The auditor may decide to select specific items from within a population because they are of high value or exhibit some other characteristic of interest.

    Other characteristics include being suspicious, unusual, or particularly risk prone.

  • All items over a certain amount. The auditor may decide to examine items whose values exceed a certain amount. In doing so, the auditor may be able to verify a large proportion of the total amount of a class of transactions or an account balance. For example, an entity may have one or two accounts receivable customers who owe extremely large balances that together constitute a large proportion of the total accounts receivable balance.
  • Items to obtain information. The auditor may examine items to obtain information about matters such as the nature of the entity, the nature of transactions, and the quality of the internal control system’s design and operations.
  • Items to test control activities. The auditor may use judgment to select and examine specific items to determine whether or not a particular control activity is being performed.

Audit Sampling

This is discussed in separate sections below. The auditor may decide to apply audit sampling to a class of transactions or account balance. Audit sampling can be applied using either nonstatistical or statistical sampling methods. Statistical sampling involves the use of statistical methodology to determine sample size. Nonstatistical sampling basically involves the auditor’s judgment. A key difference between the two methods is that with statistical sampling, the results of a test of, say, 5 percent of the total population, can be projected to the account balance as a whole. That is, if the total difference between the book value and the sample’s actual value is $1,000 for that 5 percent of the total population, then the auditor can estimate that the entire population for that account is off by $20,000. With nonstatistical sampling, the auditor cannot project an error from the nonstatistical sample chosen to the population of the account as a whole. In essence, the difference between statistical and nonstatistical sampling is the ability to project sampling error, not the ability to conclude about the population. Both methods allow the auditor to conclude about the population as a whole.

Audit Sampling: Key Differences between ISA and PCAOB

The differences are quite marginal. The key issues are discussed below.


Paragraph 3 of ISA 530 defines audit sampling as involving the application of audit procedures to less than 100 percent of items within a class of transactions or account balances such that all sampling units have an equal probability of being selected. This will enable the auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to assist the auditor in forming a conclusion about the population from which the sample was drawn. For example, in a sample of sales invoices, if the comparison of sales invoices to recorded values in the entity’s accounts show that the accounting entries recording sales transactions in the accounting records are, on average, overstated by 1 percent compared to the actual sales invoices, the auditor may conclude that the population of recorded sales may be overstated by 1 percent as well. This is an example of extrapolating from the sample’s results (involving, say, 100 invoices and related accounting entries) to the population as a whole (involving, say 1,500 invoices and related accounting entries). Auditors can use either a statistical or nonstatistical approach.

The difference between ISA 530 and PCAOB’s AU 350 is marginal in our opinion. A report by the AICPA ( states that the PCAOB believed that the ISA wording in its definition was too imprecise to be meaningful. The wording of ISA 530 requires the auditor to select items such that all items have a chance of selection. This was noted in the AICPA report as too imprecise to be meaningful. The PCAOB, although adhering to a somewhat similar definition, refers the reader to Auditing Standard (AS) 15 of the PCAOB, which also discusses the fundamental concept of representativeness. These are subtle changes, and we are not sure how it would affect a practicing auditor in their sampling decision.

Sample Selection

As mentioned above, there appears to be a very marginal difference in guidance for sample selection. ISA 530’s paragraph 42 notes that the auditor should select items for the sample with the expectation that all sampling units in the population have an equal chance of selection. Guidance with respect to the principle methods of sample selection is then provided. This includes discussion of haphazard and random-based selection methods. (Haphazard selection is a case where the auditor selects the sample without following a structured technique. Random-based methods include the use of computerized random number generator through a system referred to as Computer Assisted Audit Techniques (CAATs) or random number tables. Whereas the same ground is covered in PCAOB’s AU 350, the PCAOB’s AU 350 (paragraph 24) states that sample items should be selected in such a way that the sample can be expected to be representative of the population. ISA 530 notes that the auditor should select items for the sample with the expectation that all sampling units have an equal chance of selection. Hence, there is a marginal difference in wording. (But we note that it really is a difference without a distinction.)

Another wording difference is that AU 350 provides a detailed explanation of how an auditor should adopt a selection method that will increase the likelihood of selecting items from the entire period under audit. This is important because failing to do so may increase the likelihood that the sample will not be representative of all the transactions that occurred during the period. Thus, the auditor may draw incorrect conclusions from the testing of the sample drawn.

In the PCAOB’s AU 350, the auditor is also referred to paragraphs 44 through 46 of the PCAOB’s AS No. 13 entitled The auditor’s responses to the risks of material misstatement for further guidance. These paragraphs focus on performing certain substantive procedures on the audit samples selected. It is noted that interim testing of sample (i.e., tests of data collected before the end of the financial statement period) to assess the risks of material misstatement could permit early consideration of matters affecting the year-end financial statements. This (i.e., performing substantive procedures on the selected samples) decreases the risk of an undetected material misstatement in the year-end financial statements. In contrast, there is no reference in ISA 530 to other standards that could help the auditor to identify risks of material misstatement. Hence there is a clear difference between PCAOB’s AU 350 and ISA 530. On the other hand, International Auditing Assurance Standards Board (IAASB) has also issued ISA 240, which is a fraud standard equivalent to the PCAOB standard.

Issues with Respect to “Representative” Sampling

It is noted in ISA 530 that the audit sampling process should adopt some form of random sampling for the selected sample with the goal of having the sample representative of the population. Such sampling could include random sampling, stratified random sampling with probability proportional to size, and systematic sampling (paragraphs 36 to 38 provide a more detailed description). Random sampling means choosing the sample based, for example, on a random number chart. In doing this, for example, each selected number in the random number chart would be matched with all or part of an invoice number. If the random number matched all or part of a specific invoice number that invoice would be selected for testing. This procedure gives each item in the population an equal, random, chance of being selected to be part of the sample. Stratified random sampling occurs when some subsets of the sample differ greatly from other subsets of the sample. For example, there could be some very large dollar balance accounts receivable accounts and a lot of small dollar balance accounts receivable accounts. Stratifying the sample, in this context, means treating the accounts receivable account as if it consisted of two separate accounts. All or 100 percent of the high balance accounts could be examined completely. On the other hand, with the small balance accounts, only a small percentage of them may be chosen to be examined. Sampling with probability proportional to size means that if, each dollar in an account is considered as a single sample item, then an account with a balance of $100 is 10 times more likely to be examined than would an account balance totaling $10.

In this respect, the PCAOB’s AU 350 provides a more detailed explanation and greater selection of tools. Accordingly, it provides guidance more capable of helping an auditor select a more representative sample as opposed to the more likely less representative sample selected following ISA 530 guidance. Whereas the ISA discusses stratification, the discussion relates to the objective of stratification, which is to increase the level of uniformity of items within each stratum and, therefore, allow sample size to be reduced without causing a proportional increase in sampling risk. Sampling risk, of course, is the risk that the sample chosen will not be representative, that is reflect the characteristics of the whole population of items. If that is true, then any conclusions drawn from the sample will not be valid for the entire population. The PCAOB’s AU 350, in addition, focuses on a variety of techniques such as sampling with probability proportional to size, which is not mentioned in ISA 530. The main difference in our opinion is that ISA 530 focuses on rationale while the PCAOB’s AU 350 appears to be more practically oriented and focuses on methods to achieve representativeness.

Issues Relating to “Dual Purpose" Sampling

Another key difference in our opinion relates to the issue of dual purpose samples. This was added to AU 350 by the PCAOB (that is the PCAOB added a paragraph on this in AU 350, which was not there when the auditing standard was brought under its aegis) and is applicable for audits for fiscal years beginning on or after December 15, 2010. A dual purpose test exists when a sample can be used both as a test of controls and as a substantive test. It is discussed in paragraph 44 of AU 350. One example of a dual purpose sample would be if the auditor is selecting credit memos, memos issued by the credit manager of an entity to authorize a reduction in the accounts receivable balance of a customer’s account. Such memos should be signed by the credit manager to indicate that the authorized person approves of the customer accounts receivable balance reduction. If the auditor selects a sample of credit memos, a test of controls would be to see whether the credit memo had upon it the authorized signature. That would answer one of the dual purposes of the sample. A second purpose achieved by the sample is when the auditor notes whether the credit memo was correctly entered into the customer’s accounts receivable balance. This is a substantive test, not a test of controls. It therefore serves the second purpose of the dual purpose testing procedure. This additional information provided by the PCAOB serves to enable the auditors to increase the efficiency of the audit. There are conditions in which the use of a dual purpose sample is more helpful than in others. For example, it is advised that an auditor planning to use a dual purpose sample should make a preliminary assessment that there is an acceptably low risk that the error rate would exceed the level acceptable to the auditor.

The size of a sample designed for dual purposes should be the larger of the samples that would otherwise have been designed for the two separate purposes. In evaluating such tests, deviations from the control that was tested and monetary misstatements should be evaluated separately using the risk levels applicable for the respective purposes. This is further elaborated on by the PCAOB in paragraph 14 of AS No. 13 entitled The auditor’s responses to the risks of material misstatement with paragraph 44 providing reference to this. This discussion, namely the design of dual purpose samples, is not present in ISA 530. There is a discussion in ISA 530 (paragraphs 31 to 34) of sample design providing guidance, but there is no discussion of the issue of the design of dual purpose samples.

It is unclear why the ISA does not refer to the use of dual purpose sampling. The failure to reference it, however, does not mean that it cannot be used by auditors following ISA because the use of dual purpose sampling should increase both (a) the efficiency of the auditing process and (b) the effectiveness of the auditing process in detecting fraud.

Issues Relating to Statistical and Nonstatistical Sampling Techniques

In this section, we discuss any differences that may exist between the PCAOB’s AU 350 and ISA 530 with reference to guidance regarding the use of statistical techniques versus nonstatistical techniques and the implications thereon if differences do exist. We have already observed that statistical sampling is an objective approach using probability to make an inference about a population. The method will determine the sample size and the selection criteria of the sample. Nonstatistical sampling, on the other hand, relies on judgment to determine the sampling method, the sample size, and the selection items in the sample. We have also observed that the difference between statistical and nonstatistical sampling relates to the ability to project sampling error, not the ability to conclude about the population. The issue of projecting errors will be discussed more fully later.

Paragraph 28 of ISA 530 states that the choice between statistical versus nonstatistical sampling is a matter that the auditor has to decide on when the auditor considers which of the two would most efficiently allow them to obtain sufficient appropriate audit evidence in the particular circumstances. For example, in the case of tests of controls, the auditor’s analysis of the nature and cause of errors will often be more important than the statistical analysis of the mere presence or absence of errors. In such a situation nonstatistical sampling may be more appropriate. Statistical sampling may be more suitable for tests of controls and tests of details. ISA 530 also provides advice on how to determine sample size using statistical and nonstatistical approaches.

The differences between ISA 530 and the PCAOB’s AU 350 are as follows. First, the AU 350 definition is more thorough as it also includes discussion of how statistical sampling can help the auditor, whereas ISA 530 appears to take this for granted. AU 350 in paragraph 46 notes that statistical sampling can help the auditor to (a) design an efficient sample, (b) measure the sufficiency of the evidential matter obtained, and (c) evaluate the sample results. These elements are not discussed in ISA 530. More importantly, AU 350 discusses the costs and benefits of using statistical sampling. It clearly notes that statistical sampling involves additional costs in the form of costs of training auditors, designing individual samples to meet statistical requirements, and selecting the items to be examined. The auditor should choose the appropriate sampling technique after considering the relative costs and benefits. ISA 530 does not have a discussion of costs and benefits.

PCAOB’s AU 350 also introduces and provides guidance on statistical and nonstatistical approaches. But the significant difference is that PCAOB’s AU 350 takes a broad brush approach and notes that the auditor should use professional judgment in planning, performing, and evaluating a sample and in relating the evidential matter produced by the sample to other evidential matter when forming a conclusion about the related account balance or class of transactions. What is lacking in ISA 530 is the emphasis on the use of professional judgment in choosing between statistical versus nonstatistical approaches and the emphasis on the use of professional judgment in all activities in the planning, performing, and evaluation of a sample. On the other hand, AU 350 gives the auditor greater flexibility by emphasizing the use of professional judgment in all activities relative to sampling, an emphasis.

Issues Relating to Audit Opinion Formulation

PCAOB’s AU 350 links audit sampling to opinion formulation. Paragraph 7 notes that some degree of uncertainty is implicit in the concept of a reasonable basis for an opinion. Auditors can be justified in accepting some uncertainty. The justification for accepting some uncertainty arises from the relationship between such factors as the cost and time required to examine all of the data and the adverse consequences of possible erroneous decisions based on conclusions resulting from examining only a sample of the data. If these factors do not justify the acceptance of some uncertainty, the only alternative is to examine all of the data. This was introduced by the PCAOB as a separate paragraph and is unique to PCAOB. The broad-based concept of linking the auditor’s opinion to sampling is not considered in ISA 530.

Issues Relating to Error and Anomalous Error

Paragraph 4 of ISA 530 defines error as involving control deviations when performing tests of controls or misstatements when performing tests of details. Referring back to our previous example of dual purpose testing, a control deviation would exist when a credit memo does not have the signature of the authorized person, the credit manager, upon it. A misstatement would exist when the sales invoice does not match the recorded amount of the sale seen in the sales account. Anomalous error is an error that arises from an isolated event that has not recurred other than on specifically identifiable occasions and is, therefore, not representative of errors in the population. There are several differences here. First, there is a clear definition of the term anomaly and its treatment in ISA 530. AU 350 does not have an equivalent wording for anomaly. The requirement in paragraph 13 of ISA 530 that addresses the issue of anomalies is not included in AU 350 of the PCAOB. The issue of anomalies is also not discussed in section 530 of the ASB. The PCAOB may believe that the deletion of the option to consider a misstatement an anomaly will enhance the quality of the audit. The justifications for the differences are made by the ASB (refer ASB justifies this because, otherwise, the auditor may focus on anomalies and not misstatements, thus missing out on a lot of potential misstatements. The ASB also expresses concerns about terms used in ISA 530, which uses words such as in the extremely rare circumstance and a high degree of uncertainty. For example, it is stated “in the extremely rare circumstance that an error arises from an isolated event” the auditor could decide to “identify all items in the population that possess the common feature”. Similarly, the guidance states that, to be considered an anomalous error, the auditor has to have a high degree of certainty that such error is not representative of the population. These terms are not used in section 530 of the ASB because the ASB believes that these terms are subjective and would not be consistently interpreted in practice. Because ASB’s section 530 is now under the aegis of the PCOAB, (although under a different title, that of AU 350) and the PCAOB has not made any amendments, we hold this is the view of the PCAOB as well.

Issues Relating to Sampling Risk

Paragraph 7 ISA 530 notes that sampling risk arises from the possibility that the auditor’s conclusions based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure. ISA 530 defines sampling risk as follows:

  • The risk that the auditor will conclude in the case of a test of controls that controls are more effective than they actually are or, in the case of a test of details, that a material error does not exist when in fact it does. This type of risk affects audit effectiveness and is more likely to lead to an inappropriate audit opinion.
  • The risk the auditor will conclude in the case of test of controls, that controls are less effective than they actually are or, in the case of a test of details, that a material error exists when in fact it does not. This type of risk affects audit efficiency as it would usually lead to additional work to establish that initial conclusions are incorrect.

Paragraph 10 of the PCAOB’s AU 350 notes that sampling risk arises from the possibility that when a test of controls or a substantive test is restricted to a sample, the auditor’s conclusions may be different from the conclusions the auditor would reach if the test were applied in the same way to all items in the account balance or class of transactions. That is, a particular sample may contain proportionately more or less monetary misstatements or deviations from prescribed controls than exist in the balance or class as a whole. Paragraph 12 of AU 350 notes that the auditor should apply professional judgment in assessing sampling risk. In performing substantive tests of details the auditor is concerned with two aspects of sampling risk:

  • The risk of incorrect acceptance is the risk that the sample supports the conclusion that the recorded account balance is not materially misstated when it is materially misstated.
  • The risk of incorrect rejection is the risk that the sample supports the conclusion that the recorded account balance is materially misstated when it is not materially misstated.

Hence, in this respect, it is very similar to the guidance provided by ISA 530. Paragraph 12 of AU 350 also states that the auditor should be concerned with two aspects of sampling risk in performing tests of controls when sampling is used. These risks are the same risks mentioned earlier for ISA 530.

The preceding discussion has as its heart issues relating to the operating effectiveness of a control. But we conclude PCAOB’s AU 350 potentially provides a marginally broader perspective on the use of statistical sampling with regard to internal controls to auditors relative to that provided by ISA 530. But here the differences are not significant.

There are requirements in ISA 530 not in AU 350. ISA 530 requires, for test of details, the projection of misstatements found in a sample to the population ( The PCAOB believes that projection of misstatements is also relevant to tests of controls and tests of compliance. Tests of compliance are undertaken to confirm whether a firm is following the rules and regulations applicable to an activity. The PCAOB, accordingly broadened the requirement in paragraph 14 of ASB section 530 to project the results of audit sampling to also include tests of controls and tests of compliance, not just tests of details. This was subsequently carried forward to PCAOB’s AU 350.

Issues Relating to Nonsampling Risk

This arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample. For example, ordinarily the auditor finds it necessary to rely on audit evidence that is persuasive rather than conclusive. The auditor might use inappropriate audit procedures, or the auditor might misinterpret audit procedures, or the auditor might misinterpret audit evidence and fail to recognize an error. We do not notice any significant differences between ISA 530 and PCAOB’s AU 350 with respect to issues relating to the measurement and handling of nonsampling risk and hence will not engage in further discussion with respect to nonsampling risk.

Once the auditor has decided on the sample size, selected a representative sample and decided on the method (statistical versus nonstatistical sampling) to use, and examined the selected items, the next step is to project errors based on the sampling technique used. The auditor is then required to evaluate performance. This is discussed next.

Projecting Errors

ISA 530 requires that, for tests of details, the auditor should project monetary errors found in the sample to the population and should consider the effect of the projected error on the particular audit objective and on other areas of the audit (refer paragraphs 51 to 53 and 54 to 56 for a more elaborate discussion). The auditor is required to project the total error for the population to obtain a broad view of the scale of errors and to compare this to the tolerable error. For tests of details, tolerable error (now called performance materiality under ISA) is the tolerable misstatement and will be an amount less than or equal to the auditor’s materiality used for the individual class of transactions or account balances being audited. (Please note that performance materiality replaced tolerable error under both ISA and AICPA standards.) When an error has been established as an anomalous error it may be excluded when projecting sample errors to the population. If a class of transactions or account balance has been divided into strata, the error is projected for each stratum separately. Projected errors plus anomalous errors for each stratum are then combined when considering the possible effect of errors on the total class of transactions or the account balance. For tests of controls, no explicit projection of errors is necessary since the sample rate is also the projected rate of error for the population as a whole.

With respect to the PCAOB, there are differences. The PCAOB does cover the issue related above. Hence, that will not be repeated here. However, when reading this section, PCAOB’s AU 350 refers the reader to AS No. 11 entitled Consideration of materiality in planning and performing an audit. The PCAOB links projecting errors to materiality in the context of an audit. AS 11 cites the Supreme Court. In interpreting federal securities laws, the Supreme Court of the United States has held that a fact is material if there is a substantial likelihood that the fact would have been viewed by a reasonable investor as having significantly altered his or her decision to invest. While ISA 530 does not cite other auditing standards or view projecting error from a materiality point of view, the PCAOB does encourage auditors to do this. In particular, PCAOB considers materiality of the monetary errors and their projection to the population. This includes, but is not limited to, projections by stratum and then combined to the total class of transactions. It appears that the PCAOB in AU 350, by incorporating a paragraph requiring auditors to read AS No. 11, also wants auditors to use the results to establish materiality levels for the financial statements as a whole. The auditor now (based on our reading of AS 11) is required to establish materiality levels for projected errors from the sampling results to the financial statements. The auditor should determine the amount of tolerable misstatement (tolerable errors) for the purposes of assessing risks of material misstatement at the financial statement level. This is a much more broad-based view than ISA 530 (and ISA 240, which deals with the auditor’s responsibility to consider fraud in an audit of financial statements). Further a detailed description is given in paragraph 26 of AU 350 on how to project errors. This is discussed in the appendix. Such detailed description is not available under ISA (a reflection of the fact that ISAs are principles-based). But the differences are marginal.

Performance and Evaluation of Results

The sample results have to be evaluated. Paragraph 54 of ISA 530 provides guidance on how the auditor should evaluate results. It notes the auditor should evaluate the sample results to determine whether the assessment of a relevant characteristic of the population is confirmed or needs to be revised. In the case of tests of controls, an unexpectedly high sample error rate may lead to an increase in the assessed risk of material misstatement, unless further audit evidence substantiating the initial assessment is obtained. In the case of tests of details, an unexpectedly high error amount in a sample may cause the auditor to believe that a class of transactions or an account balance is materially misstated in the absence of further audit evidence that no material misstatement exists. If the total amount of projected error plus anomalous error is less than, but close to, that which the auditor deems tolerable, the auditor should consider the persuasiveness of the sample results in the light of other audit procedures, and may consider it appropriate to obtain additional audit evidence. If the evaluation of sample results indicates that the assessment of the relevant characteristic of the population needs to be revised, the auditor may, according to paragraph 56, do all or any of the following:

  • Request management to investigate identified errors and the potential for further efforts, and to make any necessary adjustments
  • Modify the nature, timing, and extent of further audit procedures. For example, in the case of tests of controls, the auditor might extend the sample size, test an alternative control, or modify related substantive procedures
  • Consider the effect on the audit report

AU 350 covers the area above. However, there is a difference between PCAOB’s AU 350 and ISA 530. The following paragraph was added by the PCAOB to AU 350 and is effective for the months beginning on or after December 15, 2010. This is not in ISA. The paragraph, paragraph 25, notes that auditing procedures that are appropriate to the particular audit objective should be applied to each sample item. In some circumstances the auditor may not be able to apply the planned audit procedures to selected sample items because, for example, supporting documentation may be missing. The auditor’s treatment of unexamined items will depend on their effect on the evaluation of the sample. If the auditor’s evaluation of the sample results would not be altered by considering those unexamined items to be misstated, it is not necessary to examine the items. However, if considering those unexamined items to be misstated would lead to a conclusion that the balance or class of transactions contains a material misstatement, the auditor should consider alternative procedures that would provide them with sufficient evidence to form a conclusion. The auditor should also evaluate whether the reasons for their inability to examine the items have (a) implications in relation to their risk assessments (including the assessment of fraud risk), (b) implications regarding the integrity of management or employees, and (c) possible effects on other aspects of the audit.

Hence this paragraph, which was added by PCAOB to AU 350, has fraud implications by discussing tying issues related to unexamined items, possible misstatements of identified items, alternative procedures to examine misstatement, and the implications of these on the risk of fraud. However, we note that a critical reading of ISA 240, which is to a certain extent the ISA equivalent dealing with the auditor’s responsibility to consider fraud in an audit of financial statements, shows that the differences between PCAOB and ISA with respect to the issues covered above is marginal at the best.


Auditors, as part of the audit, may have to digest enormous amounts of data, whether in the form of transactions or even account balances. Trying to verify the existence of a huge multitude of transactions may be extremely time-consuming and expensive. The auditing standards discussed in this chapter provide an alternative to engaging in a brute force attack on mountains of transactions, for example, that a client entity might have. Instead, the professional standards of the ISA and the PCAOB allow the auditor to use statistical sampling techniques. By use of statistical sampling techniques the auditor can choose a representative subset of all the transactions and infer the condition of the accounts as whole from the results of this representative sample.

The information in this chapter relevant to the ISA and PCAOB standards is important information to readers learning about the differences between the standards in that they will better be able to appreciate what one set of standards requires or emphasizes, and another does not. We find that there is more guidance provided to the auditor in PCAOB auditing standards with respect to audit sampling than is present in the ISA standard. This finding is consistent with our earlier discussion that the PCAOB provides more of a rules-based framework for conducting an audit, whereas the ISA standard is more principles-based. Greater levels of guidance may force the auditor to do more work than it would otherwise, or it may provide the auditor with a feeling of comfort in only doing the explicitly mentioned amount of work using techniques mentioned in the PCAOB standard. In a principles-based auditing framework like the ISA, in contrast, the auditor must use a greater level of professional judgment in deciding how much sampling work to do and which methods to use. In reviewing auditors’ reports from auditors operating under the different sets of rules, therefore, the reader can bring the information covered here to mind in evaluating the worth of the report. Different inclusions or exclusions between the sets of standards may be believed to have implications for the audit report’s quality. We make no conclusions of our own on this point. Be that as it may, this chapter presents an important view of a key consideration in the auditing process: How much evidence should be collected, using which methods (statistical, nonstatistical), and how much judgment was permissible in allowing the auditor to arrive at the auditor’s conclusions?

Appendix: Description of How to Project Misstatement Results as per the PCAOB’s AU 350

Paragraph 26 of the PCAOB’s AU 350 provides a detailed description of how to project misstatement results of the sample to the items from which the sample was selected. We follow this description closely here. There are several acceptable ways to project misstatements from a sample. For example, an auditor may have selected a sample of every twentieth item from a population containing one thousand items. Therefore the sample includes 5 percent of the population. If the auditor discovered overstatements of $3,000 in that sample, the auditor could project a $60,000 overstatement by dividing the amount of misstatement in the sample by the fraction (5 percent) of total items from the population included in the sample. The auditor should add that projection of the misstatements to those discovered in any items examined 100 percent. This total projected misstatement should be compared with the tolerable misstatement for the account balance or class of transactions and appropriate consideration should be given to sampling risk. If the total projected misstatement is less than tolerable misstatement for the account balance or class of transactions, the auditor should consider the risk that such a result might be obtained even though the true monetary misstatement for the population exceeds tolerable misstatement. For example, if the tolerable misstatement in an account balance of $1 million is $50,000 and the total projected misstatement based on an appropriate sample is $10,000, the auditor may be reasonably assured that there is an acceptably low sampling risk that the true monetary misstatement for the population exceeds tolerable misstatement. On the other hand, if the total projected misstatement is close to the tolerable misstatement, the auditor may conclude that there is an unacceptably high risk that the actual misstatements in the population exceed the tolerable misstatement. An auditor should use professional judgment in making evaluations.

Please note that this type of detailed instruction is not available in ISA and as mentioned earlier, this illustrates the importance given by the PCAOB to detecting material misstatements. However a critical reading of ISA 240 shows that the ISA standard appears to have the same focus with respect to detecting material misstatements. Our conclusion is that there are no significant differences between PCAOB and ISA in this regard.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.