When auditors audit the financial statements of a client, there are different stages they must go through. Usually, auditors must complete all these stages within a predetermined amount of time. Therefore, auditors work under deadlines to meet all the requirements and complete the audit on time. Due to the time-constraint, it is not always possible for auditors to verify all balances and transactions that are a part of the financial statements of the client. Unless specified otherwise, auditors always use sampling in the audit process to select a few items from the total population on which they perform audit procedures.
Using audit sampling, auditors can limit their audit procedures on a selection of items within account balances or class of transactions. There are different methods of sampling that auditors can use, each of which can produce a distinct selection of samples from the same given population. These may include methods, such as random, systematic, stratified, quota, clustered, etc. sampling. Usually, the sample that auditors choose from a population depends on several factors, such as sampling method, audit objective, tolerable misstatement, risk assessment, etc. Similarly, audit sampling helps auditors form an opinion without having to test all populations, and facilitates them to focus on high risk and high-value items.
However, sampling doesn’t only come with benefits. There are some drawbacks of sampling as well that auditors must face. One of the main disadvantages of audit sampling is that it introduces sampling risk into an audit assignment.
What is Sampling Risk?
Sampling risk is one of the many risks that auditors face during an audit assignment. However, sampling risk, as mentioned above, only comes due to the use of sampling in audits. It represents the possibility that the conclusion that auditors form based on a sample is different from the conclusion that they would have reached if they had tested the entire population. In simpler words, sampling risk represents the difference between the conclusion reached based on sample size, and the conclusion reached based on the whole population.
For example, auditors of a company, ABC Co., select a sample of 30 items from a total population of 100 items. Using the sample, auditors determine that there are no material misstatements in the population. However, had the auditors tested the total population of 100 items, the conclusion of no material misstatements would be false. Therefore, this risk that exists between the conclusion reached based on sample size is different from the conclusion if they had tested the total population entails sampling risk for auditors.
The use of audit sampling and, through it, the existence of sampling risk can affect two major areas of the audit procedures of an audit assignment. These are the test of controls and substantive procedures that auditors use. Both of these areas require auditors to use a sample size rather than checking the total population. Therefore, both of these areas get exposed to sampling risk.
Sampling Risk vs Non-Sampling Risk
The risks of an audit assignment can be classified into different categories. One such categorization depends on whether the risk is sampling risk or non-sampling risk. Non-sampling risk is the opposite of sampling risk. In its simplified form, non-sampling risk refers to the risk that does not relate to the audit sample used by auditors.
However, non-sampling risk is a little bit more complicated than that. Itt is the risk that even though auditors select an appropriate sample, they still reach the wrong conclusion. For example, auditors select a sample of 40 items from a total population of 120. While these 40 items represent the whole population and are materially misstated, the auditors conclude otherwise. Therefore, despite having chosen the right sample, the auditors reached a wrong conclusion. Usually, the non-sampling risk is caused due to wrong procedures or judgments.
Non-sampling risk shows that just picking the right sample does not mean that the risks associated with the audit will minimize. Auditors still need to use the correct procedures to make a good judgment for the selected sample. Wrong procedures or judgments on the auditors’ part have a great impact on the audit opinion expressed by them in the audit report. Sometimes, auditors’ incompetency can also be a factor in non-sampling risk.
Sampling Risk in Relation to Audit Test
As mentioned above, sampling risk can exist in two key areas of an audit because there is sampling involved. These areas include the test of controls and tests of details that auditors perform to obtain audit evidence related to individual transactions. Since they can’t test all the population for a given amount in the financial statements, they must reside in using sampling. Given below is a description of how it exists in relation to these audit tests.
Test of controls
The test of controls is a process in which auditors examine the internal control systems of their clients to ensure these systems are effective in detecting or preventing and correcting material misstatements. Auditors check the test of controls of a client in many ways. One of the ways includes testing the controls that need to exist on an individual transaction level. As stated above, since it is impossible for auditors to check the whole population due to time constraints, they must use sampling, which gives rise to sampling risk.
Through the test of controls, auditors can determine whether they can trust the internal control systems of the client. In the absence of these controls or in case the controls are weak, auditors must enhance their use of substantive testing. The sampling risk with the test of controls is that auditors deem the internal controls of the client as effective or reliable, even though they are not effective and do not help in the prevention or detection of material misstatements. Based on this decision, sampling risk can also affect other aspects of the audit process.
When the auditor accepts ineffective internal controls as reliable, they perform lesser substantive testing than they should have if they correctly detected the ineffectiveness of the controls. They end up doing less work on procedures such as tests of details or substantive analytical procedures, negatively affecting the quality of the audit. It is the sampling risk associated with the test of controls when the internal controls of the client are weak.
However, sampling risk isn’t only limited to doing lesser work. Auditors may also, due to sampling risk, deem the controls of the client as unreliable even when they are effective. In this case, auditors end up doing more work on substantive procedures, even though they shouldn’t. It does not affect the quality of the audit as more work means increased chances of detecting misstatements. However, it does increase the time and costs of the audit, which makes the audit inefficient.
Test of details
Same as tests of controls, tests of details consist of auditors using a sample to verify individual documents. However, in the case of the test of details, the goal isn’t to test the effectiveness of internal controls. The objective of the test of details is to verify the details of transactions. Based on tests of details, auditors make projections based on the misstatements they find on whether these misstatements are material or not. Similarly, it can further affect the opinion of the auditors used in the audit report.
The sampling risk with tests of details is that auditors accept the source documents of the sampled population as acceptable despite the total population not being reliable. Similarly, it exists only because auditors verify the sampled documents to form an opinion regarding the whole population. If auditors had used a larger population instead, the misstatements could have been detected. With tests of details, unlike tests of controls, there are no further tests performed.
Sampling risk in tests of details has more severe repercussions as compared to tests of controls. It is because auditors form an opinion based on tests of details. Therefore, It can impact the audit report as well. It can result in the auditor stating a negative opinion despite the financial statements being free from material misstatement. Similarly, it can also result in the auditors giving an unqualified opinion despite the financial statements having material misstatements.
Auditors can also reject the book value of accounts in the financial statements despite these values being correct. Verifying the book value of accounts is also a part of the tests of details. Usually, auditors can fix the sampling risk in tests of details by performing additional work. However, auditing standards do not recommend that auditors do additional work in case of discrepancies in tests of details. Clients may, however, request auditors to do additional work to prove the book values of accounts as incorrect. Overall, sampling risk in tests of details can affect the efficiency of an audit assignment.
Due to several reasons, mainly including time constraints, auditors cannot verify all the transactions of the client. Therefore, instead, they use sampling to check some items from the total population. However, due to this process, auditors also introduce sampling risk to an audit assignment. It exists because the sample selected does not represent the whole population and results in incorrect conclusions by auditors. It is different from non-sampling risk, which exists because auditors reach a wrong conclusion despite the sample representing the whole population. Sampling risk can affect two major areas of the auditing process, which include tests of controls and test of details.