Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
« Auditing »
Open DEMAT Account in 24 hrs
 Standard on Internal Audit (SIA) 17, Consideration of Laws and Regulations in an Internal Audit
 Standard on Internal Audit (SIA) 16, Using the Work of an Expert
 Standard on Internal Audit (SIA) 14, Internal Audit in an Information Technology Environment
 Standard on Internal Audit (SIA) 13, Enterprise Risk Management
 Standard on Internal Audit (SIA) 12, Internal Control Evaluation
 Standard on Internal Audit (SIA) 11, Consideration of Fraud in an Internal Audit
  Standard on Internal Audit (SIA) 9, Communication with Management
  Standard on Internal Audit (SIA) 8, Terms of Internal Audit Engagement
 Standard on Internal Audit (SIA) 7, Quality Assurance in Internal Audit
 Standard on Internal Audit (SIA) 6, Analytical Procedures
 Standard on Internal Audit (SIA) 5, Sampling
 Standard on Internal Audit (SIA) 4, Reporting
 
 
 

Standard on Internal Audit (SIA) 5, Sampling
November, 28th 2018
              STANDARD ON INTERNAL AUDIT (SIA) 5
                         SAMPLING*

Contents
                                                                                  Paragraph(s)

Introduction....................................................................................... 1-2
Definitions......................................................................................... 3-9
Use of Sampling in Risk Assessment Procedures and
Tests of Controls .......................................................................... 10-12
Design of the Sample ................................................................... 13-19
Sample Size ................................................................................. 20-21
Statistical and Non-Statistical Approaches .................................. 22-26
Selection of the Sample ............................................................... 27-28
Evaluation of Sample Results ...................................................... 29-38
Documentation ...................................................................................39
Effective Date .....................................................................................40
Examples of Factors Influencing Sample Size for Tests of Controls
Examples of Factors Influencing Sample Size for Tests of Details
(TOD)
Methods of Sample Selection
Frequency of Control Activity and Sample Size

The following is the text of the Standard on Internal Audit (SIA) 5,
Sampling, issued by the Council of the Institute of Chartered
Accountants of India. These Standards should be read in
conjunction with the Preface to the Standards on Internal Audit,
issued by the Institute.
In terms of the decision of the Council of the Institute of Chartered
Accountants of India taken at its 260 th meeting held in June 2006,
the following Standard on Internal Audit shall be recommendatory
in nature in the initial period. The Standards shall become
mandatory from such date as notified by the Council.

*
    Published in the October 2008 issue of The Chartered Accountant.
Standard on Internal Audit (SIA) 5

Introduction
1.   The purpose of this Standard on Internal Audit (SIA) is to establish
     standards on the design and selection of an audit sample and provide
     guidance on the use of audit sampling in internal audit engagements.
     The SIA also deals with the evaluation of the sample results. This SIA
     applies equally to both statistical and non-statistical sampling
     methods. Either method, when properly applied, can provide sufficient
     appropriate audit evidence.

2.   When using either statistical or non-statistical sampling methods,
     the internal auditor should design and select an audit sample,
     perform audit procedures thereon, and evaluate sample results
     so as to provide sufficient appropriate audit evidence to meet the
     objectives of the internal audit engagement unless otherwise
     specified by the client.

Definitions
3.   "Audit sampling" means the application of audit procedures to less
     than 100% of the items within an account balance or class of
     transactions to enable the internal auditor to obtain and evaluate audit
     evidence about some characteristic of the items selected in order to
     form a conclusion concerning the population. Certain testing
     procedures, however, do not come within the definition of sampling.
     Tests performed on 100% of the items within a population do not
     involve sampling. Likewise, applying internal audit procedures to all
     items within a population which have a particular characteristic (for
     example, all items over a certain amount) does not qualify as audit
     sampling with respect to the portion of the population examined, nor
     with regard to the population as a whole, since the items were not
     selected from the total population on a basis that was expected to be
     representative. Such items might imply some characteristic of the
     remaining portion of the population but would not necessarily be the
     basis for a valid conclusion about the remaining portion of the
     population.



                                    2
                                                                Sampling

4.   "Error" means either control deviations when performing tests of
     controls, or misstatements, when performing tests of details.

5.   "Population'' means the entire set of data from which the sample is
     selected and about which the internal auditor wishes to draw
     conclusions. A population may be divided into various strata, or sub-
     populations, with each stratum being examined separately.

6.   "Sampling risk`" means the risk that from the possibility that the
     internal auditor's conclusions, based on examination of a sample may
     be different from the conclusion reached if the entire population was
     subjected to the same types of internal audit procedure. The two types
     of sampling risk are ­
     (a)   The risk that the internal auditor concludes, in the case of tests
           of controls (TOC), that controls are more effective than they
           actually are, or in the case of tests of details (TOD), that a
           material error or misstatement does not exist when in fact it
           does.
     (b)   The risk that the internal auditor concludes, in the case of tests
           of controls (TOC), that controls are less effective than they
           actually are, or in the case of tests of details (TOD), that a
           material error or misstatement exists when in fact it does not.
     The mathematical complements of these risks are termed confidence
     levels.

7.   "Sampling unit" means the individual items or units constituting a
     population, for example, credit entries in bank statements, sales
     invoices or debtors' balances.

8.   "Statistical sampling" means any approach to sampling procedure
     which has the following characteristics ­
     (a)   Random selection of a sample; and
     (b)   Use of theory of probability to evaluate sample results,
           including measurement of sampling risk.




                                    3
Standard on Internal Audit (SIA) 5

9.    "Tolerable error" means the maximum error in a population that the
      internal auditor is willing to accept.

Use of Sampling in Risk Assessment Procedures and
Tests of Controls
10.   The internal auditor performs risk assessment procedures to obtain an
      understanding of the entity, business and its environment, including
      the mechanism of its internal control. Ordinarily, risk assessment
      procedures do not involve the use of sampling. However, there are
      cases, where the internal auditor often plans and performs tests of
      controls concurrently with obtaining an understanding of the design of
      controls and examining whether they have been implemented.

11.   Tests of controls are performed when the internal auditor`s risk
      assessment includes an expectation of the operating effectiveness of
      controls. Sampling of tests of controls is appropriate when application
      of the control leaves audit evidence of performance (for example,
      initials of the credit manager on a sales invoice indicating formal credit
      approval).






12.   Sampling risk can be reduced by increasing sample size for both tests
      of controls and tests of details. Non-sampling risk can be reduced by
      proper engagement planning, supervision, monitoring and review.

Design of the Sample
13.   When designing an audit sample, the internal auditor should
      consider the specific audit objectives, the population from which
      the internal auditor wishes to sample, and the sample size.

Internal Audit Objectives

14.   The internal auditor would first consider the specific audit objectives to
      be achieved and the internal audit procedures which are likely to best
      achieve those objectives. In addition, when internal audit sampling is
      appropriate, consideration of the nature of the audit evidence sought
      and possible error conditions or other characteristics relating to that

                                      4
                                                                    Sampling

      audit evidence will assist the internal auditor in defining what
      constitutes an error and what population to use for sampling. For
      example, when performing tests of controls over an entity's purchasing
      procedures, the internal auditor will be concerned with matters such
      as whether an invoice was clerically checked and properly approved.
      On the other hand, when performing substantive procedures on
      invoices processed during the period, the internal auditor will be
      concerned with matters such as the proper reflection of the monetary
      amounts of such invoices in the periodic financial statements. When
      performing tests of controls, the internal auditor makes an assessment
      of the rate of error the internal auditor expects to find in the population
      to be tested. This assessment is on the basis of the internal auditor's
      understanding of the design of the relevant controls, and whether they
      have actually been implemented or the examination of a small number
      of items from the population.

Population

15.   The population is the entire set of data from which the internal auditor
      wishes to sample in order to reach a conclusion. The internal auditor
      will need to determine that the population from which the sample is
      drawn is appropriate for the specific audit objective. For example, if
      the internal auditor's objective were to test for overstatement of
      accounts receivable, the population could be defined as the accounts
      receivable listing. On the other hand, when testing for understatement
      of accounts payable, the population would not be the accounts
      payable listing, but rather subsequent disbursements, unpaid invoices,
      suppliers' statements, unmatched receiving reports, or other
      populations that would provide audit evidence of understatement of
      accounts payable.

16.   The individual items that make up the population are known as
      sampling units. The population can be divided into sampling units in a
      variety of ways. For example, if the internal auditor's objective were to
      test the validity of accounts receivables, the sampling unit could be
      defined as customer balances or individual customer invoices. The
      internal auditor defines the sampling unit in order to obtain an efficient
      and effective sample to achieve the particular audit objectives.

                                       5
Standard on Internal Audit (SIA) 5

17.   It is important for the internal auditor to ensure that the population is
      appropriate to the objective of the internal audit procedure, which will
      include consideration of the direction of testing. The population also
      needs to be complete, which means that if the internal auditor intends
      to use the sample to draw conclusions about whether a control activity
      operated effectively during the financial reporting period, the
      population needs to include all relevant items from throughout the
      entire period.

18.   When performing the audit sampling, the internal auditor performs
      internal audit procedures to ensure that the information upon which
      the audit sampling is performed is sufficiently complete and accurate.

Stratification

19.   To assist in the efficient and effective design of the sample,
      stratification may be appropriate. Stratification is the process of
      dividing a population into sub-populations, each of which is a group of
      sampling units, which have similar characteristics (often monetary
      value). The strata need to be explicitly defined so that each sampling
      unit can belong to only one stratum. This process reduces the
      variability of the items within each stratum. Stratification, therefore,
      enables the internal auditor to direct audit efforts towards the items
      which, for example, contain the greatest potential monetary error. For
      example, the internal auditor may direct attention to larger value items
      for accounts receivable to detect overstated material misstatements.
      In addition, stratification may result in a smaller sample size.

Sample Size
20.   When determining the sample size, the internal auditor should
      consider sampling risk, the tolerable error, and the expected
      error. The lower the risk that the internal auditor is willing to accept,
      the greater the sample size needs to be. Examples of some factors
      affecting sample size are contained in Appendix 1 and Appendix 2 to
      the Standard.




                                      6
                                                                  Sampling

21.   The sample size can be determined by the application of a statistically
      based formula or through exercise of professional judgment applied
      objectively to the circumstances of the particular internal audit
      engagement.

Statistical and Non-Statistical Approaches
22.   The decision of using either statistical or non-statistical sampling
      approach is a matter for the internal auditor's professional judgment.
      In the case of tests of controls, the internal auditor's analysis of the
      nature and cause of errors will often be of more importance than the
      statistical analysis of the mere presence or absence of errors. In such
      case, non-statistical sampling approach may be preferred.

23.   When applying statistical sampling, sample size may be ascertained
      using either probability theory or professional judgment. Sample size
      is a function of several factors. Appendices 1 and 2 discuss some of
      these factors.

Tolerable Error

24.   Tolerable error is the maximum error in the population that the internal
      auditor would be willing to accept and still conclude that the result
      from the sample has achieved the objective(s) of the internal audit.
      Tolerable error is considered during the planning stage and, for
      substantive procedures, is related to the internal auditor's judgement
      about materiality. The smaller the tolerable error, the greater the
      sample size will need to be.

25.   In tests of controls, the tolerable error is the maximum rate of
      deviation from a prescribed control procedure that the internal auditor
      would be willing to accept, based on the preliminary assessment of
      control risk. In substantive procedures, the tolerable error is the
      maximum monetary error in an account balance or class of
      transactions that the internal auditor would be willing to accept so that
      when the results of all audit procedures are considered, the internal
      auditor is able to conclude, with reasonable assurance, that the
      financial statements are not materially misstated.

                                      7
Standard on Internal Audit (SIA) 5

Expected Error

26.   If the internal auditor expects error to be present in the population, a
      larger sample than when no error is expected ordinarily needs to be
      examined to conclude that the actual error in the population is not
      greater than the planned tolerable error. Smaller sample sizes are
      justified when the population is expected to be error free. In
      determining the expected error in a population, the internal auditor
      would consider such matters as error levels identified in previous
      internal audits, changes in the entity's procedures, and evidence
      available from other procedures.

Selection of the Sample
27.   The internal auditor should select sample items in such a way
      that the sample can be expected to be representative of the
      population. This requires that all items or sampling units in the
      population have an opportunity of being selected.

28.   While there are a number of selection methods, three methods
      commonly used are:
             Random selection and use of CAATs
             Systematic selection
             Haphazard selection
      Appendix 3 to the Standard discusses these methods.

Evaluation of Sample Results
29.   Having carried out, on each sample item, those audit procedures
      that are appropriate to the particular audit objective, the internal
      auditor should:
      (a)    analyse the nature and cause of any errors detected in the
             sample;
      (b)    project the errors found in the sample to the population;
      (c)    reassess the sampling risk; and

                                     8
                                                                  Sampling

      (d)    consider their possible effect on the particular internal
             audit objective and on other areas of the internal audit
             engagement.

30.   The internal auditor should evaluate the sample results to
      determine whether the assessment of the relevant characteristics
      of the population is confirmed or whether it needs to be revised.

Analysis of Errors in the Sample

31.   In analysing the errors detected in the sample, the internal auditor will
      first need to determine that an item in question is in fact an error. In
      designing the sample, the internal auditor will have defined those
      conditions that constitute an error by reference to the audit objectives.
      For example, in a substantive procedure relating to the recording of
      accounts receivable, a mis-posting between customer accounts does
      not affect the total accounts receivable. Therefore, it may be
      inappropriate to consider this an error in evaluating the sample results
      of this particular procedure, even though it may have an effect on
      other areas of the audit such as the assessment of doubtful accounts.

32.   When the expected audit evidence regarding a specific sample item
      cannot be obtained, the internal auditor may be able to obtain
      sufficient appropriate audit evidence through performing alternative
      procedures. For example, if a positive account receivable confirmation
      has been requested and no reply was received, the internal auditor
      may be able to obtain sufficient appropriate audit evidence that the
      receivable is valid by reviewing subsequent payments from the
      customer. If the internal auditor does not, or is unable to, perform
      satisfactory alternative procedures, or if the procedures performed do
      not enable the internal auditor to obtain sufficient appropriate audit
      evidence, the item would be treated as an error.

33.   The internal auditor would also consider the qualitative aspects of the
      errors. These include the nature and cause of the error and the
      possible effect of the error on other phases of the audit.

34.   In analysing the errors discovered, the internal auditor may observe
      that many have a common feature, for example, type of transaction,
                                      9
Standard on Internal Audit (SIA) 5

      location, product line, or period of time. In such circumstances, the
      internal auditor may decide to identify all items in the population which
      possess the common feature, thereby producing a sub-population, and
      extend audit procedures in this area. The internal auditor would then
      perform a separate analysis based on the items examined for each
      sub-population.
Projection of Errors

35.   The internal auditor projects the error results of the sample to the
      population from which the sample was selected. There are several
      acceptable methods of projecting error results. However, in all the
      cases, the method of projection will need to be consistent with the
      method used to select the sampling unit. When projecting error
      results, the internal auditor needs to keep in mind the qualitative
      aspects of the errors found. When the population has been divided
      into sub-population, the projection of errors is done separately for
      each sub-population and the results are combined.

36.   For tests of controls, no explicit projection of errors is necessary since
      the sample error rate is also the projected rate of error for the
      population as a whole.

Reassessing Sampling Risk

37.   The internal auditor needs to consider whether errors in the population
      might exceed the tolerable error. To accomplish this, the internal
      auditor compares the projected population error to the tolerable error
      taking into account the results of other audit procedures relevant to
      the specific control or financial statement assertion. The projected
      population error used for this comparison in the case of substantive
      procedures is net of adjustments made by the entity. When the
      projected error exceeds tolerable error, the internal auditor reassesses
      the sampling risk and if that risk is unacceptable, would consider
      extending the audit procedure or performing alternative internal audit
      procedures.









                                     10
                                                                       Sampling

38.   If the evaluation of sample results indicate that the assessment of the
      relevant characteristic of the population needs to be revised, the
      internal auditor, may:
      (a)      Request management to investigate the identified errors and the
              potential for any further errors, and to make necessary
              adjustments, in cases where management prescribes the sample
              size; and / or
      (b)     Modify the nature, timing and extent of internal audit procedures.
              In case of tests of controls, the internal auditor might extend the
              sample size, test an alternative control or modify related
              substantive procedures; and / or
      (c)     Consider the effect on the Internal Audit Report.
Documentation
39.   Documentation provides the essential support to the opinion and/ or
      findings of the internal auditor. In the context of sampling, the internal
      auditor's documentation may include aspects such as:
      i.      Relationship between the design of the sample vis a vis specific
              audit objectives, population from which sample is drawn and the
              sample size.
      ii.     Assessment of the expected rate of error in the population to be
              tested vis a vis auditor's understanding of the design of the
              relevant controls
      iii.    Assessment of the sampling risk and the tolerable error.
      iv.     Assessment of the nature and cause of errors.
      v.      Rationale for using a particular sampling technique and results
              thereof.
      vi.     Analysis of the nature an cause of any errors detected in the
              sample.
      vii.    Projection of the errors found in the sample to the population.
      viii.   Reassessment of sampling risk, where appropriate.
      ix.     Effect of the sample results on the internal audit's objective(s).

                                        11
Standard on Internal Audit (SIA) 5

      x.    Projection of sample results to the characteristics of the
            population.

Effective Date
40.   This Standard on Internal Audit is applicable to all internal audits
      commencing on or after______. Earlier application of the SIA is
      encouraged.




                                   12
                                                                      Sampling


                                                                 Appendix 1
Examples of Factors Influencing Sample Size for Tests of
Controls
The following are some factors which the internal auditor considers when
determining the sample size required for tests of controls (TOC). These
factors need to be considered together assuming the internal auditor does
not modify the nature or timing of TOC or otherwise modify the approach to
substantive procedures in response to assessed risks.


Factor to be considered by Internal Auditor                Effect on sample
                                                           size
An increase in the extent to which the risk of material    Increase
misstatement is reduced by the operating
effectiveness of controls
An increase in the rate of deviation from the              Decrease
prescribed control activity that the internal auditor is
willing to accept
An increase in the rate of deviation from the Increase
prescribed control activity that the internal auditor
expects to find in the population
An increase in the internal auditor's required             Increase
confidence level
An increase in the number of sampling units in the         Negligible effect
population

Notes ­
1.   Other things being equal, the more the internal auditor relies on the
     operating effectiveness of controls in risk assessment, the greater is the
     extent of the internal auditor's tests of controls, and hence the sample
     size is increased.



                                       13
Standard on Internal Audit (SIA) 5

2.   The lower the rate of deviation that the internal auditor is willing to
     accept, the larger the sample size needs to be.
3.   The higher the rate of deviation that the internal auditor expects, the
     larger the sample size needs to be so as to make a reasonable estimate
     of the actual rate of deviation.
4.   The higher the degree of confidence that the internal auditor requires
     that the results of the sample are indicative of the actual incidence of
     errors in the population, the larger the sample size needs to be.
5.   For large populations, the actual population size has little effect on
     sample size. For small populations, sampling is often not as efficient as
     alternative means of obtaining sufficient appropriate audit evidence.




                                     14
                                                                  Sampling


                                                               Appendix 2
Examples of Factors Influencing Sample Size for Tests of
Details (TOD)
The following are some factors which the internal auditor considers when
determining the sample size required for tests of details (TOD). These factors
need to be considered together assuming the internal auditor does not modify
the nature or timing of TOD or otherwise modify the approach to substantive
procedures in response to assessed risks.


Factor to be considered by Internal Auditor                   Effect      on
                                                              sample size
An increase in the internal auditor's assessment of the       Increase
risk of material misstatement
An increase in the use of other substantive procedures by     Decrease
the internal auditor, directed at the same assertion
An increase in the total error that the internal auditor is   Decrease
willing to accept (Tolerable Error)
Stratification of the population when appropriate             Decrease
An increase in the amount of error which the internal         Increase
auditor expects to find in the population
An increase in the internal auditor's required confidence     Increase
level
The number of sampling units in the population                Negligible
                                                              effect




                                      15
Standard on Internal Audit (SIA) 5


                                                                 Appendix 3
Methods of Sample Selection
The principal methods of sample selection are as ­
1.   Using a computerised random number generator or through random
     number tables.
2.   Systematic selection ­ In this method, the number of sampling units in the
     population is divided by the sample size to give a sampling interval, for
     example 20, and having thus determined a starting point within the first 20,
     each 20th sampling unit thereafter is selected. Although the starting point
     may be haphazardly determined, the sample is likely to be truly random if
     the same is determined by using a computerised random number generator
     or random number tables. In this method, the internal auditor would need to
     determine that sampling units within the population are not structured in
     such a way that the sampling interval corresponds with any particular
     pattern within the population.
3.   Haphazard selection ­ In this method, the internal auditor selects the
     sample without following any structured technique. The internal auditor
     should attempt to ensure that all items within the population have a
     chance of selection, without having any conscious bias or
     predictability. This method is not appropriate when using statistical
     sampling technique.
4.   Block selection ­ This method involves selection of a block(s) of adjacent
     or contiguous items from within the population. Block selection normally
     cannot be used in internal audit sampling because most populations are
     structured in such a manner that items forming a sequence can be
     expected to have similar characteristics to each other, but different
     characteristics from items elsewhere in the population. This method would
     not be an appropriate sample selection technique when the internal auditor
     intends to draw valid inferences about the entire population, based on the
     sample.




                                      16
                                                                     Sampling


                                                                  Appendix 4
Frequency of Control Activity and Sample Size
The following guidance related to the frequency of the performance of control
may be considered when planning the extent of tests of operating effectiveness
of manual controls for which control deviations are not expected to be found. The
internal auditor may determine the appropriate number of control occurrences to
test based on the following minimum sample size for the frequency of the control
activity dependant on whether assessment has been made on a lower or higher
risk of failure of the control.


Frequency of control activity                     Minimum sample size
                                                      Risk of failure
                                            Lower                Higher
Annual                                      1                    1
Quarterly (including period- end, i.e., +1) 1+1                  1+1
Monthly                                     2                    3
Weekly                                      5                    8
Daily                                       15                   25
Recurring manual control (multiple times 25                      40
per day)
Note : Although +1 is used to indicate that the period­end control is tested, this
does not mean that for more frequent control operations the year-end operation
cannot be tested.




                                       17

Home | About Us | Terms and Conditions | Contact Us
Copyright 2024 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting