The extent and nature of audit procedures is determined by the level of detection risk required to bring audit risk to an acceptable level. Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements. If auditor make such mistakes in the audit risk model, audit sampling applies to then whole point in auditing financial statements is wasted as auditor has concluded that everything is fine where in fact its not. Therefore, such kind of errors lead to ineffective audits because of inappropriate audit opinion i.e. it affects EFFECTIVENESS of audit.
If an appropriate audit sampling method is applied on top of proper risk assessment, the auditor would have selected samples firstly from the higher risk population and then from the remaining population. The first sampling risk is that it may lead to an incorrect audit opinion being formed by the auditor. As mentioned above, audit sampling relies on certain audit sampling methods to identify samples that are representative of the entire population. Sampling allows the auditor to test selected items that are representative of the total population so that he still can obtain sufficient and appropriate audit evidence. As a result, with an appropriate sampling method, the auditor does not need to review the entire population to issue an audit opinion.
On the other hand, there is also a risk where auditors reject the book value of the account but the book value is actually correct. In this case, as they reject the population that doesn’t contain material misstatement, the client usually demands them to perform additional work to prove that the book value is actually correct. On the other hand, they may reject internal control reliance when internal control is actually effective. This may lead to them performing more work on tests of details than necessary making the audit work not efficient.
Control Risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. The audit risk model indicates the type of evidence that needs to be collected for each transaction class, disclosure, and account balance. It is best determined during the planning stage and only possesses little value in terms of evaluating audit performance. However, this does not mean that audit sampling is risky and that auditors should avoid it.
Sampling in Substantive Tests of Details
Detection risk forms the residual risk after taking into consideration the inherent and control risks pertaining to the audit engagement and the overall audit risk that the auditor is willing to accept. The client is said to demonstrate a high control risk of the controls if a specific assertion does not operate effectively or if the auditor deems that testing the internal controls would be an inefficient use of audit resources. This should not discourage auditors from applying the sampling approach as it is just an example that audit sampling may lead to an incorrect conclusion on the effectiveness of control. To illustrate, the auditor is auditing revenue and are selecting samples to be tested.
- However, another selection is 1,000 and found that 5 invoices were incorrectly issued.
- For example, auditors test the control of issuing invoices by randomly selecting 20 invoices and found that five invoices (20%) were incorrectly issued.
- It’s also impossible to gather all relevant evidence, as auditors are bound by cost and time restrictions during the initial stages of an audit.
- The relationships between these independent risks are illustrated in table 2.
- Audit sampling is not only applied to substantive testing but is also applied to control testing by auditors.
- 9The auditor who prefers to think of risk levels in quantitative terms might consider, for example, a 5 percent to 10 percent risk of assessing control risk too low.