A group of people are working on a financial success plan on a table.
A person is typing on a laptop computer with a graph on the screen.
April 5, 2022

Strategic Audit Sampling

As a best practice, sampling should be a CPA’s last line of defense! Here’s why.

Do we always need to sample? That’s a question many CPAs ask themselves when getting ready to conduct audit engagement.

An important aspect of planning an audit is deciding the extent of which audit procedures to perform. Decisions about the extent of testing may be dependent on the number of client locations or components to be tested and/or the cutoff amount for individually significant items (ISI) and sample sizes.


Authoritative guidance applies when audit engagement teams decide to use audit sampling in performing audit procedures which can be found in Professional Standards of the American Institute of Certified Public Accountants (AICPA) - AU-C 530B, Audit Sampling. AU-C 530B addresses the engagement team’s use of statistical and nonstatistical sampling when: (a) designing and selecting the audit sample, (b) performing tests of details and tests of controls and (c) evaluating the sampling results.


Guidance requires that when audit engagement teams design tests of controls and/or tests of details, they should determine an approach to selecting items for testing that is effective in meeting the purpose of the audit procedure. Approaches to selecting items for audit testing are as follows: (a) selecting all items in the population (100% testing), (b) target items and (c) audit sampling. Engagement teams may apply any one or a combination of these approaches to selection depending on the facts and circumstances.


Audit sampling enables conclusions to be drawn about an entire population based on tests of a sample taken from that population. The ability to draw valid conclusions based on a sample depends on determining an appropriate sample size, having an appropriate sampling approach and method of selection, and appropriately following up on exceptions.


So, the answer to our opening question regarding whether auditors need to always sample, the answer is (drumroll, please); no! The biggest mistake we make as auditors is to automatically select a sample and perform detailed testing. We have to think about more efficient ways of gaining assurance over an account balance (or a class of transaction) and still ensure the risk is eliminated or appropriately mitigated to an acceptable level. As a best practice, sampling should be used as our last resort. However, in some situations, there may be no alternative but to sample. So, for example, where a population (or part of a population) is material to the audit, consisting of only low value similar items (or transactions), and where the nature of the account is such that analytical review procedures cannot be used, then audit sampling may be our only option in the absence of any suitable controls that could be tested.

 

Here are some upfront questions we should be asking ourselves:

  • Are there any controls at the client we can rely on?
  • What procedures are we performing on the account?
  • What is the level of assurance we will obtain from these procedures?
  • What is the remaining balance amount of the account?
  • Is the remaining balance a significant risk?

 

So, before sampling, it’s advisable to conduct target testing on high-risk transactions first. If you separate and test account balances identified as high risk (e.g., accounts that belong to customers the client has had difficulties with in the past or have unusually high dollar amounts), you may be able to reduce the sample size, or forgo audit sampling altogether. When you complete this type of target testing, you’re taking the inherent risk—the susceptibility of an account balance or class of transactions to material misstatement— from a high risk and bringing it down to a moderate risk.


Often, auditors forgo target testing and leave the inherent risk high, which in turn, causes your sample size to be higher. By target testing high-risk transactions first, you’ll achieve a greater efficiency in coverage.

Remember, you don’t always need to sample. Assess what additional procedures you can perform first before sampling. Your audit approach needs to be tailored based on the nature of the balance you’re testing and the related risks. If the remaining balance is immaterial and you have not raised a significant risk, then no further audit work is needed. It is important to reassess inherent risk over the remaining population in order to obtain sufficient appropriate audit evidence in the most efficient manner.

 


Collemi Consulting has significant expertise in the nuances of deciding whether engagement teams should perform audit sampling and if so, how to properly determine an adequate sample size. We recommend CPA firms and auditors to contact us before or during audit planning so we can assist with the sampling process to maximize efficiency and help ensure that you’ll able to issue an appropriate opinion under Professional Standards.

Learn More

Testing of Non-Standard Journal Entries to Identify Questionable Transactions

By Jennifer Ruf March 24, 2025
As audit season is in high gear, it’s important for auditors to step back and plan how they are going to audit a client’s books and records. What are the red flags you’re looking for when it comes time to throw open the books and look through a huge swath of journal entries to pluck out the ones that are questionable, and need to be questioned? First off, it’s important to understand how journal entries are created at the company being audited. For an auditor, that means looking at the internal control environment to understand how a journal entry is created: Who’s authorized to create one and who can create one. You have to understand the process. How does it start and how is the entry eventually recorded onto the financial reporting system? Once you know that, you can determine whether someone can come in and override the system, or if someone can pretend to be someone else and start recording journal entries onto the system. That will help you figure out what to look for to decide what entries to pull out and ask management to get back up information to support and validate those entries. Finding the needle The key here is not to just go through the mechanics, but to really go through the exercise so you can determine if management is playing games in the recording of those transactions. You have to be able to get comfortable with that, and that means you need to be able to document what you’re looking for. Because what the auditor is really doing is looking for a “needle in the haystack”, to identify the transactions that don’t look right, that don’t make sense in the ordinary course of business. For example, if the business is not open on weekends, are transactions being posted on a Saturday or Sunday, or even on holidays? If you see rounded numbers or accounts that are seldom used, those can be red flags as well. Sometimes it can be as simple as asking managers and others like accounting, data entry and IT personnel if they’ve observed any unusual accounting entries. Depending on the size of the company and scope of the work, you might need to use computerized audit software program — some of them with AI built in — that can scan the entries to identify anomalies. Red flags When an auditor is looking for evidence of management override of controls, they can look for some of these 12 red flags indicators: ● Top-side entries ● Entries made to unrelated, unusual or seldom-used accounts ● Entries made by individuals who typically don't make entries. ● Entries recorded at the end of the period ● Post-closing entries with no explanations ● Entries made before or during the preparation of financial statements with no account numbers ● Entries that contain rounded numbers or a consistent ending number ● Entries processed outside the normal course of business ● Accounts that contain transactions that are complex or unusual in nature ● Accounts that contain significant estimates and period-end adjustments ● Accounts that have been prone to errors in the past ● Accounts that contain intercompany transactions When testing non-standard journal entries and other adjustments, you should look for documentary evidence indicating that they were properly supported and approved by management. Finally, remember that while most fraudulent entries are made at the end of a reporting period, you shouldn't ignore the rest of the year  Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.

It’s Time For Year-End Audits

December 20, 2024
Are you prepared?
A woman's hands holding a microphone

Shake It Off

December 9, 2024
Conquer your fear of public speaking and present like a pro
Man with hand by his ear straining to listen.

Hear, Hear!

December 4, 2024
Boost your business by becoming adept at active listening.
More Posts
Share by: