Book Name: Auditing Case An Interactive Learning Approach 6th Edition

Case Number# 9.6 Hooplah, Inc. page:29

Your audit firm, Garrett and Schulzke LLP, is engaged to perform the annual audit of Hooplah, Inc., for the year ending December 31, 2014. Hooplah is a privately-held company that sells electronics components to companies that manufacture various appliances. The company hires a public accounting firm to provide an audit of its financial statements in order to get favorable terms on its bank loans. Your firm has audited Hooplah for the past three years. For the current audit engagement, your team has already performed most of the audit work; however, there are a few loose ends for you to tie up. Portions of Garrett and Schulzkes audit policy relating to audit sampling are provided to assist you in completing the procedures.

AUDIT SAMPLING

Audit sampling is commonly applied in performing tests of controls and tests of details. Audit sampling involves the application of audit procedures to less than 100 percent of the items in a population of audit relevance, selected in such a way that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population. A sample is usually selected either randomly (using some form of random-number generator) or haphazardly (where the auditor attempts to select items randomly but without using a formal random-number generator).

Auditors often use sampling approaches that involve formal statistical theories and principles, similar to those you may have learned in an introductory statistics class. Statistical sampling applications require the use of random selection, based on a formal random-number generator (such as the one built in to Microsoft Excel or audit software such as ACL). Auditing standards also allow

The case was prepared by Mark S. Beasley, Ph.D. and Frank A. Buckless, Ph.D. of North Carolina State University and Steven M. Glover, Ph.D. and Douglas F. Prawitt, Ph.D. of Brigham Young University, as a basis for class discussion. It is not intended to illustrate either effective or ineffective handling of an administrative situation. Hooplah, Inc. is a fictitious company. All characters and names represented are fictitious; any similarity to existing companies or persons is purely coincidental.

auditors to use non-statistical sampling approaches. Non-statistical audit sampling approaches are based on a foundation of statistical principles, but allow certain departures from formal statistics in order to simplify the auditors task. One such simplification is that non-statistical sampling allows the use of haphazard selection of the items to be examined.

When an auditor examines only a sample instead of all of the items in the population, an element of uncertainty enters into the auditors conclusions. This uncertainty, referred to as sampling risk, is due to the possibility that the sample selected is not representative of the population and that as a result the auditor will reach an incorrect conclusion about the population. It is crucial that sampling risk be taken into account when evaluating the results of any audit procedures that involve sampling.

Sampling approaches also differ depending on the nature of the items the auditor is examining and the objectives of the auditor. Depending on the method of sampling used, different formulas and tables are available to help you determine the number of items to include in the sample. This case has two parts. In Part A you will be asked to use statistical attribute sampling for testing controls. In Part B you will use non-statistical substantive sampling for testing accounts receivable.

PART A: TESTS OF CONTROLS

Before beginning substantive tests for accounts receivable, you and Darrell need to perform tests of important controls over the revenue process to justify the preliminary control risk assessment of low control risk and to determine whether a reliance approach is appropriate for substantive testing. You have decided to test three controls in Hooplahs revenue process:

Sales are properly authorized for credit approval.

Sales are reviewed by the sales manager to ensure that they are properly priced.

Credit memos for sales returns are properly authorized once all goods have been returned.

Garrett and Schulzkes sampling guidance for testing controls is based on attribute

sampling. In testing the operating effectiveness of controls you are interested in determining the likely deviation rate, or the rate at which a control is not properly operating. Testing controls to measure the deviation rate provides evidence about whether the control is operating effectively an acceptably high percentage of the time and helps the auditor determine whether or not the control can be relied upon. Garrett and Schulzkes sample size table for attribute sampling can be found in Appendix A. Use the table to determine the appropriate sample size for tests of controls given a specified tolerable deviation rate and estimated deviation rate. Garrett and Schulzkes controls testing sampling policy indicates that to place high reliance on controls (i.e., to support a low level of remaining control risk) the test must be performed at a high level of assurance, which they define as 95 percent confidence. Thus, only the sample size table associated with 95 percent confidence is provided. In addition to the sample size table, an evaluation table is provided in Appendix A that will help you determine the computed upper deviation rate for the control given the number of detected deviations and the sample size used. The computed upper deviation rate is the sum of the sample deviation rate and an appropriate allowance for sampling risk. In other words, it represents the upper end of the 95 percent confidence interval for the deviation rate in the population. If the computed upper deviation rate indicated is greater than the tolerable deviation rate for the control, the auditor should not rely on the control.

In order to determine the appropriate sample size for your tests, the importance of the control to be tested needs to be assessed. Garrett and Schulzkes policy indicates that any controls the auditor might consider relying on are either highly important or moderately important. According to the firms policies, a deviation rate of only four percent can be tolerated for controls deemed highly important, while a tolerable deviation rate of eight percent can be tolerated for controls deemed moderately important. Some tolerance for error must always exist when using audit sampling because sampling involves sampling risk. The higher the tolerable deviation rate, the lower the sample size.

Based on your knowledge of Hooplas systems, you decide that the first two controls are moderately important, and that the third control is highly important. The other input needed to determine sample size is the estimated population deviation rate. Based on past experience with the client and considering historical rates, you determine that the estimated population deviation rates for the three controls are one percent, two percent, and zero percent, respectively.1

Darrell decided that since all sales pass through the first two controls and since the tolerable deviation rate for those controls is the same, he could be more efficient by using the same sample of transactions to test both controls. He randomly chose 58 sales transactions and tested the documentation for evidence of proper credit approval and review of pricing by the sales manager. After finding only one exception for the first control and two exceptions for the second control, Darrell determined that both controls are operating effectively.Now that Darrell has tested the first two controls, you need to test the third one before moving on to substantive testing.

Question:

From the questions and results above, we have some issues and are not able to conclude that we have achieved Low control risk. What are your suggestions for resolving this in the auditors response (e.g., discuss the changes necessary in the nature, timing, and extent of substantive audit procedures)?