What is audit sampling?
Audit sampling refers to the procedure of less than 100% of the total population of items and an individual item in the population has the same opportunity to be selected. Audit sampling helps the auditor to have the principle to make a conclusion on the total population.
That means by using an audit sampling technique, auditors could make a conclusion on the total population based on the result of selected items.
In other words, auditors do not need to review all the items in the population to make a conclusion. Auditors still meet its objective with fewer works to perform.
However, if the sampling technique or procedure is incorrectly used or applied, the result of audit sampling does not actually represent the total population and auditors might have come to the conclusion that is not correct.
This is how sampling risk has happened.
ISA 530 Audit sampling that covers that audit sampling, sampling technique, and sampling risks.
We recommend reviewing this standard to get a full understanding related to audit sampling. Or you can check this article.
Now before we go to sampling risks, let us summarize the audit risks so that you can have a clear picture of sampling risks.
Audit risks are the risks that an auditor makes an incorrect conclusion and expresses an incorrect audit opinion on the financial statements.
For example, the auditor expresses an unqualified opinion about the financial statements that contain material misstatements.
Audit risks are the combination of three different risks including inherent risks, control risks, and detection. You might want to check this article for detail.
Sampling risks are the risks made by auditors and it is part of detection risks.
If the auditor does not get fully understand the nature of transactions or events of the population, the auditor might design incorrect audit sampling or fail to apply the right sampling method.
This will result in increased sampling risks and subsequently audit risks.
Sampling Risks Vs Non-Sampling Risks:
Sampling risks refer to the risks that arise from the possibility that the auditor’s conclusion, based on a sample, may be different from the conclusion if the entire population was subjected to the same audit procedure.
For example, the sample that auditors decided to select is not large enough to be the population-representative and the result of testing from those sampling will lead the auditor to make the wrong conclusion.
For example, auditors test the control of issuing invoices by randomly selecting 20 invoices and found that five invoices (20%) were incorrectly issued. They conclude that this system is not effectively run.
However, another selection is 1,000 and found that 5 invoices were incorrectly issued. This is how sampling risk affects the conclusion.
The risk can affect both the control test and the substantive test. The control might conclude as more effective or less effective than the actual.
Transactions, events, or account balances might also conclude by auditors as materially misstated or immaterially misstated while the actual is different.
Non-sampling risk arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the sampling risk.
For example, most audit evidence is persuasive rather than conclusive, the auditor might use inappropriate procedures, or the auditor might misinterpret evidence and fail to recognize an error.