Attribute Sampling Plans Article:

Attribute Samplingrepresent the most common statistical application used by internal auditors to test the effectiveness of controls and determine the rate of compliance with established criteria.

When developing an attribute sampling plan, the auditor must first define the audit test objective, population involved, sampling unit, and control items to be tested

4 statistical parameters to determine an appropriate sample size:

Confidence levelreliability the auditor places on the samples results (a 95 percent confidence level means the auditor assumes the risk that 5 out of 100 samples will not reflect the true values in the population)

Expected Deviation Rateauditor’s best estimate of the actual failure rate of a control in a populationrate is based on client inquiries, changes in personnel, process observations, prior year test results, or the results of a preliminary sample

Tolerable RateMaximum rate of noncompliance the auditor will tolerate and still rely on the prescribed control

Populationcontains all items to be considered for testingeach must have an unbiased chance of selection to ensure the final sample is representative of the entire population
Example: Auditor estimates a 1.5% expected deviation rate of missing credit approvals relative to total sales orders, establishes a tolerable rate of 6%, and accepts a 95% confidence level that the sample results will reflect missing credit approvals fairly in the population: See Statistical Sample Sizes for Test of Controls Chart below to find that the appropriate sample size is 103 sales orders that should be tested

Each of the sales orders can be randomly selected using a randomnumber table or systematic selectionpicking every nth sales order as long as the first item sampled is randomly selectedthe results may be skewed if missing credit approvals occur in a systematic pattern

Suppose 4 sales orders lacked appropriate credit approval in the sample test, the auditor would project these results to the entire population by calculating the upper deviation ratea statistical estimate of the maximum deviation rate in the populationthis rate can be determined using a simple statistical table or a manual or computergenerated computation

Using the Statistical Sampling Results Evaluation Table for Tests of Controlsthe upper deviation rate in the example would be about 9%

If the upper deviation rate is less than the auditor’s tolerable rate, the auditor would consider the control effective

If the upper deviation rate is greater than the tolerable rate, the auditor would consider the control ineffective

In this example the upper deviation rate (9%) is greater than tolerable rate (6%)therefore, the auditor would advise management not to rely on the control, concluding with 95% certainty that the rate of missed credit approvals exceeds the tolerable rate
http://www.theiia.org/intAuditor/backtobasics/2010/attributesamplingplans/
A Practical Guide to Sampling Article:

Sample designmethod of selection, the sample structure and plans for analyzing and interpreting the resultsmore complex the design, larger the sample size

Sampling Framea list of all units in your population

Sample SizeDepends on 5 key factors:

Population Sizetotal number of items in the populationonly important if the sample size is greater than 5% of the population in which case the sample size reduces

Population Proportionthe portion of items in the population displaying the attributes that you are seeking

Margin of error or precisiona measure of the possible difference between the sample estimate and the actual population valuethe better the design, the less margin of error, smaller sample size required

Variability in the Populationthe standard deviation is the most usual measure and often needs to be estimatedmore variability the less accurate the estimate and the larger the sample size required

Confidence Levelhow certain you want to be that the population figure is within the sample estimate and its associated precisionhigher the confidence level, larger the sample size (usually 95%)
The following table shows the sample size needed to achieve the required precision depending on the population proportion using simple random sampling. For example, for a margin of error of 5% and a population proportion of 70%, a sample size of 323 is required at the 95% confidence level.
Figure 1: Sample size lookup table









Population Proportion Precision (at the 95 per cent confidence level)
Margin of error






Population proportion

±12%

±10%

±8%

±5%

±4%

±3%

±2%

±1%



50%

66

96

150

384

600

1,067

2,401

9,604



45% or 55%

66

95

148

380

594

1,056

2,376

9,507



40% or 60%

64

92

144

369

576

1,024

2,305

9,220



35% or 65 %

60

87

136

349

546

971

2,184

8,739



30% or 70%

56

81

126

323

504

896

2,017

8,067



25% or 75%

50

72

112

288

450

800

1,800

7,203



20% or 80%

42

61

96

246

384

683

1,536

6,147



15% or 85%

34

48

76

195

306

544

1,224

4,898



10% or 90%

24

35

54

138

216

384

864

3,457



5% or 95%

12

18

28

72

114

202

456

1,824














If you are expecting nonresponse or a difficulty in locating your sample selections then it is prudent to over sample

To ensure that the sample size achieved provides the required level of precision.








MethodDefinitionUsesLimitations

MultiStage Samplingthe sample is drawn in 2 or more stagesusually the most efficient and practical way to carry out large survey of the publiccomplex calculations of the estimates and associated precision

Probability Proportional to Sizesamples are drawn in proportion to their size giving a higher chance of selection to the larger itemswhen you want each element to have equal chance of selection rather than each sampling unitcan be expensive to get the information to draw the sample. Only appropriate if you are interested in the elements

Quota SamplingThe aim is to obtain a sample that is representative of the population. The population is stratified by important variables and the required quota is obtained from each stratumIt is a quick way of obtaining a sample, it can be fairly cheap, if there is no sampling frame it may be the only way forward, additional information may improve the credibility of the resultsnot random so stronger possibility of bias, good knowledge of population characteristics is essential, estimates of the sampling error and confidence limits probably can’t be calculated

Simple Random SamplingEnsures every member of the population has an equal chance of selectionproduces defensible estimates of the population and the sampling error, simple sample design and interpretationneed complete and accurate population listing, may not be practicable if a countrywide sample would involve lots of audit visits

Stratified SamplingThe population is subdivided into homogenous groups, the strata can have equal sizes or you may wish a higher proportion in certain strataensures units from each main group are included and may therefore be more reliably representative, should reduce the error due to samplingselecting the sample is more complex and requires good population information, the estimates involve complex calculations

Systematic SamplingAfter randomly selecting a starting point in the population between 1 and n, every nth unit is selected, when n equals the population size divided by the sample sizeeasier to extract the sample than simple random, ensures cases are spread across the populationcan be costly and time consuming if the sample is not conveniently located, can’t be used where there is periodicity in the population
Sampling Methodologies (http://www.occ.treas.gov/handbook/sampmeth.pdf)

Examiners should consider quantity of risk, direction of risk, and quality of risk management in determining precision levels to use. In designing samples, the precision limit affects the sample size; the smaller the precision limits, the larger the size of the sample selected and the smaller amount of exceptions allowable

When an examiner can tolerate few exceptions, a precision of 5% is normally chosen. When an examiner can tolerate a large rate of exceptions, a precision of 20% is normally chosen. Precision levels greater than 20% is not recommended
AU Section 350Audit Sampling:
Attribute Sampling
Attribute sampling is a statistical approach used with tests of controls. It requires the use of a probabilistic sample selection method (random or systematic sampling). Attribute sampling allows the auditor to estimate the proportion of population items containing a specified characteristic. The characteristic auditors are concerned with for tests of controls is deviations from internal controls.
Sample size for attribute sampling can be determined by reference to attribute sampling tables. These sample determination tables require the auditor to establish three factors:

Risk of assessing control risk too low represents the risk that the auditor concludes that the design and operation of an internal control is effective when in fact it is not. The level used for this risk is based on the auditor's desired control risk assessment. The lower the desired control risk assessment the lower the needed risk of assessing control risk too low. This risk is inversely related to sample size.

Expected Population Deviation Rate represents the auditor's best estimate of the population deviation rate. This rate is normally based on prior experience with the client. This rate is directly related to sample size.

Tolerable Deviation Rate represents the highest deviation rate the auditor could accept and still conclude that the design and operation of an internal control is effective. This rate is based on the tolerable misstatement relative to the number and dollar size of transactions included in the population. Tolerable misstatement represents the maximum misstatement that could occur before the population would be considered materially misstated. The lower the required tolerable misstatement relative to the number and dollar size of transactions the lower the needed tolerable deviation rate. This rate is inversely related to sample size.
Sample results are evaluated by comparing the computed maximum population deviation rate to the tolerable deviation rate. The computed maximum population deviation rate equals the sample deviation rate plus an allowance for sampling risk. If the maximum population deviation rate is larger than the tolerable deviation rate the auditor will conclude that the design and operation of the internal control is not effective. If the computed maximum population deviation rate is less than or equal to the tolerable deviation rate the auditor will conclude that the design and operation of the internal control is effective. 