Auditors must test the effectiveness of internal controls before signing off on your financial statements., but it is impossible to analyze every transaction that is posted to the general ledger, due to time and budget constraints. Instead, auditors select and analyze a representative sample of transactions to make assertions about the entire population. Here is more on how sampling works and the pros and cons of using it during internal control testing.
Picking a sample
Auditors may use statistical techniques to develop a sample of transactions to test. For example, an auditor might select enough transactions to represent a specific percentage of 1) the total transactions in an account, or 2) the company’s total assets or revenue. Alternatively, a sample of transactions may be pulled randomly using statistical sampling software.
Auditors also can use non-statistical sampling techniques based on a dollar threshold or professional judgment. These techniques tend to be more effective when the CPA has many years of audit experience to make sure the sample chosen is representative of the population of transactions.
Before analyzing a sample, your auditor has expectations about the number of ‘exceptions’ (such as errors and omissions) that will appear in the sample. If the actual exceptions exceed the auditor’s expectation, they may need to perform additional procedures. For instance, your auditor might expand the sample and conduct more testing to assess the degree of non-compliance.
Ultimately, your auditor might conclude that your internal controls are ineffective. If so, they will perform more work to estimate the magnitude of the control failure.
Pros vs. cons
Sampling helps keep audit costs down by streamlining the internal control testing process. It also reduces disruptions to business operations during audit fieldwork. When applied correctly, the results of sampling are theoretically as accurate as if the audit team had analyzed every transaction posted to the general ledger. But, in practice, sampling can sometimes cause problems during internal controls testing.
For example, sampling presumes that controls function consistently across the whole population of transactions. If an exception does not appear in the sample — because the sample was too small or otherwise unrepresentative of the entire population — your audit team could reach the wrong conclusion about the effectiveness of your internal controls.
There also is a risk that your audit team could rely too heavily on non-statistical sampling. Relying more on judgment than statistical methods could result in errors, especially if an auditor lacks professional experience.
A collaborative process
You can help increase the benefits of sampling by providing the audit team with document requests in a timely manner and following up on your auditor’s management points at the end of each year’s audit. It is frustrating to both auditors and business owners when internal control weaknesses recur year after year. Our auditors have extensive experience testing internal controls, and we would be happy to answer any questions you have on testing and sampling techniques.