The Financial Reporting Council (FRC) has recently published its Thematic Review: Audit Sampling. Whilst this review focusses upon Tier 1 firms (the largest audit firms), its findings are relevant for all auditors to be aware of.
In this blog we take a look at the highlights of the review.
There is not one ‘right’ approach
There are many different ways in which the objectives of ISA (UK) 530 Audit Sampling can be met and for firms which formed part of the review, their methodologies provided a range of statistical and non-statistical tools for engagement teams to deploy.
Most firm’s sampling methodologies are based on the same underlying audit sampling theory, adapted or added to by each particular firm, as they consider appropriate.
Even where statistical sampling methods are used, there is still a significant amount of judgement required by engagement teams. Key judgements include:
- The level of risk
The sampling method will need to leverage a risk level (whether inherent risk or risk of material misstatement) in order to determine a statistical sample size. This in itself requires a significant amount of judgement on the part of the engagement team and should be clearly documented as part of risk assessment procedures.
- The level of evidence obtained from other procedures
In its review, the FRC found that in the participating Tier 1 firms, when relying on assurance gained from other procedures (such as substantive analytical review), very little explanation was given (if at all) as to why the engagement team believed it had assurance from other work.
Relying on this other work often substantially reduced the number of items selected, and in some instances, this reduced the number of items selected to a level below that which would enable a conclusion to be drawn.
Engagement teams are reminded that when placing reliance on other procedures to reduce sample sizes, care should be taken to ensure those procedures are suitably performed – for example, substantive analytical procedures utilised must adhere to ISA (UK) 520 Analytical Procedures. Where such procedures are not suitably performed, reliance should not be placed upon them to reduce sample sizes.
For ease of use, most methodologies set bandings for reliance, to avoid the need for the engagement team to have to be too specific as to how much reliance to place. Nevertheless, there is still a significant amount of judgement required in which banding the evidence obtained from other procedures falls into.
Information provided by the entity (IPE)
Whilst sampling can produce excellent audit evidence, this is only the case where it is based on accurate data to start with. Most population data is provided by the entity. Auditors must check the reliability of the data provided before sampling from it.
Looking to the future
All the firms involved in the Thematic Review saw an increasing role for technology and in particular audit data analytics (ADA) in the future. Despite some of these Tier 1 firms already investing significant amounts in such technologies, traditional sampling for the purpose of substantive test of details is currently dominant, with firms expressing difficulties in obtaining data of sufficiently high quality from the entities they audit, coupled with difficulties in recruiting staff with appropriate skillset.
There is no doubt that ADA will have an increasing part to play in audit, and as it embeds within the Tier 1 firms it is likely smaller firms will start to adopt it too.
How can Mercia help?
Mercia offers a wide range of training, including on regular updates on auditing and accountancy.
Mercia’s audit methodology is available to guide auditors though sampling, and our experts are also on hand to answer your specific queries through our technical query service.