Understanding sampling in the single audit.(issue an opinion of compliance to decision making)

Publication: CPA Government & Nonprofit Report

Publication Date: 01-FEB-06

Bookmark this article Print this article Link to this article Email this article Digg It! Add to del.icio.us RSS

COPYRIGHT 2006 Aspen Publishers, Inc.

Invariably in my single audit classes, there continues to be some questions over sampling and sample sizes in the single audit. The single audit generally requires the use of sampling in the testing of internal controls and in the compliance area for all major programs. Sampling is used whenever the auditor decides to test less than 100% of the population items and whenever sampling is used, it must conform to the requirements of SAS 39. Sampling may involve statistical or non-statistical sampling. Most auditors choose to use non-statistical sampling.

Internal Control

A single audit requires the auditor to document internal controls over compliance for all major programs (see Part 6 of the OMB Compliance Supplement). If the auditor believes those internal controls that were documented are adequate to prevent or detect material noncompliance with a compliance requirement, then those controls must be tested for each major program. OMB Circular A-133 further requires the auditor to test those controls to support a planned control risk assessment of low.

In testing internal controls, the AICPA Audit Guide, "Government Auditing Standards and Circular A-133 Audits" allows the auditor to use one or more of the following testing procedures: inquiry, observation, reading or inspection, or sampling.

Establishing a planned control risk assessment of low is really only applicable for the sampling procedure. It does not make much sense for the auditor to use the concept of low when they are making inquiries, observing procedures, or reading or inspecting documents. Is the auditor to make more inquiries or to talk to the person longer than they otherwise would? I doubt it. For the same logical reason that the auditor would not observe more occasions or for longer periods of time than necessary, or to read the document twice when once would have been sufficient. So in a practical sense, the concept of low control risk assessment is only applicable when using sampling to test the controls.

When using sampling, the auditor must refer to the sampling table that is part of their auditing procedures, and refer to the low control risk assessment and the number of errors they might expect to encounter.

For many auditors of local governments and nonprofit organizations, the sampling table for a low control risk assessment and for zero anticipated errors results in a minimum sample size of 40. If the auditor anticipates one error, as opposed to zero, then the minimum sample size will be 60. To go beyond a sample size of 60 is not practical for the average auditor. As a consequence, most auditors use the anticipated error sizes of zero and one.

Some sampling programs are designed to allow the auditor to test less than 40 samples,...

Read the full article for free courtesy of your local library.