attribute sampling

7. ATTRIBUTES SAMPLING

At the end of this chapter the student should be able to:

Define 'audit sampling' Explain different sampling selection methods Distinguish between attributes sampling and variables sampling Distinguish between the two types of sampling risk as they relate to Internal Control

and their impact on the audit Explain the impact that certain factors have upon the design of a sample for testing

Internal Control.

We may recall that because auditors cannot audit every single item (as in the case of a medium size to large company) they need to take a sample. We will now look at the various concepts and principles which pervade audit sampling and then we will look at the application thereof to tests of controls. The consideration of sampling as applied to substantive testing will be covered in Chapter 9.

Audit sampling1 is the application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class

Audit objective -The auditor has to consider the specific audit objectives to be achieved and the audit procedures which are likely to best achieve those objectives, In addition, when audit sampling is appropriate, the consideration of the nature of the audit evidence sought and possible error conditions or other characteristics relating to the audit evidence will assist the auditor in defining what constitutes an error and what population to use for sampling. For example, when performing tests of controls over an entity’s purchasing procedures, the auditor will be concerned with matters such as whether an invoice was clerically checked and properly approved. On the other hand, when performing substantive procedures on invoices processed during the period, the auditor will be concerned with matters such as the proper reflection of the monetary amounts of such invoices in the financial statements.

Population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. The auditor should determine that the population from which the sample is drawn is appropriate for the specific audit objective. The population is the entire set of data from which the auditor wishes to sample in order to reach a conclusion. The auditor should determine that the population from which the sample is drawn is appropriate for the specific audit objective. For example, if the auditor’s objective were to test for overstatement of accounts receivable, the population could be defined as the 1 This is covered in ISA 530 – Audit Sampling

AUDITING - The International Way 183


accounts receivable listing (sampling frame2). On the other hand, when testing for understatement of accounts payable, the population would not be accounts payable listing but rather subsequent disbursements, unpaid invoices, suppliers’ statements, unmatched receiving reports or other populations that would provide audit evidence of understatement of accounts payable.

The individual items that make up the population are known as sampling units. The population can be divided into sampling units in a variety of ways. For example, if the auditor’s objective is to test the validity of accounts receivable, the sampling unit could be defined as customer balances or individual customer invoices. The auditor defines the sampling unit in order to obtain an efficient and effective sample to achieve the particular audit objectives.

Stratification is the process of dividing a population into sub-population, each of which is a group of sampling units, which have similar characteristics (often monetary value). The strata must be explicitly defined so that each sampling unit can belong to only one stratum. This process reduces the variability of the items within each stratum. Stratification therefore enables the auditor to direct audit efforts towards the items which, for example, contain the greatest potential monetary error. For example, the auditor may direct attention to larger value items for accounts receivable to detect material overstated material misstatements. In addition, stratification may result in a smaller sample size.

E.g. A population of accounts receivable may have a total of 250 accounts, stratified as follows:

Stratum Size Composition of Stratum

1 22 All accounts > $500,0002 123 All accounts between $100,000 and $500,0003 85 All accounts < $100,0004 6 All accounts with nil balances5 14 All accounts with credit balances

Sampling Risk - the risk that the auditor's conclusion, based on a sample, might be different from the conclusion which would be reached if the test were applied in the same way to the entire population

Non-Sampling Risk - this includes all aspects of audit risk that are not due to sampling. E.g.

a) The failure to select appropriate audit proceduresb) The failure to recognize errors in documents examinedc) Misinterpreting the results of audit tests

2 The physical representation of the individual items in the population used to select the sample.



To fully comprehend the position that sampling/non-sampling risk holds in the audit risk model let us revisit figure 4.1 on page 79 and then expand it as shown in Figure 7.1 below:

FIGURE 7.1

AUDIT RISK = RISK OF MATERIAL MISSTATEMENT * RISK AUDITOR DOES NOT DETECT MISSTATEMENTS

AUDIT RISK = INHERENT RISK * CONTROL RISK * DETECTION RISK

SAMPLING RISK NON-SAMPLING RISK

Tolerable error - the maximum error in the population that the auditor would be willing to accept and still conclude that the result from the sample has achieved the audit objective.

Expected error - the expected error in a population. In arriving at this figure, the auditor would ordinarily consider such matters as error levels identified in previous audits, changes in the entity’s procedures and evidence available from other procedures.

Sample size - the amount of sampling units that will be examined. The determination of this amount is dependent upon the planned assessed level of control risk, the sampling risk, the tolerable error and the expected error.

Unexamined Sample Items - this refers to selected missing sample items. A fundamental sampling tenet is that auditing procedures appropriate to a particular audit objective should be applied to each sample item, but the auditor may not be able to apply a planned audit procedure to selected sample items because, for example, supporting documentation may be missing.

What should the auditor do when items cannot be located? Generally, the auditor first should assess whether the missing item is a fraud indicator. If the item is simply missing, then the auditor’s action depends on the effect the missing item will have on the sample evaluation. That is, if the auditor’s conclusion based on the sample would not change by considering the item a deviation or misstatement, it is not necessary to attempt to locate the missing item. But, if the inability to examine the item leads to a conclusion that an account balance is materially misstated, the auditor will have to consider applying alternative procedures. Alternative procedures should generate sufficient evidence to permit the auditor to determine whether the account balance is acceptable.



Evaluation of sample results - having carried out, on each sample item, those audit procedures that are appropriate to the particular audit objective, the auditor should:a) analyze any errors detected in the sample andb) project the errors found in the sample to the population, then come to a conclusion.

a) Analyze any errors detected in the sample - In analyzing the errors detected in the sample, the auditor will first need to determine that the item in question is in fact an error. In designing the sample, the auditor will have defined those conditions that constitute an error by reference to the audit objectives while also factoring the issue of unexamined items (see above). In analyzing the errors discovered, the auditor may observe that many have a common feature, for example, type of transaction, location, product line, period of time. In such circumstances, the auditor may decide to identify all items in the population which possess the common feature, thereby producing a sub-population, and extend audit procedures in this area. The auditor would then perform a separate analysis based on the items examined for each sub-population.

b) Projection of errors - The auditor projects the error results of the sample to the population from which the sample was selected. There are several acceptable methods of projecting error results. However, in all cases, the method of projection will need to be consistent with the method used to select the sampling unit. When projecting error results, the auditor needs to keep in mind the qualitative aspects of the errors found and also the impact that the error will have on other sections of the audit. When the population has been divided into sub-populations, the projection of errors is done separately for each sub-population and the results are combined. The auditor will finally need consider whether the projected errors in the population exceed the tolerable error.

Statistical vs. Non-Statistical sampling

Statistical sampling is a sampling plan that uses the law of probability to make statements or generalizations about a population. A statistical sampling approach must meet the following conditions:

1. The sample, which is projected as a population characteristic, must have a known probability of selection ( that is, the sample must be expected to be representative)

2. The sample results must be quantitatively or mathematically evaluated.

Non-Statistical sampling is the determination of sample size or the selection of the sampled items using judgmental reasoning rather than probability concepts. If a sample that is projected to the population or generalized as a population characteristic does not meet both of the requirements for statistical sampling, it is by definition a non-statistical sample. Thus, auditors should not conclude that non-statistical sampling is a less desirable approach to audit sampling.3

Comparisons

3 Auditing -5 th Edition , Guy, Alderman & Winters - Dryden Press



Both involve some form of judgement Both can provide sufficient competent evidential matter Statistical sampling helps the auditor to

1) Design an efficient sample2) Measure the sufficiency of the evidential matter obtained3) Evaluate the sample results

Statistical sampling however has the following disadvantages1. Normally involves additional costs of training in the audit firm2. Sometimes requires additional sample design costs, and3. Sometime requires more costly sample selection

Statistical Sampling has proven to be very useful and as such it will be the focus of our discussion from this point onwards.

Sample selection methodsThe auditor should select sample items in such a way that the sample can be expected to be representative of the population. This requires that all items in the population have an opportunity of being selected. While there are a number of selection methods, three methods commonly used are:

Random selection - ensures that all items in the population have an equal chance of selection, for example, by use of random number tables.4

Systematic selection - involves selecting items using a constant interval between selections, the first interval having a random start. The interval might be based on a certain number of items (for example, every 20th voucher number) or on monetary totals (for example, every $1000 increase in the cumulative value of the population). When using systematic selection, the auditor would need to determine that the population is not structured in such a manner that the sampling interval corresponds with a particular pattern in the population (i.e. it should be randomly structured). For example, if in a population of branch sales, a particular branch’s sales occur only as every 100th item and the sampling interval selected is 50, the result would be that the auditor would have selected all, or none, of the sales of that particular branch.

Haphazard selection - a possible acceptable alternative to random selection provided the auditor attempts to draw a representative sample from the entire population with no intention to either include or exclude specific units. When the auditor uses this method, care needs to be taken to guard against making a selection that is biased, for example, towards items which are easily located, as they may not be representative. Consequently haphazard sampling cannot be used for statistical sampling.

Sampling with or without Replacement - Sampling with replacement permits a selected sample item to be returned to the population and reselected. In other words, the

4 Computer-generated random numbers are more efficient.



same item may be included in the sample more than once. This may occur if a random-number table produces the same number more than once. In contrast, sampling without replacement removes an item from the population once it is selected. An item can be included only once in a sample selection. If a random-number table produces a duplicate number, the number is discarded after its initial selection. Because of logic and efficiency, sampling without replacement is typically used in accounting and auditing

Types of sampling plans

1. Attributes sampling - (used in tests of controls) reaches a conclusion in terms of a rate or occurrence. Discovery sampling is a type of attributes sampling plan and is typically used when the auditor expects to find very few or near-zero occurrences, e.g. fraud.

2. Variables sampling - (used in substantive testing) reaches a conclusion in dollar amounts or units

3. Probability-Proportional-to-Size (PPS) sampling5 - (used in substantive testing) uses attributes sampling theory to reach a conclusion in dollar amounts or units.

Sampling as applied in Tests of Controls - Attributes sampling

Sampling risk

a) Risk of assessing control risk too high (Under reliance) (a.k.a. alpha risk, type I error) - the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control structure policy or procedure. If the auditor assesses control risk too high, substantive tests will consequently be expanded beyond the necessary level, leading to audit inefficiency

b) Risk of assessing control risk too low (Over reliance) (a.k.a. beta risk, type II error) - the risk that the assessed level of control risk based on the sample is less than the true operating effectiveness of the control structure policy or procedures. If the auditor assesses control risk too low, substantive tests will not be expanded to the necessary level to ensure an effective audit.(Because of this reason risk is considered more important than risk).

Tolerable rate (previously referred to as 'Tolerable error') - In tests of control, the tolerable rate is the maximum rate of deviation from a prescribed control procedure that the auditor would be willing to accept in the population based on the preliminary assessment of control risk. Expected deviation rate (previously referred to as 'Expected error') - the anticipated rate of deviations in a population based on prior knowledge of the population or a pilot sample

5 Also known as Dollar-unit or Cumulative Monetary Amount (CMA) sampling] - American; OR Monetary Unit Sampling (MUS) - English



Sample size determinationAs mentioned earlier, when determining the sample size, the auditor should consider the preliminary assessment of control risk, the sampling risk (specifically the risk of over reliance), the tolerable error and the expected error (now referred to as expected deviation rate). The last three are the major ingredients and are the ones used to determine the sample size from statistical tables (discussed below). Presented below in Table 7.1 is the effect that certain factors have on the sample size during tests of controls:

TABLE 7.1

Conditions Leading To

Factor Smaller Sample Size Larger Sample SizeRelationship to sample size

AAssessment of control risk

Higher preliminary assessment of control risk

Lower preliminary assessment of control risk

Inverse

B Tolerable errorHigher acceptable rate of deviation

Lower acceptable rate of deviation

Inverse

CRisk of over reliance

Higher risk of over reliance

Lower risk of over reliance

Inverse

DExpected deviation rate

Lower expected rate of deviation in population

Higher expected rate of deviation in population * Direct

ENumber of items in population

Virtually no effect on sample size unless population is small.(i.e.<500)6

* High expected deviation rates ordinarily warrant little, if any, reduction of control risk and, therefore, tests of controls might be omitted.

Sample size Tables 7

6 For populations less than 500 or where the sample is more than 10% of the said population, the following adjustment, referred to as the finite correction factor, should be applied:

n = n' . 1 + ( n'/N )

wheren' = Sample size before considering the effect of population size.n = Revised sample sizeN = Population size

7 Please note that ISA 530 does not identify specific procedures or formulae to determine sample sizes. The standard only states the applicability of probability theory in determining sample sizes. The tables presented in this chapter are those of the AICPA.



Tables exist to quickly determine the required sample size based on1. The risk of over reliance2. The tolerable rate3. The expected deviation rate

Table 7.2 below displays the sample sizes required for different combinations of expected deviation rates and tolerable rate based on a 5% risk of over reliance8. Table 7.3 on the following page gives sample sizes based on a 10% risk of over reliance.

Table 7.2

To use the tables, the auditor first ensures that he is using the correct table, in this case the 5% over reliance table. Next he then reads down the expected-population-deviation-rate column to find the appropriate rate and then locates the column corresponding to the tolerable rate. The sample size is shown where the expected population deviation rate and the tolerable error intersect. The number in parenthesis is the expected number of deviations in the sample. It is calculated by multiplying the sample size by the expected population deviation rate.

8 The table is uses the cumulative binomial distribution and is based on large populations. For small populations see footnote 6 on page 189.



E.g. Given the following: risk of over reliance = 5%, expected population deviation rate 1.25% and tolerable rate = 4%, determine the sample size and the expected number of deviations in the sample. The answer would be 156 with 2 deviations.

Table 7.3

Sample Projection and Evaluation Table 7.2 can also be used to evaluate sample results. If the auditor finds that the number of deviations found in the audited sample does not exceed the parenthetical number in the table, he or she can conclude that the maximum population deviation rate is not more than the tolerable rate. In other words, with a sample size of 93, if no more than one deviation is found in the sample, the auditor may conclude that he or she has 95% reliability (or a 5% risk of under reliance) that the population deviation rate does not exceed 5%.

Instead of using Table 7.2 for evaluating the sample results, the auditor may use Table 7.4 below. Table 7.4 must be used if the actual number of deviations exceeds the parenthetical number in Table 7.2 and the auditor wants to assess the maximum population deviation rate. Table 7.5 on the following page provides similar values



based on a 10% risk of over reliance.

TABLE 7.4

To use this table, the auditor reads down the sample-size column to find the appropriate sample size. (If the sample size is not shown, the auditor may interpolate). Next, the auditor locates the column for the actual number of deviations found. The intersection of the sample-size row with the actual-number-of-deviations column gives the projection of the sample results to the population plus an allowance for sampling risk (that is, maximum population deviation rate). In other words, the sample deviation rate (from the sample results) plus an allowance for sampling risk = maximum population deviation rate.

E.g. Table 7.4 shows that the maximum population deviation rate is 12.1% for a sample size of 50 having 2 deviations at a 5% risk of assessing control risk too low (over reliance). Assuming Table 7.2 was used to determine the sample size of 50 (based on an expected population deviation rate of 6% and a tolerable rate of 15%), the sample deviation rate is 4% (2 ÷ 50) and the allowance for sampling risk is 8.1% (12.1% - 4%).

If the maximum population deviation rate is less than or equal to the tolerable rate, the test supports the auditor’s planned assessed level of control risk from a strict quantitative perspective. If the maximum population deviation rate is greater than the tolerable rate,



then the test does not support the auditor's planned assessed level of control risk. In this latter case the auditor will have to reassess control risk, possibly at the maximum

Unexamined sample items - If the auditor cannot apply a planned test of controls to an individual item because of a missing document, the item is considered a deviation from the prescribed control. This decision is likely to increase the auditor’s assessed level of control risk and thereby increase substantive testing, but it does not require the performance of alternative tests of controls. In such a situation, the auditor simply shifts from tests of controls to substantive procedures to obtain a low audit risk.

TABLE 7.5

CommentaryAuditors sometimes test key control attributes by selecting 5, 10 or 15 simple items. As Table 7.3 indicates, these sample sizes are generally too small, even when they result in zero deviations, to produce acceptable tolerable rates. A small sample may generate sufficient evidence to reduce the assessed level of control risk slightly below the maximum However sample sizes less than 15 should be considered walk-through tests used to understand internal controls, not sampling tests of controls.

End of chapter questions



Multiple choice

1. A sample in which every possible combination of items in the population has an equal chance of constituting the sample is a

a) representative sample. b) statistical sample.c) random sample.d) judgement sample.

2. Sampling risk (sampling error) is an inherent part of sampling that results from

a) inappropriate audit procedures.b) failure to recognized exceptions.c) testing less than the entire population.d) weaknesses in client’s internal control system.

3. Which of the following statements is a valid criticism of the use of non-statistical sampling methods?

a) Many audit tests, such as footing of journals, must be performed outside statistical sampling context.

b) The cost of performing random selection or testing often exceeds benefits.c) Non-statistical sampling does not differ substantially from statistical sampling

methods.d) Conclusions may be drawn in more precise ways when using statistical sampling

methods.

4. Auditors who prefer statistical to non statistical sampling believe that the principal advantage of statistical sampling flows from its unique ability toa) define the precision required to provide audit satisfaction. b) provide a mathematical measurement of uncertainty.c) establish conclusive audit evidence with decreased audit effort.d) promote a more legally defensible procedural approach.

5. The most common method used for performing statistical tests of transactions is a) variables sampling.b) attribute sampling.c) judgement samplingd) random selection of samples.



6. Which of the following statements regarding replacement and non-replacement sampling is not true?

a) In replacement sampling, an element in the population will not be included in the sample more than once.

b) In non-replacement sampling, en element in the population can be included in the sample only once.

c) If the random number corresponding to an element is selected more than once in non-replacement sampling, it is treated as a discard the second time.

d) Auditors rarely use replacement sampling

7. If certain forms are not consecutively numbereda) selection of a random sample probably is not possible.b) systematic sampling may be appropriate.c) stratified sampling should be used.d) random number tables can not be used.

8. The process which requires the calculation of an interval and then selects the items based on the size of the interval isa) Statistical samplingb) Random selectionc) Systematic selectiond) Computerized selection

9. When the auditor goes through a population and selects items for the sample without regard to their size, source, or other distinguishing characteristics, it is calleda) haphazard selection.b) systematic selection.c) statistical selection.

10. Since auditors are interested in the occurrence of exceptions in populations, they refer to the occurrence rate asa) the exceptions rate.b) the populations rate.c) the deviation rate.d) the confidence level.

11. If an auditor, without statistical sampling, selects a sample of one hundred items from a population and finds two exceptions, the auditora) can conclude that the sample deviation rate is 2 percent.b) can conclude that the population deviation rate is 2 percent.c) can calculate the highest deviation rate expected in the population.d) cannot make any conclusions about either the sample or the population.



12. The risk which the auditor is willing to take of accepting a control as being effective when it is not, is the

a) Tolerable deviation rateb) acceptable risk of over-reliance.c) estimated population deviation rate.d) finite correction factor.

13. The deviation rate the auditor will permit in the population and still be willing to reduce the assessed level of control risk is called the

a) tolerable deviation rate.b) estimated population deviation rate.c) acceptable risk of over-reliance.d) sample deviation rate.

14. The effect of the finite correction factor on small population sizes is to a) reduce the initial sample size.b) increase the initial sample size.c) either reduce or increase the initial sample size, depending on the circumstances

of the situation.d) increase the population size.

15. The tolerable deviation rate (TDR) has a significant effect on sample size. The relationship of TDR to sample size isa) direct (i.e., larger TDR = larger sample).b) inverse (larger TDR = smaller sample).c) a variable (sometimes larger, sometimes smaller).d) not determinable.

16. If the auditor decides to assess control risk at the maximum level, tests of controls area) not performed.b) reduced in number.c) increased in number.d) unchanged from prior planned settings.

17. In attributes sampling, an advance estimate of the expected population deviation rate is necessary to plan the appropriate sample size. The relationship of Expected Population Deviation Rate (EPDR) to sample size is

a) direct (i.e., small EPDR = small sample).b) inverse (small EPDR = large sample).



c) a variable (sometimes small, sometimes large dependent on other factors present.d) indeterminate.

18. Which of the following combinations results in a decrease in sample size in a sample for attributes?

Risk of assessing Expectedcontrol risk Tolerable population too low rate deviation rate

a. Increase Decrease Increaseb. Decrease Increase Decreasec. Increase Increase Decreased. Increase Increase Increase

19. Statistical theory proves that in most types of populations to which attributes sampling applies, the population size is

a) not a consideration in determining sample size.b) a minor consideration in determining the sample size.c) a major consideration in determining the sample sized) the determining factor in establishing the sample size.

20. An auditor who uses statistical sampling for attributes in testing internal controls should increase the assessed level of control risk when the

a) Sample rate of deviation is less than the expected rate of deviation used in planning the sample.

b) Tolerable rate less the allowance for sampling risk exceeds the sample rate of deviation.

c) Sample rate of deviation plus the allowance for sampling risk exceeds the tolerable rate.

d) Sample rate of deviation plus the allowance for sampling risk equals the tolerable rate.

21. What is an auditor’s evaluation of a statistical sample for attributes when a test of 100 documents results in 4 deviations if tolerable rate is 5%, the expected population deviation rate is 3 %, and the allowance for sampling risk is 2%?

a) Accept the sample results as support for planned reliance on the control because the tolerable rate less the allowance for sampling risk equals the expected



population deviation rate.b) Modify planned reliance on the control because the sample deviation rate plus the

allowance for sampling risk exceeds the tolerable rate.c) Modify planned reliance on the control because the tolerable rate plus the

allowance for sampling risk exceeds the expected population deviation rate.d) Accept the sample results as support for planned reliance on the control because

the sample deviation rate plus the allowance for sampling risk exceeds the tolerable rate.

Essays /problems

22. Explain how Sampling Risk fits into the 'Audit Risk Model'.

23. Determine sample sizes for each of the following situations:

A B C D E FRisk of assessing control risk too low 5% 10% 5% 10% 5% 10%Population Deviation Rate 1.25% 1.50% 2.00% 2.00% 0 0Tolerable rate 4% 5% 5% 10% 5% 10%Sample size - - - - - -

24. What is the sample size for a statistical test of controls if the risk of assessing control risk too low is 5%, the population deviation rate is estimated to be 2%, the tolerable rate is 5%, and the population size is 5,500? What if the population size is 100,000? What if the population size is 350? What if the population size is 1,800?

25. Calculate the maximum deviation rate, the sample-size deviation rate, and the allowance for sampling risk for the following sample results:

A B C D E FRisk of assessing control risk too low 5% 10% 5% 10% 5% 10%Sample size 60 40 100 30 75 25Actual number of deviations 0 1 4 3 3 0Maximum deviation rate - - - - - -Sample deviation rate - - - - - -Allowance for sampling risk - - - - - -

26. How does the auditor determine whether the results from a statistical test-of-controls application support the planned assessed level of control risk?

27. In the audit of the cash disbursements cycle of the Carmichael Company, the auditor identified the following attributes for tests of controls. The statistical parameters for each attribute and the number of deviations found in the sample are also specified.

Attribute Risk of assessing

Tolerable rate (%)

Expected Population

Number of sample



control risk too low (%)

Deviation Rate (%)

deviations

1. Examine vouchers for supporting documents

5 3 0 1

2. Examine supporting documents for evidence of cancellation (marked “paid)

5 5 1 1

3. Ascertain whether cash discounts were taken 10 15 5 44. Review vouchers for clerical accuracy 10 5 1 25. Agree purchase order prices to invoices 10 6 2 1

Required:a) Determine the sample size for each attribute.b) Determine the maximum population deviation rate for each attribute. (Indicate

whether you used Table 7.2, 7.3, 7.4 or 7.5 to determine the maximum population rate.)

c) For attributes 1 and 2 in the table, calculate the allowance for sampling risk. What does the allowance for sampling risk mean?

d) Based on the quantitative evaluation, identify the controls that can be used to lower the assessed level of control risk.

28. Fred Hancock, a senior accountant with Louis & Dent, Chartered Accountants, has just completed a continuing professional education course on attribute sampling. He has decided to apply attribute sampling to a current assignment.He believed it would be appropriate to apply attribute sampling in a test of purchase transactions. He decided that a 5% tolerable rate with a 10% risk of assessing control risk too low would be appropriate. His expected deviation rate was 2%, so he took a sample of 100 items. Because Hancock felt the large items deserved more attention than the smaller ones, he included in the sample 60 items with a value of $5,000 or more each; the remainder of the 100 items were valued at less than $5,000 each. He was very careful to take a representative sample of his test month for each of these two types of items.When testing the sample for the attributes, he found only five deviations. One deviation was a missing vendor’s invoice, so he sent a confirmation to the vendor to make certain it was a valid invoice. The confirmation indicated no errors. Another deviation was simply a missing approval by the authorized official. Hancock went to the official who agreed he had failed to sign the invoice and stated it was valid and correct. The client official also signed the invoice as required by prescribed procedure.A third deviation was simply a missing purchase order. However, the amount of the transaction was small. Hancock decided it was too small to define as an error or deviation.The other deviations both involved dollar amounts. One was an error in the extension of the invoice of $50 and the other a misclassification error of $850. Hancock was not particularly concerned about the $50 error because it was not material, but the $850 was fairly large. Fortunately, it was a misclassification between expenses and did not affect net income.He decided to call the last two deviations actual errors and concluded that the



maximum deviation rate was 3.8% at a 10% risk of assessing control risk too low. Thus, he concluded that purchases for the year were almost certain to contain fewer deviations than the 5% tolerable rate. As a result, he accepted the population and decided to reduce the test of year-end accounts payable based on a low assessed level of control risk.Hancock was pleased with the use of attribute sampling because he had objective results. The reviewing partner, who could not attend the course because she was talking to a prospective client that day, also liked it because it reduced their exposure to legal liability and reduced the time budget to complete the engagement.

Required: Identify each weakness in the attribute sampling application, and state why it is a weakness.
