STANDARD ON AUDITING (SA) 530 (REVISED)

AUDIT SAMPLING

Audit Sampling – as easy as Audit + Sampling

• What is an Audit?
Each and every one of us sitting here is fully aware that auditing is the
verification of books of accounts, records and other documents of an
enterprise, carried out to enable the auditor to express an informed and an
objective opinion thereon.

• What is sampling?
Sampling is the process of applying audit procedures to less than 100% of
items of an audit population, such that every item of the population has a fair
chance of being selected, so as to provide the auditor a reasonable basis to
draw conclusions about the entire population without verifying the entire lot
enabling him to prioritize valuable and scarce audit resources.

• Audit Sampling
From the above definitions, we can deduce that audit sampling is the audit
i.e. verification of a sample i.e. of representative transactions, selected
disinterestedly.

Why Audit Sampling?

The rationale endorsing the benefits of audit sampling is as simple as common
sense. It takes no great genius to understand the advantages of achieving the
same result by undertaking a truncated intelligent exercise, rather than an
aimless customary lengthy one.

Whereas the erstwhile AAS stressed on Audit Sampling as one of the ways of
merely obtaining audit evidence, the superseding SA states that the objective
of audit sampling is to provide the auditor a basis to draw conclusions from
and thereby express his opinion. It is clearly evident that the SA is in line with
‘quality centric assurance approach’, which gives the auditor far more
intelligent freedom to express his opinion from analyzing the results of his
audit procedures on a sample, rather than merely considering it as evidence.
 To put it pragmatically, the objectives of using sampling techniques in auditing
are:
• Design efficient samples
• Measure sufficiency of evidence
• Detect significant deviations
• Fraud Detection
• Provide true and fair view

What ICAI has to say
ICAI has issued SA 530 – Audit Sampling on the issue, which supersedes the hitherto
AAS 15. This SA shall be effective for audits of financial statements for periods
commencing on 1st April, 2009 or later.

• Scope of SA 530
 This Standard applies when the auditor decides perform audit
procedures on audit samples.
 SA 530 encapsulates both statistical and non-statistical sampling.
 Also, SA 530 covers every step of sampling process, elaborated
further.

• Important Definitions – know these to understand this

 Population – All transaction that constitute the data from which the
auditor will select the sample.

Sample Population

 Sampling Risk – Risk that the auditor’s conclusions based on an audit

sample may not necessarily concur with the conclusion he would have
arrived at, had he performed the same audit procedures on all items
constituting the audit population.
o Sampling risk is of 2 types which affect:
 a. Audit Effectiveness
The sampling risk arises from the fact that in case of test of
controls, the sample drawn concludes the controls as more
effective than they actually are or in the case of test of details a
material misstatement does not exist when it actually does.

b. Audit Efficiency
An erroneous selection of an audit sample affects audit
efficiency as it would lead to additional work to establish that
initial conclusions were correct.

• Types of Sampling
a. Statistical Sampling
Statistical sampling is characterized by
- Random selection of samples
- Use of probability theory to evaluate sample results

b. Non-statistical sampling
Non statistical sampling refers to the sampling technique which does
not use the sampling approaches used in statistical sampling. The use
of non statistical sampling depends on the effectiveness and the
efficiency with which the audit is to be carried out.

• Tolerable misstatement
A monetary amount set by the auditor in respect of which the auditor seeks
to obtain an appropriate level of assurance that the monetary amount set by
the auditor is not exceeded by the actual misstatement in the population.

• Tolerable rate of deviation

A rate of deviation from prescribed internal control procedures set by the
auditor in respect of which the auditor seeks to obtain an appropriate level of
assurance that the rate of deviation set by the auditor is not exceeded by the
actual deviation in the population.

How do we do it? – The Sampling Process
Step 1 : Design the sample
The foundation stone of an effective audit sampling is to design the sample
i.e. to pick the most correct sample in the given situation. The feasibility of a
sample design is gauged from by a set of yardsticks, each equally important
in its own way, not being eclipsed by the other, in any manner whatsoever.
When designing the sample, it is imperative that the auditor bears in mind,
the following:
- Purpose of audit procedure
- Characteristics of the entire population
- Sample size such that it is sufficiently large to reduce sampling risk to an
acceptably low level
- Select the sample in a way that each unit of the population has a fair chance
of being selected.

The hitherto applicable AAS 15 required the auditor to consider sampling risk,
tolerable error and the expected error. The stark shift in emphasis clearly
emphasizes a rather magnified focus on the preliminary and basic steps in
sample designing, which in any case, logically, precede risk assessment.

A sample may be selected using random selection, systematic selection or

haphazard selection.

Step 2 : Perform Audit Procedures

The purpose of an audit sample is to substitute the audit population. From
this it follows that the auditor ought to perform the sane audit procedures on
the sample, as if it were the audit population.

SA 530 states that the auditor shall:

- Perform audit procedures, appropriate to the purpose
- If the procedure is not applicable to the selected item, then perform the
procedure on a replacement item
- Unable to apply the designed audit procedures, or suitable alternative
procedures, to a selected item, the auditor shall treat that item as a
deviation from the prescribed control or a misstatement, as the case may
be.

Step 3 : Ascertain nature and cause of Deviations and/or

Misstatements
As stated above, one of the objectives of audit sampling to detect significant
deviations and/or misstatements. However, mere detection of deviations
and/or misstatements is of no consequence unless those deviations are
analyzed and studied in detail, so as to ascertain the nature and cause
thereof.
The standard specifically requires that:
- The auditor shall investigate the nature and cause of any deviations or
misstatements and evaluate the possible impact.
- If he concludes that the misstatement or deviation is an anomaly i.e. it is not
representative of the population, he should perform exhaustive audit
procedures to obtain high degree of certainty.

The notable difference in AAS 15 and SA 530 is the terminology used. The
AAS 15 required the auditor to analyze ‘errors’, and much before that,
establish that it qualified to be an error. The focus back then was on
performing audit procedures, to obtain evidence to prove an error.

However, the SA requires the auditor to delve into the nature and reasons of
‘deviations and misstatements’, and further consider their effect on other
areas of the audit and the purpose of this procedures. It is evident that the
requirement is more analytical than clerical.

Step 4 : Projecting Misstatements

Since the audit sample is a representative substitute of the audit population,
the auditor shall project the results of his audit procedures, performed on the
sample, to the audit population.
The essence of audit sampling to derive the same result from testing a few
items instead of deriving the same result from testing all items. By projecting
the result of the audit sample onto the entire population, the auditor tries to
formulate an opinion about the entire population.

Note : If a misstatement / deviation is categorized as an anomaly, it may be

excluded from being projected on to the population.

Step 5: Evaluating the results

After having projected the results of the audit sample onto the population, it
is of primary importance for the auditor to evaluate the results.

Evaluation of the results implies that the auditor understand the implication of
the deviations and/or misstatements and the eventual consequences on his
opinion.

The auditor shall evaluate

- The results of the sample
- Whether the use of audit sampling has provided a reasonable basis for
the conclusions about the population.

After projecting the misstatements on to the population, the auditor whether

the sample has provided him a reasonable basis to draw conclusions about
the population. Nonetheless, if one draws reference to the erstwhile AAS, the
standard required the auditor to compare his defined tolerable error and the
actual error and then reassess the sampling risk, to ensure that it is at an
acceptably low level, and if the risk was unacceptable, then to perform further
procedures.
 STANDARD ON AUDITING (SA) 550 (REVISED)

RELATED PARTIES

Parties are related when

If at any time during the reporting period, one party has the ability to control the
other party or exercise significant influence over the party in making financial and/or
operating decisions.

It is important to note that the definition lays great emphasis on the ability of the
related part to control and exercise significant influence on the other. In other
words, a seemingly unrelated party can be a factor affecting the independence or
objectivity of the decisions of another entity.

Objective of the standard

The primary emphasis of the standard is on the auditor obtaining an in-depth and
comprehensive understanding of the related party relationships and transactions, in
order to be able to:
1. To recognize the fraud risk factors from related party relationships and
transactions, that are relevant to the identification and assessment of material
misstatements due to fraud; and
2. To conclude whether the financial statements, insofar as they are affected by
those relationships and transactions:
a. Achieve a true and fair presentation
b. Are not misleading

Note : In case financial reporting framework establishes related party requirements, to

obtain sufficient appropriate audit evidence, about whether related party relationships and
transactions have been appropriately identified, accounted for and disclosed in the financial
statements in accordance with the framework.

Know these terms

1. Arm’s length transaction
A transaction conducted on such terms and conditions as between a willing buyer
and a willing seller who are unrelated and are acting independently of each other
and pursuing their own best interests.
 As can be easily deciphered from the above definition, an arm’s length
transaction refers to one, in the ordinary course of business, between consenting
parties, the consent being free from any influence, who endeavor to safeguard
their own legitimate interests.

Requirements
1. Understand the Entity’s Related Party Relationships and Transactions
As stated in the Objectives, the auditor shall understand the entity’s related party
relationships and the transactions with these parties. In order to develop this
understanding, he shall inquire of the management regarding:
a. The identity of the entity’s related parties, including changes from the prior
period
b. The nature of the relationships between the entity and these related parties
c. Whether the entity entered into any transactions with these related parties
during the period
The auditors shall inquire and perform other risk assessment procedures, to
obtain of internal controls, in order to:
i. Identify, account for and disclose related party relationships and
transactions.
ii. Authorize and approve significant transactions and arrangements with
the related parties
iii. Authorize and approve significant transactions and arrangements
outside the normal course of business

2. Be alert for Related Party Information when reviewing records or

documents
During the normal course of his audit, and while performing his otherwise routine
audit procedures, the auditor should be vigilant and awake to spot any
information regarding or indicating related party relationships or transactions.

It is a genuine possibility that the auditor may not have all the information
regarding related parties made available to him on a platter. It is equally
probable that the entity may conceal the related party transactions. In such a
case, it is incumbent upon the auditor to be alert, so as not to let any indicative
information by pass him.
 In particular, the auditor shall inspect the following indications for the existence
of related party relationships or transactions that the management may not have
identified or disclosed
i. Bank, legal and third party confirmations
ii. Minutes of meetings of shareholders and those charged with governance
iii. Other records or documents
In case the auditor identifies significant transactions outside the entity’s normal
course of business, he shall inquire of management about
i. The nature of the transactions
ii. Involvement of related parties

3. Identification and Assessment of the risks of material misstatement

associated with Related Party transactions and relationships
Related party relationships and transactions can be both harmless as well as
harmful to the truth and fairness of the transactions and the financial statements.

There are sufficient cases to prove that related party transactions have been
arranged to circumvent rules and regulations on the milder side, and even
perpetrate deceit and fraud on the extreme side.

Even the Income Tax Act, which is generous enough to exempt profits of EOU’s,
SEZ’s etc. from the ambit of taxation, has explicit provisions enabling the
Assessing Officers to inquire into suspicious transaction so as to ascertain f they
have been arranged to unduly benefit either party or both parties.

Further, the Companies (Auditor’s Order) Report [CARO] casts a specific

responsibility upon the auditor to report upon certain transactions in the aduit
report.

For this purpose, the auditor shall

 Identify and assess the risk of material misstatement associated with
related party transactions
 Determine whether the risks derived are significant risks
 If the auditor identifies fraud risk factors, he shall identify and assess the risk of
material misstatement due to fraud in accordance with SA 240

4. Respond to the risks of material misstatement associated with related

party relationships and transactions
If the auditor concludes or senses risks of material misstatements associated with
related party relationships and transactions, the response of the auditor to these
situations is of significant importance.

As a part of his response to the possibility of these misstatements, the auditor

should design and perform further audit procedures:
 To obtain sufficient appropriate audit evidence about the assessed risks of
material misstatement associated with related party relationships and
transactions.

5. Identify previously unidentified or undisclosed related parties or

significant transactions
Since it is the duty of the management to further the interests of the
organization, it is possible that the management may set up transactions or
dealing or arrangements with persons, which otherwise would not have been set
up in the ordinary course of business. Such arrangements are either to avail
benefits by avoiding taxes and other regulations or to window-dress the financial
statements for various purposes. In such circumstances, it is likely that the
management may not disclose such relationships.

In another situation, it can also be possible that the auditor or the management
itself may not have identified such relationships or transactions, as a result of
genuine mistake or otherwise. However, the emphasis of this standard is on the
intentional concealment of such information by the management.

If the auditor identifies related parties or significant related party transactions

that the management has not previously identified or disclosed, the auditor shall
i. Promptly communicate to the members of the engagement team
ii. Where financial reporting framework establishes related part requirements:
 a. Request management to identify all transactions with newly identified
related parties
b. Inquire as to why the controls over related part relationships and
transactions were unable to identify and/or disclose the same
iii. Perform substantive procedures relating to newly identified related parties or
significant related party transactions
iv. Reconsider the risk that other related parties or transactions may exist, that
the management has not previously identified or disclosed to the auditor.
v. If the non-disclosure by management appears intentional, evaluate
implications of the same on the audit.

6. Identified significant related party transactions outside the entity’s

normal course of business

For indentified significant related party transactions outside the entity’s normal
course of business, the auditors shall:

i. Inspect underlying contracts or agreements and evaluate whether

a. Business rationale of transactions suggest intention of fraudulent financial
reporting or concealment of misappropriation of assets
b. Terms of transactions are consistent with management’s explanations
c. Transactions have been appropriately accounted for and disclosed
ii. Obtain audit evidence that the transactions have been appropriately authorized and
approved.

7. Assertions that related party transactions were conducted on terms

equivalent to those prevailing in an arm’s length transaction.
In most cases, it is a standard argument of the auditee that the related party
transactions are devoid of fraudulent or mala fide intent and are executed as
though they were ordinary transactions.

Where the management makes such assertions, the auditor shall obtain sufficient
appropriate audit evidence that :

 The related party transactions were conducted on terms suitable to the

company.
  The related party transactions were conducted at arms length price.

8. Evaluation of the accounting for and disclosure of identified related party

relationships and transactions
In forming an opinion on the financial statements, the auditor shall evaluate
1. Whether the identified related part relationships and transactions have been
appropriately accounted for and disclosed
2. Whether the effects of the related party relationships and transactions
a. Prevent financial statements from achieving true and fair presentation
b. Cause the financial statements to be misleading

9. Written Representations
If the financial reporting framework establishes related part requirements, the
auditor shall obtain written representations from management that:
1. They have disclosed to the auditor the identity of the related parties and the
related party relationships and transactions
2. They have appropriately accounted for and disclosed such relationships and
transactions.

10.Communication with those charged with governance

The auditor shall communicate with those charged with governance
 Significant matters arising during the audit in connection with the entity’s
related parties

11.Documentation
The auditor shall include in the audit documentation
 The names of the identified related parties
 The nature of related party relationships
 STANDARD ON AUDITING (SA) 580 (REVISED)

WRITTEN REPRESENTATIONS

Objective on the standard

i. Obtain written representations from the management that the management
believes that it has fulfilled the fundamental responsibilities that constitute
the premise on which audit is conducted
ii. Support other audit evidence relevant to the financial statements or specific
assertions in the financial statements
iii. Respond appropriately to written representations provided by management or
if management does not provide the written representations requested by the
auditor

Know these terms

i. Written Representations
A written statement by management provided to the auditor to confirm certain
matters or to support other audit evidence. Written representations in this context
do not include financial statements, the assertions therein, or supporting books and
record

Whom to obtain representations from?

Auditor shall request written representations from management with appropriate
responsibilities and knowledge of matters concerned.

Representations about management’s responsibilities

i. Preparation and Presentation of Financial Statements
The auditor shall obtain a representation that the management has fulfilled its
responsibility for the preparation and presentation of financial statements.

ii. Information provided to auditor

The auditor shall obtain representation that management has provided the auditor
with the relevant information and that all transactions have been recorded and are
reflected in the financial statements.

iii. Description of management’s responsibilities

Management’s responsibilities shall be described in the representations.

Date and period of representations

i. The date of the representations shall be, as near as practicable to, but not
after, the date of the audit report.
ii. The representations shall be for all financial statements and periods referred
to in the auditor’s report

Form of representations
i. The written representations shall be in the form of a representation letter
addressed to the auditor.
ii. If law or regulations requires management to made written public statements
about its responsibilities, and the auditor determines that such statements
provide some or all of the representations, these matters need not be
included in the representation letters.

Doubt as to reliability of written representations

i. If the auditor has concerns about the competence, integrity, ethical values or
diligence of the management, or about its commitment to or enforcement of
these, the auditor shall determine the effect that such concerns may have in the
reliability of representations and audit evidence in general.
ii. If representations are inconsistent with other audit evidence, the auditor shall
perform audit procedures to attempt to resolve the matter. In case the matter
remains unsolved, the auditor shall reconsider the assessment of the
competence, integrity, ethical values or diligence of the management, or of its
commitment to or enforcement of these, and shall effect that this may have on
the reliability of the representations and audit evidence in general
iii. If the auditor concludes that the written representations are unreliable, he shall take
appropriate actions, including determining the possible effect on the opinion in
the auditor’s report.

Requested representations not provided

If the management does not provide one or more of the requested written representations,
the auditor shall:

i. Discuss with management

ii. Re-evaluate the integrity of management and evaluate the effect on reliability of the
representations
iii. Take appropriate actions

Representations about management’s responsibilities

The auditor shall disclaim an opinion on the financial statements if:

i. The auditor concludes that there is sufficient doubt about the integrity of the
management, such that the written representations are not reliable; or
ii. Management does not provide the written representations