Check out this video, which shows just how easy it is to pick a random sample with TopCAATs, the amazing audit software for excel.
If you think that this would be useful for you, then you can get a completely free TopCAATs trial here (it doesn’t just do random sampling, there’s over 130 other tools all designed to make life easier for auditors!)
When using a random sampling approach (also called simple random sampling or SRS) each item within the sampling frame is given an equal chance of being selected in the audit sample. The sampling frame is not split or divided into groups. In addition, an 2 items in the population have the same chance of being selected as any other 2 items (and the same for any 3 items, 4 items, etc). I.e. the selection of one item has no impact on the probability of any other item being selected.
Random sampling can be vulnerable to detection (sampling) error. This is where the audit sample is not representative of the population. For example, if you pulled 10 balls out of a bag that contained 50 red and 50 blue balls, there is a chance that you could pull out 10 blue balls, and this could lead to a conclusion that the bag contains only blue balls.
In an audit scenario this means that the audit sample selected may not contain any erroneous items, but that doesn’t guarantee there are not errors in the population. Auditors minimise this risk by using statistically determined audit sample sizes. By specifying the level of acceptable detection risk, and knowing the size of the population and the expected error rate (the estimated number of erroneous items in the sample) the sample size can be calculated.
Once the audit sample size has been calculated, items can then be selected from the population at random. One way to do this is to generate random numbers (for example using the “=RAND()” function in Excel) for each item, then sorting these by random number and taking the top X or bottom X items (where X is the sample size).
Whenever a sampling approach is used (as opposed to testing an entire population) sampling risk is introduced. Sampling risk arises from the possibility that the conclusions that the auditor draws from testing the audit sample may be different from the conclusions that they would draw if the entire population had been tested.
In an audit context we are usually testing a population to determine whether an account balance is materially misstated. Sampling risk can be split into two areas, the risk of incorrect acceptance and the risk of incorrect rejection.
The risk of incorrect acceptance is the risk that the conclusion drawn from the audit sample is that the account balance is not materially misstated, when the population is actually materially misstated. The risk of incorrect rejection is the risk that the conclusion drawn from the audit sample is that the account balance is materially misstates, when in reality the population is not materially misstated.
Sampling risk can also be thought of in terms of detection risk – the possibility that the audit sample will not detect a misstatement that exceeds the maximum tolerable error (materiality). Detection risk is a planning concept and the auditor specifies it before selecting and testing the audit sample. It is one of the factors that must be considered in determining the sample size. It is easiest to explain this with the help of an example:
If you have a population of 10 items, and are selecting a sample of 2 from this population there are 45 possible combinations that you could select. If there is one “bad item” in the population, there are 9 possible combinations that you could select that contain the bad item, or 36 possible combinations that do not contain the bad item.
In this very simple situation the risk of selecting a sample that does not contain the bad item is 36/45 or 80% – far higher than the 10% you might assume given that there is only 1 bad item out of the population of 10.
This example also highlights the impact of the audit sample size on the detection risk. If we sample 3 items, there are 120 possible combinations and 84 possible combinations that do not contain the bad item. In this case the sampling risk is 84/120 or 70%.
In practice the auditor will specify the level of detection risk that they are comfortable with, and use this to determine the audit sample size.