Testing Internal Controls
To test the effectiveness of an organization’s internal controls, your auditor will analyze a representative sample of transactions to make assertions about the entire population. This method is used because it’s impossible to test every transaction given time and budget restraints, and it’s not necessary. Here’s an explanation on how sampling works — as well as the pros and cons of using it during internal control testing.
Selecting the sample
Your auditor may use a statistical technique to identify a sample of transactions to test. For example, he or she might select enough transactions to represent a specific percentage of the total transactions in your account, or your company’s total assets or revenue. Another option is to use sampling software that will randomly select transactions to test.
Auditors can also use non-statistical sampling techniques based on a dollar threshold or professional judgment. These techniques tend to be more effective when the CPA has many years of audit experience with your company to ensure that the sample chosen is representative of the population of transactions.
Expected Outcomes
Your auditor has an idea before analyzing a sample of the number of “exceptions” (such as errors and omissions) that will appear in the sample. If the actual exceptions exceed his or her expectations, additional procedures, such as expanding the sample or conducting more testing, may be required to assess the degree of noncompliance.
Ultimately, your auditor might conclude that your internal controls are ineffective. If so, he or she will perform more work to estimate the magnitude of the control failure.
Pros vs. cons of sampling
Sampling helps keep audit costs down by streamlining the internal control testing process. It also reduces disruptions to business operations during audit fieldwork. When applied correctly, the results of sampling are theoretically as accurate as if the audit team had analyzed every transaction posted to the general ledger; however, in practice, sampling can sometimes cause problems during internal controls testing.
For example, sampling presumes that controls function consistently across the whole population of transactions. If an exception doesn’t appear in the sample — whether because the sample was too small or was otherwise not representative of the entire population — your audit team could reach the wrong conclusion about the effectiveness of your internal controls.
There’s also a risk that your audit team could rely too heavily on non-statistical sampling. Relying more on judgment than statistical methods could result in errors, especially if an auditor lacks professional experience.
A collaborative effort is best
You can help maximize the benefits of sampling by providing requested documents to the audit team in a timely manner and following up on your auditor’s management points at the end of each year’s audit. It’s frustrating to both auditors and business owners when internal control weaknesses recur year after year. Our auditors have extensive experience testing internal controls, and we’d be happy to answer any questions you have on testing and sampling techniques. Please contact Brett Benjamin, CPA, CFE, Ciuni & Panichi, Inc. Audit and Accounting manager, at 216-831-7171 or by email here.
You may also be interested in:
Selling your business? This checklist might help.
Materiality and Your Audit/Review
© 2018