Sampling and documentation - Working papers and audit docume...

Learning Outcomes

After reading this article, you will be able to explain the purpose and process of audit sampling, distinguish statistical and non-statistical sampling, evaluate working paper documentation requirements under ISA 230, and describe the form, content, retention, and security of audit working papers. You will apply best practices for audit documentation and identify potential exam pitfalls.

ACCA Audit and Assurance (AA) Syllabus

For ACCA Audit and Assurance (AA), you are required to understand the full process of audit sampling and documentation, as well as the requirements of ISA 230. This article covers:

• The definition and purpose of audit sampling in evidence gathering.
• The difference between statistical and non-statistical sampling; selection methods and projection.
• The basic principles for designing and evaluating samples, including stratification and tolerable error.
• Key documentation requirements under ISA 230: content, completion, retention, and the “experienced auditor” test.
• The use, custody, and security of working papers; ownership of audit documentation.
• The importance of timely, clear, and sufficient audit working papers for quality control and review.
• How to address deviations and misstatements identified from sampling.
• Practical application through examples and exam-style questions.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. What are the key differences between statistical and non-statistical sampling in an audit?
2. According to ISA 230, what three main purposes does audit documentation serve?
3. True or false? All items in a population must always be tested to obtain sufficient audit evidence.
4. List two requirements for the safe custody and retention of audit working papers.

Introduction

Audit sampling and working paper documentation both play key roles in delivering high-quality audit evidence and opinions. Sampling allows the auditor to reach conclusions about populations by testing less than 100% of items, while robust working papers provide the record of work done, supporting conclusions, and enabling quality reviews. Documentation requirements are governed by ISA 230.

Key Term: Audit Sampling
The application of audit procedures to less than 100% of items in a population, such that all sampling units have a chance of selection, to gain evidence about the whole population.

Audit Sampling Principles

Audit sampling is used when it is impractical or inefficient to test every item in a population. Instead, a representative subset is examined to draw conclusions about the entire group.

Purpose and when to use sampling

Sampling is used for tests of controls and substantive procedures when:

• The population is large.
• Results from a sample can provide reasonable assurance.
• Testing every item (100% testing) would be too costly or unnecessary.

Methods of sample selection

Key methods include:

• Random selection: Each item has an equal chance of being chosen.
• Systematic selection: Every nth item is selected after a random start.
• Haphazard selection: The auditor selects items “without bias,” but not strictly at random.
• Monetary Unit Sampling: Uses cumulative monetary values to select samples, emphasizing higher value items.

Key Term: Statistical Sampling
Sampling approach based on probability theory, with random selection and quantification of sampling risk, allowing statistical evaluation of results.

Key Term: Non-Statistical Sampling
Sampling that does not use probability theory—auditor selects items based on judgement and does not quantify sampling risk statistically.

Sample design principles

In designing a sample, the auditor considers:

• The purpose of the testing.
• Population characteristics.
• Expected and tolerable error (misstatement/deviation).
• Sampling method and likelihood of misstatements.

Stratification—dividing a population into subpopulations—is often used to improve efficiency, for example by focusing on higher value transactions.

Projecting results and evaluating errors

Results from a sample must be projected to the population. The auditor considers:

• Whether any identified misstatements or deviations are isolated or indicative of further errors.
• If the projected error is below the tolerable misstatement rate, the results support the audit conclusion.
• If it exceeds the threshold, further procedures or extension of the sample are needed.

Worked Example 1.1

Scenario: An auditor tests 40 sales invoices out of a population of 2,500. Two invoices have calculation errors totaling $320. Tolerable misstatement for the sample is $2,000. Should the auditor accept the results?

Answer:
The total misstatement in the sample is $320. The projected misstatement is ($320/$4,000) × $250,000 = $20,000. This exceeds tolerable misstatement ($2,000), so further testing is required.

Evaluating deviations and misstatements

• When the actual deviation or misstatement rate exceeds the tolerable rate, the auditor extends testing or modifies the audit approach.
• Isolated errors may not require extension.
• Systematic or multiple errors usually require more extensive audit work.

Worked Example 1.2

Scenario: A test of control over 80 purchase orders finds 4 unauthorized orders. The tolerable deviation rate is set at 3%. What should the auditor do?

Answer:
The observed deviation rate is 5% (4/80). This exceeds the tolerable rate. The auditor should extend control testing and increase substantive procedures.

Exam Warning

Do not confuse population coverage (100% testing) with sampling. In exams, state the population and sample size, the method of selection, and the projection of results. Sample selection must ensure all items have a chance of being selected.

Audit Documentation and Working Papers (ISA 230)

Audit documentation (working papers) records the work performed, evidence obtained, and conclusions reached. High-quality documentation enables supervision, review, and accountability.

Key Term: Audit Documentation
The record in physical or electronic form of work performed, evidence obtained, and conclusions reached by the audit team.

Purpose and requirements under ISA 230

Audit documentation must:

• Provide evidence of the auditor's basis for their opinion.
• Demonstrate that the audit was planned and performed in accordance with ISAs and relevant laws/regulations.
• Support the supervision, direction, and review of audit work.

Working papers should be sufficiently detailed so that another experienced auditor, with no prior involvement, can understand:

• The nature, timing, and extent of audit procedures.
• The results and evidence obtained.
• Significant matters and judgements made.

Worked Example 1.3

Scenario: After completing the audit of Blue Co, the manager reviews the cash section of working papers. There are no preparer or reviewer sign-offs, and no explanation of key reconciling items. Does this meet ISA 230 requirements?

Answer:
No. The working paper fails to show who performed and reviewed the work or sufficiently explain the audit evidence and conclusions. It does not comply with ISA 230.

Content of working papers

Working papers commonly include:

• The name of the client and period covered.
• Purpose and scope of the work.
• Audit procedures performed and source of evidence.
• Results, observations, conclusions, and action points.
• Identification of preparer, reviewer, and dates.

Key Term: Working Papers
The collection of audit documentation assembled by the audit team to record evidence, findings, and significant matters related to the audit engagement.

Retention, security, and ownership

• Working papers are the property of the auditor, not the client.
• Files should be completed promptly after the audit report date (commonly within 60 days).
• Documentation is typically retained for at least five years (subject to local law).
• Safe custody is essential—files must be protected from unauthorized access, loss, or tampering.
• Electronic files require secure passwords, encryption, and regular backup.

Types of audit files

• Permanent file: Holds documents of continuing importance (such as organizational structure, legal documents).
• Current file: Holds documentation relevant to the current year’s audit (including planning, substantive work, completion, and reports).

Quality and review implications

• Sufficient and clear documentation supports the engagement partner's responsibility for supervision and review.
• Poor documentation can result in insufficient evidence, review failures, and audit quality issues.
• Documentation is subject to review by firm quality control and external regulators.

Revision Tip

To secure easy marks, state in the exam that working papers should clearly identify who prepared and who reviewed them, with dates and explanations of key findings.

Summary

Audit sampling enables the auditor to obtain sufficient evidence efficiently by appropriately selecting, testing, and evaluating a representative sample. Proper working paper documentation under ISA 230 is essential: it supports audit opinions, facilitates review, and demonstrates audit quality. Well-managed documentation ensures audit procedures are clear, conclusions are traceable, and records are secure for future reference.

Key Point Checklist

This article has covered the following key knowledge points:

• Define audit sampling and outline when it is used in audit work.
• Distinguish statistical and non-statistical sampling methods.
• Set out the key principles for sample design, selection, and evaluation.
• Explain how to project results, handle deviations, and respond to errors.
• State the required content, retention, and security of audit working papers (ISA 230).
• Describe the ownership and types of audit files, and best practice for safe custody.
• Identify how good documentation supports supervision, quality control, and regulatory review.

Key Terms and Concepts

• Audit Sampling
• Statistical Sampling
• Non-Statistical Sampling
• Audit Documentation
• Working Papers