**List the steps involved in selecting and evaluating a nonstatistical or a statistical sample for tests of controls. Identify the professional judgments that must be made associated with each step**.

There are nine steps to evaluating the nonstatistical and statistical sample:

- Determining the Objectives of the Test Controls: This involves the use of rate of deviation in the test controls to the overall population.
- Determining Procedures to Evaluate Internal Controls: This step determines the nature and timing of the audit. The auditors observes how people work and use the controls, inspecting physical documents and electronic files to determine if procedures are effective.
- Make a Decision about the Audit Sampling Technique: This step is when an auditor decides whether to use sampling that is nonstatistical or statistical. The smaller system usually uses nonstatistical, larger systems usually use statistical sampling.
- Define the Population and Sampling Unit: The population is determined by where the control should be used. The sampling unit show the auditor identifies the program changes made in the population over a period of time.
- Use Professional Judgment to Determine Sample Size: Determining size of the sample involves several factors. “The nature of control, frequency of operations, importance of the control, risk assessing control risk, tolerable deviation rate, expected population deviation rate, and population size either direct or indirect below 5000” (Boynton & Johnson, 2006, p. 561 – 562).
- Select Representive Sample: If using nonstatistical sample the use of professional judgment is involved. Statistical samples are usually a random sampling out of the population being tested.
- Apply Audit Procedures: The auditor determines if controls are operating effectively and are applied right within the sample selected.
- Evaluate the Sample Results: This evaluation comes from comparing tolerable deviation rate and deviation rate with quantitative results. The closer the rate the more reasonable that low risk is wrong for the evaluation. The evaluation must determine from the evidence if the rating is low, medium, or high. The qualitative consideration is determining errors in deviation and how the deviation relates to the auditing process in other areas.
- Document Conclusion; this step involves documenting test results into working papers and the basis for a conclusion.

Reference

Boynton, W. & Johnson, R. (2006). Modern Auditing: Assurance Services and the Integrity of Financial Reporting (8^{th} ed.). Wiley, Hoboken, N.J.