Audit Sampling 101: Attribute Sampling, Risks & Smart Selection
Overview: Not every audit test covers 100% of transactions. Auditors often use sampling to gain sufficient appropriate evidence efficiently. This guide explains when to test everything, how to use attribute sampling, and how to manage sampling risk.
✅ Selecting Items for Testing
- Selecting All Items: Done when the population is small and high-value, or when an automated procedure covers the entire population. E.g., testing all large sales contracts.
- Selecting Specific Items: Focus on key items with certain characteristics (e.g., amounts over $1M). Note: Results cannot be projected to the population.
- Audit Sampling: Applying procedures to less than 100% to evaluate characteristics of the whole. Good for large populations where no specific risky items stand out.
✅ Audit Sampling Basics
- Rule 1: Assume the population is normally distributed (bell curve).
- Rule 2: Samples must be unrestricted and randomly selected to be valid.
- Rule 3: A properly sized random sample is representative.
- Rule 4: Standard deviation measures population variability — wider = more variable.
✅ Statistical vs. Nonstatistical Sampling
- Statistical Sampling: Auditor quantifies sampling risk, calculates needed sample size, and evaluates results quantitatively.
- Nonstatistical Sampling: Auditor uses professional judgment for size and evaluation.
📌 Sampling Risk & Nonsampling Risk
- Substantive Tests: Risk of incorrect acceptance (miss real misstatement) or incorrect rejection (think there’s an error when there isn’t).
- Tests of Controls: Risk of assessing control risk too low (bad, lowers effectiveness) or too high (inefficient work).
- Nonsampling Risk: Mistakes outside the sampling method — e.g., using the wrong procedure or failing to recognize a misstatement.
✅ Attribute Sampling for Controls
- Used to estimate the rate of occurrence of an attribute (e.g., was an invoice properly approved?).
- Key terms:
- Deviation Rate: Sample’s estimated error rate.
- Tolerable Rate: Maximum deviation the auditor will accept.
- Upper Deviation Rate: Worst-case estimate (sample rate + sampling risk allowance).
- Compare upper deviation rate to tolerable rate to decide if you can rely on the control.
✅ Examples: Discovery & Stop-or-Go Sampling
- Discovery Sampling: Use when expecting zero or near-zero errors, e.g., searching for fraud. If no deviations, auditor can be 95% confident error rate is below threshold.
- Stop-or-Go (Sequential): Helps avoid over-testing. Stop early if results are already clear.
✅ Professional Judgment Still Required
Statistical sampling does not eliminate judgment! Auditors decide objectives, select methods, and interpret results. Documentation should include design, performance, and evaluation.
🔗 Helpful References
👉 Sample smart, test effectively, and know your risk!
