Audit Sampling
Domain 1 — Information Systems Auditing Process
Definition
Audit sampling is the application of audit procedures to less than 100% of items in a population, with the expectation that the sample is representative enough to draw conclusions about the entire population. Sampling may be statistical (random selection, quantifiable confidence level) or non-statistical (judgement-based). IS auditors use sampling when testing controls over a large volume of transactions.
Real-World Audit Scenario
I audited a client's accounts payable process and tested 25 transactions out of 15,000. All 25 had proper approvals. The process owner concluded that controls were effective. But the 25 transactions had been selected by the process owner himself — he had picked the ones he knew were clean. I re-performed the sampling using a random number generator and tested 40 transactions from the full population. Found 7 that lacked proper approval documentation, including one for $280,000.
Common Exam Trap
A common exam trap: the auditor selects a "representative" sample by choosing transactions that are easy to access. That is non-statistical judgemental sampling, and it introduces selection bias. Statistical sampling requires random selection where every item has an equal chance of being selected.
Test Your Understanding
Try a free practice question on this topic — see our 4-layer explanations and find out where you stand.
Try a Free Question →150 Free Practice Questions →