Key Takeaways
- ISA 530 applies when the auditor uses sampling — selecting less than 100% of items in a population — to draw conclusions about the entire population. It covers both tests of controls and tests of details.
- The auditor can use statistical sampling (random selection with probability-based evaluation) or non-statistical sampling (judgment-based), both of which must be designed to provide a reasonable basis for conclusions. Neither is inherently superior.
- Sample design involves defining the population, the sampling unit, and the objective (testing controls or testing monetary amounts). Tolerable deviation rate (for controls) and tolerable misstatement (for details) are the maximum error the auditor will accept while still concluding the population is not materially misstated.
- Sample size is driven by the acceptable level of sampling risk, the tolerable deviation/misstatement, and the expected deviation/misstatement in the population. Higher risk, lower tolerance, or higher expected error all require larger samples.
- Selection methods include random selection, systematic (interval) selection, and monetary unit sampling (MUS/PPS). Haphazard selection is permitted for non-statistical samples but must avoid bias.
- After testing, the auditor must analyse deviations/misstatements for cause, project misstatements to the full population, and evaluate whether the results support the conclusion about the population. If projected misstatements exceed tolerable misstatement, the sample does not provide a reasonable basis for the conclusion.
What is ISA 530?
ISA 530, titled "Audit Sampling," provides the framework for one of the most fundamental audit activities: testing a sample of items and drawing conclusions about the full population. Since it is impractical (and unnecessary) to examine every transaction, the auditor must sample — but sampling introduces risk. ISA 530 manages that risk.
The standard does not apply to 100% examination or to selecting specific (non-representative) items for testing. It applies only when every item in the population has a chance of being selected, allowing the auditor to project results to the population.
Key Definitions
| Term | Definition | Practical Application |
|---|---|---|
| Audit sampling | Applying audit procedures to less than 100% of items in a population such that all sampling units have a chance of selection | Enables the auditor to draw conclusions about the full population |
| Sampling risk | The risk that the auditor's conclusion based on a sample differs from the conclusion that would have been reached by testing the entire population | Managed by appropriate sample size and design |
| Non-sampling risk | The risk of incorrect conclusions from factors unrelated to sampling — such as applying the wrong procedure or misinterpreting results | Managed by quality control, supervision, and clear procedures |
| Tolerable misstatement | The maximum monetary misstatement in the population that the auditor will accept | Typically set at performance materiality or below |
| Tolerable deviation rate | The maximum rate of control deviations the auditor will accept while still relying on the control | Typically 5–10% depending on the control's importance |
| Anomalous misstatement | A misstatement or deviation that is demonstrably not representative of the population | Excluded from projection, but its effect is still considered |
| Stratification | Dividing a population into sub-populations with similar characteristics | Reduces variability, increases efficiency, focuses testing on higher-risk items |
Sample Design
Defining the population
The population must be complete and appropriate for the audit objective. If the auditor is testing the completeness of payables, sampling from the recorded payables ledger tests existence, not completeness — the population should instead be subsequent payments or unreceived goods.
Tests of controls vs. tests of details
The sample design differs depending on the purpose:
Tests of controls — the auditor tests whether a control operated effectively. The sampling unit is typically a transaction or document. The auditor looks for deviations (the control was not performed or not performed correctly). The result is expressed as a deviation rate.
Tests of details — the auditor tests whether a monetary amount is misstated. The sampling unit is typically a monetary unit or a transaction/balance. The result is expressed as a projected misstatement amount.
Sample Size
ISA 530.7 requires the auditor to determine a sample size sufficient to reduce sampling risk to an acceptably low level. The key factors:
For tests of controls
| Factor | Effect on Sample Size |
|---|---|
| Higher confidence required in the control | Larger sample |
| Lower tolerable deviation rate | Larger sample |
| Higher expected deviation rate in the population | Larger sample |
| Larger population | Minimal effect (for populations above ~250 items) |
For tests of details
| Factor | Effect on Sample Size |
|---|---|
| Higher assessed risk of material misstatement | Larger sample |
| Lower tolerable misstatement | Larger sample |
| Higher expected misstatement in the population | Larger sample |
| Greater variability in the population (without stratification) | Larger sample |
| More reliance on other substantive procedures for the same assertion | Smaller sample |
The sample size trap
A common deficiency identified by regulators is the auditor using an inappropriately small sample size without documenting how it was determined or why it is sufficient. Simply testing "25 items" because that is the firm's default provides no basis for concluding on the population. The sample size must be justified by the assessed risk, the tolerable misstatement/deviation rate, and the expected error. If you use non-statistical sampling, you must still consider these factors — professional judgment does not mean "pick a number." Many firms use statistical formulas or tables even for non-statistical samples, as a starting point that is then adjusted by judgment.
Selection Methods
ISA 530.A13 identifies the principal methods:
Random selection — every item has a known, non-zero probability of selection. Can be generated using random number tables or software. Required for statistical sampling.
Systematic (interval) selection — the auditor calculates an interval (population ÷ sample size), selects a random starting point, and then selects every nth item. Effective and efficient, but the population must not be structured in a way that aligns with the interval (e.g., if every 10th invoice is a month-end adjustment and the interval is 10, the sample is biased).
Monetary unit sampling (MUS / probability-proportional-to-size / PPS) — each individual monetary unit (e.g., each €1) has an equal chance of selection, which means higher-value items have a proportionally greater chance of being selected. Particularly effective for tests of details because it automatically focuses on large items and can be used with relatively small sample sizes. Widely used in practice.
Haphazard selection — the auditor selects items without following a structured technique but attempts to avoid bias. Acceptable for non-statistical sampling but inherently less rigorous. The auditor must avoid selecting only easily accessible items, items at the top or bottom of a page, or items from a single time period.
Block selection — selecting a contiguous block of items (e.g., all transactions from one week). Generally not appropriate for audit sampling because it does not provide a representative sample of the full population.
Evaluating Results
Analysing deviations and misstatements
ISA 530.12 requires the auditor to investigate the nature and cause of each deviation or misstatement found. Understanding the cause determines whether the finding is systematic (indicating a broader problem) or isolated. Common features — such as all errors occurring in one location, one product line, or one period — suggest the problem is concentrated and may warrant targeted additional testing.
Anomalous misstatements
ISA 530.13 permits the auditor to treat a misstatement as anomalous — demonstrably not representative of the population — but the auditor must obtain a high degree of certainty that the misstatement is truly isolated. This requires additional procedures to confirm that the error does not affect other items. Anomalous misstatements are excluded from the projection but are still included in the summary of uncorrected misstatements (ISA 450).
Projecting misstatements
ISA 530.14 requires the auditor to project misstatements found in the sample to the full population. This is essential — a €5,000 error found in a sample of 30 items from a population of 3,000 items represents a projected misstatement of approximately €500,000, not €5,000.
The projected misstatement plus any anomalous misstatement is the auditor's best estimate of the total misstatement in the population. This is compared to the tolerable misstatement. If it exceeds tolerable misstatement, the sample does not support the conclusion that the population is not materially misstated.
Overall evaluation
ISA 530.15 requires the auditor to evaluate whether audit sampling has provided a reasonable basis for conclusions about the population. If not, the auditor may request management to investigate the misstatements and make adjustments, extend the sample, or perform alternative procedures.
Statistical vs. Non-Statistical Sampling
| Feature | Statistical | Non-Statistical |
|---|---|---|
| Selection method | Random (mathematically determined) | Judgment-based (haphazard, systematic) |
| Sample size determination | Formula-based | Judgment-based (but should consider same factors) |
| Evaluation of results | Quantifies sampling risk mathematically | Judgment-based evaluation |
| Projection | Statistically calculated with confidence intervals | Extrapolated using judgment |
| Defensibility | More objectively defensible | Depends on documentation of judgment |
| Efficiency | Can be more efficient for large populations | May be more practical for small populations |
ISA 530 does not mandate one approach over the other. Both can provide sufficient appropriate evidence when properly designed and executed.
ISA 530 in Your Jurisdiction
Netherlands. COS 530 follows ISA 530 closely. AFM inspections have identified common deficiencies including insufficient sample sizes for the assessed risk level, failure to project misstatements to the full population, and inadequate documentation of the rationale for the sample design and evaluation of results.
Germany. IDW PS 530 adapts ISA 530. German practice has strong traditions in both statistical and non-statistical sampling. The WPK's inspections focus on whether sample sizes are appropriate for the assessed risks and whether the evaluation of results is consistent with the methodology used.
United Kingdom. ISA (UK) 530 is substantively aligned with ISA 530. The FRC's inspections have highlighted concerns about auditors using default sample sizes without adjusting for the specific circumstances, not projecting misstatements to the population, and not considering the implications of sampling results for the overall audit conclusion.
France. NEP 530 implements ISA 530. French practice uses sondages (sampling) extensively, with the commissaire aux comptes expected to document the methodology, sample design, selection, and evaluation in the dossier de travail. The H3C's inspections examine whether sampling parameters are consistent with the risk assessment.
Related Ciferi Content
Continue building your understanding of the ISA framework:
Put audit concepts into practice with these free tools:
Frequently Asked Questions
How does the auditor determine tolerable misstatement for sampling?
Tolerable misstatement is the application of performance materiality (ISA 320) to a particular sampling procedure. It may equal performance materiality or be set lower, depending on the population. For example, if performance materiality is €50,000 and the population being sampled represents 40% of total assets, the auditor might set tolerable misstatement at €50,000 (if this is the only population) or lower (if multiple populations contribute to the same assertion).
What happens if the projected misstatement exceeds tolerable misstatement?
The sample does not provide a reasonable basis for concluding that the population is not materially misstated. The auditor must take action: request management to investigate and correct the misstatements, extend the audit testing (either by increasing the sample or performing alternative procedures), or consider the implications for the audit opinion.
Is monetary unit sampling always best?
MUS is particularly effective for testing overstatement of asset balances because it naturally selects higher-value items. It is less effective for testing understatement (completeness) or for populations with many zero or negative values. The auditor should choose the method that best fits the population and the assertion being tested.
Further Reading and Source References
- IAASB Handbook 2024 — ISA 530 full text — The authoritative source including appendices on stratification and factors influencing sample size.
- ISA 500 — Audit Evidence — the general framework within which sampling operates.
- ISA 320 — Materiality — determines tolerable misstatement for sampling.
- ISA 450 — Evaluation of Misstatements — governs how projected misstatements are accumulated and evaluated.