Most sampling approaches you will see in the wild are PIOOMA: Pulled It Out Of My A**. The sample is 25 because the firm template says 25. The selection is “every fifth invoice” because that felt unbiased at 9pm on a Thursday. The evaluation is “no material issues noted” because nothing jumped out. ISA 530 exists to drag that work toward something a quality reviewer can defend.
No one teaches you how to defend a sample size of 25 to a 2nd-partner reviewer who wants 40. That conversation is the actual ISA 530. This guide sets out the standard as practitioners use it: how to size a sample you can justify, how to pick items that are not biased, how to project what you find, and what to do when the projection blows through tolerable misstatement (TM).
Key Takeaways
- ISA 530 applies when the auditor uses sampling (selecting less than 100% of items in a population) to draw conclusions about the entire population. It covers both tests of controls and tests of details.
- The auditor can use statistical sampling (random selection with probability-based evaluation) or non-statistical sampling (judgment-based), both of which must be designed to provide a reasonable basis for conclusions. Neither is inherently superior.
- Sample design involves defining the population, the sampling unit, and the objective (testing controls or testing monetary amounts). Tolerable deviation rate (for controls) and tolerable misstatement (for details) are the maximum error the auditor will accept while still concluding the population is not materially misstated.
- Sample size is driven by the acceptable level of sampling risk, the tolerable deviation/misstatement, and the expected deviation/misstatement in the population. Higher risk, lower tolerance, or higher expected error all require larger samples.
- Selection methods include random selection, systematic (interval) selection, monetary unit sampling (MUS/PPS), and haphazard selection. Haphazard selection is permitted for non-statistical samples but must avoid bias.
- After testing, the auditor must analyse deviations and misstatements for cause and project misstatements to the full population. The auditor then evaluates whether the results support the conclusion about the population. If projected misstatements exceed tolerable misstatement, the sample does not provide a reasonable basis for the conclusion.
What is ISA 530?
ISA 530, titled “Audit Sampling,” provides the framework for one of the most fundamental audit activities: testing a sample of items and drawing conclusions about the full population. Examining every transaction is impractical and unnecessary. Sampling introduces risk. ISA 530 manages that risk.
The standard does not apply to 100% examination or to selecting specific (non-representative) items for testing. It applies only when every item in the population has a chance of being selected, allowing the auditor to project results to the population.
Key definitions
| Term | Definition | Practical Application |
|---|---|---|
| Audit sampling | Applying audit procedures to less than 100% of items in a population such that all sampling units have a chance of selection | Enables the auditor to draw conclusions about the full population |
| Sampling risk | The risk that the auditor’s conclusion based on a sample differs from the conclusion that would have been reached by testing the entire population | Managed by appropriate sample size and design |
| Non-sampling risk | The risk of incorrect conclusions from factors unrelated to sampling — such as applying the wrong procedure or misinterpreting results | Managed by quality control, supervision, and clear procedures |
| Tolerable misstatement | The maximum monetary misstatement in the population that the auditor will accept | Typically set at performance materiality or below |
| Tolerable deviation rate | The maximum rate of control deviations the auditor will accept while still relying on the control | Typically 5–10% depending on the control’s importance |
| Anomalous misstatement | A misstatement or deviation that is demonstrably not representative of the population | Excluded from projection, but its effect is still considered |
| Stratification | Dividing a population into sub-populations with similar characteristics | Reduces variability, increases efficiency, focuses testing on higher-risk items |
Sample design
Defining the population
The population must be complete and appropriate for the audit objective. If the auditor is testing the completeness of payables, sampling from the recorded payables ledger tests existence, not completeness. The population should instead be subsequent payments or unreceived goods.
Tests of controls vs. tests of details
The sample design differs depending on the purpose.
For tests of controls, the auditor tests whether a control operated effectively. The sampling unit is typically a transaction or document. The auditor looks for deviations (the control was not performed or not performed correctly). The result is expressed as a deviation rate.
For tests of details, the auditor tests whether a monetary amount is misstated. The sampling unit is typically a monetary unit or a transaction/balance. The result is expressed as a projected misstatement amount.
Sample size
ISA 530.7 requires the auditor to determine a sample size sufficient to reduce sampling risk to an acceptably low level. The key factors:
For tests of controls
| Factor | Effect on Sample Size |
|---|---|
| Higher confidence required in the control | Larger sample |
| Lower tolerable deviation rate | Larger sample |
| Higher expected deviation rate in the population | Larger sample |
| Larger population | Minimal effect (for populations above ~250 items) |
For tests of details
| Factor | Effect on Sample Size |
|---|---|
| Higher assessed risk of material misstatement | Larger sample |
| Lower tolerable misstatement | Larger sample |
| Higher expected misstatement in the population | Larger sample |
| Greater variability in the population (without stratification) | Larger sample |
| More reliance on other substantive procedures for the same assertion | Smaller sample |
The sample size trap
Regulators commonly flag auditors who use an inappropriately small sample size without documenting how it was determined or why it is sufficient. Testing “25 items” because that is the firm’s default provides no basis for concluding on the population. In my experience, the “just roll it forward” sample (prior-year size, prior-year risk assumptions) is the single most common finding inspectors pull on a sampling review. The sample size must be justified by the assessed risk and the tolerable misstatement/deviation rate, factoring in the expected error. If you use non-statistical sampling, you must still consider these factors. Professional judgment does not mean “pick a number.” Many firms use statistical formulas or tables even for non-statistical samples as a starting point that is then adjusted by judgment. The ISA 530 sampling calculator computes monetary unit sampling (MUS) and classical sample sizes from these inputs.
Selection methods
ISA 530.A13 identifies the principal methods.
Random selection gives every item a known, non-zero probability of selection. It can be generated using random number tables or software and is required for statistical sampling.
Systematic (interval) selection works by calculating an interval (population / sample size), picking a random start, and then selecting every nth item. It is effective and efficient. The caveat is structural: if every 10th invoice is a month-end adjustment and the interval is 10, the sample is biased.
Monetary unit sampling (MUS, also called probability-proportional-to-size or PPS) gives each individual monetary unit (each €1) an equal chance of selection, which means higher-value items have a proportionally greater chance of being picked. It is particularly effective for tests of details because it automatically focuses on large items and can be used with relatively small sample sizes. MUS is the default on most substantive testing I have seen across mid-tier firms.
Haphazard selection is where the auditor picks items without a structured technique but attempts to avoid bias. It is acceptable for non-statistical sampling and inherently less rigorous. Avoid selecting only easily accessible items, items at the top or bottom of a page, or items from a single time period.
Block selection picks a contiguous block of items (for example, all transactions from one week). It is generally not appropriate for audit sampling because it does not provide a representative sample of the full population.
Evaluating results
Analysing deviations and misstatements
ISA 530.12 requires the auditor to investigate the nature and cause of each deviation or misstatement found. Understanding the cause determines whether the finding is systematic (indicating a broader problem) or isolated. Common features (errors clustered in one location or one product line) suggest the problem is concentrated and may warrant targeted additional testing.
Anomalous misstatements
ISA 530.13 permits the auditor to treat a misstatement as anomalous (demonstrably not representative of the population) but the auditor must obtain a high degree of certainty that the misstatement is truly isolated. This requires additional procedures to confirm that the error does not affect other items. Anomalous misstatements are excluded from the projection but are still included in the summary of uncorrected misstatements (ISA 450).
Projecting misstatements
ISA 530.14 requires the auditor to project misstatements found in the sample to the full population. This is the step firms most often fail to document properly. A €5,000 error found in a sample of 30 items from a population of 3,000 items represents a projected misstatement of approximately €500,000, not €5,000.
The projected misstatement plus any anomalous misstatement is the auditor’s best estimate of the total misstatement in the population. It is compared to TM. If it exceeds TM, the sample does not support the conclusion that the population is not materially misstated.
Overall evaluation
ISA 530.15 requires the auditor to evaluate whether audit sampling has provided a reasonable basis for conclusions about the population. If not, the auditor may request management to investigate and correct the misstatements, or extend the sample through additional testing or alternative procedures.
Statistical vs. non-statistical sampling
| Feature | Statistical | Non-Statistical |
|---|---|---|
| Selection method | Random (mathematically determined) | Judgment-based (haphazard, systematic) |
| Sample size determination | Formula-based | Judgment-based (but should consider same factors) |
| Evaluation of results | Quantifies sampling risk mathematically | Judgment-based evaluation |
| Projection | Statistically calculated with confidence intervals | Extrapolated using judgment |
| Defensibility | More objectively defensible | Depends on documentation of judgment |
| Efficiency | Can be more efficient for large populations | May be more practical for small populations |
ISA 530 in your jurisdiction
Netherlands. COS 530 follows ISA 530 closely. AFM inspections have identified common deficiencies including insufficient sample sizes for the assessed risk level, failure to project misstatements to the full population, inadequate documentation of the rationale for sample design, and weak evaluation of results.
Germany. IDW PS 530 adapts ISA 530. German practice has strong traditions in both statistical and non-statistical sampling. The WPK’s inspections focus on whether sample sizes are appropriate for the assessed risks and whether the evaluation of results is consistent with the methodology used.
United Kingdom. ISA (UK) 530 is substantively aligned with ISA 530. The FRC’s inspections have highlighted concerns about auditors using default sample sizes without adjusting for the specific circumstances and not projecting misstatements to the population. Inspectors also flagged failures to consider the implications of sampling results for the overall audit conclusion.
France. NEP 530 implements ISA 530. French practice uses sondages (sampling) extensively, with the commissaire aux comptes expected to document the methodology, sample design, selection, and evaluation in the dossier de travail. The H3C’s inspections examine whether sampling parameters are consistent with the risk assessment.
Frequently asked questions
How does the auditor determine tolerable misstatement for sampling?
Tolerable misstatement is the application of performance materiality (ISA 320) to a particular sampling procedure. It may equal performance materiality or be set lower, depending on the population. For example, if performance materiality is €50,000 and the population being sampled represents 40% of total assets, the auditor might set tolerable misstatement at €50,000 (if this is the only population) or lower (if multiple populations contribute to the same assertion).
What happens if the projected misstatement exceeds tolerable misstatement?
The sample does not provide a reasonable basis for concluding that the population is not materially misstated. The auditor must take action: request management to investigate and correct the misstatements, extend the audit testing (either by increasing the sample or performing alternative procedures), consider the implications for the audit opinion, or combine these responses.
Is monetary unit sampling always best?
MUS is particularly effective for testing overstatement of asset balances because it naturally selects higher-value items. It is less effective for testing understatement (completeness) or for populations with many zero or negative values. The auditor should choose the method that best fits the population and the assertion being tested.
Further reading and source references
- IAASB Handbook 2024: ISA 530 full text. The authoritative source including appendices on stratification and factors influencing sample size.
- ISA 500: Audit Evidence. The general framework within which sampling operates.
- ISA 320: Materiality. Determines tolerable misstatement for sampling.
- ISA 450: Evaluation of Misstatements. Governs how projected misstatements are accumulated and evaluated.
This guide reflects the ISA 530 text as published in the IAASB 2024 Handbook. National implementations may include additional requirements. Always consult the applicable national standard alongside the international text. This content is for educational purposes and does not constitute legal or professional advice.
Production-ready audit templates
Related ciferi content
ISA 530 deep dives:
Related ISA guides:
Put audit concepts into practice with these free tools: