What is audit sampling?

Audit sampling is the process of selecting and testing fewer than 100% of items in a population to form a conclusion about the entire population. ISA 530 governs how auditors design, select, and evaluate samples for both tests of controls and substantive procedures.

The fundamental principle is that every sampling unit in the population must have a chance of being selected. This does not mean every item has an equal chance — stratification and monetary unit sampling deliberately weight selection toward higher-value or higher-risk items — but no item can be systematically excluded from the possibility of selection.

Sampling exists because testing 100% of transactions is rarely practical or cost-effective. The trade-off is sampling risk: the risk that the auditor's conclusion based on a sample differs from the conclusion they would reach if the same procedure were applied to the entire population. The auditor manages this risk by choosing appropriate sample sizes, selection methods, and evaluation techniques.

Key Points

  • Every item must have a chance of selection. Whether using random, systematic, or monetary unit selection, no part of the population can be excluded from the sampling frame.
  • Sample size is driven by risk. Lower tolerable misstatement, higher expected misstatement, and lower acceptable sampling risk all increase the required sample size.
  • Misstatements must be projected. ISA 530.14 requires the auditor to project sample misstatements to the entire population, not just report the raw amount found.
  • Both statistical and non-statistical approaches are permitted. ISA 530 does not require statistical sampling, but whichever method is used must provide sufficient appropriate audit evidence.

Why it matters in practice

Worked example: Van Dijk Logistics

Van Dijk Logistics BV has 4,200 trade receivable balances totalling EUR 18.6 million. The audit team sets performance materiality at EUR 200,000 and tolerable misstatement for receivables at the same amount. Expected misstatement, based on prior-year results, is EUR 30,000.

Using a statistical formula (confidence factor approach), the team calculates a sample size of 40 items. They use monetary unit sampling to weight selection toward larger balances. External confirmations are sent for all 40 items.

Three confirmations return with differences totalling EUR 8,400. The team investigates and determines all three are genuine misstatements (not timing differences). The projected misstatement is EUR 8,400 x (18,600,000 / 7,440,000 sampled value) = EUR 21,000. This is well below tolerable misstatement of EUR 200,000, so the team concludes the receivables balance is not materially misstated.

What reviewers catch

Sampling is one of the most frequently cited areas in regulatory inspection findings. Common issues include:

  • Population completeness not tested. The auditor sampled from a report that did not include all items in the population (e.g., sampling from a receivables listing that excluded credit balances or intercompany items).
  • No projection of misstatements. The file reported only the raw misstatements found in the sample without projecting them to the full population, as required by ISA 530.14.
  • Haphazard selection mistaken for random selection. The auditor selected items "at random" by scrolling through a listing and picking items, which is haphazard selection and does not qualify as a valid statistical sampling method.
  • Sample size not linked to risk assessment. The file contained no documentation showing how the sample size was determined or how it related to the assessed risk of material misstatement.

Statistical vs non-statistical sampling

Statistical sampling uses mathematical probability to select items and evaluate results. It gives the auditor a quantifiable confidence level (e.g., 95% confidence that the population misstatement does not exceed tolerable misstatement). It requires random selection and formal projection of results. The main advantage is defensibility — the conclusion is mathematically supported.

Non-statistical sampling relies on the auditor's professional judgement for selection and evaluation. It is more flexible and often faster to execute, but the auditor cannot quantify sampling risk. ISA 530.A22 notes that when non-statistical sampling is used, the auditor uses professional judgement to determine that the sample is representative and the results provide sufficient appropriate evidence.

Neither approach is inherently superior. The choice depends on the population characteristics, the audit objective, and the firm's methodology. Many firms use statistical sampling for large, homogeneous populations (e.g., trade receivables confirmations) and non-statistical sampling for smaller or more varied populations (e.g., testing journal entries).

Key standard references

  • ISA 530.5–6: Definitions of audit sampling, sampling risk, non-sampling risk, tolerable misstatement, and anomalous misstatement.
  • ISA 530.7–8: Requirements for designing the sample, including determining sample size sufficient to reduce sampling risk to an acceptably low level.
  • ISA 530.12–13: Performing audit procedures on selected items and investigating the nature and cause of deviations or misstatements identified.
  • ISA 530.14: Projecting misstatements found in the sample to the population.
  • ISA 530.A22: Guidance on the use of non-statistical sampling and the role of professional judgement in evaluating sample results.

Related terms

Performance MaterialityTolerable MisstatementMaterialityAudit Risk Model

Related tools

Sampling Calculator
ISA 530

Related reading

ISA 530: Audit Sampling: Complete Guide
Blog guide

Frequently asked questions

What is the difference between statistical and non-statistical sampling?

Statistical sampling uses random selection and probability theory to evaluate results, allowing the auditor to quantify sampling risk. Non-statistical sampling relies on the auditor's judgement for both selection and evaluation. ISA 530 permits either approach — both can provide sufficient appropriate audit evidence. The key difference is measurability: statistical sampling gives a mathematically defensible confidence level, while non-statistical sampling requires the auditor to use professional judgement to assess whether the sample results support the conclusion.

How does the auditor determine sample size?

Sample size depends on four factors: the acceptable level of sampling risk (typically 5% for substantive tests), the tolerable misstatement (derived from performance materiality), the expected misstatement in the population, and the population characteristics. A higher tolerable misstatement or lower expected misstatement reduces the required sample size. ISA 530.A11 notes that the auditor may use statistical formulas or professional judgement to determine the appropriate size.

What happens when misstatements are found in a sample?

The auditor must project the misstatements found in the sample to the entire population (ISA 530.14). For example, if testing 40 items from a population of 2,000 and finding EUR 5,000 in misstatements, the projected misstatement is EUR 250,000 (EUR 5,000 x 2,000/40). The auditor then compares this projected amount to tolerable misstatement. If the projected misstatement exceeds tolerable misstatement, the auditor concludes the population contains a material misstatement and must perform additional procedures or request management to adjust.

This glossary entry is for educational purposes and does not constitute legal or professional advice. Always consult the applicable standard text for authoritative guidance.

Last reviewed: March 2026 · Standards version: IAASB 2024 Handbook