Confidence Level in Audit Sampling

What is the confidence level in audit sampling?

ISA 530 does not use the phrase "confidence level" explicitly, but the concept sits behind every sample size calculation. ISA 530.7 requires the auditor to determine a sample size sufficient to reduce sampling risk to an acceptably low level. The confidence level is the positive expression of that requirement: if the acceptable sampling risk is 5%, the confidence level is 95%.

In practice, the confidence level translates into a reliability factor (R-factor) used in statistical sampling formulas. At 95% confidence with zero expected errors, the R-factor is 3.0. At 90%, it drops to 2.3. That difference changes sample sizes by roughly 30% on the same population.

The link to ISA 315 (Revised) matters here. ISA 530.A8 states that the higher the assessed risk of material misstatement, the lower the acceptable sampling risk must be. Lower acceptable sampling risk means a higher confidence level and a higher R-factor, which in turn means a larger sample. The risk assessment is what sets the confidence level. The confidence level is what sets the sample size. If the file breaks that chain, the sample is unsupported.

Why it matters in practice

Teams frequently select a confidence level (90% or 95%) without documenting why that level was chosen. ISA 530.A8 requires the confidence level to follow from the risk assessment. A file that states "95% confidence" without connecting it to the assessed risk of material misstatement for the specific assertion leaves the sample size floating.

Some firms' methodologies default to 95% confidence for all tests of details regardless of the risk assessment. This is conservative but creates a different problem: it severs the link between ISA 315 (Revised) risk assessments and ISA 530 sample design. If every test uses the same confidence level, the risk assessment has no effect on procedure design, which contradicts ISA 330.7(a).

Worked example: Fabrique de Verre Morel SA

Client: Belgian glass manufacturer, FY2024, revenue EUR 58M, Belgian GAAP reporter.

Population: 832 purchase invoices totalling EUR 31M, tested for occurrence and accuracy of accounts payable.

Step 1 — Link confidence level to risk assessment: The engagement team assessed the risk of material misstatement for payables completeness as normal (not elevated). Under the firm's methodology, normal risk maps to a 90% confidence level (R-factor 2.3). If risk had been assessed as elevated, the methodology requires 95% (R-factor 3.0).

Step 2 — Calculate sample size at 90% confidence: Tolerable misstatement is EUR 1.8M (equal to performance materiality). Expected misstatement is EUR 90K based on prior year results. MUS sample size = (31,000,000 x 2.3) / 1,800,000 = 40 items (rounded up from 39.6).

Step 3 — Show the sensitivity to confidence level: If the team had assessed risk as elevated (95% confidence, R-factor 3.0), the sample size would be (31,000,000 x 3.0) / 1,800,000 = 52 items. That is a 30% increase from the same population with the same tolerable misstatement.

Conclusion: A sample of 40 items is defensible because the 90% confidence level ties directly to the normal risk assessment. If the engagement team cannot show that link in the file, the 90% level (and therefore the smaller sample) has no support.

Key standard references

• ISA 530.7: The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level.
• ISA 530.A8: The higher the assessed risk of material misstatement, the lower the acceptable level of sampling risk, requiring a higher confidence level.
• ISA 530.A10–A11: Factors affecting sample size, including the reliability factor derived from the confidence level.
• ISA 330.7(a): The nature, timing, and extent of further audit procedures shall be responsive to the assessed risks of material misstatement.

Related terms

Related tools

Related reading

Frequently asked questions