What is the confidence level in audit sampling?

A file says "95% confidence" on the sample size tab and the reviewer accepts it. Nobody asks why 95% and not 90%. That is the single most common finding I see on sampling review notes, and it survives because the number looks defensible on its face. It usually is not.

ISA 530 does not use the phrase "confidence level" explicitly, but the concept sits behind every sample size calculation. ISA 530.7 requires the auditor to determine a sample size sufficient to reduce sampling risk to an acceptably low level. The confidence level is the positive expression of that requirement. If the acceptable sampling risk is 5%, the confidence level is 95%.

In practice, the confidence level translates into a reliability factor (R-factor) used in statistical sampling formulas. At 95% confidence with zero expected errors, the R-factor is 3.0. At 90%, it drops to 2.3. That difference changes sample sizes by roughly 30% on the same population.

The link to ISA 315 (Revised) matters here. ISA 530 .A8 states that the higher the assessed risk of material misstatement (RMM), the lower the acceptable sampling risk must be. Lower acceptable sampling risk means a higher confidence level and a higher R-factor, which in turn means a larger sample. The RMM is what sets the confidence level. The confidence level is what sets the sample size. If the file breaks that chain, the sample is unsupported.

Key Points

  • A higher confidence level means a lower tolerance for sampling risk and a larger required sample.
  • The confidence level is not chosen arbitrarily. It flows directly from the assessed RMM for the assertion being tested.
  • If the confidence level in the file does not match the risk assessment, the sample size cannot be defended.
  • Most statistical sampling methods convert confidence levels into numerical reliability factors (R-factors) used in the sample size formula.

Why it matters in practice

Teams frequently select a confidence level (90% or 95%) without documenting why that level was chosen. In my experience, maybe a third of sampling working papers explain the choice. ISA 530 .A8 requires the confidence level to follow from the risk assessment. A file that states "95% confidence" without connecting it to the assessed RMM for the specific assertion leaves the sample size floating. That is PIOOMA with a methodology shield. Nobody enjoys the conversation when the reviewer asks for the link and the file does not have one.

Some firms' methodologies default to 95% confidence for all tests of details regardless of the risk assessment. This is conservative but creates a different problem. It severs the link between ISA 315 (Revised) risk assessments and ISA 530 sample design. If every test uses the same confidence level, the risk assessment has no effect on procedure design, which contradicts ISA 330.7 (a).

Worked example: Fabrique de Verre Morel SA

Client: Belgian glass manufacturer, FY2024, revenue EUR 58M, Belgian GAAP reporter.

Population: 832 purchase invoices totalling EUR 31M, tested for occurrence and accuracy of accounts payable.

Step 1: link the confidence level to the risk assessment

The engagement team assessed the RMM for payables completeness as normal (not elevated). Under the firm's methodology, normal risk maps to a 90% confidence level (R-factor 2.3). If risk had been assessed as elevated, the methodology requires 95% (R-factor 3.0).

Step 2: calculate the sample size at 90% confidence

Tolerable misstatement is EUR 1.8M (equal to performance materiality, PM). Expected misstatement is EUR 90K based on prior year results. MUS sample size = (31,000,000 x 2.3) / 1,800,000 = 40 items (rounded up from 39.6).

Step 3: show the sensitivity to the confidence level

If the team had assessed risk as elevated (95% confidence, R-factor 3.0), the sample size would be (31,000,000 x 3.0) / 1,800,000 = 52 items. That is a 30% increase from the same population with the same tolerable misstatement.

A sample of 40 items is defensible because the 90% confidence level ties directly to the normal risk assessment. If the engagement team cannot show that link in the file, the 90% level (and therefore the smaller sample) has no support.

Key standard references

  • ISA 530.7 : The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level.
  • ISA 530 .A8: The higher the assessed risk of material misstatement, the lower the acceptable level of sampling risk, requiring a higher confidence level.
  • ISA 530 .A10–A11: Factors affecting sample size, including the reliability factor derived from the confidence level.
  • ISA 330.7 (a): The nature, timing, and extent of further audit procedures shall be responsive to the assessed risks of material misstatement.

Related terms

Sampling RiskSample Size DeterminationNon-Sampling RiskRisk of Material MisstatementStratification in Audit Sampling

Related tools

ISA 530 Sampling Calculator
ISA 530

Related tools

ISA 530 Sampling Calculator
ISA 530

Related reading

ISA 530: Audit Sampling — A Complete Guide
Blog guide
How to Design an Audit Sampling Plan
Blog guide

Frequently asked questions

How does the confidence level relate to sampling risk?

They are complements. A 95% confidence level means 5% acceptable sampling risk.

Can the same confidence level be used for all tests?

Some firms default to 95% for all tests, but this severs the link between risk assessment and sample design, contradicting ISA 330.7(a).

Get practical audit insights, weekly.

No exam theory. Just what makes audits run faster.

290+ guides published20 free toolsBuilt by practicing auditors

No spam. We’re auditors, not marketers.

This glossary entry is for educational purposes and does not constitute legal or professional advice. Always consult the applicable standard text for authoritative guidance.

Last reviewed: · Standards version: IAASB 2024 Handbook