F.8 Guidance on Sample Testing

1. Internal audit testing is performed as part of the planned audit procedures to provide evidence to support conclusions regarding the efficiency or effectiveness of a process, procedure, or event, or the accuracy of data.

2. The internal audit director should consult the Office’s internal specialist for Research and Quantitative Analysis when planning sampling and/or testing activities.

3. If a process is initially determined to be poorly designed, testing may not be necessary, as it may not provide management and the internal auditor with any additional assurance of overall control design or additional evidence. However, in higher-risk areas, or if necessary to support certain conclusions, the internal auditor may choose to test extensively or expand testing procedures and sample sizes to support an observation.

4. There are two types of sampling an internal auditor can consider when performing testing procedures:

   1. Statistical sampling involves procedures that use probability measures to objectively select items for the sample and evaluate the results. In a statistical sample, every item within the population has a statistically equal chance of being selected. Statistical sampling results in an objectively determined sample that can be used to draw inferences or conclusions regarding the entire population. For example, if an auditor is attempting to validate that a particular transaction type is always completed within a specified timeframe, and 5 percent of the statistically sampled transactions were not completed timely, the auditor can assert that 5 percent of all transactions of this type are not completed timely.

   2. Non-statistical sampling is sufficiently precise to enable the auditor to draw conclusions about the sampled population, but does not permit a mathematical estimation of the population error rate. In the example above, a non statistical sample would allow the auditor to conclude that transactions are not consistently completed within the specified time frame, but not that a specific percentage of transactions exceeds the specified time frame.

5. Sample sizes may be determined by engagement or audit procedure, based on the scope and purpose of the audit. Typically, internal audit will employ the non-statistical sampling approach in order to achieve audit objectives. The sampling methodology will be documented on a control testing template.

6. In cases where another assurance function (e.g., the external auditor) will be placing direct reliance on the work of internal audit, that function’s criteria for establishing completeness of the population and sample size should be taken into account.

7. The table below can serve as general guidance for determining sample sizes using a non-statistical sampling approach. In situations when it is necessary or appropriate to change the recommended sample sizes, the auditor should document the relevant considerations and methodology for determining the new sample sizes.

8. Once the sample size has been determined, there are several methods for selecting the sample:

   1. Random sampling is a specific technique that requires the use of a random sample table or automated random sample generator. Each item has a statistically equal chance of selection with random sampling. This method is appropriate when performing financial audits.

   2. Haphazard sampling is a non random selection method in which an auditor attempts to manually approximate random sampling by selecting without regard to size, type, or other information relating to sample items. It is most commonly executed by selecting the first sample item and then selecting the rest of the sample at established intervals from the first. For example, for a sample of 10, the auditor may select the fifth item on a list and then every third item thereafter (8, 11, 14, etc.) until the sample is complete. This method is appropriate for assurance engagements.

   3. Judgmental sampling involves selecting sample items with a bias towards higher-risk transactions or groups of transactions where errors are more likely. For example, if testing journal voucher approval, the auditor may make a judgmental selection skewing the sample toward larger and unusual or uncommon items. This method is also appropriate for assurance engagements.

   4. Stratified sampling involves first dividing items of a population into smaller groups, or strata, then randomly selecting items from a certain stratum for a sample. For example, when testing disbursements, the auditor may divide the population into certain types of expenditures, such as office supplies, payroll, and office equipment. After separating out types of expenditures, the auditor randomly selects items from each type of expenditure that is relevant to testing. This method is also appropriate for assurance engagements.

   5. Attribute sampling involves selecting a small number of transactions and making assumptions about how their characteristics represent the full population of which the selected items are a part. The concept is frequently used to test a population for certain characteristics, such as the presence of an authorizing signature on a document. The concept can be used to determine whether various accounting controls are functioning in a reliable manner. This method is also appropriate for assurance engagements.

   6. Variable sampling, typically utilized in substantive testing, is used to determine the monetary impact of characteristics of a population. This type of sampling involves testing a small number of transactions for certain values and comparing that value with the expected value. Any differences in value are calculated with other differences in the sample and applied to the population in a statistical manner. For example, this type of sampling could be used to test accounts receivable in order to determine whether the accounts receivable amount is fairly stated.

Last modified:

2018-03-22