Audit Sampling Methods: Complete Guide for Internal Auditors [2026]

Updated March 28, 2026 by Vicky Sarin

Audit Sampling Methods: Complete Guide to Statistical & Non-Statistical Techniques

Audit sampling is the application of an audit procedure to less than 100% of items within a population to draw conclusions about the entire group. Under the Global Internal Audit Standards (GIAS) 2024, Standard 14.1 requires internal auditors to gather sufficient, reliable, and relevant information — and well-designed sampling is how auditors meet that standard without testing every single transaction. Whether you are preparing for the CIA Part 2 exam or building an audit universe in practice, understanding when to use statistical versus non-statistical sampling is essential for both exam success and fieldwork efficiency.

💡 Key Takeaways

  • Audit sampling allows internal auditors to test a subset of transactions and project findings to the entire population, saving time while maintaining assurance quality.
  • Statistical sampling uses probability theory (random, stratified, monetary unit) to produce mathematically measurable results with quantifiable sampling risk.
  • Non-statistical sampling relies on auditor judgement (judgemental, haphazard, block) and is suitable for smaller populations or targeted risk-based testing.
  • GIAS 2024 Standard 14.1 requires audit evidence to be sufficient, reliable, and relevant — proper sampling design is how auditors meet this requirement.
  • CIA Part 2 tests sampling methodology extensively — understanding sample size determination, confidence levels, and error evaluation is critical for exam success.
  • Common sampling pitfalls include inadequate sample sizes, selection bias, and failing to project sample results to the full population.

What Is Audit Sampling?

📖 Definition: Audit sampling is the process of selecting and examining a representative subset of items from a larger population to form conclusions about the characteristics of that entire population. It enables auditors to provide reasonable assurance without testing every transaction.

In practice, internal auditors rarely have the time or resources to examine 100% of transactions in an audit engagement. Sampling bridges this gap by allowing auditors to test a manageable number of items and extrapolate the results. The key is designing the sample so that conclusions drawn from it are reliable and defensible.

Audit sampling applies to both tests of controls (evaluating whether internal controls are operating effectively) and substantive tests (verifying the accuracy of account balances or transaction details). The method chosen depends on the audit objective, the size and nature of the population, and the acceptable level of risk.

Why Audit Sampling Matters in Internal Audit

Effective audit sampling is the backbone of efficient internal audit fieldwork. Without it, auditors would face an impossible choice: test everything (impractical for large populations) or test nothing (unacceptable from an assurance perspective). Here is why sampling is critical:

  • Resource efficiency — Sampling reduces the time and cost of audit engagements while still providing sufficient evidence for conclusions.
  • Scalability — The same sampling principles apply whether the population is 500 purchase orders or 50,000 expense claims.
  • Risk-based focus — Stratified and judgemental approaches let auditors concentrate testing on high-risk or high-value items, aligning with the enterprise risk management framework.
  • Defensible conclusions — Statistical sampling produces quantifiable confidence levels and error rates, making findings harder to challenge.
  • Regulatory alignment — GIAS 2024, PCAOB AS 2315, and ISA 530 all recognise sampling as a valid evidence-gathering technique when properly designed.

GIAS 2024 Requirements for Audit Sampling

The 2024 Global Internal Audit Standards do not prescribe a specific sampling methodology, but they set clear expectations for the quality of audit evidence. Standard 14.1 (Gathering Information) requires that evidence be sufficient (enough in quantity), reliable (trustworthy and verifiable), and relevant (connected to the audit objective).

This means auditors must be able to justify their sampling approach in the audit documentation. The working papers should clearly record the sampling objective, the population definition, the method used, the sample size rationale, and how results were evaluated and projected.

💡 Pro Tip: When documenting your sampling methodology in audit workpapers, always include five elements: (1) the audit objective, (2) the population definition, (3) the sampling method chosen and why, (4) the sample size calculation, and (5) how you evaluated and projected results. This satisfies both GIAS 2024 and quality assurance reviewers.

Statistical Sampling Methods

Statistical sampling uses probability theory to select items and evaluate results. Every item in the population has a known, non-zero chance of selection. The advantage is that results are mathematically measurable — auditors can quantify sampling risk and express confidence levels numerically.

1. Simple Random Sampling

Each item in the population has an equal probability of being selected. Auditors typically use random number generators or tables to select items. This method works best when the population is relatively homogeneous and no specific risk stratification is needed.

Example: An auditor selects 50 purchase orders from a population of 2,000 using a random number generator. Each PO had an equal 2.5% chance of selection.

2. Systematic Sampling

The auditor selects every nth item from an ordered list after choosing a random starting point. The sampling interval is calculated by dividing the population size by the desired sample size. This method is efficient for large, well-ordered populations.

Example: From 10,000 expense claims, the auditor wants a sample of 200. The interval is 50 (10,000 ÷ 200). Starting at a random point (say item 17), the auditor selects items 17, 67, 117, 167, and so on.

⚠️ Warning: Systematic sampling can introduce bias if the population has a cyclical pattern that aligns with the sampling interval. For example, if every 50th transaction happens to be a month-end adjustment, your sample will over-represent month-end items. Always verify the population ordering before using this method.

3. Stratified Random Sampling

The population is divided into distinct subgroups (strata) based on a characteristic relevant to the audit objective — typically monetary value, risk level, or transaction type. Random samples are then drawn independently from each stratum. This ensures adequate coverage of high-risk or high-value segments.

Example: An auditor stratifies vendor payments into three layers: over $100,000 (test 100%), $10,000–$100,000 (sample 30%), and under $10,000 (sample 5%). This ensures large-value items receive proportionally greater scrutiny.

4. Monetary Unit Sampling (MUS)

Also called dollar-unit sampling or probability-proportional-to-size (PPS) sampling. Each individual monetary unit (dollar, rupee, pound) in the population has an equal chance of selection. This naturally weights the sample towards higher-value transactions — a $100,000 invoice is 100 times more likely to be selected than a $1,000 invoice.

MUS is particularly effective for substantive testing where the auditor is looking for monetary overstatements. It is the most commonly tested statistical method in the CIA Part 2 exam.

5. Cluster Sampling

The population is divided into naturally occurring groups (clusters) — such as branches, time periods, or departments. Entire clusters are randomly selected and all items within the chosen clusters are tested. This is efficient when records are physically grouped by location or system.

Example: An auditor randomly selects 3 out of 12 regional offices and tests all travel expense claims from those three offices.

Non-Statistical Sampling Methods

Non-statistical sampling relies on the auditor's professional judgement rather than probability theory. The auditor decides both the sample size and which items to select based on experience, knowledge of the business, and risk assessment. While results cannot be projected with mathematical precision, non-statistical methods are widely used in practice — especially for smaller populations or targeted investigations.

1. Judgemental (Purposive) Sampling

The auditor uses experience and knowledge of the business to select items most likely to contain errors or irregularities. This is the most common non-statistical method used in risk-based internal auditing. It is particularly effective when the auditor has specific concerns about certain transaction types, time periods, or personnel.

Example: An auditor investigating potential revenue fraud selects all sales transactions recorded in the last three days of each quarter, where historical data shows errors are most concentrated.

2. Haphazard Sampling

The auditor selects items without any structured technique, attempting to be unbiased but without using random number generators. The key distinction from random sampling is that there is no mathematical basis for selection — the auditor simply picks items from the population without conscious bias.

⚠️ Warning: Haphazard sampling is not the same as random sampling. Because there is no probability basis, auditors may unconsciously favour certain items (e.g., those at the top of a list, round numbers, or recent transactions). Use with caution and document why this method was appropriate for the engagement.

3. Block (Interval) Sampling

The auditor selects a contiguous block of items — for example, all transactions from a specific week or month. This is efficient for testing time-specific controls but carries a significant limitation: the selected block may not represent the entire population.

Example: Testing all purchase orders processed during the first two weeks of March to evaluate compliance with the updated procurement policy that took effect on 1 March.

4. Convenience Sampling

Items are selected based on ease of access. While this saves time, it is the weakest sampling method because it is most susceptible to selection bias. It should only be used when the audit objective is narrow and the population characteristics are well understood.

Statistical vs Non-Statistical Sampling: Comparison

The choice between statistical and non-statistical sampling depends on the audit objective, population size, available resources, and the level of assurance required. Here is a side-by-side comparison:

Feature Statistical Sampling Non-Statistical Sampling
Selection basis Probability theory (random) Auditor judgement
Sample size Mathematically determined Based on professional judgement
Quantifiable risk Yes — confidence level and error rate measurable No — cannot quantify sampling risk
Projection to population Statistically valid extrapolation Cannot mathematically project
Best for Large populations, regulatory audits, substantive testing Small populations, targeted risk areas, fraud investigations
Cost & complexity Higher — requires tools and statistical knowledge Lower — faster to design and execute
Defensibility Strong — mathematically defensible Moderate — depends on documentation quality
GIAS 2024 compliance Accepted when properly designed Accepted when properly documented

How to Determine Sample Size

Sample size determination is one of the most critical — and most tested — aspects of audit sampling. The factors that influence sample size differ slightly between tests of controls and substantive tests, but the core principles remain consistent.

Factors That Increase Sample Size

Factor Effect on Sample Size Explanation
Higher confidence level needed ↑ Increase 95% confidence requires more items than 90%
Lower tolerable error rate ↑ Increase Tighter precision requires more testing
Higher expected error rate ↑ Increase More errors expected means more items needed to evaluate
Larger population size ↑ Slight increase Effect diminishes for very large populations
Greater population variability ↑ Increase More diverse populations require larger samples for representation
Lower assessed control risk ↓ Decrease Stronger internal controls reduce the need for extensive testing

💡 Pro Tip: For CIA Part 2, remember this inverse relationship: confidence level and sample size move in the same direction (higher confidence = larger sample), while tolerable error and sample size move in opposite directions (lower tolerable error = larger sample). This is one of the most frequently tested concepts.

Sampling Risks & Common Pitfalls

Sampling risk is the possibility that the auditor's conclusion based on a sample differs from the conclusion that would be reached if the entire population were tested. There are two types:

Risk Type Description Consequence
Risk of incorrect acceptance (Beta risk) Concluding that controls are effective (or balance is correct) when they are not Audit effectiveness is compromised — material errors go undetected
Risk of incorrect rejection (Alpha risk) Concluding that controls are ineffective (or balance is incorrect) when they are actually fine Audit efficiency suffers — unnecessary additional testing is performed

Common Sampling Pitfalls

  • Undefined population — Failing to clearly define the population boundaries leads to incomplete or incorrect sampling frames.
  • Selection bias — Unconsciously favouring certain items (e.g., easily accessible records, recent transactions).
  • Inadequate sample size — Under-sampling reduces the reliability of conclusions and may not satisfy quality metrics.
  • Failure to project results — Finding 3 errors in a sample of 50 but not extrapolating what this means for the population of 5,000.
  • Ignoring non-sampling risk — Errors caused by factors other than sampling (e.g., inappropriate audit procedures, misinterpretation of evidence) which no amount of sampling can address.

Best Practices for Audit Sampling

6-Step Audit Sampling Process

  1. Define the audit objective — Clarify whether you are testing controls (attribute sampling) or substantive balances (variable sampling).
  2. Define the population — Identify the complete set of items (invoices, transactions, claims) from which the sample will be drawn. Ensure completeness.
  3. Choose the sampling method — Select statistical or non-statistical based on population size, risk level, and assurance requirements.
  4. Determine sample size — Consider confidence level, tolerable error, expected error rate, and population characteristics.
  5. Select and test the sample — Apply the chosen selection technique and perform audit procedures on each selected item.
  6. Evaluate and project results — Analyse errors found, project them to the population (for statistical samples), and draw conclusions for the audit report.

Additional best practices include:

Audit Sampling in CIA Part 2 Exam

Audit sampling is a high-weight topic in CIA Part 2: Practice of Internal Auditing, falling under Domain II (Managing Individual Engagements) which covers approximately 40–50% of the exam. Specifically, candidates are expected to understand:

  • The difference between statistical and non-statistical sampling
  • When each sampling method is appropriate
  • How to calculate sample sizes based on confidence level and tolerable error
  • Attribute sampling for tests of controls vs variable sampling for substantive tests
  • Alpha risk vs Beta risk and their implications
  • How to evaluate and project sampling results

Prepare for CIA Part 2 with Surgent CIA Review

Adaptive learning technology, 2,000+ practice questions, and pass guarantee. Trusted by CIA candidates worldwide.

Explore Surgent CIA Course →

For a comprehensive comparison of CIA review providers, see our guide to the best CIA review courses in 2026.

Frequently Asked Questions

What is the difference between statistical and non-statistical audit sampling?

Statistical sampling uses probability theory to select items, allowing auditors to quantify sampling risk and project results to the population mathematically. Non-statistical sampling relies on professional judgement for both selection and evaluation. Both are accepted under GIAS 2024 when properly designed and documented.

What is monetary unit sampling (MUS) in auditing?

Monetary unit sampling (MUS), also called dollar-unit or probability-proportional-to-size sampling, treats each individual monetary unit as a sampling unit. This means higher-value items have a proportionally greater chance of selection. It is most effective for substantive testing where the auditor is looking for monetary overstatements.

How do you determine the right sample size for an audit?

Sample size depends on several factors: the required confidence level, the tolerable error rate, the expected error rate in the population, and the population size. Higher confidence and lower tolerable error both increase the required sample size. For statistical samples, these are calculated using formulas or tables; for non-statistical samples, auditors use professional judgement guided by these same factors.

What is the difference between sampling risk and non-sampling risk?

Sampling risk is the chance that the sample does not represent the population, leading to incorrect conclusions. It can be reduced by increasing sample size. Non-sampling risk arises from factors unrelated to sample selection — such as using inappropriate audit procedures, misinterpreting evidence, or human error — and cannot be controlled through sampling alone.

Is audit sampling tested in the CIA exam?

Yes. Audit sampling is a significant topic in CIA Part 2 (Practice of Internal Auditing), particularly under Domain II which covers engagement execution. Candidates should understand statistical vs non-statistical methods, sample size determination, confidence levels, alpha/beta risk, and results evaluation.

When should auditors use stratified sampling?

Stratified sampling is most appropriate when the population contains items of significantly different values or risk levels. By dividing the population into strata and sampling each independently, auditors ensure that high-value or high-risk items receive adequate coverage while maintaining overall efficiency. It is commonly used in accounts payable, revenue testing, and segregation of duties reviews.

What are CAATs and how do they improve audit sampling?

Computer Assisted Audit Techniques (CAATs) are software tools that automate sample selection, data extraction, and analysis. They eliminate manual selection bias, enable auditors to test larger populations efficiently, and support advanced techniques such as stratification, gap detection, and data analytics.

Vicky Sarin, CA

Eduyush Faculty | Chartered Accountant | 25+ Years in Audit & Assurance

Vicky Sarin is a Chartered Accountant with over 25 years of experience in internal audit, risk advisory, and professional education. He leads content development at Eduyush, specialising in CIA, CPA, and ACCA exam preparation resources. Connect on LinkedIn.

Leave a comment

Please note, comments must be approved before they are published

This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.

Back to Certification Insights: CMA, CIMA, EA, CIA, CPA

Featured product

Sale
Surgent CISA Review Course| Adaptive CISA Exam Prep - Eduyush
Surgent CISA Review Course| Adaptive CISA Exam Prep - Eduyush
Surgent CISA Review Course| Adaptive CISA Exam Prep Surgent CISA Sale price $34300 Regular price $1,05500 Save 67%

Featured product

Sale
Best CIA Course India | Surgent Review 55% Off - Eduyush
Best CIA Course India | Surgent Review 55% Off - Eduyush
Surgent CIA Review Course | Certified Internal Auditor Exam Prep via Eduyush Surgent CIA from $17200 Regular price $64200 Save 73%

Popular posts

How to become a CPA. Step by Step guide - Eduyush
How to Become a CPA in 2026

Featured product

Surgent CPA
Sale
Best CPA US Course. Self paced learning with Surgent - Eduyush
Best CPA US Course. Self paced learning with Surgent - Eduyush
Surgent CPA Review Course | US CPA Exam Prep via Eduyush Surgent CPA from $32500 Regular price $1,74000 Save 81%

FAQs