ISA 530 – Audit Sampling

by

ISA 530 APPLIES when the ‘Auditor’ has decided to USE Audit Sampling in Performing audit procedures.

International Standard on Auditing
ISA 530 at a Glance
BodyIAASB / IFAC
EffectiveDec 15, 2009
Handbook2024 Edition
ScopeGlobal

ISA 530 governs what happens when an auditor tests a sample of items and draws conclusions about the entire population. Since examining every transaction is rarely practical, sampling is fundamental to auditing and sampling introduces risk that must be rigorously managed.

01 — OVERVIEWWhat Is ISA 530?

ISA 530, titled “Audit Sampling,” is an International Standard on Auditing issued by the International Auditing and Assurance Standards Board (IAASB). It provides the conceptual framework and practical requirements for applying audit procedures to fewer than 100% of items in a population and projecting the findings to the full population.

The standard applies to both tests of controls evaluating whether internal controls operated effectively and tests of details testing whether financial statement balances are materially misstated. It does not apply to 100% examination (where every item is tested) or to selecting specific non-representative items.

Core Principle ISA 530 only applies when the auditor intends for every item in the population to have a chance of selection, so that conclusions can be projected from the sample to the whole population. Selecting items specifically to test a known risk is not “audit sampling” in the ISA 530 context.

02 — TERMINOLOGYKey Definitions

ISA 530 paragraph 5 defines terms that have precise meanings. Understanding these distinctions is essential for correct application.

Audit Sampling
Applying procedures to less than 100% of items in a population so that all sampling units have a chance of selection, enabling conclusions about the full population.
Sampling Risk
The risk that the auditor’s conclusion from the sample differs from the conclusion they would reach by testing the entire population. Managed through sample size and design.
Non-Sampling Risk
Risk of incorrect conclusions from causes unrelated to sample size such as applying the wrong procedure or misinterpreting evidence. Mitigated by quality control and supervision.
Tolerable Misstatement
The maximum monetary error in a population the auditor is willing to accept while still concluding the population is not materially misstated. Typically set at or below performance materiality.
Tolerable Deviation Rate
The maximum rate of control deviations the auditor accepts while still relying on the control. Typically 5–10%, depending on the control’s importance.
Anomalous Misstatement
A misstatement demonstrably not representative of the population. Excluded from projection, but its own amount is still considered in the summary of uncorrected misstatements under ISA 450.
Stratification
Dividing a population into sub-populations with similar characteristics. Reduces variability, improves efficiency, and allows focused testing on high-value or high-risk items.
Statistical Sampling
Uses random selection and mathematical probability theory to evaluate results, allowing sampling risk to be quantified objectively.

03 — DESIGNSample Design

Before selecting a single item, the auditor must design the sample. ISA 530.6 requires the auditor to consider the purpose of the procedure and the characteristics of the population from which the sample will be drawn.

Defining the Population

The population must be complete and appropriate for the audit objective. This is a surprisingly common source of error. If the objective is to test whether accounts payable are complete (the Completeness Assertion), sampling from the recorded payables ledger tests only existence not completeness. The correct population for a completeness test might be subsequent cash payments, receiving reports, or purchase orders.

⚠ Common Error Sampling from the wrong population is one of the most consequential design errors. Always work backwards from the assertion being tested to define the appropriate population.

Tests of Controls vs. Tests of Details

Tests of Controls

  • Did the control operate effectively?
  • Sampling unit: a transaction or document
  • Looking for deviations (control not performed)
  • Result expressed as a deviation rate
  • Compare against tolerable deviation rate

Tests of Details

  • Is the monetary amount misstated?
  • Sampling unit: monetary unit or transaction
  • Looking for monetary misstatements
  • Result projected as a monetary amount
  • Compare against tolerable misstatement

04 — SIZINGDetermining Sample Size

ISA 530.7 requires the auditor to determine a sample size sufficient to reduce sampling risk to an acceptably low level. This is not a textbook exercise, it requires judgment informed by specific quantitative factors.

Factors Affecting Sample Size

FactorTests of ControlsTests of Details
Higher risk / lower detection risk needed↑ Larger sample↑ Larger sample
Lower tolerable deviation / misstatement↑ Larger sample↑ Larger sample
Higher expected error in population↑ Larger sample↑ Larger sample
Greater population variability↑ Larger sample (unless stratified)
More reliance on other procedures↓ Smaller sample↓ Smaller sample
Population size (large populations)Minimal effect above ~250 itemsMinimal effect above ~250 items

The Sample Size Formula (MUS)

For monetary unit sampling (MUS), a widely used formula for sample size is:

/* MUS Sample Size */
n = RF × BV / TM

Where:
RF = Reliability factor (from statistical tables; e.g., 3.0 at 95% confidence with 0 expected errors)
BV = Book value of the population
TM = Tolerable misstatement
🚫 Regulatory Red Flag A persistent finding in PCAOB, FRC, and AFM inspections is auditors using a default sample size (e.g., “25 items”) without documenting how it was derived or why it is sufficient for the assessed risk. Simply citing a firm template does not satisfy ISA 530. The sample size must be justified by the assessed risk, tolerable misstatement, and expected error.

05 — SELECTIONSample Selection Methods

ISA 530.A13 identifies the principal selection methods. The choice of method affects both the defensibility of the sample and its efficiency.

1

Random Selection

Every item in the population has a known, non-zero probability of selection. Generated using random number tables or software. Required for statistical sampling. Provides the highest degree of defensibility.

2

Systematic (Interval) Selection

The auditor calculates an interval (population ÷ sample size), selects a random starting point, then picks every nth item. Efficient for large populations, but be alert to patterns in the population that align with the interval, these create a biased sample.

3

Monetary Unit Sampling (MUS / PPS)

Each individual monetary unit (each £1 or $1) has an equal chance of selection, so larger-value items have a proportionally greater chance of inclusion. Particularly effective for tests of details. Widely used because it automatically focuses sampling on high-value items and allows relatively small samples to achieve high coverage by value.

4

Haphazard Selection

The auditor selects items without a structured technique but attempts to avoid bias. Acceptable for non-statistical sampling only. Must avoid selecting only easily accessible items, those at the top of a ledger, or transactions from a single period.

5

Block Selection

Selecting a contiguous block (e.g., all transactions from one week). Generally not appropriate for audit sampling under ISA 530 because it does not provide a representative sample of the full population, the conclusions cannot be reliably projected.

06 — EVALUATIONEvaluating Sample Results

Analyse Each Deviation or Misstatement

ISA 530.12 requires the auditor to investigate the nature and cause of every deviation and misstatement found. The cause determines whether the finding is isolated or systemic. Common features among errors all occurring in one branch, one product line, or one period suggest the problem is concentrated, possibly requiring targeted additional testing in that stratum.

Projecting Misstatements to the Population

ISA 530.14 requires misstatements to be projected to the full population. Failing to do this is one of the most consequential errors in audit sampling and a recurring finding in regulator inspections.

📊 Projection Example A misstatement of €5,000 found in a sample of 30 items drawn from a population of 3,000 items does not represent a total error of €5,000. The projected misstatement is: (€5,000 / 30) × 3,000 = €500,000. This projected misstatement is compared against tolerable misstatement, not the individual error amount.

Anomalous Misstatements

If a misstatement is demonstrably not representative of the population (an anomalous misstatement under ISA 530.13), the auditor may exclude it from the projection. However, this requires a high degree of certainty the auditor must perform additional procedures to confirm the error is truly isolated. Anomalous misstatements are still included in the schedule of uncorrected misstatements (ISA 450) at their full amount.

Overall Evaluation

ISA 530.15 requires the auditor to evaluate whether sampling has provided a reasonable basis for conclusions about the tested population. The decision tree is straightforward:

ResultImplicationAuditor’s Response
Projected misstatement ≤ Tolerable misstatementSample supports the conclusionNo further action on this population (subject to overall evaluation)
Projected misstatement > Tolerable misstatementSample does not support the conclusionRequest management correction; extend testing; or apply alternative procedures
Deviation rate > Tolerable deviation rateCannot rely on the controlIncrease substantive testing; reassess risk; communicate to management

07 — APPROACHESStatistical vs. Non-Statistical Sampling

ISA 530 is neutral on which approach is superior. Both are acceptable provided they are properly designed. The choice depends on practical considerations; available tools, population size, and the need for quantified sampling risk.

FeatureStatistical SamplingNon-Statistical Sampling
Selection methodRandom (mathematically determined)Judgment-based (haphazard, systematic)
Sample sizeFormula-based (e.g., MUS, attribute sampling)Judgment-based, but must consider same risk factors
EvaluationQuantifies sampling risk with confidence intervalsQualitative judgment-based evaluation
ProjectionStatistically calculatedExtrapolated by judgment (still required by ISA 530.14)
DefensibilityObjectively defensible, quantifiedDepends heavily on documentation quality
Best suited forLarge populations; high-value assertionsSmall populations; lower-risk assertions

ISA 530 does not operate in isolation. Understanding how it connects to the broader ISA framework is essential for correct application.

Related StandardConnection to ISA 530
ISA 500 – Audit EvidenceThe general framework within which sampling operates; defines sufficiency and appropriateness of evidence
ISA 315 – Risk IdentificationThe assessed risks of material misstatement directly drive sample size and sampling approach
ISA 320 – MaterialityPerformance materiality determines tolerable misstatement for sampling of details
ISA 330 – Responding to RisksAudit sampling is one of the procedures performed in response to assessed risks
ISA 450 – Evaluation of MisstatementsProjected misstatements from sampling feed directly into the accumulated misstatements evaluated under ISA 450

09 — PITFALLSCommon Regulatory Findings

Regulators including the PCAOB, FRC, AFM, and KPMG/Deloitte / major-firm inspection teams consistently flag the same categories of ISA 530 deficiencies.

🔢

Unjustified default sample sizes

Using a firm-standard of “25 items” or “30 items” without documenting how the size was determined or adjusted for the specific risk level and tolerable misstatement.

📉

Failure to project misstatements

Treating a found misstatement as the total error rather than projecting it to the full population. This often leads to a significant understatement of the auditor’s best estimate of total misstatement.

🗄

Sampling from an incomplete population

Selecting from a population that has not been reconciled to the general ledger, or that excludes items meeting certain criteria, making projected conclusions invalid.

📝

Weak documentation of anomalous treatment

Treating a misstatement as anomalous without performing sufficient additional procedures to confirm it is truly isolated and without documenting that conclusion.

Not linking sampling results to overall audit conclusion

Completing the sampling procedure in isolation without evaluating whether the projected misstatement, combined with other identified misstatements, affects the overall conclusion on the financial statements.

ISA 530 Quick Reference

Standard
ISA 530 “Audit Sampling”
Issued by
IAASB
Applies to
Tests of controls & tests of details
Not applicable
100% examination or targeted specific-item testing
Key output
Projected misstatement or deviation rate
Key threshold
Tolerable misstatement / tolerable deviation rate

10 — FAQFrequently Asked Questions

No. ISA 530 applies only when the auditor selects fewer than 100% of items in a population with the intention of drawing conclusions about the full population. If all items are tested, there is no sampling risk and ISA 530 does not apply. ISA 500 (Audit Evidence) continues to govern the quality and sufficiency of the evidence obtained.
Yes. ISA 530 does not prohibit non-statistical sampling for any specific risk level. However, the auditor must still consider the same risk factors that would drive sample size under a statistical approach. For high-risk assertions, non-statistical samples require particularly robust documentation of how judgment was applied to arrive at a sufficient sample size.
The tolerable deviation rate is the maximum rate of control failures the auditor is willing to accept while still concluding the control is operating effectively enough to rely upon. In practice, this is typically set between 3% and 10%, depending on the importance of the control, how many controls address the same risk, and the overall risk assessment. There is no single “correct” rate, it is a professional judgment that must be documented.
Monetary Unit Sampling (MUS), also known as Probability-Proportional-to-Size (PPS) sampling, treats each monetary unit (each $1 or €1) as a sampling unit, meaning that items with larger monetary balances have a proportionally higher chance of selection. It is most effective for tests of details where the auditor is primarily concerned about overstatement of balances. MUS tends to be highly efficient because it automatically directs a greater proportion of testing effort toward larger items, and it can achieve high population coverage by value with relatively small sample sizes.
When the projected misstatement exceeds tolerable misstatement, the sample has not provided a reasonable basis for concluding the population is not materially misstated. The auditor has several options: request management to investigate and correct misstatements in the population; extend the sample to obtain more evidence; or apply alternative audit procedures. If management does not correct the misstatements and the auditor cannot obtain sufficient evidence through other means, this will affect the audit opinion.
Stratification divides a heterogeneous population into more homogeneous sub-populations. By reducing variability within each stratum, it allows a smaller total sample to achieve the same level of assurance as a larger unstratified sample. For example, a population of accounts receivable balances ranging from $100 to $1,000,000 would typically be stratified; the largest balances might be tested 100%, while smaller balances are sampled at a lower rate using MUS or random selection.