Sampling during audit

Sampling during audit

Audit sampling takes place when it is unrealistic to audit all the samples in a given process. This may be due to the fact that the sample size is too big or it is not cost-effective to audit all the samples. For multisite clients, the samples are geographically distributed making it impossible to visit all the sites during an audit. 

Sampling can be defined as a process of selecting less than 100% of all the items within any given population to obtain objective evidence that will be analyzed to form a conclusion about the entire population. 

The risk that is associated with sampling is that the selected items may not be a representation of the whole population hence causing a biased conclusion. It is, therefore, very important for the audit team leader to make it clear during both the opening and closing meetings that the conclusion will be based on the samples selected. 

It is important to consider the quality of the available data to avoid getting insufficient and inaccurate data which will hinder the objective of the audit from being achieved. 

The auditor should be the one to pick the samples as the auditee will be biased to pick the ones which meet the audit criterion leaving the non-conforming samples leading to incorrect audit conclusion. 

Audit sampling involves the following steps

  1. Establishing the objectives of the sampling plan
  2. Choosing the extent and the composition of the population to be sampled.
  3. Selecting the sampling method to be used. 
  4. Determining the appropriate sample size to be selected
  5. Conducting the sampling from the population
  6. Compiling, evaluation, reporting, and result documentation. 

There are two types of sampling recommended by ISO 19011:2018. Judgment-based and statistical sampling.

Judgment-based sampling

This type of sampling relies on auditors’ experience, knowledge, and skills. For the well-seasoned auditors who are very competent in a given field, this is their cup of tea. One of the disadvantages associated with this sampling method is that there is no statistical estimate associated with the risk of uncertainty. 

 The following considerations should be made;

  1. Previous audit experience with the audit scope. You could be a good auditor in one field but decide to venture into a new field. In as much as one can use their previous experience, precaution should be exercised as different systems require keen attention in some areas.
  2. The complexity of the audit process
  3. Changes in technology, human factors, or management systems
  4. Previous audit reports including the risks that have been identified in the system being audited.
  5. The output from the monitoring and evaluation of the system in place.

Statistical sampling technique 

Statistical sampling relies on what is already known about the characteristics of the overall population where the sample is to be drawn. For this sampling, it is paramount for the auditor to consider the level of sampling risk to be accepted, otherwise known as acceptable confidence levels. 

A common sampling risk of 5% is usually used, translating to an acceptable confidence level of 95%. This simply means that the auditor is willing to accept that 1 out of 20 samples selected is not likely to produce the results the same as if the entire population was selected. 

Key elements that affect this audit sampling techniques are

  1. The size and complexity of the organization
  2. The number of competent auditors
  3. Frequency of audits conducted annually. 
  4. Time allocated for the audits
  5. The confidence levels are required externally. 

When this method is used for sampling detailed records should be kept concerning the description of the sample that was intended to be sampled, if the sampling was achieved, the confidence levels attained and the results attained. 

Leave a Reply

Your email address will not be published.