CORAA
Book a live demoStart free trial
Blog/Audit Methodology· लेख

Sampling vs 100% Testing: Audit Defensibility & When to Use Full Population

When is audit sampling defensible vs when does full population testing (100%) matter? Complete guide for CA firms with NFRA audit evidence standards and SA 530 compliance.

CCORAA Team4 May 202610 min read

Sampling vs 100% Testing: Audit Defensibility & When to Use Full Population

Sampling is a cornerstone of audit efficiency. Test 60 invoices out of 1,000 instead of all 1,000. But NFRA inspection findings show auditors often sampled when they should have tested 100%—creating defensibility gaps.

The rule: Sampling is defensible when population is large, homogeneous, and risk is not elevated. Sampling is indefensible when population is small, heterogeneous, or high-risk.

100% testing is now faster with AI. CORAA tests all 1,000 invoices in the time a manual auditor tests 60. This shifts economics: 100% testing often costs less than sampling + follow-up.

ICAI SA 530 on Sampling

SA 530 defines audit sampling:
"Selection of less than 100% of items in a population such that all items have a chance of selection."

Key requirement: Sample size should provide "reasonable assurance" of detecting material misstatement.

When Sampling IS Defensible

✅ Population >500 items (statistical validity)
✅ Population risk is low (few exceptions expected)
✅ Population is homogeneous (similar item types)
✅ No single item is individually material
✅ Procedures are routine/standard (not complex)

When 100% Testing IS Required

❌ Population <100 items (too small to sample meaningfully)
❌ Population risk is elevated (fraud/control deficiency suspected)
❌ Population is heterogeneous (mix of item types, amounts, suppliers)
❌ Single item >5% of account balance (individually material)
❌ Procedures are complex (require judgment for each item)

6 Real Scenarios: Sampling vs 100%

Scenario 1: Routine Bank Reconciliation (Sampling Defensible)

Situation: ₹1,000 Cr bank account, 5,000 daily clearing transactions in month.

Procedure: Match bank statement to GL daily balance.

Defensible approach: Sample 50–100 days (random selection, stratified by size).

  • Reason: Routine reconciliation, low risk, high volume, homogeneous items
  • Expected exceptions: 0–1 (most items clear correctly)
  • Sample size: 50/5,000 = 1% sample valid for ₹1,000Cr account

NFRA defensibility: Document sampling basis (random, stratified), exceptions found, extrapolation to population.

Scenario 2: Invoice Testing (Population-Dependent)

Situation: 500 vendor invoices, ₹50Cr spend.

Sampling approach:

  • Sample: 50 invoices (10% sample)
  • Review: Supporting documents, GL posting, authorization

NFRA question: "Why didn't you test all 500?"

Auditor defense (WEAK): "SA 530 allows sampling."

Issue: ₹50Cr / 500 = ₹10L avg invoice = 5 invoices individually material (>5% of account). Sampling misses concentration risk.

Better approach: 100% testing.

  • Test all 500 (AI takes 2 min vs manual 20 hrs)
  • Identify all material + anomalous items
  • NFRA defensibility: "Tested 100% of population; zero risk of sample bias."

Scenario 3: Journal Entry Testing (High Risk = 100%)

Situation: ₹100 manual journal entries in consolidation (elimination entries).

Sampling approach:

  • Sample: 10 entries (10%)
  • Review: Supporting schedules, approval

NFRA deficiency: "Manual entries = high risk. Why sample?"

Reason: Journal entries are non-routine, high-risk items. Consolidation entries are complex (requires judgment). Fraud risk is high (management override possible).

Correct approach: Test 100%.

  • All 100 entries reviewed for:
    • Authorization (partner sign-off)
    • Supporting evidence (CY/PY comparisons)
    • Elimination logic (correct GL accounts, full elimination)
  • NFRA defensibility: "High-risk area; tested 100% of entries; no deficiencies."

Scenario 4: Related-Party Transactions (Must Be 100%)

Situation: 150 related-party transactions identified (supplier is director's brother, customer is MD's spouse, etc.).

Sampling approach:

  • Sample: 15 entries (10%)
  • Review: Approval, pricing, terms

NFRA red flag: Related-party transactions are inherently risky (conflict of interest). Sampling a 10% sample of RPTs misses 90% of transactions.

Correct approach: Test 100% of RPTs.

  • All 150 reviewed for:
    • Arm's-length terms (price vs market rate)
    • Board approval (RPT committee sign-off)
    • Disclosure (footnote completeness)
  • Additional procedures:
    • Confirm transactions with related parties
    • Verify pricing (compare to non-RP transaction pricing)
    • Assess independence threats
  • NFRA defensibility: "RPTs are high-risk; tested 100%; no undisclosed transactions found."

Scenario 5: GST/TDS Reconciliation (100% Required)

Situation: 3,000 invoices, GST/TDS mismatches identified.

Sampling approach:

  • Sample: 100 invoices (3.3%)
  • Reconcile: GST claim vs GSTR-2A

Issue: Even small % of mismatches, when extrapolated across population, creates material adjustment risk.

Example:

  • Sample of 100: 3 mismatches found (3%)
  • Extrapolate to 3,000: 3,000 × 3% = 90 expected mismatches
  • If avg mismatch ₹1L: 90 × ₹1L = ₹90L material adjustment

But what if mismatches are concentrated in first 500 invoices (recent, not yet filed)? Sample misses this.

Correct approach: 100% testing (AI-automated).

  • All 3,000 matched to GSTR-2A
  • Identify all mismatches by type:
    • Pending supplier filing (low risk)
    • Supplier underbilled (medium risk)
    • Duplicate invoices (high risk)
  • NFRA defensibility: "Tested 100%; zero unidentified GST mismatches; all exceptions explained."

Scenario 6: Benford's Law Testing (100% Implicit)

Situation: Testing for unusual digit patterns in 10,000 journal entries.

Sampling approach:

  • Sample: 1,000 entries (10%)
  • Run Benford's Law test on sample

Issue: Benford's Law requires large N for statistical validity. 1,000 samples might miss patterns in full 10,000.

Correct approach: Test all 10,000 (AI-automated).

  • Benford's Law calculated on full population
  • Statistical confidence: 99.9% (vs 95% on sample)
  • Outliers identified with precision
  • NFRA defensibility: "Tested 100% population for digit distribution patterns; anomalies identified & investigated."

Manual vs AI: Sampling vs 100%

Procedure Manual Sampling (10%) Manual 100% AI 100%
1,000 invoices 20 hrs (+ extrapolation risk) 200 hrs 3 min
GST reconciliation 30 hrs (sample) 300 hrs (manual) 5 min
Journal entry testing 15 hrs (sample) 150 hrs (review each) 2 min
Related-party audit 12 hrs (sample) 120 hrs (full scan) 4 min

The economics flip: 100% testing now faster & cheaper than sampling.

Decision Tree: Sampling vs 100%

START: Audit procedure for account/assertion

↓
Is population >500 items?
  NO → Test 100% (population too small for valid sample)
  YES → Continue

↓
Is population risk elevated? (fraud risk, control deficiency, high complexity)
  YES → Test 100% (high-risk areas need full coverage)
  NO → Continue

↓
Is any single item >5% of account balance?
  YES → Test 100% (individually material items must not be sampled)
  NO → Continue

↓
Is population homogeneous? (all similar item types, amounts)
  YES → Sampling acceptable (50+ sample size)
  NO → Test 100% (heterogeneous populations need full coverage)

↓
Is procedure routine & low-risk? (standard reconciliation, obvious exceptions)
  YES → Sampling acceptable
  NO → Test 100%

↓
RECOMMENDATION:
- If sampling path: Document sample basis (random/stratified), expected exceptions, projection logic
- If 100% path: Use AI if available (dramatically faster), document procedures, identify exceptions

NFRA Defensibility Framework

When auditor chose sampling:

  • ✅ Documented sampling basis (SA 530 requirement met)
  • ✅ Sample size justified (statistical formula + exceptions found)
  • ✅ Exceptions extrapolated to population (or no extrapolation if threshold not met)
  • ✅ Alternative procedures for unsampled items (if risk remains)
  • ❌ If NFRA finds: "Population was high-risk or had individually material items; sampling indefensible"

When auditor chose 100% testing:

  • ✅ Population documented (count, description)
  • ✅ Procedures applied to all items (none skipped)
  • ✅ Exceptions documented (100% coverage = zero sample bias)
  • ✅ All high-risk items identified (no surprises in exceptions)
  • ✅ NFRA satisfaction (100% testing = lowest audit risk)

FAQ: Sampling Defensibility

Q: Can we sample high-value accounts?
A: Not recommended. If account >10% of balance sheet, test 100% (individually material threshold). If <10% but >5% of account balance per single item, test 100% of high-value items.

Q: What if audit risk is elevated?
A: Sampling is indefensible. Elevated risk = control deficiency or fraud suspicion = 100% testing required.

Q: How do we justify sampling to NFRA?
A: Document in workpaper: (1) Sampling basis (SA 530), (2) Risk assessment (low), (3) Sample size (statistical), (4) Exceptions & extrapolation, (5) Alternative procedures if needed.

Resources

  • ICAI SA 530: Audit Sampling
  • NFRA Findings: Common sampling defensibility gaps
  • CORAA AI: Automates 100% testing for all procedures

Eliminate sampling risk. Test 100% with AI. Start free trial →

Topics
audit sampling100% testingstatistical samplingaudit proceduresaudit defensibilitySA 530full population audit
← Back to all articles
Keep reading

More in audit methodology.

Audit Methodology
100% Population Testing vs Sampling: How AI Changes the Audit Evidence Game [2026]
15 min
Audit Methodology
Continuous Audit Complete Guide: Real-Time Monitoring for Indian CA Firms [2026]
7 min read
Audit Methodology
Audit Sampling vs Full Population Testing: Which Should You Choose?
8 min
Built for India · DPDPA compliant

Ready to automate your audit work.

See how Coraa reduces audit engagement time by 60%, from ledger scrutiny to working papers, all from one Tally import.

Start free 14-day trial →Book a live demo