Sampling vs. 100% Testing: Defensibility & Audit Evidence [2026]
Published: March 26, 2026 | Category: Audit Procedures | Read Time: 13 minutes | Author: CORAA Team
Introduction
Audit sampling is grounded in statistical theory: test a representative sample, extrapolate error rates to the population.
Per ISA 530 (Audit Sampling), sampling is an acceptable approach when properly designed.
But there's an assumption buried in ISA 530: "Sampling is practical."
That assumption breaks down when AI makes comprehensive testing feasible. If you can test 100% of entries in the same time it takes to design a sample, why sample?
This guide compares the two approaches and when to use each.
Sampling: The Traditional Approach
How Audit Sampling Works
Step 1: Define Population
- Total GL entries: 20,000
- Scope: All entries in audit period
Step 2: Calculate Sample Size
- Using ISA 530 tables or statistical formulas
- Risk of incorrect acceptance: 5% (typical)
- Expected error rate: 0.5%
- Tolerable error: 2%
- Result: Sample size = 500 entries
Step 3: Select Sample
- Random selection (or systematic)
- Ensure representativeness
- 500 entries from 20,000
Step 4: Test Sample
- Auditor tests all 500 entries
- Results: 1 error found (0.2% error rate)
Step 5: Extrapolate
- Error in sample: 1 of 500 = 0.2%
- Extrapolate to population: 0.2% × 20,000 = 40 entries
- Conclusion: Approximately 40 errors in population (range: ±20 at 95% confidence)
Step 6: Evaluate
- Extrapolated error (40) < Tolerable error (2% × 20,000 = 400)
- Conclusion: Population likely free of material error
Sampling Risk
Sampling Risk = Risk that auditor's conclusion based on sample differs from conclusion if entire population were tested
Example of Sampling Risk:
Sample tested: 500 entries
- Errors found: 1 (0.2% error rate)
- Conclusion: Population ~99.8% error-free
Actual population (all 20,000 entries):
- Actual errors: 200 (1% error rate)
- Auditor missed 95% of errors (because sample wasn't representative)
Root cause: 1,000 errors happened to be concentrated in untested 95% of population.
Advantages of Sampling
✓ Practical for manual testing. Testing all 20,000 entries manually would take 300+ hours.
✓ Provides acceptable audit evidence (per ISA 530, when properly designed).
✓ Statistically defensible. Using tables/formulas, sample sizes are predictable.
Disadvantages of Sampling
✗ Inherent sampling risk. Even with proper design, conclusions could be wrong.
✗ Extrapolation uncertainty. If 1 error found in 500, actual error rate could be 0%, 1%, or 5%.
✗ Concentrated errors not detected. If all errors happen to be in untested 95% of population, they're missed.
✗ NFRA concern. Inspection reports note: "Sampling-based procedures missed material errors subsequently identified in post-audit review."
100% Testing: The Modern Approach
How 100% Testing Works
Step 1: Define Population
- Total GL entries: 20,000
- Scope: All entries in audit period (same as sampling)
Step 2: Define Scanning Rules
- Rule 1: Flag entries >10% of account average
- Rule 2: Flag entries exactly round numbers (₹1,00,000)
- Rule 3: Flag duplicate patterns
- Rule 4: Flag timing anomalies (weekends, post-close)
Step 3: Scan 100% of Entries
- AI runs rules on all 20,000 entries
- Time: 5-10 minutes (automated)
Step 4: Flag Anomalies
- Entries matching rules flagged
- Result: 250 entries flagged (1.25% of population)
Step 5: Auditor Investigates
- Auditor reviews all 250 flagged entries
- Results: 8 errors found
Step 6: Conclude
- 100% of entries scanned
- 8 errors identified and investigated
- No material unadjusted errors remain
- Zero sampling uncertainty
Advantages of 100% Testing
✓ No sampling risk. Every entry assessed; no extrapolation uncertainty.
✓ Concentrated errors detected. All anomalies found regardless of where they cluster.
✓ Defensible to NFRA. "Tested 100% of entries; no sampling risk."
✓ Feasible with AI. What took 300 hours manually takes 5 hours with automation.
Disadvantages of 100% Testing
✗ Requires AI/automation tool. Manual 100% testing is impractical.
✗ False positives possible. Automated rules might flag items that aren't errors.
✗ Auditor judgment still required. Must investigate all flagged items.
Comparison Table: Sampling vs. 100% Testing
| Aspect | Sampling | 100% Testing |
|---|---|---|
| Coverage | 2-5% of population | 100% of population |
| Extrapolation | Yes (required) | No (not needed) |
| Sampling Risk | 5% (inherent) | 0% (eliminated) |
| Detection of Concentrated Errors | Low | High |
| Manual Effort | High (300+ hours) | Low (automation) |
| Concentrated Errors Missed Risk | High | Low |
| NFRA Defensibility | Moderate ("sampling based on...") | Strong ("100% scanned...") |
| Cost per Entry | ₹0.30 (high) | ₹0.01 (low) |
Real-World Examples
Example 1: Embedded Lease Discovery
Scenario: 50 supply contracts; 1 embedded lease (CNC equipment rental, ₹25L/year, 5-year term; missed under Ind AS 116)
Sampling Approach (5% sample):
- Sample 3 contracts (5% of 50)
- Likelihood both contracts sampled: <10%
- Probability embedded lease included in sample: ~5%
- Result: 95% chance lease is missed
100% Scanning Approach:
- Scan all 50 contracts for lease keywords
- NLP flags "equipment rental" language
- Auditor reviews flagged section
- Result: Lease identified with 95%+ confidence
Example 2: Year-End Cutoff Error Detection
Scenario: 15 revenue entries dated Dec 31, 11:59 PM (suspiciously late)
Sampling Approach (5% sample):
- Sample 500 of 20,000 entries
- Expected to find: 0.375 of the 15 entries (38% chance of finding any)
- Result: 62% chance cutoff error is missed entirely
100% Scanning Approach:
- Scan all 20,000 entries for timing anomalies
- Flag all post-close entries
- Auditor reviews all 15 Dec 31 entries
- Result: All cutoff anomalies identified
Example 3: Duplicate Payment Detection
Scenario: ₹50L vendor payment recorded twice in AP
Sampling Approach:
- Sample 1,000 of 50,000 AP entries (2% sample)
- Likelihood duplicate is in sample: ~2%
- Result: 98% chance duplicate is missed
100% Scanning Approach:
- Automated duplicate detection on all 50,000 entries
- Flags exact duplicates (same vendor, amount, date)
- Result: 99%+ chance duplicate is found
When to Use Sampling
Sampling is appropriate when:
✓ Population is small (<1,000 entries) AND comprehensive testing is impractical
✓ Procedure requires judgment (not rule-based)
✓ AI/automation tool is unavailable
Example:
- Testing lease payment terms (requires judgment on whether lease is finance vs. operating)
- 50 leases identified; sampling 10 for detailed testing
When to Use 100% Testing
100% testing is appropriate when:
✓ Population is large (1,000+ entries)
✓ Procedure is rule-based (thresholds, matching, duplication)
✓ AI/automation tool is available
✓ Comprehensive coverage is desired (eliminates sampling risk)
Example:
- Testing GL entries (rule-based: unusual amounts, timing)
- 20,000 GL entries; scan 100%
Example:
- Testing bank reconciliation (rule-based: matching deposits to credits)
- 5,000 transactions; match 100%
Audit Approach: Hybrid Strategy
Best Practice: Use Both
100% Testing (Automated):
- GL entry anomaly scanning (100% coverage)
- Bank reconciliation matching (100% coverage)
- Duplicate detection (100% coverage)
- Contract language screening (100% coverage)
Sampling (Auditor Judgment):
- Testing lease classification (50 leases; sample 10 for detailed testing)
- Testing related party pricing (20 RP transactions; sample 5 for pricing verification)
- Testing disclosure accuracy (complex technical areas)
Result:
- Comprehensive anomaly detection (via 100% scanning)
- Focused auditor judgment (on high-risk items)
- Efficient use of auditor time
NFRA Defensibility
NFRA View: Sampling
NFRA Inspector:
"Auditor tested 5% sample; extrapolated to population. Sampling uncertainty acknowledged (±2% at 95% confidence). Conclusion based on statistical inference rather than observed evidence."
NFRA Concern: With comprehensive testing feasible, why rely on extrapolation?
NFRA View: 100% Testing
NFRA Inspector:
"Auditor tested 100% of GL entries via automated scanning; 250 flagged entries reviewed by auditor; 5 errors identified and corrected. No material unadjusted errors remain."
NFRA Approval: Comprehensive evidence; no extrapolation; defensible approach.
Documentation: Sampling vs. 100% Testing
Sampling Workpaper
Procedure: Revenue Testing (Sample)
OBJECTIVE: Verify revenue transactions fairly stated
POPULATION:
- Revenue GL entries: 20,000
- Period: Jan 1 - Dec 31, 2026
SAMPLE DESIGN:
- Sample size: 500 entries (2.5%)
- Selection method: Random
- Confidence level: 95%
- Expected error: 0.5%
RESULTS:
- Entries tested: 500
- Errors found: 1 (cutoff error, ₹12L)
- Error rate: 0.2%
CONCLUSION:
- Extrapolated error: 40 entries (~0.2% of population)
- Error within tolerable limit (2% = 400 entries)
- Population likely fairly stated
- Adjustment proposed: ₹12L
100% Testing Workpaper
Procedure: Revenue Testing (100% Automated Scan)
OBJECTIVE: Verify revenue transactions fairly stated
POPULATION:
- Revenue GL entries: 20,000
- Period: Jan 1 - Dec 31, 2026
SCANNING RULES:
- Rule 1: Entries >10% of account average → Flag
- Rule 2: Round number entries → Flag
- Rule 3: Post-close entries (after Dec 31) → Flag
- Rule 4: Weekend transactions → Flag
RESULTS:
- Entries scanned: 20,000 (100%)
- Entries flagged: 250 (1.25%)
- Entries reviewed by auditor: 250
- Errors found: 8
CONCLUSION:
- 100% of entries scanned and assessed
- 8 errors identified and reviewed
- No material unadjusted errors remain
- Adjustments proposed: ₹45L
- No sampling uncertainty
Sampling Error vs. 100% Scanning
Potential Scenarios
Scenario A: Errors Randomly Distributed
Sampling works well:
- Sample captures representative errors
- Extrapolation reasonably accurate
- Auditor conclusion likely correct
100% Testing:
- Captures all errors (not just representative)
- Higher detection rate
Scenario B: Errors Concentrated in Untested Entries
Sampling fails:
- Sample captures few or no errors
- Auditor concludes "population fairly stated"
- In fact, ₹50L errors exist in untested portion
100% Testing:
- Finds all concentrated errors
- Correct conclusion
Scenario C: Few Errors, Widely Distributed
Sampling works:
- Sample likely captures errors
- Extrapolation reasonably accurate
100% Testing:
- Also finds errors
- More efficient (no sampling)
Key Takeaways
-
Sampling risk is inherent. Even well-designed samples can be unrepresentative.
-
100% testing eliminates sampling risk entirely. Every entry assessed; no extrapolation.
-
AI makes 100% testing feasible. What took 300 hours manually now takes 5 hours.
-
NFRA prefers 100% testing. When comprehensive coverage is available, sampling becomes harder to defend.
-
Use hybrid approach. 100% automated scanning for rule-based procedures; sampling for judgment-based procedures.
-
Concentrated errors are the risk. If errors cluster in untested portion of sample, they're missed entirely.
-
Defensibility matters. 100% testing = stronger evidence = better NFRA defensibility.
Related Blog Posts
- 100% Ledger Testing: From Sampling to Comprehensive Coverage
- ISA 530 vs. Continuous Auditing: From Sampling to Monitoring
- AI in Audit Procedures: Complete Framework
- Manual vs. AI Audit Procedures: Comparison & Impact
About CORAA
CORAA helps Indian audit firms transition from sampling to comprehensive 100% testing. Eliminate sampling risk, improve detection accuracy, and strengthen NFRA defensibility with AI-powered audit procedures.
Learn more: Visit our website
Sources
Get weekly audit insights
Practical guides on audit automation, SQM1 compliance, and Ind AS procedures — delivered to 2,000+ CA professionals every Friday.
No spam. Unsubscribe any time.
Topics