Audit Sampling:
A Practical Guide for the AUD Exam

Updated February 2026 | Written by a Licensed CPA

Choosing to skip the deep details on audit sampling is a gamble a lot of AUD candidates make. You've got attribute vs. variable down, you know what moves sample size up or down, and you're feeling solid on assertions, SSAE, SSARS, and reports. So why get bogged down in the weeds when you just need a 75?

Here's the thing: sampling questions show up in Area III of the AUD blueprint, which carries 30-40% of the exam. You don't need to be a statistician, but you do need more than surface-level definitions. This guide walks through exactly what the exam expects you to know, grounded in the AICPA Audit Sampling Guide and AU-C Section 530.

The Big Picture: Why We Sample

Audit sampling is the selection and evaluation of less than 100 percent of a population. The auditor's goal is for the sample to be representative, meaning the results should correspond to what you'd find if you examined every single item.

The key concept the exam tests here is that sampling is not optional guesswork. It is a structured, defensible process with specific risk parameters, planning requirements, and evaluation rules. Both statistical and nonstatistical sampling require the same level of professional rigor and documentation.

Attribute vs. Variable Sampling

This is the most fundamental distinction you'll see on the exam, and the one you absolutely must have down cold.

Attribute Sampling is used for tests of controls. You are looking for a rate of occurrence. The question you're answering is: "How often does this control fail?" For example, how many purchase orders are missing a supervisor's authorization signature? You are counting deviations, not dollars.

Variable Sampling is used for substantive tests of details. You are dealing with dollar amounts. The question is: "Is this account balance materially misstated?" For example, is the total Accounts Receivable balance fairly stated? Here, you care about the magnitude of misstatement, not just whether errors exist.

A quick way to remember it: Attribute = Frequency. Variable = Dollars.

The Two Sampling Risks You Must Know

The AICPA Audit Sampling Guide defines two types of sampling risk, and the exam loves to test whether you know which one affects effectiveness versus efficiency.

Risk of Incorrect Acceptance (Beta Risk): The risk that the sample leads you to accept an account balance as fairly stated when it is actually materially misstated. This is the dangerous one. It directly threatens audit effectiveness because the auditor could issue a clean opinion on financial statements that contain material misstatement.

Risk of Incorrect Rejection (Alpha Risk): The risk that the sample leads you to conclude the account balance is materially misstated when it actually is not. This hurts efficiency, not effectiveness. The auditor ends up doing unnecessary additional work to prove the balance is correct, but it won't result in an inappropriate opinion.

The exam shortcut: If a question asks which risk is more important to the auditor, the answer is always incorrect acceptance (beta risk), because it affects the quality of the audit opinion itself.

Sample Size: What Moves the Needle?

You will face questions about what causes a sample size to increase or decrease. Here are the key relationships you need to memorize.

Acceptable Risk of Overreliance has an inverse relationship with sample size. If you want a lower risk of overreliance, meaning you want higher confidence that the control is working, you need a larger sample. Less risk tolerance demands more testing.

Tolerable Rate of Deviation (or Tolerable Misstatement) also has an inverse relationship. If you can tolerate fewer errors, you need a bigger sample to have confidence you haven't missed them. A tighter standard requires more evidence.

Expected Population Deviation Rate has a direct relationship. If you expect to find more errors going in, you need a larger sample to ensure your results are still reliable enough to draw a conclusion.

Population Size has very little effect on sample size for large populations. This trips candidates up because it feels counterintuitive, but it's a fundamental principle of statistical sampling. Whether the population is 10,000 or 100,000 items, the required sample size barely changes.

Monetary Unit Sampling: The Exam's Favorite Technique

Monetary Unit Sampling, or MUS, shows up frequently on AUD and it's worth understanding the mechanics. MUS is a specialized form of variables sampling where every individual dollar in the account balance is treated as a sampling unit. Instead of randomly selecting invoices, you're randomly selecting dollars, and whichever invoice that dollar happens to live in gets pulled for testing.

How selection works: The auditor calculates a sampling interval by dividing the population's dollar value by the sample size. A random starting point is chosen, and then every nth dollar is selected. The invoice or transaction containing that dollar (the "logical unit") is then examined in full.

Why auditors like it: MUS naturally selects higher-dollar items more frequently, since those items contain more individual "dollars" that could be selected. This means you get built-in stratification without having to do it manually.

The zero-error conclusion: Per the AICPA guide, if the auditor tests the sample and finds no misstatements at all, they can conclude the recorded amount is not overstated by more than the tolerable misstatement at the specified risk level. No additional calculation is needed.

The limitation you need to know: MUS is designed to detect overstatement. It is less effective at detecting understatement because understated items (or items that should exist but don't) have fewer or zero dollars in the population, so they're less likely to be selected.

When Errors Are Found: Projecting Misstatements

Finding errors in your sample doesn't end the process. The AICPA guide requires you to project those findings to the entire population. The projection method depends on the size of the item relative to the sampling interval.

Taintings: When a logical unit's recorded amount is less than the sampling interval, the auditor calculates a "tainting percentage" by dividing the misstatement by the recorded amount. That tainting percentage is then multiplied by the sampling interval to estimate the projected misstatement for that item.

Items exceeding the interval: When a selected item has a recorded amount equal to or greater than the sampling interval, the item was essentially selected with certainty. It gets examined 100%, and the actual misstatement found is simply added to the total. No sampling risk allowance is added for these items because they weren't truly sampled.

Classical Variables Sampling: The Three Methods

Classical Variables Sampling, or CVS, shows up when the auditor expects numerous differences between book and audited values or needs to test for both overstatements and understatements. The exam may ask you to identify the three primary CVS methods.

Mean-Per-Unit: Calculate the average audited value from your sample, then multiply by the total number of items in the population to estimate the population's total audited value.

Ratio Estimation: Calculate the ratio of total audited value to total book value in your sample, then apply that ratio to the entire population's book value.

Difference Estimation: Calculate the average difference between the audited value and book value in your sample, then project that average difference across the total population.

The exam rarely asks you to perform these calculations. It usually tests whether you can identify the right method for a given scenario and whether you understand that CVS requires a normal distribution assumption.

Stratification: Working Smarter, Not Harder

Stratification is dividing a population into subpopulations (strata) that share similar characteristics, typically dollar values. This is an efficiency tool that the exam likes to test conceptually.

The reason auditors stratify is simple: it reduces variability within each subgroup, which in turn reduces the overall sample size needed to achieve the same level of confidence. By separating high-dollar items from low-dollar items and testing each stratum with an appropriate intensity, you get better audit coverage with fewer total items tested.

When to use it: stratification is most valuable when the population contains high variability in recorded amounts. If all items are roughly the same size, stratification adds little value.

The Unexamined Item Rule

Here's a rule straight from the AICPA guide that catches candidates off guard: if the auditor cannot apply the planned audit procedures to a selected item, and no alternative procedures can satisfy the audit objective, that item must be treated as a deviation (for tests of controls) or as a 100% misstatement (for substantive tests).

The auditor does not get to throw that item out and pick a replacement. Doing so would bias the sample and undermine the entire statistical basis of the test. This is a specific rule worth remembering because the exam does test it.

Evaluation: Making Sense of the Results

Once you've tested your sample, you have to evaluate the findings in a structured way.

Factual misstatements are the actual, known errors you identified in your sample. These are hard numbers.

Projected misstatements are your best estimate of total misstatement in the population based on your sample results. This is where the tainting calculations and estimation methods come in.

Upper limit on misstatement (for statistical samples) is the sum of the projected misstatement and an allowance for sampling risk. This represents the worst-case scenario at your chosen confidence level.

The decision rule: if your upper limit on misstatement is less than tolerable misstatement, you can generally conclude the account is not materially misstated. If the upper limit exceeds tolerable misstatement, the auditor needs to consider additional procedures.

Documentation: What Gets Written Down

Under AU-C Section 230, documentation for any sampling application needs to include the objective of the test and a description of the population and sampling unit, the definition of what constitutes a deviation or misstatement, the risk of incorrect acceptance and tolerable misstatement used in planning, the method of sample selection along with a list of the actual items selected, and a formal evaluation of results including the projection of misstatements and consideration of qualitative factors such as whether the errors suggest fraud.

This applies to both statistical and nonstatistical sampling. The exam may test whether you know that both approaches require the same documentation rigor.

Final Exam Strategy

The advice that inspired this post is solid, and it's the same thing I'd tell you as a practicing CPA: know the basics, know the relationships that drive sample size up or down, understand the difference between effectiveness and efficiency risk, and then spend your remaining study time on the topics that carry the most weight on the AUD blueprint.

Sampling is testable, but it shares Area III with a lot of other evidence and procedures topics. You don't need a perfect score on every sampling question. You need a working understanding of the framework, and you just built one by reading this.

You don't need a 99 to get your license. You need a 75. Go get it.