A walkthrough or inquiry only would not be sufficient to test all controls.
There are different types of tests that can be applied to testing controls for more information on the five types of tests refer to our article, Five Types of Testing Methods Used During Audit Proceduresand to complete a majority of these tests there is a sampling of populations that are required.
Systematic selection The method divides the number of sampling units within a population into the sample size to generate a sampling interval. This does not mean we can always test percent, or even have the capacity to. Therefore, sampling comes into play in testing.
Non-statistical Sampling Statistical sampling requires that samples be selected at random, generally using a tool to generate random numbers. Please contact us if you would like further information on sampling, testing methods, or any of the services we provide.
While non-statistical sampling allows for auditor judgment, an auditor should always be careful not to include too much bias in selecting samples.
Random selection This method of sampling ensures that all items within a population stand an equal chance of selection by the use of random number tables or random number generators. Monetary unit sampling The method of sampling is a value-weighted selection whereby sample size, selection and evaluation will result in a conclusion in monetary amounts.
The risk of the control. Care must be taken by the auditor when adopting haphazard sampling to avoid any conscious bias or predictability.
Every SOC examination should follow one or more of these sampling methods for testing of the population. This type of sampling can easily be accomplished by assigning a number to each item in the population and then using a random number generator to randomly select numbers in the range of the population there are online tools for this, apps, and even Excel formulas can be used to generate random numbers.