ISO 28596:2022

INTERNATIONAL ISO
STANDARD 28596
First edition
2022-09
Sampling procedures for inspection
by attributes — Two-stage sampling
plans for auditing and for inspection
under prior information
Règles d'échantillonnage pour l'inspection par attributs — Plans
d'échantillonnage à deux niveaux pour l'audit et l'inspection des lots
en exploitant l'information a priori
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Symbols and abbreviated terms . 5
4 Selecting and operating a two-stage sampling plan under prior information .5
4.1 General . 5
4.2 Selecting a sampling plan. 5
4.3 Sampling and decision procedure . 6
4.4 Estimation of the actual proportion nonconforming . 7
5 Application paradigms: lot inspection and financial auditing . 7
5.1 Lot inspection . 7
5.1.1 Sampling . 7
5.1.2 Acceptance of loss . 7
5.1.3 Disposition of non-accepted lots . 7
5.1.4 Lots with one or more nonconforming units . 7
5.1.5 Resubmitted lots . 8
5.2 Financial auditing . 8
5.2.1 Purposes in the risk-oriented auditing process . 8
5.2.2 Target population, proportion nonconforming and tolerance proportion p . 8
5.2.3 Acceptance and rejection in the case of a test of compliance of the ICS . 8
5.2.4 Acceptance and rejection in the case of a test of details. 8
6 Examples . 8
6.1 Example 1: Lot inspection . 8
6.2 Example 2: Auditing of an internal control system (purchase process) . 9
6.3 Example 3: Auditing of an integral control system (sales process) . 9
6.4 Example 4: Auditing test of details (accounts receivable) . 10
6.5 Example 5: Auditing test of details (raw materials) . 10
7 Sampling plans .10
Annex A (informative) Confidence intervals.16
Annex B (informative) Operating characteristics (OC) .18
Annex C (informative) OC matching .19
Annex D (informative) Conditional type I and II errors (conditional risks) .20
Annex E (informative) Integrated second stage probability .22
Annex F (informative) Integrated average sample number .23
Annex G (informative) Actual coverage probability .24
Annex H (informative) Prior information model .28
Annex I (informative) Operating indicators of sampling plans .30
Annex J (informative) Sampling plan search algorithm .36
Annex K (informative) Accompanying software — Guidance for use .38
Bibliography .41
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 69, Application of statistical methods,
Subcommittee SC 5, Acceptance sampling.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
This document addresses several application domains: financial auditing, lot inspection, quality
auditing, functional testing, conformance inspection and acceptance testing. In all these domains, users
are concerned with the decision problem of accepting or rejecting an inspection target.
The two-stage sampling scheme suggested by this document addresses three areas of inspection
practice:
a) adjust sample sizes to prior information on the status of the inspection target;
b) enable a rapid decision by samples of small size if the population submitted for inspection is
actually in very good or very bad condition, and enforce higher sample sizes only if the population
submitted for inspection is actually in a medium condition;
c) protect against both errors of
1) erroneously rejecting a tolerable inspection target, and
2) erroneously accepting an intolerable inspection target.
To satisfy a), the sampling plans in this document are indexed in the parameter Trust with levels low,
mid, high, where increasing Trust level reduces sample size. To satisfy b), this document imposes two-
stage sampling plans with small sample sizes in the first stage and higher sample sizes in the second
stage, where ordinarily a decision is reached already in the first stage if the population submitted for
inspection is somewhere in-between.
The sampling scheme in this document is particularly suitable for financial auditing, both for auditing
the internal control system (ICS) and for usage in tests of details as a tool of substantive procedures in
financial auditing. ICS auditing and test of details are usually based on sampling instead of screening
procedures. The relevant standard ISA 530 requires that sampling enable conclusions on the full
population. Conclusively, statistical sampling schemes are indispensable.
Previous inspection results will be an important basis for the choice of the trust level for later
inspections. Thus, the continued use of the sampling scheme in this standard will serve as an incentive
for the providers of the respective targets, e.g. the responsible authorities for the ICS in a company, to
improve upon the quality of the target populations.
The decision procedure of the sample is kept simple for immediate implementation. In particular, the
user is not requested to evaluate mathematical formulae.
The target population is considered as acceptable (tolerable) if the proportion nonconforming
does not exceed a specified tolerance p , otherwise it is considered as unacceptable (intolerable).
Correspondingly, the objective of sampling inspection is to enable a decision between the alternatives of
“acceptance” and “rejection”. In different application domains, acceptance and rejection have different
practical interpretations, see the explanations in Clause 5.
The sampling inspection procedure starts with a first sample of size n with the following rule: accept if
and only if no nonconforming units are found among the n sampled units; reject if and only if at least
Re (stage 1 rejection number) nonconforming units are found among the n sampled units; proceed to
1 1
the second stage if and only if at least one and at most Re -1 nonconforming units are found among the
n sampled units. In the second stage, sample n units, and decide “accept” if and only if the number of
1 2
nonconforming units in the combined first and second sample is smaller or equal to the stage 2
acceptance numberAc , otherwise reject. The two-stage decision procedure can be expressed
equivalently by comparing the limits of a two-sided confidence interval of nominal level (γ ) for the
proportion nonconforming with the tolerance p .
v
The sampling plans are indexed by three quantities:
i) the tolerance p ;
ii) the nominal confidence level (γ ), which is respectively either 0,7, 0,8, 0,9, 0,95 or 0,99;
iii) three levels, low, mid, high, of a scale called Trust.
The Trust levels express the user’s degree of confidence into the status of the target population.
The objective of this document is to provide procedures that enable a decision quickly and economically
if the proportion nonconforming is particularly low or high. In the latter case, the inspection procedure
will in most all cases terminate in stage 1 with small sample sizes n . Only under intermediate values of
the proportion nonconforming in the target population, the likelihood of proceeding to a second sample
is high. The two sample sizes in stage 1 and stage 2 are chosen so as to minimize the expected sample
size under the specified confidence level and Trust level.
vi
INTERNATIONAL STANDARD ISO 28596:2022(E)
Sampling procedures for inspection by attributes — Two-
stage sampling plans for auditing and for inspection under
prior information
1 Scope
This document specifies two-stage (double) sampling plans by attributes for inspection for a proportion
of nonconforming items in a target population of discrete units, in particular:
a) the proportion of nonconforming items in a lot of product items;
b) the proportion of nonconforming function instances of an internal control system (ICS);
c) the proportion of misstatements in a population of accounting entries or booking records;
d) the proportion of nonconforming test characteristics of an entity subject to an acceptance test, e.g.
in product and process audits.
The plans are preferable to single sampling plans where the cost of inspection is high or where the
delay and uncertainty caused by the possible requirement for second samples is inconsequential. The
statistical theory underlying the plans, tables and figures are provided in Annexes A through K.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 2859-2, Sampling procedures for inspection by attributes — Part 2: Sampling plans indexed by limiting
quality (LQ) for isolated lot inspection
ISO 3534-1, Statistics — Vocabulary and symbols — Part 1: General statistical terms and terms used in
probability
ISO 3534-2, Statistics — Vocabulary and symbols — Part 2: Applied statistics
3 Terms, definitions, symbols and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 2859-2, ISO 3534-1 and
ISO 3534-2 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1.1
acceptance number
Ac
largest number of nonconformities or nonconforming items found in the sample by acceptance sampling
(3.1.2) by attributes that permits the acceptance of the lot, as given in the acceptance sampling plan
(3.1.3)
[SOURCE: ISO 3534-2:2006, 4.4.2]
3.1.2
acceptance sampling
sampling after which decisions are made to accept or not to accept a lot, or other grouping of products,
materials or services, based on sample results
[SOURCE: ISO 3534-2:2006, 1.3.17]
3.1.3
acceptance sampling plan
plan which states the sample size(s) to be used and the associated criteria for lot acceptance
[SOURCE: ISO 3534-2:2006, 4.3.3]
3.1.4
Conditional risks
3.1.4.1
conditional risk type I
conditional type I
conditional probability that Hp: ≤p be accepted by the test, given that pp>
00 0
Note 1 to entry: The conditional type I error is also addressed as the conditional type I risk.
Note 2 to entry: In an auditing context, the conditional type I risk evaluates the extent in which the purpose of
auditing is failed. Hence, the type I risk can also be considered as a conditional measure of audit effectiveness.
Note 3 to entry: For a detailed mathematical explanation of this conditional risk, see Annex D.
3.1.4.2
conditional risk type II
conditional type II
conditional probability that Hp: ≤p be not accepted by the test, given that pp≤
00 0
Note 1 to entry: The conditional type II error is also addressed as the conditional type II risk.
Note 2 to entry: In an auditing context, good lots are rejected in this case. So, the conditional type II risk is a
measure for economic loss. Hence, the type II risk can also be considered as a conditional measure of auditing
efficiency.
Note 3 to entry: For a detailed mathematical explanation of this conditional risk, see Annex D.
3.1.5
confidence interval
interval calculated from the sample, which specifies a range of plausible values of the unknown
parameter p
Note 1 to entry: The reliability of the confidence interval as an interval estimate for p is measured by the actual
coverage probability, i.e. the probability that the interval contain the true value of p. For a confidence interval of
nominal level γ, the actual coverage probability has the lower bound γ pointwise in p. The length of the confidence
interval corresponds to the precision of the statistical inference on p. Thus, interest is in shortest confidence
intervals.
Note 2 to entry: See Annex A
3.1.6
coverage probability
probability that a random confidence region contain the true value of p
Note 1 to entry: For a detailed mathematical explanation of the coverage probability, see Annex G.
3.1.7
financial statement
formal record that reports about an entity’s financial activities and position, related to one point in
time or to changes within a period in time
3.1.8
inspection by attributes
inspection by noting the presence, or absence, of one or more particular characteristic(s) in each of
the items in the group under consideration, and counting how many items do, or do not, possess the
characteristic(s), or how many such events occur in the item, group or opportunity space
[SOURCE: ISO 3534-2:2006, 4.1.3]
3.1.9
integrated average sample number
I.ASN
number measuring the average sample size resulting from a sampling plan under a given proportion
nonconforming p, weighted according to prior information on p
Note 1 to entry: For a detailed mathematical explanation of I.ASN, see Annex F.
Note 2 to entry: If costs for sampling single units are given, the I.ASN can be used to estimate average sampling
costs of the two-stage plan ()nn; .
3.1.10
integrated second stage probability
Ip.
2nd
probability of requiring the second step
Note 1 to entry: For a detailed mathematical explanation of Ip. , see Annex E.
2nd
3.1.11
lot
definite part of a population constituted under essentially the same conditions as the population with
respect to the sampling purpose
[SOURCE: ISO 3534-2:2006, 1.2.4]
3.1.12
misstatement
difference between the required amount, classification, presentation or disclosure of a financial
statement and the actual observed one
3.1.13
nonconforming item
nonconforming unit
item or unit with one or more nonconformities
[SOURCE: ISO 3534-2:2006, 1.2.12, modified — "unit" has been added to "item".]
3.1.14
nonconformity
non-fulfilment of a requirement
[SOURCE: ISO 3534-2:2006, 3.1.11]
3.1.15
operating characteristic
OC
probability of reaching the decision “acceptance” by a sampling plan, considered as a function of the
true value of the proportion nonconforming p
Note 1 to entry: See Annex B.
3.1.16
OC matched
sampling plans that have the same operating characteristic
Note 1 to entry: See Annex C.
3.1.17
prior information
knowledge about a parameter before the actual sampling evidence is taken into account
Note 1 to entry: Sources of prior knowledge are, for instance, historic audits and the assessment of the company
environment.
3.1.18
population
totality of items under consideration
[SOURCE: ISO 3534-2:2006, 1.2.1]
3.1.19
rejection number
Re
smallest number of nonconformities or nonconforming items found in the sample by acceptance
sampling by attributes that requires the lot to be not accepted, as given in the acceptance sampling plan
[SOURCE: ISO 3534-2:2006, 4.4.1]
3.1.20
sample
subset of a population made up of one or more sampling units
[SOURCE: ISO 3534-2:2006, 1.2.17, modified — Note 1 to entry deleted.]
3.1.21
substantive procedure
audit procedure with the objective of detecting misstatements at the assertion level
Note 1 to entry: There are two types of substantive procedures:
a) tests of details (of classes of transactions, account balances, and disclosures); and
b) substantive analytical procedures.
3.1.22
test of controls
audit procedure with the objective of assessing the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level
3.1.23
tolerance proportion
largest value p of the proportion nonconforming such that the target population is considered as
acceptable
3.2 Symbols and abbreviated terms
sample sizes in stage i
n
i
one stage sample size with same OC as two stage sampling plan
n
match
number of misstated items (nonconforming items) found in n
x
i
i
D confidence interval for the proportion of misstatements (nonconforming items)
p proportion of misstatements (nonconforming units)
lower limit of D
p
L
upper limit of D
p
U
p tolerance proportion
I.cp integrated actual coverage
γ
nominal confidence level
a, b shape parameters of the beta distribution
Ac acceptance number in stage i
i
rejection number in stage i
Re
i
c.type I conditional probability of erroneous acceptance
c.type II conditional probability of erroneous rejection
Ip. integrated probability of entering the second stage
2nd
I.ASN integrated average sample number
N lot size
OC operating characteristic function
P probability of acceptance (OC function at a specified value p)
a
4 Selecting and operating a two-stage sampling plan under prior information
4.1 General
Table 1 to Table 5 in Clause 7 provide two-stage sampling plans nn,;Ac Re ,, Ac ;Re indexed
()() ()
11 12 22
in the parameters p (tolerance proportion), γ (confidence level), and in the level of prior information
(trust).
The aim of the application of a two-stage sampling plan is two-fold:
a) enable a decision on whether or not the actual proportion nonconforming p exceeds the tolerance
proportion p . In statistical terminology, the decision problem can be considered as a test of the
hypothesis Hp: ≤p versus the alternative Kp: >p ;
0 0
b) provide a confidence interval for the actual proportion nonconforming p .
The design of the sampling plans assures that the probabilities of both decision errors 1) erroneous
rejection of H, and 2) erroneous acceptance of H are bounded.
4.2 Selecting a sampling plan
Sampling plans can be obtained from Table 1 to Table 5 in Clause 7. The cell entries Table 1 to Table 5
display:
a) upper left: n sample size in stage 1;
b) upper right: ()Ac ;Re acceptance and rejection number in stage 1;
c) lower left: n sample size in stage 2;
d) lower right: Ac ;Re acceptance and rejection number in stage 2.
()
The sampling plans are indexed in p (tolerance proportion),γ (nominal confidence level), and in the
Trust level.
The nominal confidence level γ determines the reliability of the conclusive decision as taken according
to the algorithm in 5.3 in the sense that the coverage probability Pp()∈D exceeds γ for a wide range
of actual values p, except a small interval around p , see the coverage probability graphs in Figures G.1
to G.5. Correspondingly, the probabilities of both decision errors 1) erroneous rejection of Hp: ≤p ,
and 2) erroneous acceptance of Hp: ≤p are bounded by 1-γ for a wide range of actual values p.
The level of prior information shall be specified on an ordinal scale named Trust, by choosing among the
values {low, mid, high}. The Trust level low shall be used if no prior experience or bad prior experience
with populations submitted for inspection exists. The Trust level high shall be used if there is strong
evidence of good performance. The Trust level mid shall be used if there is weak evidence of good
performance or strong evidence of in-between performance.
See Annex H for further technical background on the prior information model and the Trust scale.
4.3 Sampling and decision procedure
The decision by a two-stage sampling plan ()nn,;()Ac Re ,,()Ac ;Re shall proceed according to
11 12 22
the following algorithm with Ac = 0:
Stage 1:
Draw a random sample of size n , determine the number x of nonconforming units among the n
1 1 1
sampled units. Decide according to the subsequent cases a), b), and c):
a) x ≤Ac : Acceptance of the hypothesis Hp: ≤p , i.e. p is considered not to exceed the tolerance p ;
11 0 0
b) x ≥Re : Rejection of the hypothesis Hp: ≤p , i.e. p is considered to exceed the tolerance p ;
12 0 0
c) Ac < 11 1
Stage 2:
If, in stage 1, the case c) occurs and enforces entering stage 2, proceed as follows:
Draw a second random sample of size n , determine the number x of nonconforming units among the
2 2
n sampled units. Decide according to the subsequent cases a) and b):
a) xx+≤Ac : Acceptance of the hypothesis Hp: ≤p , i.e. p is considered not to exceed the tolerance
12 2 0
p ;
b) xx+≥Re : Rejection of the hypothesis Hp: ≤p , i.e. p is considered to exceed the tolerance p
12 2 0 0.
4.4 Estimation of the actual proportion nonconforming
The sample proportion nonconforming is
x

,,if thedecisionprocedure terminates in stage1

n

pˆ =

xx+

,.if thedecisionprocedure terminates in stage2
nn+


p̂ is an unbiased estimator of the actual proportion nonconforming p in the population. The sampling
uncertainty inherent in the estimator p is expressed by a confidence interval. A two-sided confidence
interval D = []pp; of a nominal level γ satisfies the inequality Pp()≤≤pp ≥γ , i.e. with a
LU LU
probability of at least γ , the actual proportion p lies between p and p . A two-sided confidence
L U
interval D for the actual proportion p of misstated items (nonconforming items) can be obtained from
the confint function in the ISO 28596 package from the following input quantities: 1) nominal confidence
level γ and level of Trust chosen for selecting the sampling plan; 2) number x of misstated items
(nonconforming items) found in stage 1; 3) if stage 2 was entered: number x of misstated items
(nonconforming items) found in stage 2.
5 Application paradigms: lot inspection and financial auditing
Details of two standard application paradigms for the two-stage decision procedure are described
below:
— for the inspection of lots of discrete product items, see 6.1
— financial auditing, with two targets: for testing for the compliance of an internal control system
(test of controls), and test of details in the course of substantive procedures, see 6.2
5.1 Lot inspection
5.1.1 Sampling
Samples shall be drawn from the lot by simple random sampling. When the lot consists of sub-lots or
strata, identified by some rational criterion, representative sampling shall be used in such a way that
the number of items sampled is proportional to the number of items in the sub-lot or stratum.
5.1.2 Acceptance of loss
All items in the sample shall be inspected and the nonconforming items shall be counted.
Acceptability of a lot shall be determined by the use of the obtained sampling plans. If the number of
nonconforming items found in the sample is equal to or less than the acceptance number Ac and Ac ,
1 2
respectively, the lot shall be accepted, otherwise the lot shall not be accepted.
5.1.3 Disposition of non-accepted lots
The disposition of lots not accepted shall be agreed in advance by all interested parties.
5.1.4 Lots with one or more nonconforming units
If a lot has been accepted, the right is reserved not to accept any item found nonconforming during the
acceptance sampling inspection that led to lot acceptance.
5.1.5 Resubmitted lots
A lot that has been inspected but not accepted shall only be resubmitted for re-inspection if
a) the purchaser is satisfied that all misstated items (nonconforming items) have been removed or
replaced by conforming items, and
b) all interested parties agree.
The responsible authority shall determine the method of re-inspection to be applied.
5.2 Financial auditing
5.2.1 Purposes in the risk-oriented auditing process
The relevant purposes in the risk-oriented auditing process are:
1) test of controls, i.e. tests of compliance in the evaluation of the internal control system (ICS);
2) test of details for selected purposes in course of substantive procedures.
In any case, the auditor notifies the result of the sampling procedure and the subsequent decision in the
audit documentation.
5.2.2 Target population, proportion nonconforming and tolerance proportion p
In the framework of the evaluation of the ICS, the target population is a totality of internal control
events over a specified time frame. The proportion nonconforming is the rate of control events which
deviate within a specified time frame from the prescribed internal control procedures. The tolerance
proportion p is the rate of deviation from prescribed internal control procedures considered as
tolerable for the purposes of financial auditing within a specified time frame.
In the framework of a test of details, the target population is a totality of statements in a specified
account balance or class of transactions. The proportion nonconforming is the rate of misstatements in
the target population of statements. The tolerance proportion p is the rate of misstatements considered
as tolerable for the purposes of financial auditing.
5.2.3 Acceptance and rejection in the case of a test of compliance of the ICS
Both acceptance and rejection affect the auditor’s assessment of the control risk. In the case of
acceptance, the auditor rather tends to choose a lower value of the control risk. As a consequence, the
amount of auditing efforts in course of subsequent substantive procedures decreases. In the case of
rejection, the auditor rather tends to choose a higher value of the control risk. As a consequence, the
amount of auditing efforts in course of subsequent substantive procedures increases.
5.2.4 Acceptance and rejection in the case of a test of details
Both acceptance and rejection affect the auditor’s judgment on the existence of material misstatement
in the targeted audit population. However, the final conclusion of the auditor is affected by various
additional factors, in particular, further test of details, analytical procedures, qualitative assessment of
the type of nonconformities.
6 Examples
6.1 Example 1: Lot inspection
A consumer buys a set of screws and can tolerate 3 % of failures. Suppose, the consumer’s confidence in
having a low p is mid, i.e. Trust = mid. Furthermore, a nominal confidence level of 0,80 is needed, i.e.
γ = 0,80. Table 2 shall be used, which provides that the sample size in stage 1, n is 63. In addition,
using Table 2, the corresponding acceptance and rejection numbers at this stage are Ac =0 and
Re =5 . So, if the inspection leads to no misstated item (nonconforming unit), the lot can be accepted at
the first stage. If the inspection reveals 5 or more misstated items (nonconforming units) in the sample
of 63, the lot shall be rejected. Otherwise, a second sample shall be drawn. According to Table 2, the
sample size in stage 2, n is 228, Ac =8 and Re =9 .
2 2 2
If the concerned parties are also interested in the operating indicators, Table I.2 provides this additional
information: c.type I = 0, 063 0 , c.type II = 0,098 8, , I.ASN = 161,67, Ip.,= 0 432 8 and Ic.,p= 0 807 8 .
2nd
6.2 Example 2: Auditing of an internal control system (purchase process)
An auditor inspects the purchase process of a medium-size retailer of office equipment to evaluate the
effectiveness of the respective part of the relevant ICS. In the case subject to auditing, there are a large
number of purchases per year with a high quantity of different suppliers. In a first step, the auditor
evaluates the appropriateness of the process design. As a result of an interview and observation, the
purchase process consists of the following stages: needs assessment, purchase order, incoming goods,
invoice receipt and verification, payment processing, adjustment of general ledger. In these stages,
numerous different controls have been identified, which shall ensure that the purchase process
operates appropriately. After having assessed the appropriateness of the process design, the auditor
determines the kind of controls of each stage, which are subject to further investigation. For example,
the auditor selects in the stage of “incoming goods“ the control, whether the goods delivered correspond
to the goods ordered in quantity and quality. Therefore, the auditor prompts the retailer to prove that
the responsible staff has duly signed the delivery notes of all incoming goods. The signature should
indicate that the quantity and quality of each incoming good have been checked (e. g. information from
purchase order) and were considered as appropriate. The auditing target is the proportion p of missing
or unsigned or inappropriately signed delivery notes. The auditor assumes 5 % ( p =00, 5) as the
tolerable rate of deviation.
In view of the large number of incoming goods, the auditor proceeds by sampling inspection.
Calculations in the framework of the risk-oriented auditing process impose for the internal control
system (ICS) auditing step a confidence level of γ = 08, 0 . Concluding from previous experiences with
the auditee, the auditor has high confidence in the ICS and assumes the trust level high. Using Table 2,
the size of the first sample is n =32, with the corresponding acceptance number Ac =0 and rejection
1 1
number Re =6 .
The auditor takes a random sample of size n =32 of goods incoming events from the ERP system. The
inspection of the 32 goods incoming events reveals that all corresponding delivery were duly signed,
i.e. the number of nonconforming units in the sample is x =0. Comparing x with the acceptance
1 1
number Ac =0 , the auditor accepts the hypothesis Hp: ≤p , i.e. the proportion p of missing or
1 0
unsigned or inappropriately signed delivery notes in the entire population is considered not to exceed
the tolerance p . Conclusively, the auditor classifies the considered specific internal control procedure
as effective.
6.3 Example 3: Auditing of an integral control system (sales process)
An auditor inspects the sales process of a medium-size retailer of steel products to evaluate the
effectiveness of the respective part of the relevant internal control system (ICS). There are a large
number of sales per year with a high quantity of different customers. In a first step, the auditor
evaluates the appropriateness of the sales process design. As a result of an interview and the auditor’s
own observations, the sales process consists of the following stages: submission of tenders, order
acceptance, goods outgoing, invoicing, payment processing, post entries to general ledger. In these
stages, numerous different controls have been identified, which shall ensure that the sales process
operates appropriately. After having assessed the appropriateness of the process design, the auditor
determines the kind of controls of each stage, which are subject to further investigation. For example,
the auditor considers in the stage of “invoicing“ the control of whether the realisation principle has
been observed appropriately. Therefore, the auditor asks the retailer to prove that, with respect to all
single sales, the realisation of the turnover has been recorded in the correct period. The auditor would
accept 3 % of incorrectly recorded turnovers as tolerable.
In view of the large number of outgoing invoices per year, the auditor proceeds by sampling inspection.
For each sampled invoice, the auditor investigates whether the turnover was realised correctly.
Calculations in the framework of the risk-oriented auditing process impose for the internal control
system (ICS) auditing step a confidence level of γ = 07, 0 . Concluding from previous experiences with
the auditee, the auditor has high confidence in the ICS and assumes the trust level high. Using Table 1,
the size of the first sample is n =40, with the corresponding acceptance number Ac =0 and rejection
1 1
number Re =6 . In the first sample, the auditor observes x =7 incorrectly realized turnovers.
1 1
Comparing x with the rejection number Re =6 , the auditor rejects the hypothesis Hp: ≤p , i.e. the
1 1 0
proportion p of incorrectly realized turnovers in the entire population is considered to exceed the
tolerance p =00, 3, i.e. 5 %. Conclusively, the auditor classifies the considered specific internal control
procedure as ineffective.
6.4 Example 4: Auditing test of details (accounts receivable)
An auditor inspects the accounts receivables of a medium-size retailer of office equipment with respect
to accuracy of statements at balance sheet date. The auditor imposes a tolerance of p =00, 5, i.e. 5 % of
misstatements at balance sheet date are assumed as tolerable.
In view of the large number of accounts receivable, the auditor proceeds by sampling inspection.
Calculations in the framework of the risk-oriented auditing process impose for the test of details
auditing step a confidence level of γ = 07, 0 . Concluding from previous bad experiences with the
auditee, the auditor has low confidence in the client’s accounting and assumes the trust level low. Using
Table 1, the size of the first sample is n =36, with the corresponding acceptance number Ac =0 and
1 1
rejection number Re =4 . In the first sample, the auditor observes x =0 misstatements. Comparing
1 1
x with the acceptance number Ac =0 , the auditor accepts the hypothesis Hp: ≤p , i.e. the proportion
1 1 0
p of misstated accounts in the entire accounts receivables population is considered not to exceed the
tolerance p .
6.5 Example 5: Auditing test of details (raw materials)
An auditor inspects the raw materials inventory of a medium-size retailer of steel products with respect
to accurate value assessment at balance sheet date. The auditor imposes a tolerance of p =00, 5, i.e.
5 % of inaccurate value assessments at balance sheet date are assumed as tolerable.
In view of the large variety of raw materials, the auditor proceeds by sampling inspection. The auditor
imposes for the test of details a confidence level of γ = 09, 0 . Concluding from previous experiences
with the auditee, the auditor has moderate confidence in the client’s materials assessment and assumes
the trust level mid. Using Table 3, the size of the first sample is n =52, with the corresponding acceptance
number Ac =0 and rejection number Re =7 . In the first sample, the auditor observes x =4 wrong
1 1 1
assessments. Conclusively, the auditor proceeds to a second sample of size n =185 which is found to
contain x =7 wrong assessments. In the second stage, the acceptance number is Ac =11 and the
2 2
rejection number is Re =12 . The cumulative number of wrong assessments is xx+=11 .
2 12
Conclusively, the auditor accepts the hypothesis Hp: ≤p , i.e. the proportion p of wrong assessments in
the entire population of inventory data is considered not to exceed the tolerance p .
7 Sampling plans
Sampling plans with acceptance/rejection numbers for varying nominal confidence levels, stages
arranged row-wise are given in Tables 1 to 5.
Table 1 — Sampling plans under nominal confidence level γ = 0,70
Trust p in proportion
0,01 0,02 0,03 0,04 0,05 0,06
Low 181   (0; 4) 91    (0; 4) 60    (0; 4) 45   (0; 4) 36   (0; 4) 30   (0; 4)
797   (9; 10) 449   (10; 11) 393  (13; 14) 299  (13; 14) 260  (14; 15) 217  (14; 15)
Medium 148   (0; 4) 74    (0; 4) 49   (0; 4) 37    (0; 4) 30    (0; 4) 25   (0; 4)
599   (7; 8) 299   (7; 8) 200  (7; 8) 150   (7; 8) 120   (7; 8) 100  (7; 8)
High 120   (0; 7) 60    (0; 6) 40   (0; 6) 30    (0; 6) 24    (0; 5) 20   (0; 5)
557   (6; 7) 278   (6; 7) 147  (5; 6) 126   (6; 7) 103   (5; 6) 82   (5; 6)
Trust p in proportion
0,07 0,08 0,09 0,1 0,15 0,2
Low 26   (0; 4) 22    (0; 4) 20    (0; 4) 18    (0; 4) 12   (
...