audit-sampling-methods
Installation
SKILL.md
Privacy Audit Sampling Methods
Overview
Audit sampling is the application of audit procedures to less than 100% of items within a population to form a conclusion about the entire population. In privacy auditing, sampling is used to test compliance of processing activities, DSAR responses, consent records, vendor contracts, and other privacy controls without examining every individual record.
ISA 530 (International Standard on Auditing — Audit Sampling) and IIA Practice Advisory 2320-3 (Audit Sampling) provide the authoritative frameworks. For privacy audits, sampling must account for the heightened regulatory scrutiny of personal data processing and the potential for significant harm from individual non-compliant records.
Sampling Approaches
| Approach | Description | When to Use |
|---|---|---|
| Statistical Sampling | Uses probability theory to select samples and evaluate results; allows quantification of sampling risk | When audit conclusions must be defensible to regulators; large populations; need to extrapolate results |
| Non-Statistical (Judgemental) Sampling | Auditor uses professional judgement to select items | Small populations; targeted testing of known risk areas; supplementary to statistical sampling |
Statistical Sampling Methods
Attribute Sampling
Related skills