📖 What is Attribute Sampling?
Attribute sampling is a statistical sampling approach evaluating the presence or absence of a specified attribute within a population. It determines the rate of occurrences for characteristics like proper authorization or adherence to policy. Results are expressed as a percentage of items possessing the attribute.
"Focus on its application in compliance testing. The CISA exam frequently presents scenarios requiring you to differentiate attribute sampling from variable sampling based on the testing objective. Understand how to calculate sample size and evaluate results against defined criteria."
📚 Certification: Certified Information Systems Auditor (CISA)
🔑 What are the Key Concepts of Attribute Sampling?
- ▸ Attribute sampling focuses on identifying the *rate* of attribute occurrences, not estimating a mean or average like variable sampling.
- ▸ It’s used for compliance testing – verifying controls are operating effectively, such as approvals or security configurations.
- ▸ Sample size is determined by acceptable risk of incorrect acceptance (alpha risk) and risk of incorrect rejection (beta risk).
- ▸ Results are presented as a percentage of non-conformities, allowing assessment against pre-defined criteria (e.g., tolerable error rate).
- ▸ Understanding the population size and desired confidence level are crucial for calculating the appropriate sample size.
🎯 How does Attribute Sampling appear on the CISA Exam?
You may be asked to determine whether attribute or variable sampling is more appropriate when testing if all invoices over $10,000 have proper authorization signatures.
A scenario might describe an audit finding a high rate of non-conformities during attribute sampling of access control reviews – identify the next appropriate audit step.
Expect questions about calculating the upper confidence limit of the non-conformity rate based on sample results and determining if it exceeds the tolerable error rate.
❓ Frequently Asked Questions
How does the tolerable error rate impact sample size?
A lower tolerable error rate (meaning you want to be *very* sure the control is working) requires a larger sample size to achieve the same confidence level. It increases the stringency of the test.
What’s the difference between alpha and beta risk in attribute sampling?
Alpha risk is the risk of incorrectly concluding a control *is* operating effectively when it isn’t. Beta risk is the risk of incorrectly concluding it *isn’t* operating effectively when it is.
When would you choose attribute sampling over variable sampling?
Choose attribute sampling when you need to verify the presence or absence of a characteristic, like a signature or a security setting. Variable sampling is for numerical data where you want to estimate an average.