NDIS & ISO Audit Sampling Techniques

An audit is an assessment against specified criteria. Proper planning is a crucial factor for effective outcomes. While planning, we need to consider certain aspects, such as the availability of resources, audit location, travel time, complexity, and risks of the areas to be audited. These factors guide the audit planners in developing a sampling strategy. The sampling strategy typically comes with its complications. There are some routine questions frequently asked by business owners and NDIS service providers:

How many sites should be selected for each audit?

How many files should be reviewed by the auditors?

In what period the whole elements of the standard must be audited?

How many staff or managers should be interviewed?

 This article will outline some basic rules about sampling as per the guidelines of auditing management systems ISO 19011:2018. This article is only a guide, and businesses should develop a planning and sampling method that works best for them and meet their specific needs and requirements.

Audit sampling takes place when it is not practical or cost-effective to examine all available information during an audit, for instance, when the number of records is too high or too dispersed geographically to justify examining every item in the population. Audit sampling of a large data set (population) is selecting less than 100 % of the items within the total available population to obtain and evaluate evidence about some population characteristics, to form a conclusion concerning the population.

The audit sampling goal is to provide enough information for the auditor to have confidence that the audit objectives can or will be achieved.
The risk associated with sampling is that the samples may not fully represent the population from which they are selected. Thus, the auditor's conclusion may be biased or different from that reached if the whole population was examined. There may be other risks depending on the sample population's variability and the sampling method selected.

Audit sampling typically involves the following steps:

  1. Establishing the objectives of sampling
  2. Selecting the extent and composition of the population to be sampled
  3. Selecting a sampling method
  4. Determining the sample size to be taken
  5. Conducting the sampling activity

Now that we understand the steps involved in sampling, we can look at each step in more detail!

1. Establishing the objectives of sampling

Usually, the objective of the sampling ties in with the audit objectives. As an auditor, you must ensure that the samples you picked to review during the audit are in line with the audit's scope and criteria. For instance, when you plan to audit the organization's leadership, you need to ensure that the organization's leaders are part of the audit plan.

2. Selecting the extent and composition of the population to be sampled

Identifying the population to be sampled is the next step. You cannot audit every process or interview every manager within an organization. Although this might be possible for small companies, this is mainly applicable for mid-size to large-size organizations. Consider the risks of the scope and criteria of the area to be audited when you work on the extent of sampling.

3. Selecting a sampling method

The auditor can use judgment-based or statistical methods for a given dataset.

Judgment-based sampling

Judgment-based sampling relies on the competence and experience of the audit team.
For judgment-based sampling, the following should be considered:

  • previous audit experience within the audit scope
  • the complexity of the requirements (including statutory and regulatory requirements) to achieve the audit objectives
  • complexity and interaction of the organization’s processes and management systems
  • any changes in technology, human factors, or the management system
  • previously identified significant risks and opportunities for improvement
  • the output from the monitoring of the management system

Statistical sampling

If the decision is made to use statistical sampling, the sampling plan should be based on the audit objectives and what is known about the characteristics of the overall population from which the samples are to be taken.
Statistical sampling design uses a sample selection process based on probability theory. Attribute-based sampling is used when there are only two possible sample outcomes for each sample such as correct/incorrect or pass/fail.

4. Determining the sample size to be taken

Sampling size is determined by the time you have as an auditor. Your time is always limited, and it is not professional to ask for extra time for every single session. Evaluate your time and come up with a realistic sample size. You cannot audit the ten top managers of an organization if you have only hours to audit the organization's leadership.

5. Conducting the sampling activity

Conducting the sampling audit is the last step. Bear in mind that the audit plan is not set in stone, and you as an auditor, must ensure the audit integrity is always kept using the strategies you select during the audit. You can change the plan and sampling if you think your strategy is not working or it’s not the best audit method. Consult with the auditees before making any changes to ensure they are on the same page as you.


To establish a proper sampling approach, you must consider all the relevant factors, such as any risks in the area you will audit, the standard you comply with, and legislative or other relevant requirements. To set bulletproof planning that meets the intent of the requirements and works for your organization, you must have good knowledge about the audit process, the systems you are auditing, and how they work. The more you build up your knowledge of audit, the more effective planning you will be. Eventually, this will avoid any unnecessary administration errors or delays that may impact the effectiveness of your organization's management systems.


Who We Are

At core, LMS TRG is a compliance consulting and training organisation that builds and delivers powerful and practical products for people and businesses. Born and bred in Melbourne, Australia with an amazing team of expert auditors, consultants, and entrepreneurs.

Our area of expertise lies in providing training and guidance on compliance with the National Disability Insurance Scheme (NDIS) and the International Organisation for Standardisation (ISO). We also assist organisations in implementing effective management systems that are tailored to their specific needs and requirements. Our comprehensive approach to compliance training and management systems ensures our clients have the knowledge and tools necessary to meet regulatory requirements and industry standards. We are committed to helping our clients achieve success and maintain a culture of excellence in their operations.

We Care for each other, our members, and our society.

We Dare to discover and experiment, trying to be different and be fearless, and innovative.

We share our knowledge and experience, work together and continue to support our members.


Join The Community

Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.


50% Complete

You are almost there! 

Kindly complete the form below and confirm your email address. We will keep you updated with news, articles and promotions.