A cloud auditor should use statistical sampling rather than judgment (nonstatistical) sampling when:

A cloud auditor should use statistical sampling rather than judgment (nonstatistical) sampling when:
A . generalized audit software is unavailable.
B . the auditor wants to avoid sampling risk.
C . the probability of error must be objectively quantified.
D . the tolerable error rate cannot be determined.

View Answer

Answer: C

Explanation:

According to the ISACA Cloud Auditing Knowledge Certificate Study Guide, a cloud auditor should use statistical sampling rather than judgment (nonstatistical) sampling when the probability of error must be objectively quantified1. Statistical sampling is a sampling technique that uses random selection methods and mathematical calculations to draw conclusions about the population from the sample results. Statistical sampling allows the auditor to measure the sampling risk, which is the risk that the sample results do not represent the population, and to express the confidence level and precision of the sample1. Statistical sampling also enables the auditor to estimate the rate of exceptions or errors in the population based on the sample1.

The other options are not valid reasons for using statistical sampling rather than judgment sampling.

Option A is irrelevant, as generalized audit software is a tool that can facilitate both statistical and judgment sampling, but it is not a requirement for either technique.

Option B is incorrect, as statistical sampling does not avoid sampling risk, but rather measures and controls it.

Option D is illogical, as the tolerable error rate is a parameter that must be determined before conducting any sampling technique, whether statistical or judgmental.

Reference: ISACA Cloud Auditing Knowledge Certificate Study Guide, page 17-18.