Certified Information Systems Auditor Practice Exam 2025 – All-in-One Guide to Master Your CISA Certification!

Attribute sampling is most effective for ensuring that purchase orders to vendors have been properly authorized because it focuses specifically on assessing the presence or absence of a specific attribute—in this case, the authorization of purchase orders. This method allows an auditor to determine whether the purchase orders meet a set criterion, such as being signed or approved by the appropriate authority before being sent to the vendor.

This type of sampling is particularly useful in compliance testing, where the goal is to verify adherence to policies and procedures. By using attribute sampling, the auditor selects a sample size that provides a sufficient basis to evaluate the extent of compliance with the authorization requirements for purchase orders. This allows for a clear assessment of whether controls are operating effectively in that regard.

On the other hand, random sampling may not effectively target the specific attribute of interest, such as proper authorization, as it does not focus on criteria specific to the audit's objectives. Statistical sampling can be more complex regarding calculations and might not necessarily hone in on the compliance aspect as directly as attribute sampling does. Non-probability sampling lacks the rigor of providing a statistically valid basis for conclusions about the population, which makes it less suitable for this context.

Thus, attribute sampling is the optimal choice for validating that purchase orders have the required author