Certified Information Systems Auditor Practice Exam

The most appropriate sampling method for testing automated invoice authorization controls is stratified random sampling. This method involves dividing the population into distinct subgroups or strata that share similar characteristics relevant to the testing objectives. In the context of invoice authorization, different types of invoices may have varying levels of risk or importance, such as high-value versus low-value invoices or routine versus exceptional authorizations.

By using stratified random sampling, an auditor can ensure that each subgroup is represented within the sample, which increases the likelihood of identifying issues specific to each category. This tailored approach enhances the effectiveness of the audit by focusing on areas that may present higher risk or different control circumstances.

Other sampling methods, such as simple random sampling, might not effectively capture the nuances of different invoice types, leading to a less comprehensive evaluation of the controls. Systematic sampling, while structured, may introduce bias if the underlying data has periodicity or patterns. Judgmental sampling relies on the auditor's discretion rather than a statistical basis, which can lead to biases and potentially overlook significant transactions within less typical categories. Therefore, stratified random sampling is the most robust choice for this scenario.