What can an IS auditor do regarding the sample size when previous audits indicate no exceptions?

When previous audits show no exceptions, it can indicate a strong level of compliance or control effectiveness. In such cases, the IS auditor has the opportunity to reduce the sample size because there is a lower perceived risk of findings. Lowering the confidence coefficient allows for a smaller sample while still achieving an acceptable level of assurance about the findings.

This approach is grounded in the idea that if historical data demonstrates consistent compliance, less extensive testing may suffice to reach valid conclusions. By adjusting the confidence coefficient downward, the auditor can assert that they are still confident in the results while employing a more efficient use of resources. This could lead to cost savings and a more streamlined audit process without compromising the quality of the audit conclusions.