Sampling risk is a function of how much evidential matter the auditor obtains during an audit, while nonsampling risk involves the competence of this evidence. Some guidelines for controlling audit risk are provided by a formula in the American Institute of Certified Public Accountants' Statement On Auditing Standards, Section 320B.35, but this paper outlines a method that makes this conceptual formula operational. By focusing on a significant area of audit interest, such as the revenue cycle, steps are described which constitute a way of determing the extent of each statistical substantive test of details. Initially, the auditor determines the maximum dollar amount between the statistical and nonstatistical tests. Then the following factors must be considered to ascertain tolerable level for the overall sampling risk: the degree of reliance on internal accounting procedures, and the results of any planned analytic review procedures. A formula with several illustrations of its use is presented. An auditor may also choose to control for overauditing, the possibility that statistical tests may indicate a material monetary error when none exists. When only one statistical substantive test of details is planned, a sample should be designed which specifies an appropriate audit objective, identifies the sampling unit and frame, determines the sample size, and decides the selection method. Compliance tests of pertinent procedures are designed to ascertain whether the preliminary evaluation is warranted. A similar method of determining the extent of statistical compliance tests is outlined and entails audit objectives, the risk of unwarranted reliance, the risk of overauditing, and sample design. Several examples are included. Finally, by considering the extent of substantive and compliance tests at several levels of planned reliance on internal controls, the auditor can select the combination that has the least cost. Four references are provided. (Author abstract modified)