If the sampling strategy provided by the provider does not yield an appropriate sample, the internal verifier or external authenticator should inform the provider and may select additional portfolios to ensure that a sufficient sample is selected.