Introduction: According to Lee (2000) evidence is anything (tangible objects, documents, and testimony) that relates to the truth or falsity of an assertion made in an investigation or legal proceeding. An audit on the other hand is a systematic independent examination of financial statements, records, documents with an objective to express an opinion on the financial statements of an entity whether they are giving a true and fair view or not. Auditor expresses his opinion (whether the financial statements of an entity are giving a true and fair view or not) on the basis of audit evidence collected by him.
The goal of any audit is to determine whether a company’s financial statements comply with generally accepted accounting principles (GAAP), international financial reporting standards (IFRS), or another set of accounting standards applicable to an entity’s jurisdiction as to whether they show a true and fair view. Publicly traded companies are generally required to present fully audited financial statements to shareholders periodically, and thus the compilation and organization of auditing evidence are essential for auditors and accountants to do their work.
The objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion.
International Standard on Auditing (ISA) 500 explains what constitutes audit evidence in an audit of financial statements, and deals with the auditor’s responsibility to design and perform audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009.
ISA 500 defines Audit evidence as the Information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence includes both information contained in the accounting records underlying the financial statements and other information.
Audit evidence is the information collected for review of a company’s financial transactions, internal control practices, and other items necessary for the certification of financial statements by an auditor. The amount and type of auditing evidence considered vary considerably based on the type of firm being audited as well as the required scope of the audit.
In short, auditing evidence is meant to provide auditors with the information for them to make the judgment on whether or not financial statements are accurate and true.
Examples of auditing evidence include bank accounts, management accounts, payrolls, bank statements, invoices, and receipts.
Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized or otherwise transformed into electronic form.
How Audit Evidence is Obtained
Audit evidence is collected via audit procedures. Those procedures are categorized into two main categories: risk assessment procedures and further audit procedures, The latter includes tests of controls and substantive procedures.
Typically, the purpose of the audit procedure will dictate the type of procedure it is. There are seven types of audit procedures:
- Inspection. Auditors collect evidence by inspecting physical assets, records, or documents.
- Observation. Auditors observe the client’s business processes and operations to identify deficiencies.
- External confirmation. Auditors may reach out to third parties to verify the financial information and accounting records provided by the client.
- Recalculation. The auditors perform their own calculations to verify that the final accounting balances match those reported by the client.
- Reperformance. Auditors may reperform certain tasks or processes to identify deficiencies and discover opportunities for further optimization.
- Analytical procedures. Auditors analyze the client’s financial records to find discrepancies.
- Inquiry. Auditors talk with the client’s senior management to gain a deeper understanding of business processes for the auditing process. Inquiry alone, however, is not considered sufficient audit evidence to reduce the audit risk.
Audit evidence is an integral part of the overall audit process. That said, it’s just as important to consider how the evidence is collected, where it’s sourced from, and whether there is sufficient evidence available to approve or reject the assertions made by the company prior to the audit.
Sufficient Appropriate Audit Evidence
The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence.
When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence. If information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s work for the auditor’s purposes:
(a) Evaluate the competence, capabilities and objectivity of that expert;
(b) Obtain an understanding of the work of that expert; and
(c) Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion.
When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor’s purposes, including, as necessary in the circumstances:
(a) Obtaining audit evidence about the accuracy and completeness of the information;
(b) Evaluating whether the information is sufficiently precise and detailed for the auditor’s purposes.
Characteristics of Audit Evidence
Good auditing evidence can be measured by the extent of the following characteristics:
Sufficiency: Sufficiency takes into account whether or not the material provided is of an adequate quantity that would allow auditors to make an accurate judgment. If an auditor was given just one bank statement of a company, it would not be enough to make any determinations on the financial standing of that company.
Reliability: Reliability seeks to determine whether or not the material can be trusted and counted on for forming an opinion. Reliability typically factors from the source of the information.
Source: The source of accounting evidence can be obtained directly from the company or externally. Externally sourced information is generally regarded as more trustworthy and is therefore preferred.
Nature: Nature refers to the type of information that is received. For example, the information can be provided through legal documents, presentations, orally from employees, or through a physical confirmation.
Relevance: Depending on the type of audit being conducted, how pertinent the information received in its relation to the overall analysis is a guiding factor.In general, auditors prefer information that is written as opposed to provided orally; information that is from a third-party source as opposed from inside the company; original documents as opposed to copies of those documents; a strong understanding of the firm by the auditor to request appropriate auditing evidence; firsthand observations by the auditor as opposed to documentation provided via another source.
Types of Audit Evidence
There are eight different types of audit evidence. Each type is used to achieve a specific purpose, depending on the purpose of the audit, the client, and the assertion being tested.
- Physical examination. Physical evidence gathered by the auditors themselves to verify whether or not certain assets actually exist, or to verify the asset’s condition. Physical examination is also a main source of audit evidence used primarily for any fixed assets, such as usage of machinery or supplies.
- Confirmations. This refers to relying on third parties such as banks to confirm various aspects of the financial statements (for example, the closing bank balance or accounts payable records).
- Documentary evidence. Auditors will gather documentation such as internal process documents, emails, or logs, to help with different portions of the overall audit. The auditors may use documentation for vouching or tracing as part of the audit procedures.
- Analytical procedures. Any analysis performed by the auditors where they use their own calculations to substantiate the financial information and any accounting records provided by the client to find any discrepancies.
- Oral evidence. Auditors may hold Q&A sessions with their client’s senior leadership team to inquire about the business operations prior to designing the audit procedures.
- Accounting system. Allows the auditor to access financial reporting documents and any information related to financial statements. The accounting system may also act as the source of audit evidence.
- Reperformance. The auditor assesses the control risk by reperforming key internal control processes to check for deficiencies.
- Observatory evidence. The auditors observe how their clients conduct their operations, policies, and protocols to find weaknesses; and make their own notes about how those processes work.
Audit Procedures for Obtaining Audit Evidence
ISA 500 recommends that audit evidence to draw reasonable conclusions on which to base the auditor’s opinion should be obtained by performing:
(a) Risk assessment procedures; and
(b) Further audit procedures, which comprise:
- Tests of controls, when required by the ISAs or when the auditor has chosen to do so;
- Substantive procedures, including tests of details and substantive analytical procedures.
As explained in ISA 330, audit evidence obtained from previous audits may, in certain circumstances, provide appropriate audit evidence where the auditor performs audit procedures to establish its continuing relevance. The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. For example, source documents, such as purchase orders and invoices, may exist only in electronic form when an entity uses electronic commerce, or may be discarded after scanning when an entity uses image processing systems to facilitate storage and reference.
Information to Be Used as Audit Evidence
This relates with the Relevance and Reliability of Audit Evidence.
Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and, where appropriate, the assertion under consideration. The relevance of information to be used as audit evidence may be affected by the direction of testing. A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not others. For example, inspection of documents related to the collection of receivables after the period end may provide audit evidence regarding existence and valuation, but not necessarily cutoff. Similarly, obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding another assertion, for example, the valuation of that inventory. On the other hand, audit evidence from different sources or of a different nature may often be relevant to the same assertion.
Tests of controls are designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Designing tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor.
Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures. Designing substantive procedures includes identifying conditions relevant to the purpose of the test that constitute a misstatement in the relevant assertion.
Reliability of Audit Evidence
The reliability of information to be used as audit evidence, andtherefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. Therefore, generalizations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability. For example, information obtained from an independent external source may not be reliable if the source is not knowledgeable, or a management’s expert may lack objectivity. While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
- The reliability of audit evidence is increased when it is obtained from independent sources outside the entity.
- The reliability of audit evidence that is generated internally is increased when the related controls, including those over its preparation and maintenance, imposed by the entity are effective.
- Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
- Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of the matters discussed).
- Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized or otherwise transformed into electronicform, the reliability of which may depend on the controls over their preparation and maintenance.
Information Produced by the Entity and Used for the Auditor’s Purposes
In order for the auditor to obtain reliable audit evidence, information produced by the entity that is used for performing audit procedures needs to be sufficiently complete and accurate. For example, the effectiveness of auditing revenue by applying standard prices to records of sales volume is affected by the accuracy of the price information and the completeness and accuracy of the sales volume data. Similarly, if the auditor intends to test a population (for example, payments) for a certain characteristic (for example, authorization), the results of the test will be less reliable if the population from which items are selected for testing is not complete.Obtaining audit evidence about the accuracy and completeness of such information may be performed concurrently with the actual audit procedure applied to the information when obtaining such audit evidence is an integral part of the audit procedure itself. In other situations, the auditor may have obtained audit evidence of the accuracy and completeness of such information by testing controls over the preparation and maintenance of the information. In some situations, however, the auditor may determine that additional audit procedures are needed. In some cases, the auditor may intend to use information produced by the entity for other audit purposes. For example, the auditor may intend to make use of the entity’s performance measures for the purpose of analytical procedures, or to make use of the entity’s information produced for monitoring activities, such as internal auditor’s reports. In such cases, the appropriateness of the audit evidence obtained is affected by whether the information is sufficiently precise or detailed for the auditor’s purposes. For example, performance measures used by management may not be precise enough to detect material misstatements.
Selecting Items for Testing to Obtain Audit Evidence
An effective test provides appropriate audit evidence to an extent that, taken with other audit evidence obtained or to be obtained, will be sufficient for the auditor’s purposes. In selecting items for testing, the auditor is required by paragraph 7 of ISA 500 to determine the relevance and reliability of information to be used as audit evidence; the other aspect of effectiveness (sufficiency) is an important consideration in selecting items to test.
The means available to the auditor for selecting items for testing are:
(a) Selecting all items (100% examination);
(b) Selecting specific items; and
(c) Audit sampling.
The application of any one or combination of these means may be appropriate depending on the particular circumstances, for example, the risks of material misstatement related to the assertion being tested, and the practicality and efficiency of the different means.
Selecting All Items
The auditor may decide that it will be most appropriate to examine the entire population of items that make up a class of transactions or account balance (or a stratum within that population). 100% examination is unlikely in the case of tests of controls; however, it is more common for tests of details. 100% examination may be appropriate when, for example: • The population constitutes a small number of large value items; • There is a significant risk and other means do not provide sufficient appropriate audit evidence; or • The repetitive nature of a calculation or other processperformed automatically by an information system makes a 100% examination cost effective.
Selecting Specific Items
The auditor may decide to select specific items from a population. In making this decision, factors that may be relevant include the auditor’s understanding of the entity, the assessed risks of material misstatement, and the characteristics of the population being tested. The judgmental selection of specific items is subject to non-sampling risk. Specific items selected may include:
- High value or key items. The auditor may decide to select specific items within a population because they are of high value, or exhibit some other characteristic, for example, items that are suspicious, unusual, particularly risk-prone or that have a history of error.
- All items over a certain amount. The auditor may decide to examine items whose recorded values exceed a certain amount so as to verify a large proportion of the total amount of a class of transactions or account balance.
- Items to obtain information. The auditor may examine items to obtain information about matters such as the nature of the entity or the nature of transactions.
While selective examination of specific items from a class of transactions or account balance will often be an efficient means of obtaining audit evidence, it does not constitute audit sampling. The results of audit procedures applied to items selected in this way cannot be projected to the entire population; accordingly, selective examination of specific items does not provide audit evidence concerning the remainder of the population.
Inconsistency in, or Doubts over Reliability of, Audit Evidence
Obtaining audit evidence from different sources or of a different nature may indicate that an individual item of audit evidence is not reliable, such as when audit evidence obtained from one source is inconsistent with that obtained from another. This may be the case when, for example, responses to inquiries of management, internal audit, and others are inconsistent, or when responses to inquiries of those charged with governance made to corroborate the responses to inquiries of management are inconsistent with the response by management. ISA 230 includes a specific documentation requirement if the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter.
Quality of Audit Evidence
The quality of audit evidence is essential to ensure that the auditor’s conclusion is correct.
If the information is not strong or low quality, the audit risk of making incorrect audit opinions are high.
The quality of audit evidence is dependent mainly on the form and source of the evidence which are:
- External Source: The evidence that obtains directly from external parties like customers, suppliers, or banks are more reliable than obtaining from clients. For example, accounts receivable confirmations that obtain from client’s customers are more reliable than the records that prepare by clients.
- Prepare by Auditor: The evidence that prepares by auditors themselves are more reliable than the one that prepares by or obtains from the client. For example, the bank reconciliation that prepares by the auditor is more reliable than the bank reconciliation prepared by the accountant.
- Prepared by client: The level of reliability of evidence that obtains from clients are depending on the reliability of client internal control.
- Written form: The audit evidence that forms in writing is more reliable than the one that forms in verbal. For example, management confirmation in the form of email is more reliable than the confirmation by verbal.
- Original Form: Original invoices that use to support the payments transactions are more reliable than the copy invoices.
Importance of Audit Evidence
Audit evidence is critical for any auditor to substantiate his or her conclusions. After all, the opinion presented by an auditor following the end of an audit depends on the audit evidence gathered. In addition, if the findings from the audit are disputed, auditors will rely on the strength of the audit evidence to support their opinion.
ISA 330 requires the auditor to conclude whether sufficient appropriate audit evidence has been obtained. Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. ISA 200 contains discussion of such matters as the nature of audit procedures, the timeliness of financial reporting, and the balance between benefit and cost, which are relevant factors when the auditor exercises professional judgment regarding whether sufficient appropriate audit evidence has been obtained.
Gathering audit evidence is particularly important for financial information since auditors must assure that the financial statements provided by the client match the financial reporting framework. Financial statements are often used to make certain assertions by the client, which can be categorized as existence or occurrence, completeness, valuation or allocation, rights and obligations, and presentation and disclosure.
Any statements or records provided by the client must be corroborated by an external third party (such as a bank); or the auditor must perform his or her own calculations and analyses to verify the legitimacy of information provided by the client.
Two qualities of audit evidence that are related are sufficiency and the appropriateness of audit evidence. The sufficiency of audit evidence is the amount or quantity of audit evidence. The risks of misstatement the auditor assess to determine the quantity of audit evidence that the auditor needs.
The higher the risks, the more audit evidence the auditor requires. But the higher the quality of the audit evidence, the less evidence the auditor may need. However, a large amount of audit evidence will likely not make up for the poor quality of the audit evidence.
Appropriateness is the measure of the quality of the audit evidence, i.e., the reliability and relevance of the audit evidence. To be appropriate, the audit evidence must be reliable and relevant to support the conclusions that the auditor uses to form the basis of his audit opinion.
The audit evidence should also be sufficient and appropriate to support and corroborate, or contradict, if necessary, the assertions of the executives as they pertain to specific transaction classes, account balances, or financial statement disclosures.
A022 2010 IAASB Handbook ISA 500