Page 1 of 6

AUDIT ENGAGEMENT & AUDIT EVIDENCES

KEY POINTS TO REMEMBER: MANAGING AN AUDIT ENGAGEMENT
1

An audit department can use the pool concept to assign all staff and most senior auditors to engagements. Monthly audit work schedules would most likely ensure effective staff utilization. The effectiveness of an audit assignment is related to the findings and the action taken on those findings. Conducting an exit interview with auditees would contribute to assignment effectiveness. A primary purpose of an exit conference is to ensure the accuracy of the information used by an internal auditor. A secondary benefit of an exit conference is to improve relations with auditees. ne purpose of the exit conference is for the internal auditor to review and verify the appropriateness of the audit report based on auditee input. The primary reason that the auditor should document a closing conference is that information may be needed if a dispute arises. A purpose of an audit closing conference is to generate commitment for appropriate managerial action. A primary purpose of the audit closing conference is to resolve remaining issues. The primary purpose of conducting a closing conference with the manager of an organizational unit audited should be to confirm the soundness of audit results and make such modifications as seem !ustified. "uring an exit conference# an auditor and an auditee disagreed about a well$documented audit finding. Assuming that the disagreement cannot be resolved prior to issuing the audit report# it should be handled by presenting both the audit finding and the auditee%s position on the finding. &easons for disagreement should be stated. &ecommendations in audit reports may or may not actually be implemented. 'orking papers should include identifying concerns for future audits# but such concerns are not an ob!ective of the audit closing conference. (nterim reports are issued during an audit to communicate information re)uiring immediate action. An oral report is appropriate when there are significant problems discovered during the audit. *articipants who would be appropriate to attend an exit conference include the responsible internal auditor# representatives from management who are knowledge$able of detailed operations# and those who can authorize implementation of corrective action. After an audit report with adverse findings has been communicated to appropriate auditee personnel# proper action is to schedule a follow$up review.

COLLECTING DATA AND INFORMATION

(nformation is the heart of the problem$solving process. "ecisions are made using the information to solve existing problems and to make decisions. +or the information to be useful in so many ways# it has to meet certain )uality attributes# such as availability# timeli e!!# a""#$a"y# and $eleva "y. ,nowledge is power. ,nowledge is the result of information. The amount and the right kind of information a person has can make the difference between an informed decision and a guess# between success and failure. ,nowledge is a synthesis of information. (n this information age# knowing means winning. The in one knows about something# the more control one has over one-s own destiny. The need for relevant information is not only to avoid present failures# but also to maximize future opportunities and minimize potential future problems.
.

'illy C(A copy right /

Page 2 of 6

As changes create a need for more information# the value of information will begin to increase significantly. The successful executives and professionals 0e.g.# auditors1 will be those who have mastered the art of being information conscious. (nformation consists of facts# figures# rules# news# statistics# data# values# impressions2pieces of intelligence that singly or !ointly increase awareness of the sub!ect matter. (nformation should be differentiated from assumptions. An assumption is a conclusion based on non$ information# which can be true or false. (t has no evidence. Assumptions are made all the time. 'e make false assumptions# such as certain data are3 easy to find when in fact they are difficult to find# difficult to find when in fact they are easy# inexpensive to buy when in fact they are expensive# and expensive to buy when4 fact they are inexpensive. (nformation is obtained only by asking )uestions or searching for it. (nformation is an outcome of a process that involves fact gathering# data collection# measurement# interpretation# analysis# and forecasting# (nformation can be said to be the result of data. "ata consist of raw numbers and facts. (nformation consists of meaningful numbers and facts. (nformation involves the addition of a certain value to data through some level of selection# interpretation# or rearrangement. 5ince management makes decisions and auditors use information# they need to know how and where the information is coming from.

SOURCES OF INFORMATION
P$ima$y i %&$mati& 0original# expensive1 Se"& 'a$y i %&$mati& 0not original# inexpensive1 I te$ al !&#$"e! 0facts about the firm# used in planning1 E(te$ al !&#$"e! 0facts about the economy# markets1 Primary information is firsthand information from an original source. 5econdary information is sec$ ondhand. *rimary information is usually expensive to gather while secondary information is inexpensive. Internal sources involve facts about an organization 0sales data# customer data# financial data# and product data1. (nternal sources are used in planning and performance measurement. External sources are facts about the world outside the organization. This information involves facts about competitors# markets# demographics# the environment# and the economy. Managers often make decisions without external sources. 6xternal sources are not usually perceived as being that important7 they are more difficult to obtain and often are neglected# resulting in bad conse)uences. The goal should be to combine external sources with internal sources. Managers should think of problems and opportunities as information needs# as a series of )uestions that need to be answered. (nformation consciousness means to think information when thinking about problems.

Eval#ate t)e A#'it Evi'e "e

*A+ Ty,e! &% A#'it Evi'e "e. Audit evidence is information that provides a factual basis for audit opinions. (t is the information documented by the auditors and obtained through observing conditions# interviewing people# examining records# and testing documents. Audit evidence may be categorized as physical# documentary# testimonial# and analytical. *hysical 0direct inspection and observation1 Types of audit evidence "ocumentary 0letters# contracts# records1 Testimonial 0obtained from others1 Analytical 0computations# comparisons1

Page 3 of 6

P)y!i"al evi'e "e is obtained by direct inspection or observation of people# property# or events. 5uch evidence may be documented in the form of memoranda summarizing the matters inspected or observed# photographs# charts# maps# or actual samples. An auditor-s observation of the functioning of an internal control system produces physical evidence. 6xamples of physical evidence include3 taking a photograph of the auditees- workplace# such as improperly stored materials or unsafe conditions7 observing conditions7 test counting a batch of inventory7 and testing the existence of an asset. D&"#me ta$y evi'e "e consists of created information# such as letters# contracts# accounting records# invoices# and management information on performance. 6xamples of documentary evidence include3 a page of the general ledger containing irregularities placed there by perpetrator of a fraud7 and determining whether erroneous billings occurred when the auditor for a construction contractor finds material costs increasing as a percentage of billings and suspects that materials billed to the company are being delivered to another contractor. A contract is the most appropriate evidence for the auditor to obtain and review when evaluating the propriety of a payment to a consultant. Te!tim& ial evi'e "e is obtained from others through statements received in response to in)uiries# through interviews# or through responses to )uestionnaires. Testimonial evidence needs to be evaluated from the standpoint of whether the individual may be biased or have only partial knowledge about the area. Testimonial evidence obtained under conditions where persons may speak freely is more credible than testimonial evidence obtained under compromising conditions 0e.g.# where persons may be intimidated1. 6xamples of testimonial evidence include3 a written# signed statement from an interviewee in re$ sponse to a )uestion asked by an auditor during an interview7 a written statement by or a letter from an auditee in response to a specific in)uiry made by an auditor7 and a letter from the company-s response to in)uiries about possible litigation. A alyti"al evi'e "e includes computations# comparisons# reasoning# and separation of it into components. 6xamples of analytical evidence include3 to evaluate the reasonableness of the )uantity of material resulting from a certain production process compared to industry standards7 to evaluate the reasonableness of account balances7 and concluding that there was an ade)uate separation of duty counting and recording of cash receipts. *B+ Sta 'a$'! &% A#'it Evi'e "e- All audit evidence should meet the three standards of sufficiency com etence# and rele!ance. 6vidence is sufficient if it is based on facts. Competent evidence the term 8relevance8 refers to the relationship of the information to its use. 'hen evidence does not meet these three standards# additional 0corroborative1 evidence is re)uired before expressing an audit opinion. 5ufficiency 0evidence is convincing1 Competence 0evidence is reliable1 &elevance 0evidence is logical1 *C+ A,,$&,$iate e!! &% A#'it Evi'e "e. The phrase 8appropriateness of audit evidence8 refers persuasiveness 0sufficiency1# relevance# and competence 0reliability1. The following discussion auditors determine what constitutes sufficient# relevant# and competent evidence to support their findings and conclusions. 6vidence is sufficient if there is enough of it to support the auditors- findings. (n determining sufficiency of evidence# it may be helpful to ask3 (s there enough evidence to persuade a reasonable person of the validity of the findings9 An essential factor in evaluating the 8sufficiency8 of evidence 0it must be convincing enough for a prudent person to reach the same decision. Therefore# sufficiency deals with the persuasiveness of the evidence 0see 6xhibit ..:

Page 4 of 6

for h persuasive evidence1. 'hen appropriate# statistical methods may be used to establish sufficiency sampling methods are used# the concept of sufficiency of evidence means that the samples se vide reasonable assurance that they are representative of the sampled population. (nterviewing the auditee is not enough to provide sufficient evidence. 5ome examples of sufficient evidence follow3 ;erifying the )uantity of fixed assets on hand by physical observation would provide the persuasive evidence of )uantity on hand. <sing test data# an auditor has processed both normal and atypical transactions through computerized payroll system to test calculations of regular and overtime pay amounts. 5ufficient competent evidence of controls exists if test data results are compared to predetermined results or expectations. The audit procedure that provides the most persuasive evidence about the loan-s collectibility is to examine the documentation of a recent# independent appraisal of the real estate that was a security. The most persuasive evidence that the incoming supply counts are made by the receiving department is a periodic observation by the internal auditor over the course of the audit 8A positive confirmation received directly from the customer8 is the most persuasive concerning the existence and valuation of a receivable. (f the audit ob!ective is to gain evidence that payment has actually been made for a specific from a vendor# the most persuasive evidence would be obtained by a canceled check# made out to the vendor and referenced to the invoice# included in a cutoff bank statement# which the received directly from the bank. (f an auditor wants assurance of the existence of inventory stored in a warehouse# the most persuasive evidence is to physically observe the inventory in the warehouse. 6xternally prepared documents 0e.g.# invoice1 would provide the most persuasive evidence an asset value that was ac)uired. A physical examination would provide the most persuasive evidence for testing the existence of an asset. 6vidence used to support a finding is rele!ant if it has a logical# sensible relationship to that finding. &elevant evidence is consistent with the audit ob!ectives and supports audit findings and recommenda$ tions. 6vidence is com etent to the extent that it is consistent with fact 0i.e.# evidence is competent if it is valid1. 8Competent8 evidence is satisfied by an original signed document# but copies do not provide competent evidence. 6vidence that is both available and reliable is competent. Competent information is reliable and the best available through the use of appropriate audit functions. The next presumptions are useful in !udging the competence of evidence. =owever# these presumptions are not to be considered sufficient in themselves to determine competence. 6vidence obtained from a credible independent source is more competent than that secured from the audited organization. An external source of evidence should impact audit conclusions most. 6vidence developed under an effective system of management controls is more competent than that obtained where such control is weak or nonexistent. 6vidence obtained through the auditors- direct physical examination# observation# computation# and inspection is more competent than evidence obtained indirectly. An example of external and internal evidence is when an auditor reviews the count sheets#

Page 5 of 6

inventory printouts# and memos from the last inventory during determination of causes of inventory shortages shown by the physical inventories.

6xamples of competent evidence follow3 An audit ob!ective of an accounts receivable function is to determine if prescribed standard procedures are followed when credit is granted. An audit procedure providing the most competent evidence would be selecting a statistical sample of credit applications and testing them for conformance with prescribed procedures. The most 8reliable8 0competent1 evidence of determining a company-s legal title to inventories is paid vendor invoices. A contract dispute has arisen between a company and a ma!or supplier. To resolve the dispute# the most competent evidence would be the original contract. A positive confirmation of an accounts receivable that proves that it actually exists is competent evidence. (n deciding whether recorded sales are valid# most 8competent8 evidence would be obtained by looking at the shipping document# the independent bill of lading# and the invoice for the merchandise. Auditors should# when they deem it useful# obtain from officials of the audited entity written repre$ sentations concerning the competence of the evidence they obtain. 'ritten representations ordinarily confirm oral representations given to the auditor# indicate and document the continuing appropriateness of such representations# and reduce the possibility of misunderstandings concerning the matters that are the sub!ect of the representations. An example of relevant evidence is aging of accounts receivables# which provides relevant evidence regarding the validity of receivables and thus the allowance account. *D+ I %&$mati& S&#$"e! %&$ A#'it Evi'e "e- The auditors- approach to determining the sufficiency# relevance# and competence of evidence depends on the source of the information that constitutes the evidence. (nformation sources include original data gathered by auditors and existing data gathered by either the auditee or a third party. "ata from any of these sources may be obtained from computer$based systems. "i# Data $at%ered &y t%e auditors. These data include the auditors- own# observations and measurements. Among the methods for gathering these types of data are )uestionnaires# structured inter$views# and direct observations. The design of these methods and the skill of the auditors applying them are the keys to ensuring that these data constitute sufficient# competent# and relevant evidence 'hen these methods are applied to determine cause# auditors are concerned with eliminating nod explanations of cause. "oing so involves considering three types of validity 0.1 internal validity# 0>1 construct validity# and 0?1 external validity. .$ (nternal validity means that A 0the program as defined for the particular audit1 caused @ 0the effect measured in the audit1. >$ Construct validity refers to whether the auditors are measuring or observing what they lilted to. ?$ 6xternal validity refers to the ability to generalize the auditors- findings to a broader universe "ii# Data $at%ered &y t%e auditee' Auditors can use data gathered by the auditee as part of their evidence. (f those data are significant to the overall body of evidence supporting their findings# auditor should obtain additional evidence of the reliability of those data. 5tatements by auditee

Page 6 of 6

management or personnel about the reliability of operations data should be corroborated with other evidence. Auditors can obtain the necessary evidence by testing the effectiveness of the entity-s controls on the reliability of the data# by direct tests of the data# or by a combination of the two. 'hen the auditors- tests of data disclose errors in that data# the auditors should consider the significance of those errors in relation to the audit ob!ectives. (f the auditors conclude that these en are so significant that the data are not valid or reliable# they should consider whether to 5eek evidence from other sources &edefine the audit-s ob!ectives to eliminate the need to use the invalid or unreliable data# <se the data# but clearly indicate in their report the data-s limitations and refrain from making unwarranted conclusions or recommendations 5imilar considerations apply when the auditors are unable to obtain sufficient# competent# and relevant evidence about the validity and reliability of the auditee%s data. "iii# Data $at%ered &y t%ird arties. The auditors- evidence may also include data gathered by third parties. (n some cases# these data may already have been audited# or the auditors may be able to audit this evidence themselves. ften# however# it will not be practical to obtain evidence of the data-s1 validity and reliability. =ow the use of un$audited third$party data affects the auditors- report depends on the data-s significance to the overall body of evidence supporting the auditors- findings. (f it is significant# the auditors should clearly indicate in their report the data-s limitations and refrain from making units ranted conclusions or recommendations based on those data. "i!# Data $at%ered from com uter(&ased systems' Auditors should obtain sufficient evidence that computer$processed data are valid and reliable when those data are significant to the overall body evidence supporting the auditors- findings# and any conclusions or recommendations. 0'hen the reliability of a computer$based system is the primary ob!ective of the audit# the auditor should conduct a review of the system-s general and application controls.1 This is necessary regardless of whether the data are provided to auditors or auditors independently extract them. 0'hen the auditor uses computer$processed data or includes them in the report for background or information purposes# a when those data are not significant to the auditor-s results# citing the source of the data and stating that they were not verified will satisfy the reporting standards for accuracy and completeness1. Auditors should determine if other auditors have worked to establish the validity and reliability of the data or the effectiveness of the controls over the system that produced it. (f they have# auditors may be able to use that work. (f not# auditors can obtain evidence about the validity and reliability of computer$processed data from tests of general and application controls# direct tests of the data# or a combination of both.