Audit Evidence (ISA 500-599)

A. Audit Evidence (ISA 500-599)

ISA 500, ISA 501, ISA 505, ISA 510, ISA 520, ISA 530, ISA 540, ISA 550, ISA 560, ISA 570 & ISA
580.
ISA 500.5 defines audit evidence as all of the information used by the auditor in arriving at the
conclusions on which the auditor’s opinion is based. It includes all the data and information underlying
the financial report and corroborating information. Audit evidence includes evidence obtained from
audit procedures performed during the audit and may also include evidence obtained from other sources,
such as previous audits. However, ISA 500.A11 states that where evidence from a prior audit is used
the auditor must perform audit procedures to ensure its continuing relevance.

The audit equation can be expressed as: Underlying accounting data + Corroborating
information.
The auditor needs to test the propriety and accuracy of the underlying accounting data in order to be
able to express an opinion on the financial report. However, some corroborating information for
material assertions within the financial report is essential.

At the end of the accounting period, the entity holds a number of items in inventory as a result of
purchase transactions. Evidence may be obtained by examining the final inventory, which is the net
result of exchange transactions, including both purchases and sales. The inventory balance in the
statement of financial position can be corroborated partly by looking in the warehouse and noting that
there are a certain number of boxes of a given item. Seeing the items is evidence that they exist and that
therefore, provided that other assertions such as rights and obligations (ownership) are satisfied, they
should be reflected in the client’s statement of financial position. However, the auditor must also obtain
further evidence concerning the acquisition cost of this inventory. This may be done by locating the
purchase invoice. Then, by recalculating the extension of inventory quantities multiplied by prices and
the addition of these extensions, the auditor corroborates the amount shown for inventory in the
accounting records.

B. Sufficient appropriate audit evidence/Persuasiveness of Audit Evidence

The basic criterion of ISA 200.17 and ISA 500.6 is that the procedures selected should provide sufficient
appropriate audit evidence for the auditor to form conclusions concerning the validity of the individual
assertions embodied in the components of the financial report and to give an auditor’s opinion.
i) Sufficiency relates to the quantity of audit evidence necessary to provide the auditor with a reasonable
basis for an opinion on the financial report. The quantity of audit evidence required is affected by the
risk of material misstatement and the quality of the audit evidence.
ii) Appropriateness relates to the quality of the audit evidence. Therefore, appropriate evidence must
be both relevant and reliable. Relevance is largely a matter of the relationship between the evidence and
the financial report assertion involved. For example, if the related assertion concerns the existence of
an asset, the auditor may select items included in the account balance and physically examine or confirm
the items. However, these particular audit procedures are not relevant to verifying the completeness
assertion. To achieve an audit objective related to completeness, the auditor must select from evidence
indicating that an item should be included in the account balance and see whether it is included.
The auditor needs to be alert for audit evidence that contradicts other audit evidence and question the
reliability of documents and responses obtained from management or those charged with governance.
A belief that management and those charged with governance are honest and have integrity based on
past experience does not relieve the auditor of this requirement for professional scepticism in the current
audit.
The reliability of audit evidence is influenced by its nature and its source. Although reliability
depends on individual circumstances, the following generalisations adapted from ISA 500.A31
are useful:
i) Evidence from sources outside an entity is more reliable than evidence obtained solely from within
an entity. (For example, a written confirmation directly from a customer is more reliable than a duplicate
sales invoice indicating that a sale was billed.)
ii) Evidence generated internally is more reliable when internal control is effective than when internal
control is ineffective. (For example, pre-numbered documents combined with a sequence check are
more reliable than unnumbered documents.)
iii) Evidence obtained directly by the auditor is more reliable than evidence obtained from the client.
(For example, a confirmation obtained directly from the bank is more reliable than sighting a copy of a
bank statement held by the client.)
iv) Evidence in the form of documents or written representations is more reliable than oral
representations. (For example, a written confirmation from a debtor is more reliable than a telephone
confirmation.)
v) Evidence in the form of original documents is more reliable than photocopies, facsimiles or
documents that have been transferred into electronic form, the reliability of which may depend on the
controls over their preparation and maintenance.
Reliability, and therefore appropriateness, depends on the following six characteristics of reliable
evidence:
1. Independence of provider: Evidence obtained from a source outside the entity is more reliable than
that obtained from within. Communications from banks, attorneys, or customers is generally considered
more reliable than answers obtained from inquiries of the client. Similarly, documents that
originate from outside the client’s organization, such as an insurance policy, are considered more
reliable than are those that originate within the company and have never left the client’s organization,
such as a purchase requisition.
2. Effectiveness of client’s internal controls: When a client’s internal controls are effective, evidence
obtained is more reliable than when they are not effective. For example, if internal controls over sales
and billing are effective, the auditor can obtain more reliable evidence from sales invoices and shipping
documents than if the controls were inadequate.
3. Auditor’s direct knowledge: Evidence obtained directly by the auditor through physical examination,
observation, recalculation, and inspection is more reliable than information obtained indirectly. For
example, if the auditor calculates the gross margin as a percentage of sales and compares it with
previous periods, the evidence is more reliable than if the auditor relies on the calculations of the
controller.
4. Qualifications of individuals providing the information: Although the source of information is
independent, the evidence will not be reliable unless the individual providing it is qualified to do so.
Therefore, communications from attorneys and bank confirmations are typically more highly regarded
than accounts receivable confirmations from persons not familiar with the business world. Also,
evidence obtained directly by the auditor may not be reliable if the auditor lacks the qualifications to
evaluate the evidence. For example, examining an inventory of diamonds by an auditor not trained to
distinguish between diamonds and cubic zirconia is not reliable evidence for the existence of diamonds.
5. Degree of objectivity: Objective evidence is more reliable than evidence that requires considerable
judgment to determine whether it is correct. Examples of objective evidence include confirmation of
accounts receivable and bank balances, the physical count of securities and cash, and adding (footing)
a list of accounts payable to determine whether it agrees with the balance in
the general ledger. Examples of subjective evidence include a letter written by a client’s attorney
discussing the likely outcome of outstanding lawsuits against the client, observation of obsolescence of
inventory during physical examination, and inquiries of the credit manager about the collectibility of
noncurrent accounts receivable. When the reliability of subjective evidence is being evaluated, it is
essential for auditors to assess the qualifications of the person providing the evidence.
6. Timeliness: The timeliness of audit evidence can refer either to when it is accumulated or to the
period covered by the audit. Evidence is usually more reliable for balance sheet accounts when it is
obtained as close to the balance sheet date as possible. For example, the auditor’s count of marketable
securities on the balance sheet date is more reliable than a count 2 months earlier. For income statement
accounts, evidence is more reliable if there is a sample from the entire period under audit, such as a
random sample of sales transactions for the entire year, rather than from only a part of the period,
such as a sample limited to only the first 6 months.
The two aspects of appropriateness must be considered together because evidence may be highly
reliable but of limited relevance to the audit objective. For example, adding up an account provides
direct personal knowledge but is of limited relevance in achieving an audit objective related to existence.
The converse is also true: enquiry of management may produce highly relevant evidence but it is of
limited reliability.
Audit evidence is also more reliable when the auditor obtains corroborating evidence from different
sources. Conversely, if evidence obtained from one source is inconsistent with that obtained from
another, the auditor will need to determine what additional audit procedures are required to resolve the
conflict.
The auditor is required by ISA 500.9 to obtain evidence about the accuracy and completeness of
information produced by the entity’s information system when that information is used in performing
audit procedures. For example, if the auditor uses non-financial information such as production reports
or budget data produced by the entity’s information system in performing audit procedures, the auditor
must obtain information about the accuracy and completeness of that information.
Examples of reliability of evidence
In the selection of audit procedures, the relative reliability of the available evidence is important. The
relationship between reliability of evidence and selection of procedures is well illustrated by tests of
accounts receivable. Two methods of determining the existence of receivables are confirmation and
examination of documentary evidence. Confirmation is generally more reliable than examination of
documentary evidence, because evidence obtained from an independent source is more reliable than
evidence that has been routed through the client’s system. Thus, a confirmation coming directly from a
debtor can be relied on more than documentary evidence, which can be suppressed or manipulated in
the client’s system.
However, not all accounts receivable confirmation requests are answered, perhaps because the debtor
is uncooperative or has a recording system that cannot determine the total amount owed to one firm at
a given time. In such circumstances, the alternative procedure—examination of documentary
evidence—must be employed. Such procedures take two forms: review of subsequent payments and
examination of sales documents. Just as confirmation provides more reliable evidence than alternative
procedures, review of subsequent payments provides more reliable evidence than examination of sales
documents.
The auditor should examine the authenticity of subsequent payments and compare them with the
accompanying remittance invoices. These amounts should be traced through to duplicate deposit slips,
cash receipts records and the accounts receivable subsidiary ledger. These payments should be checked
against specific invoices being paid, because some invoices may be in dispute. However, not all
accounts are collected subsequent to the balance date and before completion of the audit, and so, often,
other documentary evidence must be examined.
Examination of sales documents involves analysing outstanding balances into individual outstanding
charges and examining the documentary support for these charges. Pertinent documents include
duplicate sales invoices, delivery records, contracts and correspondence.
Subsequent payments are a more reliable form of documentary evidence because the cheque or
electronic funds transfer is sent by an independent source—the debtor—to the client, and the debtor
expects it to be credited to his or her account. On the other hand, the sales documents all originate within
the client’s system and are, therefore, more subject to control and manipulation.
Thus, there is a chain of evidence—sales documents, subsequent payments and confirmation—whose
reliability corresponds with the degree of independence from the client’s system.

C. Common audit procedures for collecting Evidence:

Some common audit procedures outlined in ISA 500.A14–A25 are: inspection, observation, external
confirmation, recalculation, re-performance, analytical procedures and enquiry. Several of these,
such as inspection, observation and enquiry, are familiar methods for obtaining information.
a) Inspection
Inspection involves the examination of documents, records or tangible assets. The reliability of
inspection of records or documents depends on their nature and source and on the effectiveness of
internal control over their processing. In addition, ISA 500 emphasises the need to inspect original
documents rather than photocopies. The inspection of tangible assets provides reliable audit evidence
concerning their existence but not necessarily their valuation, completeness or ownership.
b) Observation
Observation involves the auditor observing the behaviour of operating personnel and the
functioning of the business in operation. These observations are made from the perspective of their
effects on accounting and their implications for auditing, such as evidence of control activities being
carried out.
c) External confirmation
External confirmation is a type of enquiry by which an auditor normally obtains written statements
from outside parties such as banks, solicitors or debtors on information that they are qualified to
give. The independent party questioned must be reliable and knowledgeable about a subject of interest
to the auditor. In some cases, the object of interest may be held by the outside party. For example, the
auditor typically confirms cash on deposit in banks. In other cases, an auditor may need information
concerning an item that does not have a physical existence, such as an obligation owed to the client.
Thus, an auditor often confirms accounts receivable.
The statement of the outside party should be communicated directly to the auditor. The possibility
of influence or change of information by the client’s employees should be avoided. Steps must therefore
be taken to maintain control over confirmations. This issue is further complicated by the need to have
the request for confirmation come from the client. The outside parties have engaged in transactions with
the client and will not disclose information about their dealings with that client to someone else who
asks for it. If the client makes the request, cooperation is much more likely. This necessitates the
following controls over confirmation requests:
i) The confirmation request is prepared by the client’s personnel and given to the auditor for inspection
and mailing.
ii) The auditor inserts the confirmation request in an envelope bearing the auditor’s return address and
mails it personally.
iii) Included with the confirmation request is a stamped return envelope addressed to the auditor.
d) Recalculation
The arithmetical accuracy of the many calculations required in the processing of data can be
proven by recalculating the results. Examples of typical calculations include additions of ledger
account balances, depreciation or amortisation calculations and inventory extensions and additions.
e) Re-performance
The auditor may independently execute (or re-perform) procedures or controls that were
originally performed as part of the entity’s internal control.
f) Analytical procedures
Analytical procedures are based on the dual nature of business transactions (reflected in the double-
entry bookkeeping system) and the interrelationships between the variables of business operations.
They involve the investigation of fluctuations in relationships to ascertain whether there are
inconsistencies in relation to other relevant information or variations from predicted amounts. The
different types of analytical procedures will be discussed in Chapter 5.
g) Enquiry
The auditor must ask many questions during the course of an examination. The question-and-
answer process includes interviewing and obtaining written statements from management and
employees. Explanations of significant variations in accounting data are frequently obtained from
employees. However, the auditor cannot rely on unsupported answers, but must obtain support for the
reasonableness of the answer given. One formal application of the procedure of enquiry is the use of an
internal control questionnaire to gain information about the prescribed control activities.
h) Physical examination is the inspection or count by the auditor of a tangible asset. This type of
evidence is most often associated with inventory and cash, but it is also applicable to the verification of
securities, notes receivable, and tangible fixed assets. There is a distinction in auditing between the
physical examination of assets, such as marketable securities and cash, and the examination of
documents, such as cancelled checks and sales documents.
Physical examination is a direct means of verifying that an asset actually exists (existence objective),
and to a lesser extent whether existing assets are recorded (completeness objective). It is considered one
of the most reliable and useful types of audit evidence. Generally, physical examination is an objective
means of ascertaining both the quantity and the description of the asset.
i) The audit trail
An important requirement of the audit process is the existence of an audit trail, which consists of all
accounting documents and records prepared as transactions are processed from origin to the financial
report. Although it is commonly called the audit trail, it is created for the use of those operating and
using the system and is really a management trail. The audit trail enables transactions to be traced
from initial entry in the system to intermediate records, where the transactions become
components of subtotals, and ultimately to disposition in the final records, where subtotals are
summarised for presentation in the financial report. The direction of the tracing can be modified:
the auditor can vouch the entry in the final record back to the point of initiation or check in either
direction from intermediate records.
For example, if there is a high risk of material misstatement concerning the existence of accounts
receivable the auditor is likely to test existence by confirmations or subsequent receipts, whereas if
there is a low risk of material misstatement in sundry debtors the auditor is likely to test existence by
using substantive analytical procedures. For existence of inventory, the auditor would attend the
stocktake to count the inventory, to check that it exists, whereas for accuracy, valuation and allocation
of inventory the auditor would check the carrying value of the inventory in the accounting records to
subsequent sales prices, to check that it does not need to be written down to net realisable value.
D. Electronic information
In many entities, some of the accounting data and corroborating information are available only in
electronic form. For example, when entities use business-to-business e-commerce, the entity and its
customers or suppliers use communication links to transact business electronically. Purchase, shipping,
billing, cash receipt and cash payment transactions are often completed entirely by the exchange of
electronic messages between the parties. Some of this electronic information may exist only at a
particular point in time and may not be retrievable after a specified period if files are changed. As a
result, the auditor must use the electronic evidence of the transaction when gaining sufficient
appropriate audit evidence. The reliability of such electronic evidence is dependent on the controls over
the creation, alteration, accuracy and completeness of the electronic data.
To access the details of such transactions the auditor must access the client’s computer system, as this
is where the information is located. This may require the use of computer-assisted audit techniques
(CAATs), which are audit software used to assist in the testing of computer systems.
Technology is changing rapidly and is now able to capture and communicate data digitally on a large
scale, virtually simultaneously. Advanced data analytics is the process of obtaining audit evidence by
analysing patterns, deviations and inconsistencies and extracting other information from data
underlying the financial report through analysis and modelling. Therefore, advanced data analytics
enhances the auditor’s ability to gather evidence from the analysis of large populations and provide
greater insight about the entity and the risks it faces. It also enables testing 100 per cent of a population.
However, it does not reduce the need for professional judgment and professional scepticism.
E. Representations by management
During the course of an audit the auditor obtains from management many representations, either oral or
written, on matters related to the information in the financial report. These representations are one form
of audit evidence obtained during the audit. In evaluating the sufficiency and appropriateness of audit
evidence, representations by management need to be carefully assessed. Management representations
should be supported by independent or other appropriate corroborating evidence.
F. Various means of gathering audit evidence
ISA 500 discusses the need to collect and evaluate sufficient and appropriate audit evidence. The means
available to the auditor for selecting items for testing are as follows (ISA 500.A52):
i) 100 per cent examination: While examination of every item may be an appropriate evidence-
gathering technique in certain situations, it is not a sampling method. It means examining the entire
population (100 per cent) of items that make up an account balance or class of transactions (or a
subgroup within that population). Advanced data analytics and the concept of big data have meant that
this evidence gathering technique is more likely to be used, but it does not mean that sampling is not
applicable. Even in circumstances where advanced data analytics are capable of analysing large
populations, and identifying many transactions or account balances that need the auditor’s attention, the
auditor may have to sample from these risky items and use sampling techniques such as those outlined
in this chapter to be able to reach a conclusion on the extent of misstatement in a population. Further,
100 per cent examination techniques are commonly used when the population constitutes a small
number of large-value items, and when both inherent and control risks are evaluated as high and other
means do not provide sufficient appropriate audit evidence.
ii) Selecting specific items: Similarly, selecting specific items in a population is not a sampling method.
The auditor may decide to select specific items within a population because they are of high value or
exhibit some other characteristic of interest, for example if they are suspicious, unusual, particularly
risk-prone or have a history of error. A common technique in practice is to select all items over a specific
dollar value or of a particularly risky nature in order that the auditor concentrates on the more risky and
material items. The results of audit procedures applied to items selected in this way cannot be projected
to the entire population because not all items in the population had a chance of being selected.
iii) Audit sampling: This means that all sampling units in the population should have an opportunity
(preferably an equal opportunity) of being selected. If this is achieved, it gives the best chance for the
sample to be representative of the population. Audit sampling is a common evidence-gathering
technique, and can involve either a statistical or a non-statistical approach.

G. Inability to obtain sufficient appropriate audit evidence

An inability to obtain sufficient appropriate audit evidence from the auditor’s work may arise for one
of the following three reasons (ISA 705.A8):
--Circumstances beyond the control of the entity (for example, where the entity’s accounting records
and supporting documentation are destroyed by fire)
--Circumstances related to the nature or timing of the auditor’s work (for example, where the auditor is
appointed after the balance date and is therefore unable to observe the counting of inventory on the
balance date)
--Limitations imposed by the entity (for example, where management requests that the auditor not
undertake a particular procedure).
A limitation on the performance of a particular procedure does not necessarily constitute a limitation
on the scope of the audit if the auditor is able to obtain sufficient appropriate evidence by performing
alternative procedures. For example, although the auditor may be unable to attend the inventory
stocktake, alternative procedures such as the inspection of documentation of the subsequent sale of
inventory items on hand at stocktake date may provide sufficient appropriate evidence about the
existence and condition (valuation and allocation) of the inventory.
Where a limitation in the terms of an engagement is imposed by the entity, and the auditor
concludes that the possible effect of undetected misstatements on the financial report is material
but not pervasive, the auditor should issue a qualified opinion. If the limitation is such that the
auditor is unable to form an opinion (that is, where the potential effect is material and pervasive),
the auditor should issue a disclaimer of opinion, and consider whether they should withdraw from
future audit engagements with that entity (ISA 705.13–14). An auditor should not accept an audit
engagement where the client imposes a limitation on scope that the auditor believes will result in
their having to issue a disclaimer of opinion (ISA 210.7).

Terms, Audit Procedures, and Types of Evidence