Audit Evidence, Completion &

Review

Lecture by: Rafaqat Hasnat, ACA

The Principles of Evidence
Evidence & stages of Audit

 Audit procedures are designed to obtain evidence in response to the assessment of risk at
the planning stage.
 Evidence gathered must be sufficient and appropriate to reduce assessed risk to an
acceptable level.
 If, at the review stage, the senior audit staff deem that the risk of misstatement has not
been reduced to an acceptable level, more evidence will be required.
Audit Evidence ISA 500
ISA 500 Audit Evidence requires the auditor to obtain sufficient appropriate evidence to be able to draw
reasonable conclusions. [ISA 500, 4]
 Sufficient evidence
• A measure of quantity, i.e. does the auditor have enough evidence to draw a conclusion.
• Affected by risk and materiality of the balances and quality of evidence. [ISA 500, 5e]
 Appropriate evidence
• Measures quality of evidence – reliability and relevance. [ISA 500, 5b]
• Reliability of evidence depends on several factors [ISA 500, A31]:
– Independent, externally generated evidence is better than evidence generated internally by the client.
– Effective controls imposed by the entity improve the reliability of evidence.
– Evidence obtained directly by the auditor is more reliable than evidence obtained indirectly or by inference.
– It is better to get written, documentary evidence rather than verbal confirmations.
– Original documents provide more reliable evidence than copies or documents transformed into electronic
form.
• Relevance means the evidence relates to the financial statement assertions being tested. [ISA 500, A27]
Financial Statement Assertions
Audit Procedures for Obtaining Audit Evidence
The methods of obtaining evidence are:
• Inspection of records, documents or physical assets.
• Observation of processes and procedures, e.g. inventory counts.
• External confirmation obtained in the form of a direct written response to the auditor from
a third party.
• Recalculation to confirm the numerical accuracy of documents or records.
• Re-performance by the auditor of procedures or controls.
• Analytical procedures.
• Enquiry of knowledgeable parties.

Operating
Risk assessment Detect Material
Effectiveness of
Procedures to Misstatement –
controls - test of
assess RoMM Substantive
controls
Procedures

Collection of audit evidence to form opinion

 ISA 501 Audit Evidence – Specific Considerations for
Selected Items
In accordance with ISA 501, auditors are required to obtain sufficient appropriate evidence with regard to
three specific matters, as follows:
(1) The existence and condition of inventory
– Attendance at the inventory count
– Evaluate management's instructions
– Observe the count procedures
– Inspect the inventory
– Perform test counts
– Perform procedures over the final inventory records to ensure they reflect actual inventory count results.
[para 4]
(2) The completeness of litigation and claims involving the entity
– Enquiry of management and in-house legal counsel.
– Reviewing minutes of board meetings and meetings with legal counsel.
– Inspecting legal expense accounts.
– If there is a significant risk of material misstatement due to unidentified litigation or claims the audit should
seek direct communication with the entity's external legal counsel.[para 9, 10]
(3) The presentation and disclosure of segmental information
– Understand, evaluate and test methods used by management to determine segmental information.
– Perform analytical procedures.[para 13]
 ISA 505 External confirmations
 External confirmations are written responses received from third parties directly by the auditor to help
them obtain sufficient appropriate evidence. [para 6a]
 Examples include: receivables circularization's and bank letters.
 As these provide external, written evidence, they are considered to be reliable. In order to ensure that the
evidence sought remains reliable, auditors should maintain control over this process.

To do this they should:

• Determine the information to be confirmed.
• Select the appropriate third party.
• Design the confirmation requests and provide return information for responses to be sent directly to the auditor.
• Send the requests, including a follow up when no response is received. [para 7]
 If management refuses to allow the auditor to send such requests the auditor should consider whether this is reasonable
or not in the circumstances. This may affect the auditor's fraud risk assessment and reliance upon written representations
from management. The auditor should perform alternative procedures to obtain the evidence. [para 8]
 If the auditor concludes that management's request is unreasonable and they cannot obtain sufficient appropriate
evidence by any other means, the matter should be communicated to those charged with governance. [para 9]
 The auditor must be alert to the risk of interception, alteration or fraud and maintain appropriate professional scepticism
when considering the reliability of responses which may have been received indirectly or appear not to come from the
intended party. [para A11]
 ISA 530 Audit Sampling
Auditors rarely test every transaction, balance and disclosure relevant to a set of financial statements. ISA
530 states that auditors should select appropriate samples for testing that provide a reasonable
basis to draw conclusions about the population from which the sample is selected. [para 4]
When selecting samples the auditor should:
• Consider the purpose of the procedure and the characteristics of the population from which the sample
will be drawn. [para 6]
• Ensure the sample size is sufficient to reduce sampling risk to an acceptable level. [para 7]
• Ensure each sampling unit has a chance of selection. [para 8]
If the auditor identifies any misstatements or deviations, the nature and cause should be investigated.
[para 12]
If a misstatement is identified when performing tests of details, the misstatement should be projected
across the population. [para 14]
When choosing a sampling method there are two broad approaches:
• Statistical sampling, where items in the population are selected randomly so that probability theory may
be used to evaluate the results (through extrapolation to the whole population). [para 5g]
• Non-statistical, which is any method that does not meet the characteristics of statistical. [para 5g]
The auditor uses judgment to select sample items (e.g. focusing on high value, or known high risk items).
Extrapolation cannot be used when bias has been introduced into the sample because the sample
is no longer representative of the whole population.
Substantive analytical procedures ISA 520
ISA 520 Analytical Procedures states that the use of analytical procedures as substantive evidence is
generally more applicable where:
• There are large volumes of transactions that tend to be predictable over time [ISA 520, A6]
• Controls are working effectively [ISA 520, A9]
In order to design an analytical procedure the auditor should:
• Determine the suitability of analytical procedures for the given assertion.
• Evaluate the reliability of data from which the expectation is developed.
• Develop an expectation and evaluate whether it is sufficiently precise to identify a material
misstatement.
• Determine the difference between expected amount and recorded amount. [ISA 520, 5]
If analytical procedures identify fluctuations or relationships that are inconsistent with the auditor's
knowledge of the business then the auditor should investigate those peculiarities through:
• Enquiry of management.
• Other procedures, as deemed necessary, for example, when management's response is considered
inadequate. [ISA 520, 7]
Computer-assisted audit techniques (CAATs)
In the past, CAATs such as test data and audit software have been used to analyse data.
 Test data is used to test the programmed controls within a computer system allowing the auditor to test
aspects that would otherwise not be capable of testing manually.
 Audit software is used to:
• calculate ratios for use in analytical procedures
 • identify exceptional transactions such as those that exceed predefined limits, e.g. a member of
management being paid in excess of $20,000 in any one month. This helps identify balances that require
further audit testing
 extract samples in a non-biased manner
• check the calculations in client prepared reports
• prepare lead schedules for the auditor to use in working papers
CAAT’s Benefits & Drawbacks
Benefits:
• allows continual auditing of processes and delivery of more frequent reports
• facilitates processing of large volumes of data and performing large volumes of calculations, many more than
could reasonably be performed manually
• test data tests the underlying system data, rather than copies and printouts
• once software has been written for a client, it can be applied to their system with few further costs
• reduces the need for audit staff to perform procedures, hence further cost savings for clients
• reduces the need for paper audit trails (hence reduced environmental impact of the audit process)
Drawbacks:
• there is an initial high cost of designing the software package, although this cost can be recouped over a number
of years of use
• software may interfere with the client's system and could potentially increase the risk of viruses and data
corruption
• clients may be concerned for the security of their data
• they are only usually cost effective if the client's accounting systems are integrated, otherwise auditors would
need different software programmes for different systemslead times tend to be long and the planning has to be
carried out well in advance – not just three or four weeks before the start of fieldwork, but perhaps a whole
year in advance
• audit firms will need to recruit increasingly from an IT, rather than an accounting, background
• software has to be tested on a 'live' system before the auditor knows whether it will work or not which creates a
risk of the auditor corrupting the system
• if the client changes its system, the auditor has to incur further costs changing their audit software
Relying on the work of others
 ISA 420 using the work of service organizations

Service Organization
Service org
XYz company (ABC)
auditor

External
auditor