6.
EVIDENCE
Muhammed Jazeem ACCA, MCOM, PGDM
In order for the auditor's opinion to be considered trustworthy, auditors must come
to their conclusions having completed a thorough examination of the books and
records of their clients and they must document the procedures performed and
evidence obtained, to support the conclusions reached.
Audit evidence is all information used by auditor in arriving at the conclusions on
which auditor’s opinion is based. Auditor must design and perform audit
procedures to obtain sufficient & appropriate audit evidence.
1. sufficient
It refers to the quantity of the audit evidence needed. The quantity of the evidence
is a matter of professional judgement but when determining quantity of evidence,
the auditor will need to consider the risk of material misstatement and the
materiality of the item. Therefore, higher the risk of material misstatements, higher
the sample size or more evidence need to be gathered.
2. appropriate
refers to the quality, relevance and reliability of the audit evidence.
A. Relevant
logical connection between the purpose of the purpose of the audit procedure &
assertion under consideration.
Example: - if we were testing the existence of inventory we would not recalculate
the inventory value in ledger.
B. Reliable
Auditor should always gather the evidence from a reliable trust worthy source
possible.
Example: - Written evidence is more reliable than oral evidence
Muhammed Jazeem ACCA, MCOM, PGDM
More reliable Less reliable
Better when from independent, external Evidence generated internally to the
sources. entity
Third party Client generated
Better when obtained directly by the Indirect or inferred evidence
auditor.
Better when in written paper or oral
electronic form
rather than just spoken.
Better with original documents than Photocopies, faxes etc.
photocopies
So how much is sufficient?
Well it depends on how risky the amount being audited is
1. We need enough to have reasonable assurance that the specific audit area is
free from material misstatement.
2. A high quantity of poor quality evidence does not mean its sufficient (or
appropriate).
3. The auditor must consider both the relevance and the reliability of the evidence
4. Be careful though of over auditing.
5. Lots of high quality evidence on immaterial areas is a waste of resources
So is testing 75% of all records better than testing 25%
Generally, yes... but be careful... think of the fact you may be over auditing and
therefore wasting resources, particularly if the area is low risk and immaterial
Also be careful that the sample is representative of the population.
Muhammed Jazeem ACCA, MCOM, PGDM
Sources of evidence
1. Test of control
Test of controls are performed to evaluate the operating effectiveness of controls in
preventing or detecting and correcting material misstatement.
Remember: Audit risk = Inherent risk × Control risk × Detection risk
The stronger the control system the lower the control risk and as a result, there is a
lower risk of material misstatement in the financial statements.
In order to be able to rely on controls the auditor will need to:
• Ascertain how the system operates
• Document the system in audit working papers
• Test the operation of the system
• Assess the design and operating effectiveness of the control system
• Determine the impact on the audit approach for specific classes of
transactions, account balances and disclosures.
2. Substantive procedures
Substantive procedures are designed to detect material misstatement at an assertion
[Link] consists of the following: -
Muhammed Jazeem ACCA, MCOM, PGDM
A. Test of Detail
Test of detail is performed to verify individual transactions an account balances.
B. Analytical procedures
Analytical procedures have been discussed in the chapter Risk
Analytical procedures can be used as a substantive procedure as it is a procedure
designed to detect material misstatement.
A test of detail looks at the supporting evidence for an individual transaction such
as inspection of a purchase invoice to verify the amount/date/classification of a
specific purchase. If there are 5000 purchase invoices recorded during the
accounting period, this one test of detail has only provided evidence for one of
those transactions.
An analytical procedure would be used to assess the reasonableness of the
purchases figure in total. For example, calculate the percentage change in
purchases from last year and then compare this with the percentage change in
revenue to see if they move in line with each other as expected.
Muhammed Jazeem ACCA, MCOM, PGDM
Type of audit procedures
Re-calculation R
Analytical review A
Re-performance R
Enquiry E
Confirmation C
Observation O
Physical verification P
Inspection I
Re- calculation
It involves verifying the mathematical accuracy of the client’s calculations. This
type of test is useful for confirming accuracy. It is to confirm the numerical
accuracy of documents or records.
Analytical Procedures
This is the analysis of ratios and trends.
It includes investigating fluctuations between current and previous performance
and check whether other information is consistent with such relationship.
Re-Performance
This can be recalculating figures or re-counting stock etc.
Enquiry
This means getting information from people inside or outside the entity.
It can be a formal written or an oral inquiry.
Muhammed Jazeem ACCA, MCOM, PGDM
Confirmation
This means corroborating evidence from third parties with the internal evidence.
For example, confirming accounts receivables by circularising the debtors.
Observation
This means watching others perform a procedure.
Examples include observation of
Payment of wages
Inventory counts/Stock count
Opening mail
It gives assurance that official procedures are followed.
Physical verification
It means physical inspection of the asset. This gives conclusive evidence of
existence and may give evidence of valuation as the auditor will be able to see if an
asset looks in poor condition.
Inspection
This means the examination documents and records.
Things to inspect include: -
Documentation
Contracts
Minutes
In the chapter ‘Procedures’ we will look in detail at how these procedures are
applied to specific items in the financial statements.
Muhammed Jazeem ACCA, MCOM, PGDM
Audit sampling and other means of testing
It will usually be impossible to test every item in an accounting population
because of the costs involved. As the auditor can't test everything, only samples are
used for substantive testing.
It is also important to remember that auditors give reasonable not absolute
assurance and therefore do not certify that the financial statements are 100%
accurate. The audit has been carried out on a sample basis.
Samples
All sampling units should have a chance of selection. Testing the sample gives
evidence which helps form a conclusion for the whole Population.
Either a statistical or a non-statistical approach can be used.
Material items in the population must be tested. This means that 100% of
transactions may be tested if they are all material.
Sampling methods
A. Statistical sampling
1. Random selection
2. Systematic selection
3. Monetary unit selection
B. Non-Statistical sampling
1. Haphazard selection
2. Sequence or block selection
A. Statistical sampling
Statistical sampling is a method of sampling which uses random selection and
probability analysis to evaluate the sample result. The main methods are: -
Muhammed Jazeem ACCA, MCOM, PGDM
1. Random selection: Ensures each item in a population has an equal chance of
selection. this can be achieved through the use of random number generators or
tables.
2. Systematic selection: A number of sampling units in the population is divided
by the sample size to give a sampling interval. where a constant sampling interval
is used (e.g. every 50th balance) and the first item is selected randomly.
3. Monetary Unit Sampling selection: This selection method ensures that each
individual $1 in the population has an equal chance of being selected. selecting
items based upon monetary values (usually focusing on higher value items).
B. Non – statistical sampling
Non statistical sampling is used when the auditor uses judgement when selecting
the items to be tested. Any approach that does not have both these characteristics
(random selection and probability analysis) is considered to be
non-statistical sampling. The main methods are: -
1. Haphazard selection: The auditor selects the sample without following a
structured technique – the auditor would avoid any conscious bias or predictability.
2. Sequence or block selection: Involves selecting a block(s) of continuous items
from within a population.
Auditors may use a combination of sampling for example when selecting a sample
of fixed asset to test half of the sample may focus on the highest value items and
half of the sample may be randomly selected.
Sample selection is very judgmental so the auditors should ensure the method of
selection is documented in detail within the audit file.
Sample risk is the risk that the sample selected is not representative of the entire
population.
Muhammed Jazeem ACCA, MCOM, PGDM
Evaluation of misstatement in a sample
A. Deviation
Test of control is not a monetary amount but designed to obtain evidence
that a control procedure has been implemented effectively. Any issues
identified during testing of control are called deviations and not
misstatement.
B. misstatement
Misstatement are monetary amounts and are differences between the amount
recorded and what should have been recorded. Misstatements are identified
when performing test of detail.
C. Tolerable misstatement
Tolerable misstatement is monetary amounts set by the auditor and is set as a
threshold to measure errors in a population while performing tests.
Tolerable misstatement can be the same amount or lower than the
performance materiality.
Muhammed Jazeem ACCA, MCOM, PGDM
Computer Assisted Audit Techniques(CAATS)
Computer assisted audit techniques (CAAT’s is any audit work completed with the
help of a computer.
DEMO
The use of computers as a tool to perform audit procedures is often referred to
as a 'computer assisted audit techniques' or CAATs for short.
There are two broad categories of CAAT:
(1) Test data
(2) Audit software.
Muhammed Jazeem ACCA, MCOM, PGDM
1. Test data
Test data involves the auditor submitting 'dummy' data into the client's system to
ensure that the system correctly processes it and that it prevents or detects and
corrects misstatements.
To be successful test data should include both data with errors built into it and
data without errors. Examples of errors include:
• Codes that do not exist, e.g. customer, supplier and employee.
• Transactions above predetermined limits, e.g. salaries above contracted
amounts, credit above limits agreed with customer.
• Invoices with arithmetical errors.
• Submitting data with incorrect batch control totals.
The test data comprises of true data and false data.
True data is a test of transactions to ensure that they are processed appropriately
and controls are in place. i.e., invoices are posted to correct GL accounts, a certain
person can approve invoices etc.
False data is where controls are tested through entering errors
Test of Approval of amount by an authorized person
2. Audit software
The auditor may use audit software to run the client data to check for errors. It can
be an off-the-shelf software (bought directly form supplier) or bespoke
(specifically made) for the client. They can scrutinize large volumes of data,
whose results can be investigated further
The software does not, however, replace the need for the auditor's own procedures
It can do the following:
•Extracting samples according to specified criteria, such as:
– random
– over a certain amount e.g. individually material balances or expenses
– below a certain amount e.g. debit balances on a payables ledger or
credit balances on a receivables ledger
– at certain dates e.g. receivables or inventory over a certain age
• Calculating ratios and select indicators that fail to meet certain predefined
criteria (i.e. benchmarking)
Muhammed Jazeem ACCA, MCOM, PGDM
• Casting ledgers and schedules
• Recalculation of amounts such as depreciation
• Preparing reports (budget vs actual)
• Stratification of data (such as invoices by customer or age)
• Identifying changes to standing data e.g. employee or supplier bank
details
• Produce letters to send out to customers and suppliers.
Auditing around the computer
Meaning the auditor does not audit how the computer works, but rather checks that
the inputs generate the expected outputs from the system. This increases audit risk
as the auditor cannot tell with certainty whether the internal processes of the
system are working correctly It is very difficult to determine why errors occurred
Also fixing them may need an external expert.
Advantages & Disadvantages of CAATs
• Advantages
1. Independently access computer data
2. Test the reliability of client software
3. Increase the accuracy of audit tests
4. Perform audit tests more efficiently
• Disadvantages
1. CAATs can be expensive and time consuming to set up
2. Client permission and cooperation may be difficult to obtain
3. Potential incompatibility with the client's computer system
4. The audit team may not have sufficient IT skills
5. Data may be corrupted or lost during the application of CAATs
Muhammed Jazeem ACCA, MCOM, PGDM
Using the work of others
1. Experts
2. Internal audit
3. Service Organisation
1. Relying on the work of Experts
Auditor may require the skills of experts in a subject matter that the auditor is not
an expert. For example, lawyers, surveyors, valuers, internal audit etc.
Auditor must assess: -
• Competences and capability
Expert’s qualification, experiences, membership with professional bodies.
• Objectives of the expert
Assess whether there exists any personal or business relationship between
the client and expert.
The auditor must agree the following in writing with the expert before expert
commences work: -
• Nature and scope of work
• Roles and responsibilities of both parties
Muhammed Jazeem ACCA, MCOM, PGDM
• Nature, timing and extent of communication between both parties.
• Need for the expert to maintain confidentiality.
2. Relying on the work internal audit
There may a certain element of internal audit work that is useful to external
auditors
• Objectivity of internal audit.
• Competences of internal audit staff.
• Scope of the work including quality control.
• The work is appropriately planned, completed, reviewed, actioned and
documented.
• Sufficient and appropriate evidence has been obtained.
• Appropriate conclusions and recommendations are drawn.
• Reports prepared are in line with the work performed.
• Management take appropriate action.
Auditor will how ever be required to do their own work in areas that are:
• High risk
• Highly material
• Estimations are required
3. Relying on Service organization
As per ISA, the auditors have a responsibility to obtain sufficient and appropriate
evidence when a client outsources functions to service organisations. The client
may outsource functions such as internal audit, receivable collection, payroll etc.
another company. Many companies use service organisations to perform business
functions such as:
• Payroll processing
• Receivables collection
• Pension management.
Muhammed Jazeem ACCA, MCOM, PGDM
Audit consideration to entities using service organization
• Gain an understanding of the services being provided.
• Assess how the service provider as designed and implemented internal
controls.
• Visit service provider to test the internal controls.
• Requesting the service provider to provide a report either of the description
of internal control or description and implementation of internal controls.
• Assess whether sufficient and appropriate evidences has been gathered and
impact on the audit report.
The auditor shall not refer to the work of others on the audit report unless required
by law.
Muhammed Jazeem ACCA, MCOM, PGDM
Summary
Muhammed Jazeem ACCA, MCOM, PGDM
