Audit Evidence

The Third standard of Field Work states:

The auditor must obtain Sufficient Appropriate Audit Evidence by performing audit

procedures to afford a reasonable basis for an opinion regarding the financial statements under audit. (Corroborative Evidence) As discussed in Internal Controls, the auditor will consider the nature, timing, and extent of the substantive tests in judging whether they have gathered enough evidence. Sufficiency relates closely to the extent of testing, and Appropriateness to the nature (timing is a matter of recognizing that tests at year-end provide stronger evidence than reliance on tests applied to interim data). SAS 106 (AU 326) Sufficient Appropriate Audit Evidence is needed: o Sufficiency relates to the quantity of corroborative evidence obtained. The amount is based on auditors judgment. Want evidence that is Persuasive rather than Conclusive Concerned with Cost/Benefit tradeoff The question as to how much evidence is sufficient relates to the amount of evidence that is obtained. The auditor will have to consider both the costs and benefits of obtaining evidence (high cost alone cannot be a proper reason to omit a test, however). The quantity of evidence required is affected by both the risk of misstatement and the quality of evidence. Remember that the decision as to sufficiency will be based on the determination of the acceptable level of detection risk, based on the formula discussed earlier: Acceptable DR = AR / (RMM) RMM = IRxCR As the RMM decreases due to the identification of effective internal controls in that phase of the audit, the acceptable level of detection risk increases, meaning the auditor can reduce the amount of substantive testing. Both sufficiency and the appropriateness of audit evidence should be considered when assessing risks and designing audit procedures. o Appropriate relates to the quality of the evidence. Relevance - Pertains to the assertion it supports. Validity (Reliability) Reliability of audit evidence is influenced by its source and nature. Persuasiveness of evidence is based on its source: Directly obtained by auditor (auditor developed Inventory observation) Obtained from outsider (Outside Bank confirmations) Prepared by outsider but obtained from client (outside/inside bank statements) Prepared by client (Inside client sales invoices) Concerned with accuracy and completeness when using info provided by the client. The higher the level of validity of evidence, the lower is the achieved level of detection risk in the audit. Thus, an audit with a low acceptable level of detection risk will normally require that the auditor seek the highest level of persuasiveness possible. No audit can rely entirely on client prepared accounting data. Keep in mind, however, that the auditor may rely in part on evidence obtained with any level of persuasiveness. The representation letter, although it represents the lowest level of persuasiveness due to the absence of any effective internal control over management, is obtained in every audit.

Audit Evidence - defines audit evidence as all the information used by the auditor in
arriving at the conclusions on which the audit opinion is based, including the information

contained in the accounting records underlying the financial statements and other information. This includes: Accounting records Checks, invoices, contracts, ledgers, journal entries, General ledger Other Information - Corroborative evidence Minutes, confirmations, comparable data about competitors (benchmarking), info obtained by the auditor from audit procedures such as inquiry, observations, and inspection of documents. Underlying Accounting data alone is not sufficient appropriate evidence upon which to base an auditors opinion. The auditor uses judgment to evaluate both the sufficiency and appropriateness of audit evidence. The auditor should also consider the: Significance and likelihood of potential misstatements. Effectiveness of management's responses and controls. Experience gained during previous audits. Results of audit procedures performed. Source, reliability, and persuasiveness of audit evidence obtained. Understanding of the entity and its environment.

Audit Risk (AR = IR x CR x DR)

RMM (Risk of Material Misstatement = IRxCR) o Inherent Risk o Control Risk Detection risk The probability that the auditors substantive tests wont detect material misstatements (APxTD) The greater the risk of material misstatement (RMM), the less detection risk (DR) that can be accepted, and the greater the extent of substantive procedures required. Rely RMM Rely RMM DR SUB DR SUB

Per SAS 110 (AU 318), in order to reduce audit risk to an acceptably low level, the auditor should respond to the assessed level of risk in two ways, at the financial statement level, and at the relevant assertion level. To address the risks of material misstatement at the financial statement level, some of the auditors responses to reduce audit risk to an acceptably low level may include: o An increased need for professional skepticism of the audit team o Consider assigning more experienced staff with specialized skills or even the use of specialists o Increase the level of supervision o Incorporate more unpredictability in audit procedures o Adjust the nature, timing and extent of further audit procedures such as shifting interim substantive testing to year-end substantive testing when the control environment is weak. The auditor should design and perform further audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the relevant assertion level. The auditor should consider:

o The significance and probability that a material misstatement will occur o The characteristics of the class of transactions, account balance or disclosure involved o The nature of the controls used (manual vs. automated) Whether the auditor expects to test the operating effectiveness of the controls in preventing or detecting material misstatements. Nature of audit procedures - this includes both its purpose (test of control vs. substantive procedures) and its type (I-CORRIIA). The nature of audit procedures is the most important consideration in responding to assessed risks. The higher the auditors risk assessment (RMM), the more Relevant & Reliable the audit evidence should be. Timing of audit tests this refers to when the audit procedures are performed as well as the period or date for which the audit evidence is applicable. Tests may be performed at an interim date or at period end. The higher the auditors risk assessment (RMM), the closer to period end substantive procedures should be performed. Extent of audit procedures this refers to the quantity of a specific audit procedure to be performed. This is based on auditors judgment and the auditor should consider the tolerable misstatement, the assessed risk of material misstatement and the degree of assurance they plan to obtain. The higher the auditors risk assessment (RMM), the greater the extent of audit procedures. As mentioned earlier, the auditor may use either a substantive approach, in which substantive procedures are emphasized, or a combined approach, in which both tests of controls and substantive procedures are used. For certain relevant assertions and risks, only substantive procedures will be performed. This may occur because either there are no effective controls or because it would not be efficient (cost/benefit) to test the operating effectiveness of controls. o Substantive procedures should be performed for each material transaction class, account balance, and disclosure item. o In situations where a significant amount of information is initiated, authorized, recorded, processed, or reported electronically, substantive procedures alone may not be sufficient. In other situations, both tests of the operating effectiveness of controls and substantive procedures are used. Typically, if controls are operating effectively, less assurance will be required from substantive procedures.