# 12. AUDIT EVIDENCE
(INCORPORATING ISA 500, 501 AND 505)
# 12.1 Definition
ISA 500 defines Audit Evidence as _"_all the information used by the auditor in arriving at the conclusions on which the audit opinion is based, and includes the information contained in the accounting records, underlying the financial statements and other information". In the conduct of an engagement, the engagement team should obtain sufficient appropriate audit evidence to enable it to draw reasonable conclusions on which to base the audit opinion. The engagement team is not expected to address all information that may exist as they may use sampling approaches and other means of selecting items for testing. The team may find it necessary to rely on evidence that is persuasive rather than conclusive. Audit evidence should be evaluated by its characteristics which include:
- .Sufficiency.
- .Appropriateness.
The appropriateness of the audit evidence is determined by its quality and relates to:
- .Relevance.
- .Reliability.
- .Consistency.
# 12.2 Sufficient and Appropriate Evidence
Sufficiency is the measure of the quantity of audit evidence needed to form the audit opinion. The judgement on what is sufficient will be influenced by:
- .The risk of misstatement (the greater the risk, the more evidence is likely to be required).
- .The assessment of the accounting and internal control procedures.
- .The materiality of the item being examined.
- .The experience gained during past audits.
- .The source and nature of the evidence available.
Appropriateness is the measure of the quality of audit evidence and relates to:
**a)**Relevance - The relevance of audit evidence has to be considered, in relation to the objective of forming an opinion and reporting on the financial statements.
When assessing the relevance of audit evidence relating to tests of controls to support the assessed level of control risk, the engagement team should consider the following aspects:
Design
Whether the accounting and internal control system is capable of preventing or detecting material misstatements.
Operation
Whether the controls exist and have operated effectively throughout the relevant accounting period.
When assessing the relevance of audit evidence obtained from substantive procedures, the engagement team should assess certain assertions which are embodied in the financial statements. Audit evidence, in relation to an item, is usually obtained regarding each financial statement assertion e.g. evidence regarding one assertion (for example, existence of inventory) will not compensate for the failure to obtain audit evidence regarding another assertion (for example, valuation of inventory).
**b)**Reliability - The reliability of audit evidence is influenced by its source and by its nature and is dependent on the individual circumstances under which it is obtained.
When assessing the reliability of audit evidence the engagement team should consider the following factors:
.External evidence (e.g. independent third party confirmations or from an examination of external documents) is more reliable than internal evidence.
.Internally generated information is more reliable when related controls imposed by the entity are effective.
.Documentary evidence is more reliable than oral evidence.
.Evidence obtained directly by the firm (such as observation of the application of a control or physical inspection) is more reliable than audit evidence obtained indirectly or by inference.
.Internal evidence may be more reliable if it is obtained:
- .From a reliable senior official;
- .From an employee with no financial interest in the entity; or
- .From a number of different personnel.
.Original documents are more reliable than copies.
**c)**Consistency - The engagement team would ordinarily obtain more assurance from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually.
The engagement team should therefore consider whether the conclusions from different types of audit tests are consistent with one another. When different sources of audit evidence appear to contradict each other, the reliability of each remains in doubt until further work has been done to resolve the inconsistency. However, when the individual sources of evidence relating to a particular matter are all consistent, then the cumulative degree of assurance obtained is higher than that obtained from individual sources.
The engagement team may take into account the relationship between the cost of obtaining evidence and the usefulness of the information obtained, but the cost and degree of difficulty in obtaining evidence is not in itself a valid basis for omitting a necessary audit procedure.
# 12.3 Use of Assertions in Obtaining Audit Evidence
ISA 500 states that,"The auditor should use assertions for classes of transactions, account balances, and presentation and disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and the design and performance of further audit procedures".
The assertions can be categorised as follows:
a. Assertions about classes of transactions and events:
- Occurrence - a transaction or event took place which pertains to the entity during the relevant period.
- Completeness- there are no unrecorded assets, liabilities, transactions or events or undisclosed items.
- Accuracy - amounts and other data relating to recorded transactions and events have been recorded appropriately.
- Cut-off - transactions and events have been recorded in the correct accounting period.
- Classification - transactions and events have been recorded in the proper accounts.
b. Assertions about account balances:
- Existence -an asset or liability exists at a given date.
- Rights and obligations -the entity holds or controls the rights to assets, and liabilities are obligations of the entity.
- Completeness- all assets, liabilities and equity interests that should have been recorded have been recorded.
- Valuation and allocation - assets, liabilities and equity interests are recorded in the financial statements at appropriate amounts and any allocation adjustments are appropriately recorded.
c. Assertions about presentation and disclosure:
- Occurrence and rights and obligations - disclosed events, transactions and other matters have occurred and pertain to the entity.
- Completeness- all disclosures that should have been included in the financial statements have been included.
- Classification and understandability - financial information is appropriately presented and described, and disclosures are clearly expressed.
- Accuracy and valuation - financial and other information is disclosed fairly and at appropriate amounts.
Assertions are used in assessing risks by considering the different types of potential misstatements that may occur, and designing audit procedures that are responsive to the assessed risks.
# 12.4 Audit Techniques
(a) Inspection of Records or Documents - This consists of examining records or documents. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. Examples of where this audit technique can apply are when verifying expenditure, inspection of documents for evidence of authorisation, or in verification of documents of ownership such as title deeds for land, logbooks for motor vehicles etc. inspection of such documents may not necessarily provide evidence about ownership or valuation. In addition, inspection of an executed contract may provide audit evidence relevant to the entity's application of accounting policies such as revenue recognition.
(b) Inspection of Tangible Assets- This consists of physical inspection of assets, which may provide reliable audit evidence with respect to their existence, but not necessarily about the entity's rights and obligations or valuation of the assets. Inspection is usually done when observing inventory counting.
(c) Observation - Consists of examining at a process or procedure being done by others, for example observation of the counting of inventories and observation of the performance of control activities. Although observation provides audit evidence about the performance of a process or procedure, it is limited to the point in time at which it takes place and by the fact that the act of being observed may affect how the process or procedure is performed.
(d) Inquiry - This consists of seeking information of knowledgeable persons, both financial and non-financial, throughout the entity or outside the entity. Inquiry is an audit procedure that is used extensively throughout the audit and often is complementary to performing other audit procedures. Inquiry alone ordinarily does not provide sufficient audit evidence to detect a material misstatement at the assertion level. Moreover, inquiry alone is not sufficient to test the operating effectiveness of controls. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.
Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence. Alternatively, responses might provide information that differs significantly from other information that the auditor has obtained, for example, information regarding the possibility of management override of controls. In some cases, responses to inquiries provide a basis for the auditor to modify or perform additional audit procedures.
Although corroboration of evidence obtained through inquiry is often of particular importance, in the case of inquiries about management intent, the information available to support management's intent may be limited. In these cases, understanding management's past history of carrying out its stated intentions with respect to assets or liabilities, management's stated reasons for choosing a particular course of action, and management's ability to pursue a specific course of action may provide relevant information about management's intent.
In respect of some matters, the auditor obtains written representations from management to confirm responses to oral inquiries. For example, the auditor ordinarily obtains written representations from management on material matters when other sufficient appropriate audit evidence cannot reasonably be expected to exist. (See Section 23 of this manual on "Management Representations").
(e) Confirmation - This is a specific type of inquiry, and is the process of obtaining a representation of information or of an existing condition directly from a third party. For example, confirmation of receivables by communication with debtors. Confirmations are frequently used in relation to account balances and their components, but need not be restricted to these items. For example, the auditor may request confirmation of the terms of agreements or transactions an entity has with third parties; the confirmation request is designed to ask if any modifications have been made to the agreement and, if so, what the relevant details are. Confirmations also are used to obtain audit evidence about the absence of certain conditions, for example, the absence of a "side agreement" that may influence revenue recognition. See Section 13.7 on "External Confirmations" below for further guidance on confirmations.
(f) Recalculation - Consists of checking the mathematical accuracy of documents or records and can be performed through the use of information technology, for example, through the use of CAATs to check accuracy or summarization of an entity's electronic files.
(g) Reperformance - This is the auditor's independent execution of procedures or controls that were originally performed as part of the entity's internal control, for example, reperforming the bank reconciliations, or using CAATs for reperforming the ageing of accounts receivable.
(h) Analytical Procedures - Consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data. Analytical procedures also include the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts.
# 12.5 Designing Audit Procedures for Obtaining Evidence
Audit evidence is obtained to enable the auditor draw reasonable conclusions on which to base the audit opinion. The following are the audit procedures that can be used to obtain audit evidence:
(a) Risk assessment procedures - These are used to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels. (b) Tests of controls - Test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. (c) Substantive procedures - Detect material misstatements at the assertion level and include tests of details of classes of transactions, account balances, and disclosures and substantive analytical procedures.
The engagement team uses a combination of the above audit procedures to obtain audit evidence.
Risk assessment procedures are performed to provide a satisfactory basis for the assessment of risks at the financial statement and assertion levels. However, as risk assessment procedures by themselves do not provide sufficient appropriate audit evidence on which to base the audit opinion, they need to be supplemented by further audit procedures in the form of tests of controls, and substantive procedures themselves.
Tests of controls are necessary when the engagement team's risk assessment includes an expectation of the operating effectiveness of controls, or when substantive procedures alone do not provide sufficient appropriate audit evidence.
Substantive procedures are performed by the engagement team in response to the related assessment of risks of material misstatement, which includes the results of tests of controls, if any. However, as the auditor's risk assessment is judgmental, it may not identify all risks of material misstatement. In addition, there are inherent limitations to internal control such as the risk of management override, the possibility of human error and the effect of systems changes. Therefore, substantive procedures for material classes of transactions, account balances, and disclosures are always required to obtain sufficient appropriate audit evidence.
# 12.6 Attendance at Physical Inventory Counting
If inventory is material to the financial statements, the engagement team should obtain sufficient appropriate audit evidence regarding its existence and condition, by attendance at the physical inventory counting, unless impracticable to do so. The team's attendance serves as a test of controls or substantive procedure over inventory depending on the engagement team's risk assessment and planned approach. Such attendance enables the engagement team to inspect the inventory, to observe compliance with management procedures for recording and controlling the results of the count and to provide evidence as to the reliability of management's procedures.
In planning to attend, the engagement team will need to consider the systems of controlling inventory, the risks involved, the adequacy of the counting instructions (including arrangements relating to the control of count sheets / work-in-progress and obsolete items and the movement of inventory), timing and the locations of inventory and whether an expert is needed.
The engagement team should take test counts or assess the reasonableness of procedures for estimating quantities not subject to counts (such as fluids). If weighing machines are being used, the calibration of such machines should always be tested. The engagement team would also need assurances as to adequate cut-off procedures, including details of the movement of inventory just prior to, during and after the count so that the accounting for such movements can be checked at a later date.
When the entity operates a perpetual inventory system, which is used to determine the period end balance, the engagement team would evaluate whether, through the performance of additional procedures, the reasons for any significant differences between the physical count and the perpetual inventory records are understood and the records are properly adjusted.
The engagement team should perform audit procedures over the final inventory listing to determine whether it accurately reflects actual inventory counts.
When inventory is situated in several locations, the engagement team will need to determine which locations are appropriate to attend, considering the materiality and risk of misstatement of inventory at different locations.
When third parties hold inventory on behalf of the entity, the engagement team should consider the need to obtain a direct confirmation from the third party, taking into account the materiality of this inventory. The team would consider the following:
- .The integrity and independence of the third party.
- .Observing, or arranging for another auditor to observe, the physical inventory count.
- .Obtaining another auditor's report on the adequacy of the third party's internal control for ensuring that inventory is correctly counted and adequately safeguarded.
- .Inspecting documentation regarding inventory held by third parties, for example, warehouse receipts, or obtaining confirmation from other parties when such inventory has been pledged as collateral.
If the engagement team is unable to attend the physical inventory count, a physical count should be taken or observed on an alternative date and procedures on intervening transactions, where necessary, should be performed.
If it is impracticable for the engagement team to attend the physical inventory count, consideration should be given to whether alternative procedures, such as documentation of subsequent sale of specific inventory items acquired prior to the period end, provide sufficient appropriate audit evidence.
# 12.7 External Confirmations
The engagement team should determine whether the use of external confirmations is necessary to obtain sufficient appropriate audit evidence to support certain financial statement assertions. In making this determination, the engagement team should consider the assessed risk of material misstatement at the assertion level and how the evidence from other planned audit procedures will reduce this risk to an acceptably low level for the applicable financial statement assertions.
External confirmation is the process of obtaining and evaluating audit evidence through a direct communication from a third party in response to a request for information about a particular item affecting assertions made by management in the financial statements. In deciding to what extent to use external confirmations the engagement team considers the characteristics of the environment in which the entity being audited operates and the practice of potential respondents in dealing with requests for direct confirmation.
External confirmations are frequently used in relation to obtaining evidence regarding account balances and their components, but may also be used as a request of external confirmation of the terms of agreements or transactions an entity has with third parties. The confirmation request is designed to ask if any modifications have been made to the agreement, and if so what the relevant details are.
Examples of situations where external confirmations may be used include:
- .Bank balances and other information from bankers.
- .Accounts receivable balances.
- .Stocks held by third parties at bonded warehouses for processing or on consignment.
- .Property title deeds held by lawyers or financiers for safe custody or as security.
- .Investments purchased from stockbrokers but not delivered at the balance sheet date.
- .Loans and other borrowings.
- .Contingent liabilities including off-balance sheet items and legal cases.
- .Accounts payable balances.
The reliability of the audit evidence obtained by external confirmations depends, among other factors, upon the engagement team applying appropriate audit procedures in designing the external confirmation request, performing the external confirmation procedures, and evaluating the results of the external confirmation procedures. Factors affecting the reliability of confirmations include the control the engagement team exercises over confirmation requests and responses, the characteristics of the respondents, and any restrictions included in the response or imposed by management.
# 12.7.1 Assertions Addressed by External Confirmations
ISA 500 requires the use of assertions in assessing risks and designing and performing audit procedures in response to the assessed risks. ISA 500 categorizes the assertions into those relating to classes of transactions, account balances, and disclosures. While external confirmations may provide audit evidence regarding these assertions, the ability of an external confirmation to provide audit evidence relevant to a particular assertion varies.
External confirmation of an account receivable provides reliable and relevant audit evidence regarding the existence of the account as at a certain date. Confirmation also provides audit evidence regarding the operation of cut-off procedures. However, such confirmation does not ordinarily provide all the necessary audit evidence relating to the valuation assertion, since it is not practicable to ask the debtor to confirm detailed information relating to its ability to pay the account.
Similarly, in the case of goods held on consignment, external confirmation is likely to provide reliable and relevant audit evidence to support the existence and the rights and obligations assertions, but might not provide audit evidence that supports the valuation assertion.
The relevance of external confirmations to auditing a particular assertion is also affected by the objective of the engagement team in selecting information for confirmation. For example, when auditing the completeness assertion for accounts payable, the engagement team would need to obtain audit evidence that there is no material unrecorded liability. Accordingly, sending confirmation requests to an entity's principal suppliers asking them to provide copies of their statements of account directly to the firm, even if the records show no amount currently owing to them, will usually be more effective in detecting unrecorded liabilities than selecting accounts for confirmation based on the larger amounts recorded in the accounts payable subsidiary ledger_._
When obtaining audit evidence for assertions not adequately addressed by confirmations, the engagement team should consider other audit procedures to complement confirmation procedures or to be used instead of confirmation procedures.
# 12.7.2 Design of the External Confirmation Request
The engagement team should tailor external confirmation requests to the specific audit objective.When designing the request, the engagement team considers the assertions being addressed and the factors that are likely to affect the reliability of the confirmations. Factors such as the form of the external confirmation request, prior experience on the audit or similar engagements, the nature of the information being confirmed, and the intended respondent, affect the design of the requests because these factors have a direct effect on the reliability of the audit evidence obtained through external confirmation procedures.
Confirmation requests ordinarily include management's authorisation to the respondent to disclose the information to the engagement team. Respondents may be more willing to respond to a confirmation request containing management's authorisation, and in some cases may be unable to respond unless the request contains management's authorisation.
Positive and negative confirmations
The engagement team may use positive or negative external confirmation requests or a combination of both. A positive external confirmation request asks the respondent to reply to the auditor in all cases, whether in agreement with the information or not. There is a risk, however, that a respondent may reply to the confirmation request without verifying that the information is correct. The engagement team may reduce this risk, however, by using positive confirmation requests that do not state the amount (or other information) on the confirmation request, but ask the respondent to fill in the amount or furnish other information. On the other hand, use of this type of "blank" confirmation request may result in lower response rates because additional effort is required of the respondents.
A negative external confirmation request asks the respondent to reply only in the event of disagreement with the information provided in the request. However, when no response is received, the engagement team will have no way of ascertaining whether the intended third parties have received the confirmation requests. Accordingly, the use of negative confirmation requests ordinarily provides less reliable audit evidence than the use of positive confirmation requests, and the engagement team should consider performing other substantive procedures to supplement the use of negative confirmations.
A combination of positive and negative external confirmations may be used. For example, where the total accounts receivable balance comprises a small number of large balances and a large number of small balances, the auditor may decide that it is appropriate to confirm all or a sample of the large balances with positive confirmation requests and a sample of the small balances using negative confirmation requests_._
Management Requests
When the engagement team seeks to confirm certain balances or other information, and management requests them not to do so, the team should consider whether there are valid grounds for such a request and obtain evidence to support the validity of management's requests. If the engagement team agrees to management's request not to seek external confirmation regarding a particular matter, they should apply alternative procedures to obtain sufficient appropriate evidence regarding that matter.
If the engagement team does not accept the validity of management's request and is prevented from carrying out the confirmations, there has been a limitation on the scope of the auditor's work and the engagement team should consider the possible impact on the auditor's report.
When considering the reasons provided by management, the engagement team should apply an attitude of professional scepticism and consider whether the request has any implications regarding management's integrity. The engagement team should also consider whether management's request might indicate the possible existence of fraud or error. The engagement team should also consider whether the alternative procedures will provide sufficient appropriate evidence regarding that matter.
When performing confirmation procedures, the engagement team should maintain control over the process of selecting those to whom a request will be sent, the preparation and sending of confirmation requests, and the responses to those requests.
Control is maintained over communications between the intended recipients and the engagement team to minimize the possibility that the results of the confirmation process will be biased because of the interception and alteration of confirmation requests or responses. The engagement team should ensure that it is them who send out the confirmation requests, that the requests are properly addressed, and that it is requested that all replies are sent directly to the firm. The engagement team should consider whether replies have come from the purported senders.
The engagement team should perform alternative procedures where no response is received to a positive external confirmation request. The alternative audit procedures should be such as to provide the evidence about the financial statement assertions that the confirmation request was intended to provide.
When the engagement team forms a conclusion that the confirmation process and alternative procedures have not provided sufficient appropriate audit evidence regarding an assertion, they should undertake additional procedures to obtain sufficient appropriate audit evidence.
The engagement team should evaluate whether the results of the external confirmation process together with the results from any other procedures performed, provide sufficient appropriate audit evidence regarding the financial statement assertion being audited. In conducting this evaluation the engagement team should consider the guidance provided by section 16 of the Manual on Sampling.
# 12.8 Procedures Regarding Litigation and Claims
The engagement team would need to carry out procedures to identify any litigation and claims which may have a material effect on the financial statements. These could include obtaining management representations, reviewing Board Minutes and correspondence with the entity's legal counsel, examination of legal expense accounts, and use of any information obtained regarding the entity's business including information obtained from discussions with any in-house legal department.
When the engagement team assesses a risk of material misstatement regarding litigation or claims that have been identified or when the team believes they may exist, they should seek direct communication with the entity's legal counsel. This will assist in obtaining sufficient appropriate audit evidence as to whether potentially material litigation and claims are known and management's estimates of the financial implications, including costs, are reliable. When the engagement team determines that the risk of material misstatement is a significant risk, they should evaluate the design of the entity's related controls and determines whether they have been implemented.
The letter, which should be prepared by management and sent by the engagement team, should request the entity's legal counsel to communicate directly with the firm. When it is considered unlikely that the entity's legal counsel will respond to a general inquiry, the letter would ordinarily specify the following:
- .A list of litigation and claims.
- .Management's assessment of the outcome of the litigation or claim and its estimate of the financial implications, including costs involved.
- .A request that the entity's legal counsel confirm the reasonableness of management's assessments and provide the auditor with further information if the list is considered by the entity's legal counsel to be incomplete or incorrect.
The engagement team should consider the status of legal matters up to the date of the audit report. In some instances, the team may need to obtain updated information from entity's legal counsel.
In certain circumstances, for example, where the engagement team determines that the matter is a significant risk, complex or there is disagreement between management and the entity's legal counsel, it may be necessary for the engagement team to meet with the entity's legal counsel to discuss the likely outcome of litigation and claims. Such meetings would take place with management's permission and, preferably, with a representative of management in attendance.
If management refuses to give the engagement team permission to communicate with the entity's legal counsel, this would be a scope limitation and should ordinarily lead to a qualified opinion or a disclaimer of opinion.Where the entity's legal counsel refuses to respond in an appropriate manner and the engagement team is unable to obtain sufficient appropriate audit evidence by applying alternative audit procedures, the team should consider whether there is a scope limitation which may lead to a qualified opinion or a disclaimer of opinion.