The process in obtaining audit evidence
Audit evidence is all kinds of information, documents and records used by the auditor to determine the degree of compliance of the audited information with predetermined criteria. According to International Standards on Auditing (ISA), the auditor is required to gather sufficient appropriate and reliable audit evidence to form a basis for the audit opinion.
Sufficient Appropriate Audit Evidence means; sufficiency is the measure of the quantity of audit evidence, appropriateness is the measure of the quality of audit evidence, that is, appropriate audit evidence must be reliable and relevant. PCOAB standards state that the relevance of audit evidence depends on;
- The design of the audit procedure, in particular whether it is designed to test the assertion directly and whether it is designed to test for understatement or overstatement; and
- The timing of the audit procedure
When it comes to reliability of evidence, it depends on whether they are auditor’s direct knowledge, external evidence, internal evidence, oral or documentary evidence and so on. The auditor should consider the sufficiency and appropriateness of audit evidence to be obtained when assessing risks and designing further audit procedures. The quantity of audit evidence needed is affected by the risk of misstatement. AICPA states that “The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.” Audit evidence is gathered throughout the audit when performing; risk assessment procedures, test of controls, substantive procedures and other audit procedures.
The Use of Assertions in Obtaining Audit Evidence;
Auditor identifies and assesses the risks of material misstatement at the financial statement level, at the relevant assertion level and to identify any significant risk. Responses to the risks of material misstatement at the financial statement level in ISA 330 require; emphasizing to the audit team the need to maintain professional skepticism, assigning more experienced staff, providing more supervision, incorporating additional elements of unpredictability into audit, making general changes to the nature, timing, or extent of audit procedures as an overall response.
A significant risk is any risk that, in the auditor’s professional judgment, requires special audit consideration. These risks often relate to nonroutine and complex transactions that require significant judgment on the part of the client such as risk of fraud, leading developments, related party issues, estimates, and so on. When performing an audit, it is the auditor’s job to obtain the necessary evidence to verify the assertions made in the financial statements. At the relevant assertion level, the auditor may use account balances, transactions, and presentation & disclosure assertions summarized under seven categories. Besides, audit should regulate the nature, extend, and timing of procedures, including tests of controls and substantive procedures according to the assessed level at the relevant assertion level.
- Completeness
- Valuation, Allocation and Accuracy
- Existence and Occurrence
- Rights and Obligations
- Cutoff
- Understandability and Classification
- Rights and Obligations, and Occurrence
Tests of Controls
Tests of controls are audit procedures performed to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level. The auditor is required to obtain an understanding of the design and implementation of internal control as part of understanding the entity and its environment. ‘Test of controls’ consisting of inquiry, inspection, re-performance and observation was performed to evaluate whether the controls are working effectively for two main purposes. The aim of tests of control in auditing is to determine whether these internal controls are sufficient to detect or prevent risks of material misstatements. The first purpose of the test of controls is to reduce substantive audit procedures, which can be time-consuming and costly by relying on the client’s internal controls and secondly, obtaining additional audit evidence.
Substantive Procedures
Substantive procedures are designed to identify material misstatements at the assertion level and they consist of ’test of details’ and ‘substantive analytical procedures’. Auditor should arrange the nature, extend, and timing of procedures at the relevant assertion level and regardless of the assessed risks of material misstatement, substantive procedures are required for each material transaction, account balance and disclosure.
There is no set definition for a ‘test of details’ in the audit standards. It is only mentioned that it is one of the two substantive procedures with the other one being substantive analytics. Test of details as the name suggests is detailed testing by the auditors for collection of audit evidence that the balances, underlying disclosures, and the transactions associated with the financial statements are correct. The difference between tests of control and tests of detail is that; a test of controls involves many similar audit procedures to a test of detail, but the outcomes are different. While a test of controls supports control risk assessment, a test of details is performed to support the overall audit opinion of a company’s balance sheet and accompanying transactions. Tests of control are only performed when the auditor believes that the control risk is low, enabling them to verify this assessment. However, a test of details is almost always required to obtain sufficient audit evidence.
Substantive analytical procedures are evaluations of financial information made by a study of plausible relationships among both financial and non-financial data and can be more effective and efficient than a test of details. Some clarification is needed to clear up any confusion about analytical procedures; Analytical procedures are used throughout the audit process and are conducted for three primary purposes:
- Preliminary analytical review; risk assessment (required by ISA 315) preliminary analytical reviews are performed to obtain an understanding of the business and its environment.
- Substantive analytical procedures; analytical procedures are used as substantive procedures when the auditor considers that the use of analytical procedures can be more effective or efficient than tests of details in reducing the risk of material misstatements at the assertion level to an acceptably low level.
- Final analytical review; (required by ISA 520) analytical procedures are performed as an overall review of the financial statements at the end of the audit to assess whether they are consistent with the auditor’s understanding of the entity.
