Chapter-5

Audit Evidence and Audit Documentation

Concepts of Audit Evidence
•Audit evidence is all the information used by the auditor in arriving at
the conclusions on which the audit opinion is based.
•A solid understanding of the characteristics of evidence is obviously an
important conceptual tool for auditors
The following concepts of audit evidence are important to understanding
the conduct of the audit:
a) The nature of audit evidence.
b) The sufficiency and appropriateness of audit evidence.
c) The evaluation of audit evidence.
Relationships of audit evidence to audit risk
•Audit risk which refers to the possibility that the auditors may unknow-
ingly fail to appropriately modify their opinion on financial statements
that are materially misstated, can be greatly reduced by gathering evi-
dence.
•One way to gather additional evidence is to increase the extent of the au-
dit procedures.
•However, additional evidence may also be obtained by selecting a more ef-
fective audit procedure or by performing the procedures closer to the bal-
ance sheet date.
The auditor must gather sufficient evidence to reduce audit risk to a low
level in every audit and this concept is reflected in the third standard of
fieldwork. The evidence collected must be sufficient and appropriate.
Financial Statement Assertions
•Audit procedures are designed to obtain evidence about the assertions of
management that embodied in the financial statements.
•When the auditors have gathered sufficient audit evidence about each
material financial statements assertion, they have gathered sufficient evi-
dence to support their opinion.
The nature of assertions for which the auditor collects evidences for
an independent financial audit is the following.
1.Existence: the inclusion of an item of asset or liability in the balance
sheet implies an assertion by the preparer that the asset or the liability ex-
ists at the date of the balance sheet.
2. Occurrence: there is an assertion that the transactions reflected in
the financial statements are occurred during the relevant accounting
period and that they pertain to the organization.
3. Rights and obligations: it is asserted that the assets shown in the
balance sheet are the rights of the organization and liabilities are the
obligations on the date of the balance sheet
4. Completeness: this assertion implies that there are no unrecorded
assets, liabilities or transactions.
5. Valuation: this assertion implies that the assets and liabilities are in-
cluded in the balance sheet are at an appropriate value i.e. as per the
normally accepted bases of valuation (e.g IFRS).
6. Measurement and Allocation: this assertion implies that transac-
tions have been recorded at proper amounts and that revenues and
expenses have been allocated to the proper accounting periods
7. Presentation and disclosure: this assertion implies that all the
transactions are presented in the financial statement and disclosed
all the relevant information's including classification and descrip-
tion of various items in the financial statements and accompanying
footnotes in accordance with the generally accepted accounting
standards and relevant statutory requirements.
Audit risk at the assertions level
•Since an audit involves gathering evidence for each material financial
statement assertion, audit risk can be also examined at that level.
•For each financial statement account, audit risk consists of the possi-
bility that;
1. A material misstatement in an assertion about the account has
occurred, and
2. The auditors do not detect the misstatement.
•The first risk, the risk of occurrence of a material misstatement, may be
separated into two components:- inherent risk and control risk.
•The risk that auditors will not detect the misstatement is called detec-
tion risk.
1. Inherent Risk- The possibility/susceptibility of an assertion to mate-
rial misstatement assuming no related client’s internal control.
• Factors that affect inherent risk related to either;
 the nature of the client and its industry or
 the nature of the particular financial statements account.
• For example, the following factors are indicative of high inherent risk
of the assertions about many accounts in the client’s financial state-
ments:
 Inconsistent profitability relative to the industry
 Operating results that are highly sensitive to economic factors
 Going concern problems
 Large known and likely misstatement detected in prior audits
 Substantial turnover, questionable reputation, or inadequate ac-
counting skills of management
• Inherent risk also varies by the nature of the account.
For instance, if we consider two balance sheet accounts:- cash accounts
and building account and if we assume that the balance of cash ac-
count is only one tenth that of building account, this does not mean
that the inherent risk associated with cash account will also be one-
tenth of that of the building accounts.
Rather, the inherent risk associated with the cash account may be much
more than one-tenth of the inherent risk associated with the building
accounts.
• This is due to susceptible nature of cash account to error or theft than
are building accounts.
  Therefore, auditors may spend much more time in auditing cash
accounts than the assumed proportion of their inherent risk.
Inherent risk also varies with the assertion about a particular account.
• As an example, valuation of assets is often a more difficult assertion
to audit than is existence of the assets.
• The auditor use their knowledge of the clients industry and the na-
ture of its operations, including information obtained in prior years
audits to assess inherent risk for the financial statement assertions
2. Control risk- The risk that a material misstatement will not be pre-
vented or detected on a timely basis by the client’s internal control
system is referred to as control risk.
• This risk is entirely based on the effectiveness of the client’s internal
control.
• To assess control risk, auditors consider the client’s control that affects
the reliability of financial reporting.
• Well designed controls that operate effectively increase the reliability
of accounting data.
• To obtain an understanding of the client’s internal control and to de-
termine whether it is designed and operating effectively, the auditors
use a combination of inquiry, inspection, observation, and perfor-
mance of audit procedures.
• If the auditors find that the client has designed effective internal con-
trol for a particular account and operate effectively in day-to-day op-
eration, they will assess control risk for the related assertions to be
low, and there by accept a higher level of detection risk.
i.e. the more effective internal control is,
 the lesser will be the control risk and
 the higher will be the detection risk.
 High level of confidence
 Low evidence will be collected
 Low level of audit work
• That is because, effective internal control leads to the use of low sub-
stantive testing procedure by auditors which may in turn lead to high
detection risk
3. Detection risk-The risk that the auditors will fail to detect the mis-
statement with their audit procedures.
• In other words, detection risk is the possibility that the auditors’ pro-
cedures will lead them to conclude that material misstatement does
not exist in an account or assertion when in fact such misstatement
does exist.
• Detection risk is restricted by performing substantive tests.
• For each account, the scope of the auditors’ substantive tests, includ-
ing their nature, timing and extent determines the level of detection
risk.
 Inherent Risk Misstatement likely to occur

Sand
Risk of in the client’s financial
Material and statements
Misstatements
Control
Risk
Misstatements prevented or
detected by controls

Misstatements that bypass

the client’s controls.
Risk that Detection Misstatements that are
Auditors fail risk detected by the auditors’
to detect procedures
material
Misstatement Audit Risk Misstatement undetected
by
the auditors’ procedures
Figure 3.2: The interrelationship between the three components of audit risk
 As you can see from the above graph, the bag of sand in the figure
represents inherent risk, the susceptibility of an account balance to
material misstatements.
 The sieves represent the ways by which the client and the auditors at-
tempt to remove the misstatements from the financial statements.
 The first sieve represents the client’s internal control, and the risk
that it fails to detect or prevent a misstatement is control risk.
 The second sieve represented by the auditors’ audit procedures and
the risk that it will fail to detect a misstatements is detection risk.
 The risk that the misstatement wills get through both sieves is audit
risk.
The relationships among audit risk, inherent risk, control risk, and detec-
tion risk can be put generally as follows:
AR=IR×CR×DR, where, AR = Audit risk
IR = Inherent risk
CR = Control risk
DR= Detection risk
To illustrate how audit risk may be quantified, assume that auditors have
assessed inherent risk for a particular assertion at 50% and control risk at
40%. In addition, they have performed audit procedures that they believe
have a 20% risk of failing to detect a material misstatement in the asser-
tion.
The audit risk for the assertion may be computed as follows:
AR = IR × CR × DR
= .50 × .40 × .20
= 0.04 or 4%
• Therefore, the auditors face a 4% audit risk that a material misstate-
ment has occurred and evaded both the client’s controls and the au-
ditors’ procedures.
• It is important to realize that while auditors gather evidence to as-
sess inherent risk and control risk, they gather evidence to restrict
detection risk to the appropriate level.
• Inherent risk and control risk are a function of the client’s nature
of internal control structure and its operation environment.
• Regardless of how much evidence the auditors gather, they cannot
change these risks.
• Therefore, evidence gathered by the auditors is used to assess the
levels of inherent and control risks.
• Detection risk on the other hand, is a function of the effectiveness of
the audit procedures performed.
• If the auditors wish to reduce the level of detection risk, they need to
obtain additional competent evidence.
• As a result, detection risk is the only risk that is completely a function
of the sufficiency of the procedures performed by the auditors.
Types of Audit Evidences and Audit Procedures

•By conducting audit procedures, the auditor examines various types of

audit evidence. Evidence is commonly categorized into the 9 types:
a)Inspection of Records or Documents: Inspection consists of examin-
ing internal or external records or documents that are in paper form, elec-
tronic form, or other media.
•On most audit engagements, inspection of records or documents makes
up the bulk of the evidence gathered by the auditor.
•Examples of audit evidence through inspection of records or documents:
 Examining corporate minutes to determine the authorization
of the issue of bonds.
  Comparing a duplicate sales invoice with the sales journal for cus-
tomer name and amount.
 Examining an insurance policy stating the amount of the fire in-
surance coverage on buildings and equipment.
Two issues are important in discussing inspection of records or docu-
ments: the reliability of such evidence and its relationship to specific as-
sertions.
1.Reliability of Records or Documents: A previous section noted the
independence of the source of evidence as a factor that affected the relia-
bility of audit evidence.
•In particular, evidence obtained from a knowledgeable source outside the
entity is generally considered more reliable than evidence obtained solely
from within the entity.
Typically a distinction is made between internal and external documents.
a)Internal documents are generated and maintained within the entity;
that is, these documents have not been seen by any party outside the
client’s organization. Examples include duplicate copies of sales invoices
and shipping documents, materials requisition forms, and work sheets for
overhead cost allocation.
b)External documents are of two forms: documents originating within
the entity but circulated to independent sources outside the entity and
documents generated outside the entity but included in the client’s ac-
counting records. Examples of the first include remittance advices re-
turned with cash receipts from customers and payroll checks, while ex-
amples of the second include bank statements and vendors’ invoices.
2. Documentary Evidence Related to Assertions: The second issue con-
cerning records or documents relates directly to the occurrence and com-
pleteness assertions and to the direction of testing taken when documen-
tary evidence is examined.
• The direction of testing between the accounting records and source docu-
ments (such as: sales invoices or shipping documents) is important when
testing the occurrence and completeness assertions.
 Vouching refers to selecting an item for testing from the accounting jour-
nals or ledgers and then examining the underlying source document.
Therefore, the direction of testing is from the journals or ledgers back to
the source documents. This approach provides evidence that items in-
cluded in the accounting records have occurred (occurance) or are valid
transactions.
 Tracing refers to first selecting a source document and then following
it into the journal or ledger. The direction of testing in this case is
from the source documents to the journals or ledgers.
• Testing in this direction ensures that transactions that occurred are
recorded (completeness) in the accounting records.

Figure 3.3: Direction of Testing for Validity and Completeness.

b) Inspection of Assets
• Inspection of tangible assets consists of physical examination of the
assets.
• Inspection is a relatively reliable type of evidence that involves the
auditor inspecting or counting a tangible asset.
• An audit engagement includes many situations in which the auditor
physically examines an entity’s assets. Examples; counting cash on
hand, examining inventory or marketable securities, and examining
tangible fixed assets.
• This type of evidence primarily provides assurance that the asset ex-
ists.
• Physical examination (inventory) may also provide evidence on valua-
tion by identifying items that are obsolete or slow-moving.
• However, physical examination provides little or no assurance for the
rights and obligations assertion.
• Examples of audit evidence through Inspection (physical examina-
tion):
 Make a petty cash count to make sure that the amount of the
petty fund is intact.
 Examine a piece of equipment to make sure that a major acquisi-
tion was actually received and is in operation.
 Count inventory items and record the amount in the audit files.
C) Observation
•Observation consists of looking at a process or procedure being per-
formed by others. The actions being observed typically do not leave an au-
dit trail that can be tested by examining records or documents. Examples
of observation:
 Watch employees count inventory to determine whether company
procedures are being followed.
 Stand by the payroll time clock to determine whether any em-
ployee "punches in" more than one time.
• Observation provides audit evidence about the performance of a process
or procedure but is limited to the point in time at which the observation
takes place.
• It is also limited by the fact that the client personnel may act differ-
ently when the auditor is not observing them.
• Observation is useful in helping auditors understand client processes,
but is generally not considered very reliable and thus generally requires
additional corroborating evidence by the auditor.
D) Inquiry
• Inquiry consists of seeking information of knowledgeable persons
(both financial and nonfinancial) throughout the entity or outside the
entity.
• Inquiry is an important audit procedure that is used extensively
throughout the audit and often is complementary (additive) to per-
forming other audit procedures.
• For example, much of the audit work conducted to understand the en-
tity and its environment including internal control involves inquiry.
Examples of audit evidence gathered through inquiry:
 Obtaining information about internal control by requesting the
client to fill out a questionnaire.
 Obtaining a letter from management stating that there are no un-
recorded liabilities.
 Reviewing the accounts receivable with the credit manager to eval-
uate their collectability.
• Inquiries may range from formal written inquiries to informal oral in-
quiries.
• Evaluating responses to inquiries is an integral part of the inquiry
process.
• The reliability of audit evidence obtained from responses to inquiries
is also affected by the training, knowledge, and experience of the au-
ditor performing the inquiry,
 because the auditor analyzes and assesses responses while per-
forming the inquiry and refines subsequent inquiries according to
the circumstances.
• In some cases, the nature of the response may be so significant that
the auditor requests a written representation from the source.
• Inquiry alone ordinarily does not provide sufficient audit evidence,
and the auditor will gather additional corroborative evidence to sup-
port the response.
Techniques for Conducting and Evaluating Inquiries

In conducting inquiry, the auditor should;

•Consider the knowledge, objectivity, experience, responsibility, and

qualifications of the individual to be questioned.
•Ask clear, concise, and relevant questions.
•Use open or closed questions appropriately.
•Listen actively and effectively.
•Consider the reactions and responses and ask follow-up questions.
•Evaluate the response.
E) Confirmation
 Confirmation is the process of obtaining a demonstration of informa-
tion or of an existing condition directly from a third party.
 Confirmations are also used to obtain audit evidence about the ab-
sence of certain conditions, for example, the absence of a “side
agreement” that may influence revenue recognition.
• Auditors usually use the term inquiry to refer to unwritten questions
asked of a third party, and the term confirmation to refer to written
requests for a written response from a third party.
• The reliability of evidence obtained through confirmations is directly
affected by factors such as
 The form of the confirmation (Positive or Negative).
 Prior experience with the entity.
  The nature of the information being confirmed.
 The intended respondent.
• Confirmations are used extensively on audits; they generally provide
reliable evidence for the existence assertion and, in testing certain
financial statement components (such as accounts payable), can
provide evidence about the completeness assertion.
• Evidence about other assertions can also be obtained through the
use of confirmations.
For example, an auditor can send a confirmation to a consignee to verify
that a client’s inventory has been consigned.
• The returned confirmation provides evidence that the client owns
the inventory (rights and obligations assertion).
The following are additional examples of confirmation which can be
done by auditor:
 Obtaining a letter from the client's attorney addressed to the CPA
firm stating that the attorney is not aware of any existing law-
suits.
 Obtaining a written statement from a bank stating that the client
has $15,671 on deposit and liabilities of $500,000 on a demand
note.
 Obtaining a letter from an insurance company to the CPA firm
standing the amount of the fire insurance coverage on buildings
and equipment.
Table 3-1. Amounts and Information Frequently Confirmed by Auditors
INFORMATION SOURCE
Assets
Cash in bank Bank
Cash surrender value of life insurance Insurance company
Accounts receivable Customers
Notes Receivable Maker
Owned inventory on Consignment Consignee
Inventory held in public warehouse Warehouse

Liabilities
Accounts Payable Creditor
Notes Payable Lender
Advance from Customers Customer
Mortgage Payables Mortgager
Bonds Payable Bondholder

Owner’s equity
Shares Outstanding Register and transfer agent
Other information
Insurance Coverage Insurance company
Contingent Liabilities Bank, Lender and Client's legal counsel
Bond Issuance agreements Bondholder
Collateral held by Creditors Creditor
F) Re-calculation
• Recalculation consists of checking the mathematical accuracy of
documents or records.
• Recalculation can be performed through the use of information
technology (e.g., by obtaining an electronic file from the entity and
using computer assisted audit techniques (CAATs), to check the ac-
curacy of the summarization of the file).
• Specific examples of this type of procedure include:
 Extend the cost of inventory times the quantity on an inventory
listing to test whether it is accurate.
 Add the sales journal entries to determine whether they were cor-
rectly totaled.
 Recalculate the depreciation expense on fixed assets and recalcu-
lation of accrued interest.
G) Re-performance

• Re-performance involves the independent execution by the auditor of

procedures or controls that were originally performed by company
personnel.
• For example, the auditor may re-perform the aging of accounts re-
ceivable, trace the total cash disbursements journal to the general
ledger.
• Again, because the auditor creates this type of evidence, it is nor-
mally viewed as highly reliable.
H) Analytical Procedures

• Analytical procedures involve evaluations of the financial statements

by a study of relationships among financial and non-financial data.
For example, the current-year accounts receivable balance can be com-
pared to the prior-years’ balances after adjusting for any increase or
decrease in sales and other economic factors.
• The auditor makes such comparisons either to identify accounts that
may contain material misstatements and require more investigation
or as a reasonableness test of the account balance.
• Analytical procedures are an effective and efficient form of evidence.
The process of analytical procedures consists of four steps
1. Develop an expectation of an account balance
2. Determine the amount of difference from the expectation that can
be accepted without investigation (tolerance level)
3. Compare the account balances with the expected account balance
4. Investigate the significant deviations from the expected account
balance
•Analytical procedures are an effective and efficient form of evidence.
•The reliability of analytical procedures is a function of
1) the availability and reliability of the data used in the calculations,
2) the plausibility and predictability of the relationship being tested,
3) the accuracy of the expectation and the rigor (strictness) of the
investigation.
I) Scanning
•Scanning is the review of accounting data to identify significant or un-
usual items.
•This includes the identification of anomalous individual items within
account balances or other client data or analysis of entries in transaction
listings, subsidiary ledgers, general ledger control accounts, adjusting en-
tries, suspense accounts, reconciliations, and other detailed reports
through the scanning .
•Scanning includes searching for large and unusual items in the account-
ing records as well as reviewing transaction data for indications of errors
that have occurred.
•Scanning can be performed either manually or through the use of com-
puter assisted audit techniques (CAATs).
Reliability of the types of audit evidence
•Inspection of tangible assets, re-performance, and recalculation are gen-
erally considered of high reliability because the auditor has direct knowl-
edge about them.
•Inspection of records and documents, scanning, confirmation, and analyt-
ical procedures are generally considered to be of medium reliability.
 The reliability of inspection of records and documents depends
primarily on whether a document is internal or external, and the
reliability of confirmation is affected by the four factors listed pre-
viously.
 The reliability of analytical procedures may be affected by the
availability and reliability of the data.
• Finally, observation and inquiry are generally low-reliability types of
evidence because both require further justification by the auditor.

Table 4–6 presents a hierarchy of the reliability of the types of evidence.

General Reliability Relationship Type of Evidence

High er (a) Inspection of tangible assets,
re-performance, recalculation

(b) Inspection of records and documents,

Medium confirmation, analytical procedures,
scanning

Lower (c) Observation, inquiry

I. Evidence about Accounting Estimates
•The auditors must be especially careful in considering financial state-
ment accounts that are affected by estimates made by management (often
referred to accounting estimates) particularly those for which a wide
range of accounting methods are considered acceptable.
Examples of accounting estimates include allowances for loan losses and
obsolete inventory, and estimates of warranty liabilities.
•Making accounting estimates is management's responsibility, and such
estimates are generally more susceptible to material misstatement than
financial statement amounts, which are more certain in amount.
• Standard of auditing requires the auditors to determine that:
a) all necessary estimates have been developed
b) the accounting estimates are reasonable, and
c) The accounting estimates are properly accounted for and disclosed.
• When evaluating the reasonableness of accounting estimates, the audi-
tors may use one or more of the following three basic approaches:
1) Reviewing and testing management's process of developing the esti-
mates:- this will involve evaluating the reasonableness of the steps per-
formed by management.
2) Independently developing an estimate of the amount to compare to
management's estimate.
3) Reviewing subsequent events or transactions bearing on the estimate,
such as actual payments of an estimated amount made subsequent to
year-end.
J. Evidence for Related Party Transactions
•Related parties refer to the client entity and any other party with which
the client may deal where one party has the ability to influence the other to
the extent that one party to the transaction may not pursue (follow) its
own separate interests.
Examples of related parties are officers, directors, principal owners,
members of immediate families, affiliated, subsidiary companies, etc.
•A related party transaction is a transaction between the company and
these parties. The primary concern for the auditor is that to check mate-
rial related party transactions are adequately disclosed in the client’s fi-
nancial statement or the related notes.
•Disclosure of related party transactions should include the nature of the
relationship, the description of the transactions etc.
Audit Documentation
•Audit standards require auditors to document relevant information to sup-
port the conclusions and engagement results.
Audit documentation is the principal record of auditing procedures applied,
evidence obtained, and conclusions reached by the auditor.
The working papers are the tangible evidence of the work done in support
of the audit opinion.
Working papers are the material the auditors prepare or obtain, and
maintain in connection with the performance of the audit.
Audit working papers should be safeguarded at all times against the possibil-
ity of their being examined by unauthorized persons.
Working papers support, amongst other things, the statement in the auditors'
report as to the auditors' compliance or otherwise with auditing standards.
Working papers are a record of,
the planning and performance of the audit
the supervision and review of the audit work; and
The audit evidence resulting from the audit work performed which the
auditors consider necessary and support their report.

Working Papers include the following.

→information on legal and organizational structure of the client
→copies of important legal documents, agreements and minutes
→evidence of the planning process and any changes thereto
→evidence on auditors' understanding of the accounting and I.C. System
→evidence of the auditors' consideration of the work of internal audit
→analysis of transactions and balances, significant ratios and trends
→a record of the nature, timing, extent, and results of auditing procedures
→ details of confirmation procedures on work carried out by other auditors
→ copies of communications with other auditors, experts and third parties
→ copies of letters with the client, reports to directors or management and
notes of discussions of entity's directors or management concerning audit
matters
→ letters of representation from the entity's directors or management
→ a summary of the significant aspects of the audit including details of the in-
formation available, the amount involved, management's views, the conclu-
sions reached and how these matters are resolved or treated
→ Copies of the approved financial statements and auditor's reports.
• Working papers are the property of the auditors. They are not a substitute
for, not part, of the entity's accounting records.
• Auditors should adopt appropriate procedures for maintaining the confi-
dentiality and safe custody of their working papers
End of Chapter Three

Thank You!!!