ISA 500: How do appropriate audit procedures collect audit evidences?
Updated: Aug 18, 2020
It is no doubt that audit evidence is one of important topics in ACCA Advanced Audit and Assurance (AAA, was P7) and Audit and Assurance (AA, was F8) exam. However, this basic concepts are sometimes missed by students in the exam. We are here to help you to understand it thoroughly.
Audit evidence is an integral part of the auditing process. However, to understand what audit evidence is, we must first understand what auditing is.
Auditing is the process of examining the financial statements of a business entity and expressing an opinion about those financial statements. The opinion is provided by auditors, who are professionals of the auditing field. These opinions are based on their findings of the Financial statements.
Now that we are clear about the process of auditing, we must define what audit evidence is.
What is audit evidence?
Audit evidence is any information that is used by an auditor to arrive at a conclusion about the financial statements of an entity on which they can base their opinions. Audit evidence includes information contained in the accounts and the accounting system of the audited entity. This information is the basis for the preparation of the financial statements of the entity.
The terms audit evidence and audit procedure are closely related to each other. However, there are differences between the two. Many people confuse audit evidence with audit procedures. Therefore, we must know the difference between audit evidence and audit procedure.
The difference between audit evidence and audit procedure is very simple. Audit evidence, as we discussed above, is the information that is collected by an auditor. This evidence is gathered using different procedures, known as audit procedures. Therefore, audit procedures can be defined as the procedures that auditors use to gather audit evidence.
There are many types of audit procedures that auditors use to gather audit evidence. These types are:
1. Analytical procedures
The auditor assesses different balances and transactions through other financial and non-financial data.
The auditor enquires knowledgeable parties regarding different transactions and events.
3. External Confirmations
External confirmations are sent to independent third parties, such as banks, customers, or suppliers, to confirm balances.
The auditor inspects different documents related to transactions. This may also include a physical inspection of assets.
The auditor observes different processes and procedures to assess the internal controls of the organization.
The auditor recalculates different figures, for instance, depreciation, to confirm the accuracy of these figures.
The auditor reperforms several procedures that were originally performed as a part of the internal control of the entity, for example, bank reconciliations, aged analysis, etc.
The standard that describes audit evidence even further is the ISA 500 – Audit Evidence.
ISA 500 – Audit Evidence
The ISA 500 – Audit Evidence is the main auditing standard that dictates the process of obtaining audit evidence. This standard describes what is meant by audit evidence and also defines what the objective of an auditor should be when gathering audit evidence. The standard states:
“The objective of the auditor is to design and perform audit procedures in such a way to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion.”
Furthermore, the standard also defines what the meaning of “sufficient appropriate audit evidence” is. We will look at both of these terms in detail below.
According to the standard, sufficiency is dictated by the quantity of the audit evidence obtained. The standard dictates that the auditor must obtain enough quantity of audit evidence to form an opinion regarding the financial statements of the entity being audited. While the standard does not give an exact quantity that can be regarded as sufficient, it states:
“The quantity of the audit evidence needed is affected by the auditor’s assessment of the risks of material misstatement and also by the quality of such audit evidence.”
In simpler words, it is the auditor that must decide how much audit evidence is sufficient for them to base their opinion on. It is generally recommended that the auditor should consider all the following factors when deciding whether the audit evidence is sufficient:
Risk of material misstatement
The materiality of the item being tested.
The nature and internal control of the entity.
Results obtained from the test of controls.
The sample size being tested.
While the above is not an extensive list, these are generally the factors that can dictate the quantity of the audit evidence the most.
The standard states the following regarding the appropriateness of audit evidence:
“The measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based.”
From this statement, we can deduce that the appropriateness of audit evidence relies on two things, relevance and reliability of the audit evidence. The standard further elaborates on both the terms. We can summarize their meanings in (i) relevance; (ii) reliability:
Relevance means whether the audit evidence that is obtained relates to the assertions of the item being tested. Assertions are representations by the management of the entity being audited, based on which the financial statements of the entity are prepared.
The assertions being tested depend on whether the item for which audit evidence is being obtained relates to a class of transactions or account balances and their related disclosures.
The assertions that are tested for a class of transactions and related disclosures are:
Similarly, the assertions that are tested for account balances and related disclosures are:
Accuracy, valuation, and allocation.
Rights and obligations
Reliability means whether the audit evidence that is obtained comes from a reliable source. According to the standard, any audit evidence that is obtained by the auditor must come from a trustworthy and reliable source.
Furthermore, the standard also states what types of evidence are more reliable. For example, the standard states that audit evidence obtained from an external source is more reliable than audit evidence generated by the client.
Source of Audit Evidence
Now that we understand what audit evidence is and the requirements of the ISA 500 – Audit Evidence, we must look at the sources of audit evidence. There are two sources which auditors can obtain audit evidence, as below:
Test of Controls
Test of controls, as the name suggests, are tests designed by an auditor to obtain audit evidence regarding the internal control of the entity. While test of controls is not designed to check monetary amounts, it is an important source of audit evidence to establish the controls of an entity.
By testing the controls of the entity, the auditor can also establish the risks related to the audit of the entity. These risks also dictate the quantity of the audit evidence that must be obtained for the auditor to form an opinion. Generally, the better the internal controls of an entity, the lesser are the risks of material misstatement in its financial statements.
Substantive procedures consist of test of details and substantive analytical procedures. Test of details is used to verify individual transactions and balances.
Substantive analytical procedures, on the other hand consist of analytical procedures that are carried out to check the relationship between information and to identify any unusual fluctuations in them.
If the internal controls of an entity cannot be tested or relied on, auditors can rely only on substantive procedures to obtain audit evidence.
Relying on work of others
Sometimes, auditors may need to rely on the work of other parties, such as experts. In some cases, these experts are hired by the management of the audited entity. When the auditor has to rely on the work of management's experts, per ISA 500, it must:
Evaluate the competence, capabilities, and objectivity of that expert;
Obtain an understanding of the work of that expert; and
Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion.
ISA 500 – Audit Evidence also elaborates on and has detailed steps on how the auditor can ascertain the above points.
Inconsistency in, or Doubts over Reliability of, Audit Evidence
According to ISA 500 – Audit Evidence, if:
audit evidence obtained from one source is inconsistent with that obtained from another; or
the auditor has doubts over the reliability of information to be used as audit evidence
Then, the auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit.
This means if the auditor believes that the audit evidence is inconsistent or unreliable, then they must consider whether their audit procedures need to be modified or whether they should perform any additional audit procedures regarding the inconsistency.
Furthermore, the auditor must also consider whether the inconsistency has any effect on other aspects of the audit.
If you find this article is helpful and you want to help others too, just share it in any social media (such as Facebook, LinkedIn).