Audit Evidence Decisions and Documentation


Audit Evidence Decisions and Documentation


Audit evidence- is the information obtained by the auditor in arriving at conclusions on which their reports are based. During financial statement audits, the auditors gather and evaluate evidence to form an opinion about whether the financial statements follows the appropriate criteria, usually, generally accepted accounting principles. The auditors must gather sufficient competent evidence to provide an adequate basis for their opinion on the financial statements. The audit evidence is intended to assure the users of accounting information that the financial statements are a credible source of information about the organization. The users may not accept the auditor’s opinion on the truth and fairness of financial statements unless the auditor has collected sufficient competent evidence about the material misstatements. Hence, the collection of evidence lies in the heart of the audit.

 Hence, the requirement to obtain sufficient competent evidence is reflected in the third standard of field work that states:

Sufficient competent evidential matter is to be obtained through inspection, observation, inquires, and confirmation to afford a reasonable basis for an opinion regarding the financial statements under audit.

Audit risk which refers to the possibility that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated, can be greatly reduced by gathering evidence. One way to gather additional evidence is to increase the extent of the audit procedures. However, additional evidence may also be obtained by selecting a more effective audit procedure or by performing the procedures closer to the balance sheet date.

The auditor must gather sufficient evidence to reduce audit risk to a low level in every audit and this concept is reflected in the third standard of fieldwork. The evidence collected by the auditor must be sufficient and appropriate.

Assertions for which the evidence is sought-The auditor has to collect appropriate evidence and evaluate whether it supports the various assertions on which the auditor has to express his opinion. The nature of assertions for which the auditor collects evidences for an independent financial audit is the following

  1. Existence: the inclusion of an item of asset or liability in the balance sheet implies an assertion by the preparer that the asset or the liability exists at the date of the balance sheet.

  2. Rights and obligations: it is asserted that the assets shown in the balance sheet are the rights of the organization and liabilities are the obligations on the date of the balance sheet

  3. Occurrence: there is an assertion that the transactions reflected in the financial statements are occurred during the relevant accounting period and that they pertain to the organization.

  4. Completeness: this assertion implies that there are no unrecorded assets, liabilities or transactions.

  5. Valuation: this assertion implies that the assets and liabilities are included in the balance sheet are at an appropriate value i.e. as per the normally accepted bases of valuation.

  6. Measurement: this assertion implies that transactions have been recorded at proper amounts and that revenues and expenses have been allocated to the proper accounting periods

  7. Presentation and disclosure:  this assertion implies that the disclosure, classification and description of various item in the balance sheet and in the income statements are in accordance with the generally accepted accounting standards and relevant statutory requirements


5.1 Audit Evidence Decisions

Major decision of an auditor involves determining the appropriate type and amount of evidence. In this judgment the cost factor should be considered.

The auditors' decisions on evidence accumulation can be broken down in to four sub decisions:

  • Which audit procedure to use (Audit Procedure?)
  • Which sample size to select for a given procedure (Sample Size?)
  • Which items to select from population (Items??)
  • When to perform the procedures (Timing)


        1. Audit procedures

It is a detailed instruction for the collection of a type of audit evidence that is to be obtained at some time during the audit. The instructions should be clearly and specifically stated.

Example: - Obtain cash disbursement journal and compare the payer name, amount, and date on the cancelled cheque with cash disbursement journal.

        2. Sample Size

After selection of audit procedure, the decision of how many items to test must be made by the auditor for each audit procedures.

Example: - If 60,000 checks are recorded in cash disbursement journal, only

      400 may be selected.

        3. Items to Select

Following the sample size selection, it is necessary to decide which items in the population to test.

Example: - The auditor may see the 400 checks based on random selection, weakly selection, amount etc.

       4. Timing

The timing decision is affected by when the client needs the audit to be completed. Also, it can be affected by the auditors' belief on effective timing for accumulation and the availability of audit staff.

Example:-  the auditor often prefer to count inventory up close to the balance sheet dates.

The audit procedure often incorporates the other three sub decisions.

   Example: - obtain the October cash disbursement journal and compare the payee, name, amount, and date on the cancelled cheque with cash disbursement journal for a randomly selected sample of 40 cheque numbers.



Evidential matter is any information that corroborates or refutes an assertion. The evidential matter supporting the assertions in a company’s financial statements consists of the underlying accounting data and all corroborating information available to the auditors. The third fieldwork standard states that sufficient competent evidential matter should be obtained to afford a reasonable basis for an opinion regarding the financial statements under audit. It is unlikely to say that the auditor will be completely convinced that the opinion is correct because of the nature of audit evidence and cost limitations. However, he must be persuaded that his/her opinion is correct with high level of assurance.

The two determinants of the persuasiveness of audit evidence are competence and sufficiency.

a) Competence of evidence

This refers to the extent to which evidence can be believable or worthy of trust; sometimes reliability is interchanged with competence.

Competence of evidence deals only with the audit procedures selected. It isn't improved by selecting larger sample size or different population items. It can be improved only by selecting audit procedures that contain higher quality of characteristics of competent evidence.

     Characteristics of competent evidence

Relevance: - Evidence must be relevant to specific audit objective.

For example if the auditor is interested to examine sales transaction, the evidences gathered must be related to sale.

Independence of provider: - Evidences obtained outside the client company is more reliable than that obtained from with in.

Effectiveness of client's internal control: - Strong internal control systems produce more reliable evidence than weaker ones.

Auditor's direct knowledge: - Information obtained directly by the auditor through physical examination, observation and computation are more competent.


     Qualifications of individuals providing information

The person who provides information must be qualified to do so. This affects the competence of the evidence. Examples in clued communications from banks, attorney that have relationship with business.

Degree of objectivity

Objective evidences are more reliable than subjective. Examples of objective evidence are physical counts; confirmation from banks on cash balances, adding subsidiaries to check against related general ledgers etc.


This refers either to when evidence is accumulated or the period covered by the audit. For balance sheet items it is good if evidence is collected near balance sheet dates. For income statement it is timely if the sample is taken from the entire period under audit rather than only from part of the period.


b) Sufficiency of evidence

This refers to the quantity of evidence. It is primarily measured by the sample size. The selection of sample size is determined at least by:

Auditor's expectations of misstatement

The strength of client's internal control

In addition to sample size, individual items may affect sufficiency. For example, 

  • Items with larger dollar value
  • Items susceptible to misstatement
  • Items representative of the population

To sum up, the persuasiveness of evidence is judged by the combined effect of competency and sufficiency.

In answering the question of persuasiveness, cost consideration must also exist. The objective is to obtain a sufficient amount of competent evidence at the lowest possible cost.



The major types of audit evidences gathered by the auditor during audit are the following:

  1. Physical evidence: Actual physical examination or observation provides the best evidence of the existence of certain assets. The existence of the property may be established through physical examination. For example, the existence of plant assets, inventory, cash etc can be verified by the physical examination. It might seem that physical examination of an asset would be conclusive verification of all assertions relating to that asset. It may not be always true. Physical verification gives evidence of the existence of the asset to the auditor
  2. Documentary evidence: Another types of evidence relied upon by the auditor is the documents. The worth of the documentary evidence depends on whether the documents are created within the company (sales invoices) or it came from outside the company (vendors invoice). Some times the documents created within the organization are sent outside for endorsement and processing and these documents are regarded as very reliable evidence. In accepting the reliability of the documentary evidence, the auditor should consider whether the document is of a type that could easily be forged or created in its entirety by a dishonest employee. The documentary evidence is classified into three categories and they are
    1. Documents created outside the organization and transmitted directly to the auditor- the most reliable documentary evidence consists of documents created by independent parties outside the organization and transmitted directly to the auditors without passing through the client’s hands. For example, the verification of accounts receivable
    2. Documents created outside the organization and held by the organization-many of the externally created documents referred to by the auditors will be in the possession of organization. For example, bank statements, vendor’s invoices and statements, property tax bills notes receivables etc.
    3. Documents created and held within the organization- most documents created within the organization represent a lower quality of evidence because they circulate only within the company and do not receive critical review by an outsider. For example, the sales invoices, shipping notices, purchase orders etc. The degree of reliance to be placed on documents created and used only within the organization depends on the effectiveness of the internal control. If the accounting procedures are so designed that another person must critically review a document prepared by one person and if all documents are serially numbered and all numbers in the series accounted for, these documents may represent reasonably good evidence. Adequate internal control will also provide for extensive segregation of duties so that no one handles a transaction from beginning to end.
  3. Accounting records as evidence: the dependability of ledgers and journals as evidence is indicated by the extent of internal control covering their preparation. An auditor will attempt to verify an amount in the financial statements by tracing it back through the accounting records. They will ordinarily carry this process through the ledgers to the journals and vouch the item to such basic documentary evidence. To some extent, the ledger and journals constitute worthwhile evidence in themselves to the auditors
  4. Evidence from the analytical procedures: analytical procedures involve evaluations of the financial statements by a study of relationships among financial and nonfinancial data. The process of analytical procedures consists of four steps
    1. Develop an expectation of an account balance
    2. Determine the amount of difference from the expectation that can be accepted without investigation
    3. Compare the account balances with the expected account balance
    4. Investigate the significant deviations from the expected account balance                                                                                                                                                Techniques used in performing analytical procedures range from complex models involving many relationships and data from many years. For example, comparison of revenue and expense amounts for the current year to those of the previous years and to the industries average.
  5. Evidence from computations: to prove the arithmetical accuracy of the client’s records, the auditor make computations independently as another form of audit evidence. Computations verify the mathematical processes and used to prove the calculation of the client.
  6. Evidence provided by the specialists: since the auditors may not be experts in all the fields of business of the client, he may get the services of the experts in performing highly technical tasks such as valuation of inventory, or making the actuarial computations to verify liabilities for postretirement benefits. The expert should be independent person. If the auditor feels that the expert is not an independent person, he may perform additional procedures or engage another specialist.
  7. Oral evidence: during the examination of records, the auditor may ask many questions to the officers and the employees of the organization on the endless topics ranging from the location of records and documents, the reasons underlying an unusual accounting procedures, the probabilities of collecting a long past due accounting receivables etc. The answers the auditor receives to the questions constitute another type of evidence.
  8. Evidence from client representation letters: The auditor should get a representation letter from the client summarizing the most important oral representations made during the engagement. These letters are dated as the last day of the fieldwork and usually signed by the chief executive officer and chief finance officer. Most of the representations fall into the following categories

               1. All accounting records, financial data and minutes of the directors meetings have been made available to the auditors

               2. The financial statements are complete and prepared in conformity with the generally accepted accounting principles

               3. All items requiring disclosure have been properly disclosed



Related parties refer to the client entity and any other party with which the client may deal where one party has the ability to influence the other to the extent that one party to the transaction may not pursue its own separate interests. Examples of related parties are officers, directors, principal owners, members of the immediate families, affiliated companies, subsidiary companies etc. A related party transaction is a transaction between the company and these parties. The primary concern for the auditor is that significant materials of related party transactions are adequately disclosed in the client’s financial statement or the related notes. Disclosure of related party transactions should include the nature of the relationship, the description of the transactions etc.

Evidences about accounting estimates -The auditor must be very careful in considering financial statement accounts that are affected by estimates made by the management, particularly those for which a wide range of accounting methods are considered acceptable. For example, the estimates of obsolete inventory, allowances for loan losses, estimates of warranty liabilities etc. though the making of estimates are the responsibility of the management, the auditor should determine that

  1. All necessary estimates have been developed
  2. The accounting estimates are reasonable and
  3. The accounting estimates are properly accounted for and disclosed


   5.5. The relationship of audit risk and audit evidence

Audit risk-refers to the possibility that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated. In other words, it is the risk that the auditors will issue an unqualified opinion on financial statements that contain a material departure from generally accepted accounting principles. Thus, the more sufficient and competent the audit evidence obtained, the less will be the audit risk.

For each financial statement account, audit risk consists of the possibility that

  1. A material misstatement in an assertion about the account has occurred, and
  2.  The auditors do not detect the misstatement.


The first risk, the risk of occurrence of a material misstatement, may be separated into two components-inherent risk and control risk. The risk that auditors will not detect the misstatement is called detection risk.

Inherent Risk- The possibility of a material misstatement of an assertion before considering the client’s internal control is referred to as inherent risk. Factors that affect inherent risk related to either the nature of the client and its industry or to the nature of the particular financial statements account.

Inherent risk also varies by the nature of the account. For instance, if we consider two balance sheet accounts-cash accounts and building account and if we assume that the balance of cash account is only one tenth that of  building account, this does not mean that the inherent risk associated with cash account will also be one-tenth as much that of the building accounts. Rather, the inherent risk associated with the cash account may be much more than one-tenth of the inherent risk associated with the building accounts. This is due to susceptible nature of cash account to error or theft than are building accounts.

Thus, auditors may spend much more time in auditing cash accounts than the assumed proportion of their inherent risk.

Inherent risk also varies with the assertion about a particular account. As an example, valuation of assets is often a more difficult assertion to audit than is existence of the assets.

The auditor use their knowledge of the clients industry and the nature of its operations, including information obtained in prior years audits to assess inherent risk for the financial statement assertions

Control risk- The risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal control is referred to as control risk. This risk is entirely based on the effectiveness of the client’s internal control.

  To assess control risk, auditors consider the client’s control that affects the reliability of financial reporting. Well designed controls that operate effectively increase the reliability of accounting data.

To obtain an understanding of the client’s internal control and to determine whether it is designed and operating effectively, the auditors use a combination of inquiry, inspection, observation, and performance of audit procedures.

If the auditors find that the client has designed effective internal control for a particular account and that the prescribed practice operate effectively in day-to-day operation, they will assess control risk for the related assertions to be low, and there by accept a higher level of detection risk, i.e. the more effective internal control is, the lesser will be the control risk and the higher will be the detection risk. That is because, effective internal control leads to the use of low substantive testing procedure by auditors which may in turn lead to high detection risk

Detection risk-The risk that the auditors will fail to detect the misstatement with their audit procedures is called detection risk. In other words, detection risk is the possibility that the auditors’ procedures will lead them to conclude that material misstatement does not exist in an account or assertion when in fact such misstatement does exist.

Detection risk is restricted by performing substantive tests. For each account, the scope of the auditors’ substantive tests, including their nature, timing and extent determines the level of detection risk.


Measuring audit risk- In practice, the various components of audit risk are not typically quantified. Instead, the auditors usually use qualitative categories, such as low risk, moderate risk, and maximum risk. Statements of Auditing Standards (SAS-47), allows the use of either quantified or non quantified approach. In any way, the relationships among audit risk, inherent risk, control risk, and detection risk can be put generally as follows:


AR=IR×CR×DR  , where, AR  =  Audit risk

                                            IR  =  Inherent risk

                                            CR =  Control risk

                                            DR=   Detection risk

To illustrate how audit risk may be quantified, assume that auditors have assessed inherent risk for a particular assertion at 50% and control risk at 40%. In addition, they have performed audit procedures that they believe have a 20% risk of failing to detect a material misstatement in the assertion. The audit risk for the assertion may be computed as follows:

                         AR =  IR × CR × DR

                               =  .50 × .40 × .20


Thus, the auditors face a 4% audit risk that a material misstatement has occurred and evaded both the client’s controls and the auditors’ procedures.

It is important to realize that while auditors gather evidence to assess inherent risk and control risk, they gather evidence to restrict detection risk to the appropriate level. Inherent risk and control risk are a function of the client’s nature of internal control structure and its operation environment. Regardless of how much evidence the auditors gather, they cannot change these risks. Therefore, evidence gathered by the auditors is used to assess the levels of inherent and control risks.

Detection risk on the other hand, is a function of the effectiveness of the audit procedures performed. If the auditors wish to reduce the level of detection risk, they need to obtain additional competent evidence. As a result, detection risk is the only risk that is completely a function of the sufficiency of the procedures performed by the auditors


Click to Download: 

Related Content