Audit Evidence and Auditing Procedure – Comprehensive Notes

Learning Outcomes

  • By the end of this topic you should be able to:

    • Explain the concept, forms and sources of audit evidence.

    • Distinguish and list the several types of evidences used in auditing.

    • Interpret the meaning of “sufficiency” (quantity) and “appropriateness” (quality) of evidence.

    • Describe the link between evidence gathered and the auditor’s final opinion.

Definition of Audit Evidence

  • “Audit Evidence” = all information obtained by the auditor to reach the conclusions on which the audit opinion is based.

  • Encompasses both:

    • Underlying accounting data.

    • Corroborating information from any source.

Key Decisions When Designing Audit Evidence

  • Which audit procedures to perform.

  • What sample size to choose for each procedure.

  • Which specific items within the population to test.

  • Timing – when in the audit cycle the procedures should be carried out.

Governing Standard – ISA 500 “Audit Evidence”

  • Requires the auditor to obtain sufficient appropriate audit evidence (SAAE) to draw reasonable conclusions.

  • Terms in ISA 500:

    • Sufficient = enough evidence (quantity).

    • Appropriate = relevant + reliable (quality).

    • Reasonable basis = rational support for the opinion; not absolute certainty.

Components of Audit Evidence

1. Underlying Accounting Data

  • Books of original entry (sales journals, purchase journals, cashbooks, etc.).

  • General & subsidiary ledgers.

  • Accounting manuals and chart of accounts.

  • Informal / memorandum records: working papers, schedules, reconciliations, spreadsheets.

2. Corroborating Information

  • External & internal documents: cheques, EFT authorisations, invoices, shipping docs, contracts.

  • Written confirmations & management representations.

  • Evidence generated from:

    • Inquiry, observation, inspection, physical examination.

    • Any other information the auditor develops (e.g. analytical ratios).

3. Statutory Backdrop (Malaysia – Companies Act 1965 §167)

  • Companies must keep records “sufficient to explain transactions and financial position”.

  • Entries must be recorded within 60 days of the transaction.

  • Retention period ≥ 7 years.

  • Overseas records allowed, but copies must be maintained in Malaysia.

Nature of Audit Evidence

  • Persuasive rather than conclusive – the auditor rarely examines 100 % of information.

  • To strengthen persuasiveness, auditors seek evidence:

    • From different sources (external vs internal, third-party vs client-generated).

    • Of different nature (physical, documentary, oral, analytical) supporting the same assertion.

Persuasiveness Determinants

  • Sufficiency – quantity of evidence.

  • Appropriateness – quality (relevance + reliability).

Sufficiency – Quantity Considerations

  • Influenced by:

    • Materiality: high materiality ⇒ more evidence.

    • Inherent & control risk: higher risk ⇒ larger sample.

    • Economic factors: cost-benefit trade-off.

    • Population size & characteristics: heterogeneous populations may require more items.

  • Sampling can be judgemental or statistical.

Appropriateness – Reliability Factors

  • Source independence: third-party > client.

  • Effective internal controls: strong controls → system-generated evidence more reliable.

  • Auditor’s direct knowledge: evidence obtained firsthand (e.g. physical count) is highest.

  • Documentary vs oral: written/electronic > verbal (oral can be retracted).

  • Originals vs copies: originals > photocopies/faxes (risk of alteration).

Professional Skepticism & Evaluation (AI 200)

  • Auditor must maintain a questioning mind and critically assess all evidence.

  • Evidence evaluation skills are essential: thorough, unbiased, and alert to contradictory information.

How Evidence Is Obtained – The Two Broad Categories

  • Tests of Controls (TOC) – evaluate operating effectiveness of internal controls at the assertion level.

  • Substantive Procedures (SP) – obtain direct evidence regarding amounts & disclosures.

    • In some audits evidence may come entirely from substantive procedures (ISA 500 §3).

Tests of Controls (TOC)

  • Objective: confirm that internal controls prevent / detect / correct misstatements.

  • Typical procedures:

    • Inquiry of client personnel.

    • Inspection of docs/records & walkthroughs.

    • Observation of control activities.

    • Re-performance of control steps by auditor.

  • Extent decisions:

    • Can rely on prior-year evidence (if controls unchanged & still effective).

    • Controls over significant risks demand more current testing.

    • Controls may be tested for less than the full year (e.g. rotational testing).

Substantive Procedures (SP)

  • Provide direct evidence on fair presentation of F/S assertions.

  • Three sub-types:

    1. Analytical Procedures (AP)

    2. Tests of Details of Transactions (TDT)

    3. Tests of Details of Balances (TDB)

1. Analytical Procedures (ISA 520)

  • Evaluate financial information by analysing plausible relationships among data.

  • Comparisons with:

    • Prior periods.

    • Budgets / forecasts / auditor expectations.

    • Industry averages.

  • Relationship analysis:

    • Within financial data (e.g. gross margin =\frac{Gross\ Profit}{Sales}).

    • Between financial and non-financial data (e.g. payroll cost per employee).

  • Purposes:

    • Understand industry & business.

    • Assess going-concern.

    • Highlight possible misstatements.

    • Reduce other detailed tests.

  • Timing:

    • Required in planning.

    • Often used in fieldwork.

    • Required in completion (overall review).

2. Tests of Details of Transactions (TDT)

  • Examine support for individual debits/credits.

  • Example: vouch sales in Sales Day Book (SDB) to invoices & shipping docs.

3. Tests of Details of Balances (TDB)

  • Directly substantiate closing balances.

  • Example: confirm accounts receivable with customers.

Standard Audit Evidence Procedures

  1. Physical Examination

  2. External Confirmations

  3. Documentation

  4. Analytical Procedures

  5. Inquiry of client

  6. Re-performance

  7. Observation

Detailed Discussion of Individual Evidence Types

Physical Examination

  • Auditor’s inspection or count of tangible assets (inventory, cash, PPE).

  • High reliability (direct, tangible, firsthand).

Confirmation

  • Obtain a representation of information or condition directly from a 3rd party.

  • Common confirmations & sources:

    • Cash – Bank.

    • Account / Notes Receivable – Customers / Makers.

    • Inventory on consignment – Consignee / Public warehouse.

    • Account / Notes Payable – Creditors / Lenders.

    • Shares outstanding – Registrar / Transfer Agent.

    • Insurance cover – Insurance company.

  • Reliability depends on:

    • Form (positive, negative, blank).

    • Prior experience with entity (response rates, accuracy).

    • Nature of information (simple balances > complex info).

    • Competence & independence of respondent.

Inspection of Records & Documents

  • Examination of internal or external documents (paper, electronic, or other media).

  • Provides evidence for existence, completeness, rights & obligations, etc.

Analytical Procedures (re-emphasised)

  • Study & comparison of relationships to flag unusual trends.

  • Evaluate financial information by analysing plausible relationships among data.

  • These procedures also involve investigating unusual fluctuations or inconsistencies that do not align with other relevant information or expected patterns.

  • Comparisons with:

    • Prior periods.

    • Anticipated results, such as budgets, forecasts, or auditor’s own estimates (e.g., estimated depreciation)

    • Similar industry information, like comparing sales-to-receivables ratios with industry averages or similar-sized entities in the same sector

  • Relationship analysis:

    • Within financial data that should follow predictable patterns (e.g., gross margin percentages based on past trends)

    • Between financial and non-financial data (e.g. payroll cost per employee).

  • Analytical procedure

    • Understand the client’s industry and business.

    • Assess the entity’s ability to continue as a

      going concern

    • Highlight possible misstatements.

    • Reduce other detailed tests.

    • Emphasizes the expectations developed by the auditor

      • Required in planning phase.

      • Often done during the testing phase

      • Required in completion phase.

Inquiries of the client

  • Written or oral info obtained from client.

  • Low reliability alone; usually corroborated.

Re-calculation

  • Auditor independently rechecking a sample of calculations made by client(e.g. depreciation, interest, payroll).

Re-performance

  • Auditor re-perform or examines the client’s internal accounting procedures or controls.

Observation

  • Auditor uses their senses (seeing, hearing, etc.) to watch how the client performs certain activities (e.g. stock count attendance, plant tour).

Documentation

  • Auditor examines written records or documents to gather audit evidence

  • Example extract (inventory):

    • Compare quantity on perpetual records to quantities counted by client.

Hierarchy of Evidence Reliability (from most → least)

  1. Physical examination & auditor computation (direct, objective).

  2. Inspection of documentation, external confirmations, analytical procedures.

  3. Inquiry of client personnel / management, observation (subjective, easily manipulated).