Evidence and Sampling

Audit Evidence ISA 500

1.1 General Principles of gathering audit evidence

Principles:

1. The outcome of an audit is a response

2. The report must be supportable by the auditor, if challenged
3. The auditor will collect evidence for report
4. The auditor carries out ‘audit tests’ to generate this evidence.
5. The audit and conclusion must be documented

ISA 500 Audit evidence sets out the objective:

1. Obtain sufficient, appropriate audit evidence

2. To be able to draw reasonable conclusions
3. On which to base his audit opinion

Other Requirements of ISA 500 are as follows:

4. Relevance and reliability of the information to be used as audit evidence

5. If information has been prepared by the management experts:

 Evaluate the competence, capabilities and objectivity of the experts

 Obtain an understanding of the expert’s work

 Evaluate the appropriateness of his report

6. Evaluate information produced by the client

 Sufficient reliable (accurate, complete, precise and detailed)

7. Using effective means for selecting items for testing

8. If audit evidences are inconsistent or the auditor has doubts over reliability of evidence –
consider
  What additional audit procedures are needed

 The effects of any other aspects of the audit

1.2 Sufficient and appropriate audit evidence

Sufficient – quantity

Appropriate – quality (relevance and reliability)

The auditor should exercise professional judgment on both of these aspects:

1. When is there enough evidence to support a conclusion?

2. What is the quality of the given piece of evidence and is this sufficient to justify
the audit opinion

Quality and quantity are also interrelated:

1. An auditor may be able to reach a conclusion of based on smaller quantity of

higher quality evidence

2. A larger quantity of lower quality evidence may be required to reach the same
conclusion

Deciding how much audit evidence is needed:

1. All the above things

2. Other factors:

i. The seriousness of the risk that the financial statements might not give a
true or fair value

 High risk, more audit evidence

ii. The materiality of the item

iii. The strength of the internal control

iv. The sampling method the auditor will use to obtain the audit evidence

 Effect the size of the audit sample

1.3 The quality of audit evidence

Relevant

1. Relevance deals with the logical connection with, or bearing upon, the purpose of the audit
procedures; e.g

1. Testing for overstatement in A/P – testing the recorded A/P

2. Testing for understatement in A/P – testing subsequent disbursements, unpaid

invoices, supplier statements and unmatched receiving reports

2. A given set of audit procedures may provide audit evidence that is relevant to certain
assumptions, but not others

1. Inspection of documents relating to collection of receivables – audit evidence

regarding existence and valuation not cut – off

3. Relevant audit evidence would include identifying conditions that indicate performance of a
control and deviation conditions

1. Operating effectiveness of controls in preventing, detecting, correcting

material misstatements at the assertion level.

4. Defining substantive procedures includes identifying conditions relevant to the purpose of

the test that constitute a misstatement in the relevant assertion.

Reliable

5. Audit evidence is more reliable when it is obtained from independent sources outside the
entity under audit

i. Satisfaction on the accuracy and reliability of any audit evidence for

reaching a conclusion

6. Internal generated audit evidence is more reliable when internal controls are effective.

7. Audit evidence obtained directly by the auditor is more reliable than the audit evidence
obtained by indirectly or by inference.
 i. Observation is more reliable then inquiry

8. Audit evidence is more reliable when it is in documented form.

9. Audit evidence provided by the original documents is more reliable than audit evidence
provided by photocopies

i. Reliability of other forms depend on the controls over their preparation and
maintenance

1.4 Procedures for generating audit evidence: Note that;

1. More than one procedure can be used

2. Not all procedures may be appropriate

ISA 500 identifies seven main testing procedures:

1. Inspection of an item

2. Observation of a procedure

3. Inquiry of a personnel

4. External confirmation

5. Recalculation

6. Re-performance

7. Analytical procedures
 Procedure Explanation/Application
1) Inspection (looking at an item) 1. Of tangible assets
2. Of entries in accounting records
3. Of documents (e.g; invoices)
2) Observation 1. Watching a procedure
2. Limited to the point in time when the
observation takes place
3. The person performing the procedure may
act differently when being observed
3) Inquiry 1. Seeking information from knowledgeable
persons
2. Evaluating responses to those inquiries
3. Corroborating those responses with other
audit evidence
4) External Confirmation A specific type of inquiry – seeking
confirmation from third party
5) Recalculation Checking the mathematical accuracy of
documents or records.
6) Re-Performance Independently carrying out procedures or
controls, which were originally performed by
the client.
7) Analytical procedures Evaluating or comparing financial or non
financial data.

1.5 What if the audit evidence is not sufficient

Obtain more evidence

 More tests of control

 More substantive testing procedures

Discuss the problem with client senior management and audit committee

 Indicate the findings in the audit evidence obtained in the management letter
 Qualify the audit report should be used if other methods fail to resolve the problem.

1.6 Types of audit procedures:

Risk assessment procedures

Further audit procedures

 Tests of control
  Substantive procedures

“Tests of controls are designed to evaluate the operating effectiveness of controls in preventing
or detecting and correcting, material misstatements at the assertion level.”

“Substantive procedures are designed to detect material misstatements at the assertion level.”

2. Audit Documentation: ISA 230

2.1 Audit documentation (audit file): record of;

 Audit procedures performed

 Audit evidence obtained
 Conclusions reached
Also called as audit working papers

The audit file is one or more folders in physical or electronic form that comprise the audit
documentation for the whole management.

Objective of audit documentation (ISA 230):

 A sufficient and appropriate records of the basis for auditor’s report

 Evidence that the audit was planned and performed in accordance with ISAs and
applicable legal and regulatory frameworks.

Preparation of the documents on a timely basis (ISA 230)

 The nature, timing and extent of the procedures performed

 The results of the audit procedures and the audit evidence obtained,

 Significant matters arising during the audit and the conclusion reached thereon.

The auditor is also required to document:

 Discussion of all significant matters

 How any inconsistencies with the final conclusion matters were resolved.

 Justify any departure from a basic principle or relevant procedure specified by an ISA.

2.2 Reasons for preparing sufficient and appropriate audit documentation:

 Enhance the quality of the audit

 Facilitate the effective review and evaluation of the audit evidenced

 Documentation at the time of the work is more accurate than the documentation prepared
later.

Other Purpose:

 Assisting the audit team in plan and perform

 Assisting supervisors in detecting and supervising

  Ensures members of the audit teams are accountable

 Keeping a record of significant matters

 Enable an experienced auditor to conduct quality control reviews and other inspections

2.3 The form, content and extent of audit documentation

1) Audit programs
2) Analyses
3) Summaries of significant matters
4) Letters of confirmation and representation
5) Checklists,
6) Correspondence

Types of audit file:

1) Permanent file: records the information that is likely to have significance in all audits of
that client.
 The legal constitution of the client
 Other important legal documents such as loan agreements
 A summary of the history, development and ownership of the business
 A summary of accounting systems and procedures
 Copies of previous years financial statements
2) Current file: contains information of relevance to the current year’s audit.
 The final statements and the audit report
 A summary of the audit adjustments, included unrecorded final reported figures.
 Audit planning material (Ch. 3)
 Audit control measures (time budgets, review points, and points for
consideration by the partner)
 Audit letters

For each audit areas (Inventory, receivables….)

 An audit program (detailing the work to be done on that area)

  Details of items selected for testing, the tests performed, problems encountered and the
conclusion

 ‘lead schedules’ giving the figures for the audit area.

All working papers should be clearly shows:

 The name of the client

 The accounting date

 A file reference

 The name of the person preparing the working papers

 The date of the paper was prepared

 The name of the any person reviewing the work and the extent of such review

 The date of the review

 A key to ‘audit ticks’ or other symbols used in the paper

 A listing of any errors or omissions identified

 A conclusion of the area

Assembly of the final audit file:

 Exclude the drafts of working papers or financial statements or notes

 Must not delete or discard audit documentation

Modification in the documentation

 When and by whom the modification were made

  The reasons for making them

Post dates exceptional circumstances as auditor;

 Has to perform new and additional procedures

 Reaches new conclusions

The auditor is required to document:

 The circumstances
 New or additional procedures performed, audit evidence, conclusions and effect on
auditor’s report
 When and by whom the resulting changes to documentation were made and who
reviewed them

2.4 The use of computer-based audit working papers

o Help analysis schedules

o Help lead schedules

o Draft financial statements

Automatically cross referenced and updated as the audit proceeds

 Advantages:

o Neat, easy to read and in standard form

o The risk of errors in processing adjustments is reduced

 Updates, amendments and correction

o The review process can be carried out remotely

o Significant time savings

2.5. Ownership, Custody and confidentially

Ownership of the documentation rests with the auditor.

  Working papers

ISA 230 requires a minimum period of 5 years from the date of report.

Companies Act, 2017 specifies a 10 years retention requirement

As per the auditing standards;

 Contents are kept confidential

 Available to third party as per the ethical guidelines.

2. Audit sampling: ISA 530

3.1 The nature of sampling

Checking 100% population

1. They select a sample of items for testing and test the sample for accuracy/reliability.

2. Sampling is not always appropriate for auditing

3. If a sample consists of small items of large items

4. Sample is only appropriate when the population is homogenous

Uses of Sampling

1. Sampling in auditing involves applying audit procedures to less than the entire population of
items subject to audit.

2. Sample should be representative of the population

3. Reflect the characteristics of the population as a whole.

4. The larger the sample, the more likely it will be representative

5. Large sample are more time-consuming

6. Using Sampling

3.2 The relationship between sampling and the audit risk model

Sampling risk can be analyzed into sub-risks:

 a. Sampling risk: the risk that the auditor’s conclusion based on a sample may be
different from the conclusion had he tested the entire population.

i. Sample not representative of population

ii. Conclusion drawn are unjustified and incorrect

iii. Higher sampling risk

b. Non-sampling risk: the risk that the auditor reaches an incorrect conclusions for
reasons other than the sampling risk.

i. Occurs due to factors involving errors

ii. Incompetence of the audit team

iii. Tight deadlines

c. To control detection risk, the auditor needs to control the sampling risk.

3.3. Sampling risk and Statistical sampling: Objective of the auditor in

sampling is;

To provide a reasonable basis for the auditor to draw conclusions about the population from
which the sample is drawn.

Acceptance of Wrong Rejection of Right

Test of Controls Controls are more effective then they Controls are less effective
actually are
actually are
 Test of Details Material misstatements does not exist Material misstatements exists w
when in fact it does
fact it does not

Effect on Audit Affects audit effectiveness Affects audit efficiency

(leads to inappropriate opinion)

ISA 530 distinguishes between statistical and non-statistical sampling:

 Statistical sampling involves random selection and applies probability theory to the
evaluation of the sample results and the measurement of sampling risk.

 Non-statistical sampling (judgmental) is based on judgmental opinion by the auditor

about the results of the sample.

3.4 Sampling design, size and selection of items for testing:

The auditor is required by ISA 530 to:

 Consider the purpose of the audit procedures and t2he population from which sample
will be drawn
  Determine a sample size sufficient to reduce sampling risk to an acceptable low level.

 Select items such as each unit in the population has an equal chance of selection

Key decisions by auditor:

 The sampling approach to be used

 The characteristics of the population

 The sample selection method

 What constitutes a misstatement or deviations

 The ‘tolerable’ misstatement or rate of deviation

 The ‘expected’ misstatement or rate of deviation

Statistical sampling Vs non-statistical sampling:

Benefits of statistical sampling;

 Provides an objective, mathematical precise basis for the sampling process.

 The required sample size can be calculated precisely

 Existence of circumstances where statistical sampling works more efficiently.

Disadvantages;

 A degree of training and technical expertise is required for usage of statistical techniques
effectively.

 Requires an investment in necessary training of audit staff.

 Sample size may be larger, thus increasing the time and cost involved in the audit.

 Some auditors take the view that it is preferable to rely on the skill , experience and
judgement of the auditor, rather than on mathematical/statistical models

The characteristics of the population from which the sample is to be drawn

 “The entire set of data from which a sample is to be selected and about which the auditor
wishes to draw conclusion”

Example:

Note: All sampling units should be homogenous.

 If the objective of the audit testing is to confirm the accuracy of trade receivable
balances, the population should include all trade receivables balances as at specified date.
 If the audit objective might be more limited in scope – perhaps to confirm the accuracy of
those trade receivable balances in excess of Rs. 500,000. the population then consists of
all receivable balances over Rs.500,000.

In case of non-homogenous population,

Suppose that the trade receivables balances have been processed through two different
accounting systems (computerized accounting system and paper based system). The population
of receivables could be divided into two segments (or strata) and a sample could be selected for
testing from each strata. This techniques is known as stratified sampling.

The sample selection method

1) Random Sampling: All items in the population have an equal chance of selection.

2) Systematic Sampling: A random starting point is chosen from the population and then items
are selected with a standard gap between them.

3) Haphazard sampling: The auditor selects the sample on an arbitrary basis. E.g; choosing
any 100 invoices from a file.

a. Not a significantly valid method

4) Block Sampling: The auditor selects a complete block of sampling units from the
population (invoices of May)

What constitutes a misstatement or deviation?

If the purpose of the audit procedure is to gain evidence on the accuracy of the
statement of financial position figure for trade receivables, an error involving the posting of an
invoice to a wrong customer account does not affect the statement of financial position total and
has no impact on the objective of the testing.

Tolerable misstatement or rate of deviation:

Tolerable misstatements is a monetary amount set by the auditor in order to address the risk that
the total of individually immaterial misstatements may cause the financial statements to be
materially misstated.

 Application of performance materiality

The tolerable rate of deviation is a rate of deviation from prescribed control procedures which
the auditor is prepared to accept and still be able to conclude that the financial statements are
materially correct.

The smaller the misstatements or rate of deviation, the greater the required sample size.

Expected misstatement or rate of deviation

The higher the expected misstatement or rate of deviation, the greater the required sample size.
It is based on such factors:

 Experience of the population from previous audits

 Experiences from the current audit on areas relating to the population.

If the auditor has discovered inaccuracy in the client’s sale invoicing procedures, the expected
misstatement related to trade receivables will also be high.

3.5 Performing audit procedures on the sample:

The auditor is required by ISA 530 to:

 Perform appropriate audit procedures

 If the audit procedure is not applicable to the selected item, the auditor must perform
the procedure on a replacement item.

 If the auditor is unable to apply the procedure (or a suitable alterative) to the selected
item, that item must be treated as a misstatement/deviation.
  lost document

 investigate the nature and cause of any misstatements/deviations and evaluate their
possible effect.

 lead the auditor to conclude that the problem lies within one time period, type of
transaction, or location.

 if the auditor considers the misstatement or deviation to be an anomaly, then he

perform additional procedures to obtain evidence that the error will not effect the rest
of the population.

3.6 Projecting misstatements and evaluating the results of audit sampling:

The auditor is required to evaluate;

 The results of the sample

 Test of details will include the misstatements from sample to population

 The use of audit sampling has provided basis for conclusion about the population.