3/22/2023

Chapter 5:
Audit evidence
F U N D A M E N TA L S O F A U D I T I N G

PHD. THAO BUI

2023

Learning objectives
• Know definition of evidence and its requirements
• Distinguish between the concepts of sufficient
and appropriate as they apply to audit evidence.
• List and describe types of audit evidences.
• Describe the purposes of audit procedures.
• Know what audit files are, and forms of audit
files

1
 3/22/2023

Reference
VSA 230 “Audit Documentation”
VSA 315 “Identifying and assessing the ROMM through understanding the entity and its environment”.
VSA 320 “Materiality in planning and performing an audit”.
VSA 500 “Audit evidence”
VSA 520 “Analytical Procedures”
VSA 580 “Written representations”
VSA 610 “Using the work of internal auditors”
VSA 620 “Using the work of auditor’s expert”

Content
1. Audit evidence
2. Types of audit evidence
3. Audit procedures
4. Special audit evidences
5. Audit sampling
6. Audit files

2
 3/22/2023

1. Audit evidence

Audit evidence
• Being all the information used by the
auditor in arriving at the conclusions
on which the audit opinion is based
• Including the information contained in
the accounting records underlying the
FSs and other information.

3
 3/22/2023

Objective of the auditor

To design and perform audit procedures in such a way as to enable the
auditor to obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the auditor’s opinion.

Sufficiency Appropriateness
Measure of the quantity of Measure of the quality of audit evidence
audit evidence - its relevance and its reliability

The sufficiency and appropriateness of audit evidence are interrelated.

 Sufficiency of audit evidence

• auditor’s assessment of the  The higher the assessed
risks of misstatement risks, the more audit
evidence is likely to be
Measure of the required
quantity of
audit evidence
 The higher the quality, the
• reliability of the evidence less may be required

4
 3/22/2023

 Appropriateness of audit evidence

 Appropriateness  Influenced by its
(pertinence) of the relevance reliability source, nature,
evidence to the and dependent
audit objective on the individual
being tested
Measure of circumstances
the quality under which it is
of audit obtained.
evidence

Appropriateness of audit evidence – Relevance

 Relevance deals with the logical connection with, or bearing upon, the
purpose of the audit procedure and, where appropriate, the assertion under
consideration.
• The relevance of information to be used as audit evidence may be affected by
the direction of testing.

5
 3/22/2023

Appropriateness of audit evidence – Relevance

Examples:
• If the purpose of an audit procedure is to test for overstatement in the existence or valuation of
accounts payable, testing the recorded accounts payable may be a relevant audit procedure.
• When testing for understatement in the existence or valuation of accounts payable, testing the
recorded accounts payable would not be relevant, but testing such information as subsequent
disbursements, unpaid invoices, suppliers’ statements, and unmatched receiving reports may
be relevant.
• Inspection of documents related to the collection of receivables after the period end may
provide audit evidence regarding existence and valuation, but not necessarily cutoff.
• Obtaining audit evidence regarding a particular assertion, for example, the existence of
inventory, is not a substitute for obtaining audit evidence regarding another assertion, for
example, the valuation of that inventory.

Appropriateness of audit evidence – Reliability

 Reliability of the audit evidence itself, is influenced by its source and its nature, and the
circumstances under which it is obtained, including the controls over its preparation and
maintenance where relevant.
Least reliable Most reliable
Source relative to client Internal (from inside client) External (from outside client)
Person: employee or auditor Employee of company External auditor
Person: employee or 3rd party Employee of company Third party
Independence of provider Associated with company Not associated with company
Qualification of provider Little knowledge of subject Expert in subject
Operation of internal controls Not in operation Effective operations

6
 3/22/2023

2. Types of audit evidence

2.1. Documentary Evidence

 Documentary evidence includes a variety of records in
support of the company’s business and accounting
information system, including checks, invoices,
contracts, and minutes of meetings.
• The competence of documentary evidence depends
partly on whether it was created within the company
(e.g., a sales invoice) or outside the company (e.g., a
vendor’s invoice).

7
 3/22/2023

2.1. Documentary Evidence

Documentary evidence Source Store Examples
 Documentary Evidence Created External (from Transmitted - Cut-off bank statement
outside the Client Organization outside client) Directly to the
and Transmitted Directly to the Auditors
Auditors
 Documentary Evidence Created External (from Stored in the - Bank statements, vendors’ invoices
outside the Client Organization outside client) client’s premise and statements, property tax bills,
and Held by the Client notes payable, contracts, customers’
purchase orders, and stock and
bond certificates.
 Documentary Evidence Created Internal (from Stored in the - Sales invoices, shipping notices,
and Held within the Client inside client) client’s premise purchase orders, receiving reports,
Organization and credit memoranda.

2.2. Physical Evidence

 Physical evidence is audit evidence that the auditors can obtain by examining
an asset that physically exists
• Physical examination or observation provides high-quality evidence as to the
existence of certain assets, but generally it needs to be supplemented by
other types of evidence to determine the ownership, proper valuation, and
condition of those assets.

8
 3/22/2023

3. Audit procedures

3.1. Inspection
3.2. Observation
3.3. Inquiry and confirmation
3. Audit 3.4. Computations
procedures 3.5. Reperformance of the controls
3.6. Analytical procedures
3.7. Oral and written client representations

9
 3/22/2023

3.1. Inspection
 Inspection of Records or Documents  Inspection of Tangible Assets
• Inspection consists of examining records • Inspection of tangible assets consists
or documents, of physical examination of the
 whether internal or external, assets.
 in paper form, electronic form, or other
media.

• Providing audit evidence of varying degrees of • Providing reliable audit evidence with respect
reliability, depending on their nature and to their existence, but not necessarily about
source and on the effectiveness of the the entity’s rights and obligations or the
controls over their production. valuation of the assets.

3.2. Observation
Observation
consisting of looking at a process or
procedure being performed by others

• Providing audit evidence about the performance

of a process or procedure
• Limited to the point in time at which the
observation takes place
• The act of being observed may affect how the
process or procedure is performed.

10
 3/22/2023

3.3. Inquiry and Confirmation

 Inquiry consists of seeking information of knowledgeable persons inside or
outside the entity.
 Confirmation consists of the response to an inquiry to corroborate information
contained in the accounting records.
 Purposes of inquiry and confirmation for the auditors:
 To obtain evidence of the operation of internal controls;
 To obtain evidence of the recognition by the client’s customers and counterparties
of amounts, terms and conditions of certain transactions; and
 To obtain information not directly available from the client’s accounting records.

Forms of confirmations
 Positive confirmation
• Asking the recipient (debtor, creditor, or other
third party) to confirm agreement or by
asking the respondent to fill in information.
• Expected to provide reliable audit evidence,
by asking the respondent to fill in the amount/
information.
• May resulting in lower response rates
because additional effort is required of the
respondents.
• Preferred when inherent or control risk is
assessed as high.
 Negative confirmation
• Asking the respondent to reply only in the event
of disagreement with the information provided
in the request – not sure confirmation received
and verified by the third parties
• Ordinarily providing less reliable evidence, and
other substantive procedures needed
• Negative confirmation requests may be used to
reduce audit risk to an acceptable level when:
 assessed level of inherent and control risk is low;
 a large number of small balances is involved;
 a substantial number of errors is not expected;
 no reason for these requests to be disregarded

11
 3/22/2023

3.4. Computations
 Computation consists of checking the arithmetical
accuracy of source documents and accounting records or
performing independent calculations.
• Including reviews to determine if the same information
is entered correctly in point-of-sales records, receiving
reports, journals, subsidiary ledgers and summarized in
the general ledger.
• Computation evidence is relatively reliable because the
auditor performs it.

3.5. Reperformance of the controls

 Reperformance is the auditor’s independent execution of procedures or
controls that were originally performed as part of the entity’s internal control.
• Example:
– tracing the sales prices on a sales invoice to the authorized price list in effect at the
date of operation
– reperforming the aging of accounts receivable

12
 3/22/2023

3.6. Analytical procedures

Analytical procedures
 consist of evaluations of financial information through analysis of
relationships among both financial and non-financial data.
 consist of the analysis of significant ratios and trends including the
resulting investigation of fluctuations and relationships that are inconsistent
with other relevant information or deviate from predicted amounts.

3.7. Oral and written client representations

 Oral inquiries are usually made throughout the audit.
• auditors should consider the knowledge, objectivity, experience,
responsibility, and qualifications of the individual being questioned
• auditors should use carefully structured questions to address relevant
issues.
• Client replies should be carefully evaluated and, as appropriate, followed up
with additional questions.

13
 3/22/2023

3.7. Oral and written client representations

 Auditors also obtain written representations from clients.
 At the conclusion of the audit, the auditors obtain from the client a written
representation letter summarizing the most important oral representations made
by management during the engagement.

3.7. Oral and written client representations

• The representations generally fall into the following broad categories:
 All accounting records, financial data, and minutes of directors’ meetings have been
made available to the auditors.
 The FSs are complete and were prepared in conformity with the accounting principles.
 Management believes that the adjusting entries brought to its attention by the auditors
and not recorded are not material, individually or in the aggregate.
 Management acknowledges its responsibility to design and implement programs and
controls to prevent and detect fraud and to disclose information to the auditors on alleged
or suspected fraud.
 All items requiring disclosure (such as loss contingencies, illegal acts, and related party
transactions) have been properly disclosed.

14
 3/22/2023

4. Special audit evidences

4. Special audit
evidences
4.1. Management representation
letter
4.2. Using the work of a specialist
4.3. Using the work of another
auditor
4.4. Consideration of the work of
internal auditors

15
 3/22/2023

4.1. Management representation letter

 Written representation – A written statement by management provided to the
auditor to confirm certain matters or to support other audit evidence.
• Written representations are necessary information that the auditor requires
in connection with the audit of the entity’s FSs.
• Written representations are audit evidence

4.1. Management representation letter

 Written representations from management:
 more reliable than verbal confirmation
 acknowledging the management’s responsibility for the fair presentation of the FSs in
accordance with the applicable financial reporting framework, and its approvement for the FSs
 other sufficient appropriate audit evidence cannot reasonably be expected to exist
 reducing the possibility of misunderstandings between the auditor and management
 acknowledging the management’s responsibility for the design and implementation of
internal control to prevent and detect error; and
 acknowledging the management’s belief that effects of uncorrected FS misstatements
aggregated by the auditor during the audit are immaterial, both individually and in the
aggregate, to the FSs taken as a whole

16
 3/22/2023

 Forms of a written representation:

• A representation letter from management;
• A letter from the auditor outlining the auditor’s understanding of
management’s representations, duly acknowledged and confirmed by
management; or
• Relevant minutes of meetings of the BOD or similar body or a signed
copy of the FSs.

4.1. Management representation letter

Basic Elements of a Management Representation Letter

• addressed to the auditor, containing specified information and be
appropriately dated and signed; dated the same date as the auditor’s report.
• ordinarily be signed by the members of management who have primary
responsibility for the entity and its financial aspects based on the best of their
knowledge and belief.
• refusal to provide a representation may constitutes a scope limitation and the
auditor should express a qualified opinion or a disclaimer of opinion.
• obtaining a representation letter on every engagement is required
• not a substitute for other necessary audit procedures but serving several
important audit purposes.

17
 3/22/2023

Management Representation Letter

 Representation Letter is not a substitute for other necessary audit procedures
but serving several important audit purposes:
 To remind the client officers/ management of their primary and personal
responsibility for the FSs
 To document in the audit working papers the client’s responses to the
significant questions asked by the auditors during the engagement.
 To be the only evidence available with respect to management’s future
intentions.

4.2. Using the work of a specialist/ an expert

 Auditor’s expert/ specialist
 An individual or organization possessing
expertise in a field other than accounting
or auditing, whose work in that field is used
by the auditor to assist the auditor in
obtaining sufficient appropriate audit
evidence.
 An auditor’s expert may be either an
auditor’s internal expert (who is a partner or
staff, including temporary staff, of the
auditor’s firm or a network firm), or an
auditor’s external expert.
 Expertise in a field other than accounting or
auditing may include:
• Valuation of complex financial instruments, land
and buildings, plant and machinery, jewelry, works
of art, etc.
• Calculation of liabilities associated with insurance
contracts or employee benefit plans.
• Estimation of oil and gas reserves.
• Valuation of environmental liabilities, and site clean-
up costs.
• Interpretation of contracts, laws and regulations.
• Analysis of complex or unusual tax compliance
issues.

18

4.2. Using the work of a specialist/ an expert
 The objectives of the auditor are:
a) To determine whether to use
the work of an auditor’s expert;
and
b) If using the work of an auditor’s
expert, to determine whether
that work is adequate for the
auditor’s purposes.
4.2. Using the work of a specialist/ an expert
 Issues to consider in determining the
nature, timing and extent of procedures
relevant to experts:
 The nature of the matter to which that expert’s
work relates;
 The risks of material misstatement in the matter
to which that expert’s work relates;
 The significance of that expert’s work in the
context of the audit;
 The auditor’s knowledge of and experience with
previous work performed by that expert; and
 Whether that expert is subject to the auditor’s firm’s
quality control policies and procedures.
3/22/2023
 Using the work of an auditor’s
expert:
 Not reduce the auditor’s sole
responsibility for the audit opinion
expressed
 may be accepted as appropriate
audit evidence
 Evaluating the competence, capabilities
and objectivity of the auditor’s expert
 Obtaining a sufficient understanding of the
field of expertise of the expert
 Agreement with the auditor’s expert:
nature, scope and objectives of work, roles
and responsibilities, nature, timing and
extent of communication, form of any
report, confidentiality
 Evaluating the adequacy of the auditor’s
expert’s work
19
 3/22/2023

4.3. Using the work of

another auditor
 When the principal auditor uses the work
of another auditor, the principal auditor
should determine how the work of the
other auditor will affect the audit.

4.3. Using the work of another auditor

 “Principal auditor” means the auditor with responsibility for reporting on the FSs of an
entity when those financial statements include financial information of one or more
components audited by another auditor.
 “Other auditor” means an auditor, other than the principal auditor, with responsibility
for reporting on the financial information of a component which is included in the FSs audited
by the principal auditor.
 “Component” means a division, branch, subsidiary, joint venture, associated company
or other entity whose financial information is included in FSs audited by the principal auditor.

20
 3/22/2023

4.3. Using the work of another auditor

 When planning to use the work of another auditor, in the context of the specific
assignment, the principal auditor should
 Consider the professional competence of the other auditor.
 Perform procedures to obtain sufficient appropriate audit evidence, that the work of the
other auditor is adequate for the principal auditor’s purposes.
 The principal auditor would advise the other auditor of:
• Independence requirements and written representation as to compliance with them;
• The use of the other auditor’s work, report and sufficient arrangements for the
coordination between the auditors
• The accounting, auditing and reporting requirements and obtain written representation
as to compliance with them.

4.3. Using the work of another auditor

 When the principal auditor concludes that
 the work of the other auditor cannot be used, and
 the principal auditor has not been able to perform sufficient additional
procedures regarding the financial information of the component audited by the
other auditor,
 the principal auditor should express a qualified opinion or disclaimer of
opinion because there is a limitation in the scope of the audit.

21
 3/22/2023

4.4. Consideration of the work of internal

auditors
 If the internal auditors’ work is relevant
and efficient, the auditors should
• Assess the competence and objectivity of the
internal auditors: educational level, professional
experience, and professional certifications of the
internal auditors
• Evaluate and test the internal auditors’ work:
scope of work, quality of programs and reports.

5. Audit sampling

22
 3/22/2023

5. Audit 5.1. Definition

sampling 5.2. Types of audit sampling

5.1. Definition
Audit sampling (sampling)
• Not enough time, • Not absolute precision
The application of audit procedures to expenses to check all of FS
less than 100% of items within a transactions and • Conclusion on FS
accounts without material
population of audit relevance such that misstatements
all sampling units have a chance of • Misapplying necessary
selection in order to provide the auditor audit procedures
with a reasonable basis on which to Reasonable
Effectiveness
draw conclusions about the entire assurance
population.

23
 3/22/2023

Audit sampling

Enables the
to form or assist in
auditor to obtain
forming a
and evaluate
conclusion
audit evidence
Audit sampling about some
concerning the
population from
characteristic of
which the sample
the items
is drawn
selected

Audit sampling risks

Sampling
sampling
risk The risk that the
auditors’ conclusion
based on a sample
might be different from
the conclusion they
would reach if they
examined every item in
the entire population
Non-
The risk that the
risk auditors may draw
erroneous
conclusions because
of non-sampling errors -
those due to factors not
directly caused by
sampling

24
 3/22/2023

Sampling risk
Sampling risk  Sampling risk can lead to the wrong conclusions
as follows:
the risk that the
 Conclude that the control is more effective than it
auditors’ conclusion
is (for test control), or conclude that there are no
based on a sample material misstatements in the fact there (for
might be different from check details).
the conclusion they
 Conclude that the control less effective than it
would reach if they
really is (for test control), or to conclude that there
examined every item is a material misstatement when there is no (for
in the entire check details).
population.

Sampling risk
Sampling risk
 Balance the sampling risk against the
the risk that the cost of using larger samples
auditors’ conclusion  Sampling risk is reduced by increasing
based on a sample
the size of the sample.
might be different from
the conclusion they  The increased sample size will reduce
would reach if they the efficiency audit
examined every item
in the entire
population.

25
 3/22/2023

Non-sampling risks
 Some cases can lead to non-sampling risk: Non-sampling risks
 In detection risk Auditors may also draw
 In control risk erroneous conclusions
 Audit procedures not consistent with audit objectives because of non-
sampling errors - due to
factors not directly
caused by sampling.
 Non-sampling risk can generally be
reduced to low levels through:
 effective planning and supervision of audit
engagements and
 implementation of appropriately designed
quality control procedures by the audit firm

5.2. Types of audit sampling

STATISTICAL SAMPLING NON-STATISTICAL SAMPLING

 Auditors using probability theory to  Non-statistical sampling is based on

determine the sample size from which professional judgment of the auditor.
to infer the overall results.
 Non-statistical sampling provides no
 Characteristics of statistical sampling: means of quantifying sampling risk,
so may take larger and more costly
 Elements are selected at random in
samples than are necessary, or
the sample.
unknowingly accepting a higher than
 Using statistical probability theory acceptable degree of sampling risk.
to evaluate sample results.

26
 3/22/2023

Audit sampling process

Design the Determine the
audit sampling sample size

Determine the
Evaluate
types of audit
results
sampling

Sample Design
 When designing an audit sample, the auditor shall consider
• the purpose of the audit procedure and the combination of audit
procedures that is likely to best achieve that purpose
• the characteristics of the population from which the sample will be drawn:
 For tests of controls: need to assess the expected rate of deviation based on the
auditor’s understanding of the relevant controls or on the examination of a small
number of items from the population.
 For tests of details: need to assess the expected misstatement in the population.
 Auditor may determine that stratification or value weighted selection is appropriate.

27
 3/22/2023

Sample size
 Sample size needs to be sufficient to reduce sampling risk to an
acceptably low level
• The lower the risk the auditor is willing to accept, the greater the sample
size will need to be.
• The sample size can be determined by the application of a statistically-based
formula or through the exercise of professional judgment.

Selection of Items for Testing

 Each sampling unit in the Random
selection
population needs to have a
chance of selection Systematic
• With statistical sampling: selection
Statistical
each sampling unit has a sampling
Haphazard
known probability of being selection
selected. Types of audit
sampling Monetary unit
• With non-statistical sampling
sampling: judgment is
Non-statistical Block
used to select sample sampling selection
items.

28
 3/22/2023

Selection of Items for Testing

 Random selection: applied through random number generators, for example, random number
tables.
 Systematic selection: the number of sampling units in the population is divided by the
sample size to give a sampling interval.
 Monetary Unit Sampling: a type of value-weighted selection in which sample size, selection
and evaluation results in a conclusion in monetary amounts.
 Haphazard selection: in which the auditor selects the sample without following a structured
technique, avoid any conscious bias or predictability and thus attempt to ensure that all items
in the population have a chance of selection.
 Block selection: selection of a block(s) of contiguous items from within the population –
cannot ordinarily be used in audit sampling

Evaluating Results of Audit Sampling

 For tests of controls, an unexpectedly high sample deviation rate may lead to
an increase in the assessed risk of material misstatement, unless further
audit evidence substantiating the initial assessment is obtained.
 For tests of details, an unexpectedly high misstatement amount in a sample
may cause the auditor to believe that a class of transactions or account balance
is materially misstated, in the absence of further audit evidence that no material
misstatement exists.

29
 3/22/2023

6. Audit files

6. Audit files
 The auditors usually maintain two files of working papers for each client:
• Current files for every completed audit: pertaining solely to that year’s
audit
• Permanent file of relatively unchanging data: containing such things as
copies of the articles of incorporation, which are of continuing audit interest

30
 3/22/2023

Q&A
Source of pictures: Internet

31