1. This standard explains what constitutes audit evidence and establishes requirements regarding designing and performing audit procedures to obtain sufficient appropriate audit evidence.
2. Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor's opinion is based. Audit evidence consists of both information that supports and corroborates management's assertions regarding the financial statements or internal control over financial reporting and information that contradicts such assertions.
3. The objective of the auditor is to plan and perform the audit to obtain appropriate audit evidence that is sufficient to support the opinion expressed in the auditor's report.1/
Sufficient Appropriate Audit Evidence
4. The auditor must plan and perform audit procedures to obtain sufficient appropriate audit evidence to provide a reasonable basis for his or her opinion.
5. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the following:
6. Appropriateness is the measure of the quality of audit evidence, i.e., its relevance and reliability. To be appropriate, audit evidence must be both relevant and reliable in providing support for the conclusions on which the auditor's opinion is based.
Relevance and Reliability
7. Relevance. The relevance of audit evidence refers to its relationship to the assertion or to the objective of the control being tested. The relevance of audit evidence depends on:
8. Reliability. The reliability of evidence depends on the nature and source of the evidence and the circumstances under which it is obtained. For example, in general:
9. The auditor is not expected to be an expert in document authentication. However, if conditions indicate that a document may not be authentic or that the terms in a document have been modified but that the modifications have not been disclosed to the auditor, the auditor should modify the planned audit procedures or perform additional audit procedures to respond to those conditions and should evaluate the effect, if any, on the other aspects of the audit.
Using Information Produced by the Company
10. When using information produced by the company as audit evidence, the auditor should evaluate whether the information is sufficient and appropriate for purposes of the audit by performing procedures to:3/
Financial Statement Assertions
11. In representing that the financial statements are presented fairly in conformity with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation, and disclosure of the various elements of financial statements and related disclosures. Those assertions can be classified into the following categories:
12. The auditor may base his or her work on financial statement assertions that differ from those in this standard if the assertions are sufficient for the auditor to identify the types of potential misstatements and to respond appropriately to the risks of material misstatement in each significant account and disclosure that has a reasonable possibility4/ of containing misstatements that would cause the financial statements to be materially misstated, individually or in combination with other misstatements.5/
Audit Procedures for Obtaining Audit Evidence
13. Audit procedures can be classified into the following categories:
14. Paragraphs 15-21 of this standard describe specific audit procedures. The purpose of an audit procedure determines whether it is a risk assessment procedure, test of controls, or substantive procedure.
15. Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or physically examining an asset. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records for evidence of authorization.
16. Observation consists of looking at a process or procedure being performed by others, e.g., the auditor's observation of inventory counting by the company's personnel or the performance of control activities. Observation can provide audit evidence about the performance of a process or procedure, but the evidence is limited to the point in time at which the observation takes place and also is limited by the fact that the act of being observed may affect how the process or procedure is performed.8/
17. Inquiry consists of seeking information from knowledgeable persons in financial or nonfinancial roles within the company or outside the company. Inquiry may be performed throughout the audit in addition to other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.9/
18. A confirmation response represents a particular form of audit evidence obtained by the auditor from a third party in accordance with PCAOB standards.10/
19. Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically.
20. Reperformance involves the independent execution of procedures or controls that were originally performed by company personnel.
21. Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data. Analytical procedures also encompass the investigation of significant differences from expected amounts.11/
Selecting Items for Testing to Obtain Audit Evidence
22. Designing substantive tests of details and tests of controls includes determining the means of selecting items for testing from among the items included in an account or the occurrences of a control. The auditor should determine the means of selecting items for testing to obtain evidence that, in combination with other relevant evidence, is sufficient to meet the objective of the audit procedure. The alternative means of selecting items for testing are:
23. The particular means or combination of means of selecting items for testing that is appropriate depends on the nature of the audit procedure, the characteristics of the control or the items in the account being tested, and the evidence necessary to meet the objective of the audit procedure.
Selecting All Items
24. Selecting all items (100 percent examination) refers to testing the entire population of items in an account or the entire population of occurrences of a control (or an entire stratum within one of those populations). The following are examples of situations in which 100 percent examination might be applied:
Selecting Specific Items
25. Selecting specific items refers to testing all of the items in a population that have a specified characteristic, such as:
26. The auditor also might select specific items to obtain an understanding about matters such as the nature of the company or the nature of transactions.
27. The application of audit procedures to items that are selected as described in paragraphs 25-26 of this standard does not constitute audit sampling, and the results of those audit procedures cannot be projected to the entire population.12/
28. Audit sampling is the application of an audit procedure to less than 100 percent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class.13/
Inconsistency in, or Doubts about the Reliability of, Audit Evidence
29. If audit evidence obtained from one source is inconsistent with that obtained from another, or if the auditor has doubts about the reliability of information to be used as audit evidence, the auditor should perform the audit procedures necessary to resolve the matter and should determine the effect, if any, on other aspects of the audit.