Chapter 5
Audit Evidence: A Framework
Chapter Outline
I.
OVERVIEW
OF THE AUDIT MODEL
a. Auditors spend most of their time obtaining and evaluating evidence concerning the assertions management makes through the financial statements. The evidence-gathering process is the core of an audit. The auditor considers the risk associated with an account balance or other measures of business performance, the types of evidence available, and the reliability of alternative sources of evidence to develop an audit approach. Management makes assertions about a number of different things: earnings and financial conditions, the organization’s internal controls and its operations, compliance with governmental regulations, and other measures of business performance such as on time arrival information for an airline. Auditors may be called on to perform audits of these assertions. This chapter develops a framework for approaching the detailed evidence gathering process that is common across all audits. Evidence is first gathered on the factors that may affect an account balance misstatement and the risk that an account balance may be misstated. After assessing all those risks, the auditor must directly test the account balances that have a residual risk of potential misstatement. In doing these direct tests of account balances and transactions, the auditor is guided by the third standard of fieldwork, which states:
i. Sufficient, competent audit evidence is to be obtained through audit procedures performed to afford a reasonable basis for an opinion regarding the financial statements under audit.
b. Thus, the auditor must obtain an appropriate amount of reliable evidence concerning the fairness of the financial statements and their conformity with GAAP.
II. ASSERTION MODEL
a. In performing these direct tests, the auditor is guided by the overall framework of assertions that are embodied in financial statements and individual accounts. Fortunately, these assertions lead to the development of direct and efficient procedures to gather evidence. These procedures are referred to as an audit program. If financial statements are fairly presented in accordance with GAAP, then the individual account balances must exist, be complete, reflect a right or obligation, be properly valued, and be adequately presented. There are different sets of assertions for transactions, account balances, and disclosures.
III. GATHERING SUFFICIENT, COMPETENT EVIDENCE
a. When considering the best approach to gather audit evidence, the auditor needs to consider factors affecting the reliability of the financial data: management integrity, client economic risk, quality of the client’s information system, client’s control structure, and current market conditions and competitor actions. Management’s integrity and competence affect both the design and operation of the client’s information system. The client’s business, by its nature, carries distinct risks that require management and/or auditor judgment, because the economic consequences of these factors are not regularly captured by transactions-oriented computer systems. Finally, competitors may be introducing new products that will affect the marketability of inventory on hand. The auditor cannot prepare an audit program to directly test the integrity of a company’s financial statements without considering all the risk factors affecting those accounts.
b. Current auditing standards for the annual audit of an organization’s financial statements require that all four phases be performed on every audit, and that some direct tests of material account balances and transactions always be performed. However, there are two major changes affecting the nature of overall evidence gathering. First, auditors have become better at identifying various types of risk and assessing the risk that a misstatement may exist in an account balance. Second, as accounting systems increasingly become more computerized and paperless, there is a trend toward placing more emphasis on systems audits (i.e., understanding and gaining assurance about the reliability of a company’s computerized processing system). During each audit, the auditor must determine the degree of evidence needed to justify an audit opinion consistent with the audit risk model.
c. Sufficiency
i. The amount of evidence must be convincing. This is a matter of experienced audit judgment. Statistical sampling can help determine how much evidence is enough based on the quantification of audit judgments about materiality, audit risk, and sampling risk, as discussed in Chapter 9.
d. Reliability of Audit Evidence
i.
Reliability means that it is relevant to the
audit objectives. The Auditing Standards
Board has established the presumptions about the reliability of audit
evidence. Independent third-party
evidence obtained from knowledgeable individuals with adequate time and
motivation to respond to audit inquiries is preferable to internally generated
information. Evidence obtained directly by the auditor is preferable to that
obtained indirectly. Evidence from well-controlled information systems is
preferable to that from poorly controlled systems. But some evidence better
addresses specific assertions, and there will always be
a tradeoff in each audit.
e.
Internal Documentation
i. Internal documentation ranges from legal agreements to business documents to accounting documents to planning and control documents. The reliability of internal documentation can vary.
f. External Documentation
i.
External documentation
is generally considered to be highly reliable, particularly when the auditor
receives it directly. If auditors have
reason to suspect the validity of external documentation obtained from the
client, they should confirm the validity of the evidence.
ii.
Paper versus
Electronic Documentation
1.
A major challenge for
auditors is to determine which electronic data has the same degree of
reliability as paper-based documents.
Fortunately, computer systems can be designed to provide safeguards
similar to those that surround paper-based documents.
g.
Nature of Audit Testing
i.
Direct tests of
account balances are designed by determining the most efficient manner to
substantiate the assertions embodied in the account. Auditors look primarily at two basic types of
evidence: the underlying accounting data, and corroborating information that
validates this data. Auditors have
traditionally focused most audit procedures on the direct tests of account
balances (particularly the asset and liability accounts) because:
1.
There are usually
fewer items in the ending balance than are contained in the transactions that
have taken place during the year.
2.
Reliable evidence,
which can be gathered efficiently, usually exists for ending balance items more
so than it does for transactions.
3. There is a preference to focus on changes in the account balances during the year.
a. Overview of Audit Procedures
b.
Audit procedures vary
according to the risks associated with the client and the methods used to
record transactions. The auditor’s task
is to determine which procedures provide a sufficient level of evidence to
achieve the desired levels of audit risk with the least amount of audit cost.
c.
Directional Testing
i.
Directional testing
involves testing transactions or balances primarily for either over- or
under-statement, but not for both at the same time. Directional testing leads to audit efficiency
because:
1.
Misstatements of some
accounts are more likely to occur in one direction than the other.
2.
Directional testing of
an account balance provides evidence on a complementary set of accounts.
3.
Some assertions are
directional by nature.
d.
Commonly Used Audit Procedures for Direct Tests
of Account Balances and Transactions
i. A wide variety of audit procedures are used to perform direct tests of account balances.
1. Observation
a.
Observation is the
physical process of observing activities or physical assets to reach an audit
conclusion. It is most often used
to gain an understanding of a client’s processing system, including the
physical shipment and receipt of goods and separation of duties.
2.
Physical Examination
a.
Physical examination
is useful in verifying the existence of tangible assets and in identifying
potential obsolescence or signs of wear and tear.
3.
Inquiries of Client
Personnel
a. Inquiry is used extensively to gain an understanding of the accounting system, management’s plans, litigation against the organization, accounting changes, management’s assessments, etc. Inquiry is a strong source of evidence, but it is not persuasive by itself and needs to be corroborated.
4. Confirmations With Outside Parties
a.
Confirmation consists
of sending a letter to an outside party to confirm or corroborate an assertion
represented in the financial statements.
Although confirmations can be a strong source of evidence, auditors
should not place undue reliance on them.
Auditors must make sure the client does not intercept the out-going
confirmation letter or the response from the outside party. Therefore, auditors should mail the
confirmations directly with the post office and have self-addressed and stamped
return envelopes addressed to the auditor’s office, not the client’s location.
5.
Examination of Documents
a.
Much of the audit
process depends on examining documents—either in paper or electronic form. Documentation is useful for evaluating
all of the assertions. Historically, such documentation has existed on paper
and has often constituted much of the audit evidence reviewed on most audit
engagements. Whether the documentation is paper-based or electronic, the
auditor must establish the authenticity of the documentation in order to rely upon
it.
6.
Recomputation or Recalculation of Data
a.
Auditors often find it
useful to recalculate a number of client computations; recalculations include
footing, crossfooting, tests of extensions, and recomputing estimated accounts
or allowances.
7.
Reprocessing of
Transactions
a. Reprocessing involves selecting a sample from a population of source documents, such as bills of lading, and reprocessing them to be sure they have been properly recorded.
8. Vouching of Transactions
a.
Vouching takes a sample of already recorded
transactions and traces them back to their original source. Vouching helps to establish that all recorded
transactions are valid.
9.
Analytical Procedures
a.
Analytical procedures
are defined as studies of plausible relationships among both financial and
nonfinancial data and involve the comparison of recorded amounts or ratios to expectations
developed by the auditor.
e.
Application to
Assertions
i.
The text provides a
series of examples of procedures that auditors can use to gather evidence to
address specific assertions.
f.
Fixed Assets
i.
Physical examination
addresses the existence assertion for many assets, including fixed assets.
g.
Contingencies (Pending
Litigation)
i.
Management is the
primary source of information concerning the existence of pending litigation,
the probability of an unfavorable outcome, and the potential amount of
damages. Corroboration of this
information is obtained from the client’s legal counsel.
h.
Timing of Procedures
i.
The auditor must
determine when to perform audit procedures—as of or after the balance sheet
date, or at an interim date. With strong
internal controls, the risk of misstatements occurring between the interim date
and year-end is decreased.
i.
Extent of
Procedures
i.
The auditor must
decide how much evidence is needed. The
extent of testing is affected by the following and by the individual risk
preferences of the auditor:
1.
The auditor’s
assessment of the risk that the account balance may contain a misstatement;
2.
The amount of
misstatement that would be considered material;
3.
The quality of the
company’s internal controls; and
4. The persuasiveness of alternative forms of evidence.
V. AUDIT PROGRAMS AND DOCUMENTING AUDIT EVIDENCE
a. Audit Program Development
i. Audit procedures are designed to gather evidence regarding management’s assertions. An audit program specifies the procedures that should be followed in gathering, documenting, and evaluating audit evidence. Audit programs help address issues such as how many transactions need to be examined, or what population should be sampled to determine the validity of a particular account balance. It is important to note that an auditor will select the best combination of procedures used to test assertions for each client—the auditor has a wide choice of procedures that might be used to address any particular account balance.
b. Documenting Audit Evidence
i.
It is extremely
important in litigation defense that the audit process of gathering evidence,
evaluating the evidence, and reasoning to a conclusion in support of the
auditor's opinion on the financial statements be carefully planned and
documented. The documented audit work
should be able to be evaluated independently of the individuals who performed
the audit. Audit documentation serves as
the primary evidence in support of audit conclusions.
ii.
Revisions and
Retention of Audit Documentation
1.
Audit documentation
should be completed and assembled within 60 days following the audit report
release date. After that date, the auditor must retain the audit documentation
for at least five years.
iii.
Audit Planning
Documentation
1.
The planning process
lays the foundation for the audit and should be carefully documented. Interviews with key executives should be
summarized in a memo to the file.
Analytical procedures should be documented in spreadsheets or similar
documents with a clear identification of accounts that are to receive special
attention. Materiality assessments and
the overall audit approach should be summarized.
iv.
The Audit Program
1.
An audit program
specifies the actual procedures to be performed in gathering the required audit
evidence about the assertions embodied in the client's financial
statements. It is the single most
important piece of documentation in an audit engagement. Many audit firms have developed standardized
audit programs that can be modified to correspond to unique features of an
individual client.
2.
Copies of Documents
a.
Some documents
reviewed by the auditor are deemed important enough that a copy will be
included in the audit documentation. These
include both internal and external evidence.
3.
Auditor-Generated
Memos
a.
Auditors piece
evidence together and reach an opinion as to whether or not a particular
account balance might be misstated.
Auditors need to document the reasoning process and support the conclusions
they reach on particular account balances.
4.
Characteristics of
Good Audit Documentation
a.
Well-developed audit
documentation contains:
i.
A heading
ii.
Initials or electronic
signature of the auditor performing the test and date it was performed
iii.
Initials or electronic
signature of person(s) reviewing the documentation and date
iv.
Description of tests
performed and findings
v.
An assessment of
whether the tests indicate the possibility of a material misstatement
vi.
Tickmarks/legend
indicating the nature of the work performed
vii.
Index to identify the
location of papers
viii. Cross-reference to related documentation, when applicable
b.
The public accounting firm must have a policy on
the length of time documentation should be retained. The Sarbanes/Oxley Act requires that the
audit documentation for audits of public companies be retained for at least
seven years.
5.
Example Audit Program
To Directly Test Account Balances
a. The text contains a detailed audit program for testing inventory.
VI. Auditing Account Balances Affected by Management’s Estimates
a. There are many balances that are based on appraisals and/or management estimates and assumptions. Earnings management often involves manipulating these estimates and assumptions to achieve desired earnings goals. Auditors must take special care in evaluating the reasonableness of these estimates.
b. Evidence
i. There is usually hard evidence that can be gathered in evaluating estimates. Auditors should find out and evaluate the processes used by management in making its estimates. The results of those processes can be tested. Economy-based estimates need to be independently evaluated. Asset impairment is based on either appraisals or estimates of future cash flows. If appraisals are done by professional appraisers, the auditor should determine the qualifications and reputation of the appraisers. Estimates of future cash flows need to be analyzed for the reasonableness of the assumptions.
VII. Importance of Quality Review
a. Audits of corporations subject to SEC regulation (public companies) must be subjected to a concurring partner review before the audit report is issued. The concurring partner should be a partner who is not otherwise involved in the audit, but who has knowledge of the client’s business and industry. The purpose of this review is to help ensure that the evidence documented adequately supports the audit opinion. It serves as a double check on the quality of the audit.