Audit Evidence Explained: What Is Considered Sufficient and Appropriate?

Audit evidence is the foundation of every successful audit. Auditors know that the right evidence provides a solid basis for their audit opinion. In practice, gathering audit evidence NZ professionals can trust is crucial. Understanding the specific requirements around audit evidence NZ auditors need to meet is vital. Getting the perfect balance of evidence remains one of our biggest challenges when we need to support our conclusions.

ISA (UK) 500 states that proper audit evidence helps auditors draw reliable conclusions for their audit opinion. The quality and quantity of audit evidence work together to affect overall audit quality. Quality evidence needs to be both sufficient in amount and appropriate in nature. Sufficient means having enough evidence, while appropriate relates to how relevant and reliable that evidence is.

Let’s get into what makes audit evidence in nz both sufficient and appropriate. We’ll look at ways to get different types of audit evidence nz and help you figure out when you’ve collected enough to back up your opinion.

Understanding ISA 500 and the Role of Audit Evidence

ISA 500 is the life-blood that helps auditors navigate the complex world of audit evidence. This standard helps auditors understand what counts as evidence and guides them through evidence collection.

Definition of Audit Evidence under ISA 500

ISA 500 defines audit evidence as “information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based.” The definition covers information from accounting records that support financial statements and data from other sources. Audit evidence builds up over time as we perform audit procedures throughout the engagement.

Auditors following this standard have a clear yet crucial task – they must design and execute procedures that help them get enough appropriate evidence. This evidence forms the foundations of their audit opinion.

Audit Risk and the Need for Evidence

Audit risk shows up when auditors give inappropriate opinions on financial statements with material misstatements. A simple equation explains this relationship: Audit Risk = Inherent Risk × Control Risk × Detection Risk.

Auditors need enough appropriate evidence to reduce audit risk to acceptable levels and get reasonable assurance. This process requires them to:

1. Identify and assess material misstatement risks
2. Design responsive audit procedures
3. Collect evidence that addresses these risks

The amount of audit evidence needed goes up with higher misstatement risks. Detection risk – where audit procedures miss material misstatements – can be managed better with more resilient evidence.

Audit Assertions and Their Link to Evidence

Audit assertions are the backbone of evidence collection. Management makes these implicit or explicit claims about financial statement elements. ISA standards group assertions into three main categories:

• Assertions about transactions and events: occurrence, completeness, accuracy, cutoff, classification, and presentation
• Assertions about account balances: existence, rights and obligations, completeness, accuracy/valuation/allocation, classification, and presentation
• Assertions about presentation and disclosure: occurrence, completeness, classification/understandability, and accuracy/valuation

Auditors create specific evidence gathering techniques to test these assertions. To cite an instance, they might use physical verification to check asset existence, while completeness testing needs different approaches.

Sufficiency of Audit Evidence: How Much is Enough?

Audit work faces a major challenge in figuring out what counts as “enough” evidence. The amount of audit evidence needed to back up an audit opinion defines the concept of sufficiency.

Risk of Material Misstatement and Sample Size

Risk assessment and evidence quantity share a direct link. Higher risks demand more evidence. Auditors need to get more extensive audit evidence to lower audit risk to acceptable levels when they face higher assessed risks of material misstatement. The risk-materiality relationship builds the foundation to determine sufficient evidence.

Auditors must collect extra evidence in areas with significant risks. Here are the typical high-risk areas:

• Fraud risks
• Complex transactions
• Major economic developments
• Related party transactions
• Subjective measurements with high uncertainty
• Unusual transactions outside normal business operations

Impact of Internal Control Weaknesses

Internal control effectiveness shapes evidence requirements substantially. Tests that reveal operating weaknesses force auditors to gather more evidence. The tolerable rate of deviation plays a vital role here. This rate shows the maximum deviations from prescribed controls that auditors would accept without changing their planned assessed level of control risk.

Deviations from relevant controls raise the risk of material misstatements. Yet it’s worth mentioning that these deviations don’t always lead to actual misstatements. To cite an instance, a disbursement might lack required approval documents but still be properly authorized and recorded.

Population Size and Sampling Techniques

Sample size determination rarely depends on population size, except in small populations. Populations over 2,000 sampling units can be treated as infinite for sampling purposes. Those between 200-2,000 items barely affect sample calculations. Populations under 200 items usually need smaller sample sizes.

The chosen audit sampling approach affects how evidence gets collected. Statistical sampling uses random selection where each item has equal odds of being tested. In stark comparison to this, non-statistical sampling lets auditors use their judgment rather than random methods to select items.

Appropriateness of Audit Evidence: Quality Over Quantity

Quality and quantity play different roles in audit evidence. Quality focuses on appropriateness, which means “the measure of the quality of audit evidence.” This combines both relevance and reliability that support the auditor’s final opinion.

Relevance to Financial Statement Assertions

Financial statement assertions need evidence that connects logically to support them. Evidence must directly support assertions like existence, completeness, or valuation. The evidence’s relevance depends on three key factors:

1. How well the audit procedure tests the assertion and checks for under or overstatement
2. The audit procedure’s timing
3. Detail level needed to meet audit goals

To cite an instance, bank confirmations help verify accounts receivable existence but don’t tell much about whether all transactions were recorded.

Reliability Based on Source and Nature

Reliability of evidence shows how trustworthy it is based on several factors. Evidence becomes more reliable under these conditions:

• Independent knowledgeable sources provide it
• Internal systems with good controls generate it
• Auditors collect it themselves rather than through others
• Original documents exist instead of copies or digital versions

Good internal controls that prepare and maintain information make evidence more reliable. Auditors need to check if the information gives enough detail and precision to work.

External vs Internal Evidence Comparison

External evidence originates from sources outside the entity and carries more weight since it comes from neutral third parties. Internal evidence comes from within the audited organization, which makes it less reliable because the entity controls how it’s prepared.

External sources usually go through strict verification, especially from regulated entities or those with legal requirements. Bank statements that verify cash balances make a stronger case than internal reports.

Documentary vs Oral Evidence Hierarchy

Documentary evidence stands above oral statements in the evidence hierarchy. Written records provide solid proof that people can’t easily misinterpret or deny.

Original documents beat photocopies, duplicates, or faxes in trustworthiness since copies might be altered. Auditors should back up verbal evidence with written documentation to get better reliability.

Professional Judgment in Evaluating Audit Evidence

Professional judgment lies at the heart of audit work. It acts as a compass that helps auditors make complex decisions about evidence evaluation. Auditors must find the right balance between getting enough evidence and assessing its quality throughout planning and execution.

No Fixed Threshold for Sufficiency

You won’t find a rigid formula or absolute threshold that tells you when you’ve got enough evidence. Auditors need to look at several factors to make this call. These include the risk of material misstatement, how well internal controls work, the size of what’s being tested, and how reliable the current evidence is. The auditor’s assessment plays a vital role here. High-risk areas need more evidence than sections with lower risk. Professional judgment shows how well the audit team uses their combined knowledge, skills, and expertise.

Balancing Quantity and Quality

Auditors face a key challenge in balancing evidence sufficiency and appropriateness. Higher quality evidence typically means less quantity works just fine. Getting more evidence can’t make up for poor quality. The team needs to weigh how convincing the evidence is against what it costs to get it. At some point, the cost of getting more evidence becomes greater than any added value it brings. This calls for careful professional judgment.

ISA 500 Compliance and Documentation

Documentation of key judgments during the audit serves several purposes. It explains the auditor’s conclusions and makes the quality of judgment stronger. Auditors should write down their reasoning when they need to “consider” certain information or explain their conclusions about subjective judgments. ISA 500 requires auditors to keep their professional skepticism sharp throughout the process. They must stay alert to any contradictory evidence that might weaken what they’ve already gathered.

Conclusion

We’ve explored the key components that make up sufficient and appropriate audit evidence as defined by ISA 500. Auditors face one of their biggest challenges in determining what evidence counts and how much they need.

Quality and quantity of evidence complement each other rather than working separately. High-quality evidence usually means we need less of it, but larger quantities can’t make up for poor quality evidence. This balance between these connected concepts needs careful attention during each engagement.

Our evidence-gathering approach stems from risk assessment. High-risk areas need more evidence, especially with complex transactions, fraud risks, or when we find internal control weaknesses. Evidence reliability depends heavily on its source and nature. External evidence gives more assurance than internal documentation, and written records carry more weight than oral testimony.

Professional judgment shapes our decisions when we evaluate if we have enough evidence. This involves balancing several factors at once: risk levels, control effectiveness, cost-benefit analysis, and how convincing the collected evidence is.

Auditing combines both art and science because there are no fixed rules for what counts as “enough” evidence. Technical standards guide us, but our expertise helps us make these subtle decisions with confidence. We must pair this judgment with professional skepticism to stay alert to contradictory information that might weaken previously gathered evidence.

Becoming skilled at handling sufficient appropriate audit evidence lets us meet our professional duties confidently. A solid grasp of these principles helps us issue well-supported audit opinions that stakeholders trust – the core purpose of our work as auditors.

FAQs

Q1. What constitutes sufficient and appropriate audit evidence? 

Sufficient and appropriate audit evidence refers to the quantity and quality of information gathered by auditors to support their conclusions. Sufficiency relates to the amount of evidence, while appropriateness addresses its relevance and reliability. The evidence should be enough to provide a reasonable basis for the auditor’s opinion on financial statements.

Q2. How do auditors determine the amount of evidence needed? 

Auditors determine the amount of evidence needed based on several factors, including the assessed risk of material misstatement, the effectiveness of internal controls, and the nature of the audit assertions being tested. Higher risk areas typically require more extensive evidence gathering. There’s no fixed threshold, and professional judgment plays a crucial role in this determination.

Q3. What types of audit evidence are considered most reliable? 

Generally, external evidence from independent sources is considered more reliable than internal evidence. Documentary evidence is typically more trustworthy than oral testimony. Original documents are preferred over copies or electronic versions. Evidence obtained directly by the auditor is often more reliable than information provided by the entity being audited.