Audit Evidence Protects the Auditor from failure
a. Age old dilemma continues
Auditor’s are expected to provide an unbiased and objective opinion on the facts they have examined. Boards and shareholders expect that the Auditor’s opinion must be near precise, however, auditing standards prescribe that auditor’s opinion is reasonable and not absolute as the auditors are never able to scrutinize all accounting and business transactions on a 100% basis. This expectation gap seems to be never narrowing down. Surprises such as occupational frauds and unidentified errors by auditors lead to a larger divide. A simplistic solution can be found in the compound of audit evidence.
Facts collected and probed during audit through enquiry, observation, analysis, verifications, confirmations, re-performances, bench marking, etc that provide a reasonable basis for forming an opinion on the subject matter of audit is popularly referred to as “audit evidence”.
b. Audit evidence is the basis of Auditor’s Opinion
How does the auditor get to the right facts? – basis audit evidence.As per Auditing Standard 15 issued by PCAOB/SEC, Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence consists of both information that supports and corroborates management’s assertions regarding the financial statements or internal control over financial reporting and information that contradicts such assertions.
Audit working papers should clearly establish the test of sufficiency and reliability of audit evidence, in addition to providing actual details of audit sampling. Audit evidence as documented in the audit working paper provides a record of the evidence accumulated and the results of the controls tested. This is the primary means of documenting that an adequate audit was performed. While performing audit procedures auditors may collect information beyond accounting records (internal) such as industry reports (external) from reliable sources for recording the evidence with valid reasoning for using such external sources and reaching suitable conclusions. When the auditor collects evidence from external sources, he should make sure that the source is independent and knowledgeable.
c. Use case analysis
For instance, in a payroll audit the auditor would be expected to opine on whether the payroll output and registers are accurate, reliable and complete. The auditor would be expected to examine the employee master, payroll muster, leave records, payroll computation files, labour law related obligations, etc.
As the auditor is not in a position to review on a 100% basis, he would be expected to carry out a risk assessment exercise to identify high risk areas and thereafter devise a sampling strategy to probe transactions and records that would give best results. Let us take a closer look at one such high risk area and what could be the audit evidence to reach the opinion stage. Payroll computation errors is a high-risk area that may result in direct financial loss and low employee morale. Auditor may select the payroll computation sheet for 2 to 3 months keeping mind those months that have higher possibility of error impact say months where increments were given, or year-end month, or bonus payout month and thereafter re-calculate the payroll computation exercise to check for formula errors, logical inconsistencies, data errors, etc. The act of re-calculation of payroll computation should be recorded in the form of an “audit evidence sheet” to support the auditor’s opinion, capturing the re-calculation process, the test results observed, payroll computation sheets, logic for sampling, etc.
d. Two-test theory to reach sufficient and appropriate audit evidence
There are two primary tests that auditors shall satisfy on audit evidence viz.,
1. Sufficiency of audit evidence to support the audit opinion that is the auditor must collect audit evidence in enough quantity. Auditors generally prefer identification of specific and material items for testing from the population. As per Auditing Standards the auditor may decide to select specific items within a population because they are important to accomplishing the objective of the audit procedure or exhibit some other characteristic, e.g., items that are suspicious, unusual, or particularly risk-prone or items that have a history of error.
2. Reliability of audit evidence that is the source from which the audit evidence is gathered must be bona fide. Evidence obtained directly by the auditor is always considered as more reliable than evidence collected indirectly.
e. Requirements of SIA 320 on Internal Audit Evidence issued by ICAI
The new SIA requires that the internal audit function shall collect and record all internal audit evidence by maintaining a written process. This process shall be in writing and shall explain the way audit evidence is to be gathered, reviewed, documented and stored as per Standards of quality and in conformance to the Standards on Internal Audit. The written processes around collecting, recording, re-producing of audit evidences shall form part of internal audit documentation/internal audit manual.
The SIA requires that audit evidence gathered should be recorded in such a manner that it can be re-produced (if in digital form) and reviewed independently of the Internal Auditor. Details of the evidence collected, relevance to the audit findings and opinion being formed, cross referenced to the Internal Audit Program, where appropriate. This Standard is to be notified by the Council of the Institute.
f. Quality of audit evidence will protect Mr. Auditor
As per IAASB ISA 500 the sufficiency and appropriateness of audit evidence are interrelated. Obtaining more audit evidence, however, may not compensate for its poor quality.
Auditors in certain cases don’t receive sufficient information or where there is absence of information (for example, management’s refusal to provide a requested representation), here refusal also constitutes audit evidence and should be documented to protect the interests of the auditor.
Auditors can protect themselves by balancing the twin objectives of achieving sufficiency and reliability of audit evidence through well-reasoned audit procedures,use of risk assessment and test of details; collect audit evidence and evaluate the evidence by combining multiple procedures to reach near precise conclusions.