CAS 200.17 To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion. (Ref: Para. A31-A57) Sufficiency and Appropriateness of Audit Evidence CAS 200.A31 Audit evidence is necessary to support the auditor's opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It may, however, also include information obtained from other sources such as previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit) or a firm's quality control procedures for client acceptance and continuance. In addition to other sources inside and outside the entity, the entity's accounting records are an important source of audit evidence. Also, information that may be used as audit evidence may have been prepared by an expert employed or engaged by the entity. Audit evidence comprises both information that supports and corroborates management's assertions, and any information that contradicts such assertions. In addition, in some cases, the absence of information (for example, management's refusal to provide a requested representation) is used by the auditor and, therefore, also constitutes audit evidence. Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating audit evidence. Note: CAS 500.A5 has same content. CAS 200.A32 The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor's assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality. Note: CAS 500.A8 has same content. CAS 200.A33 Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor's opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. Note: CAS 500.A9 has same content. CAS 200.A34 Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion, is a matter of professional judgment. CAS 500 and other relevant CASs establish additional requirements and provide further guidance applicable throughout the audit regarding the auditor's considerations in obtaining sufficient appropriate audit evidence. CAS 500.6 The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence. (Ref: Para. A5-A29) CAS 500.A6 Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating audit evidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, reperformance and analytical procedures, often in some combination, in addition to inquiry. Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls. CAS 500.A7 As explained in CAS 200, reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. CAS 500.A10 CAS 330 requires the auditor to conclude whether sufficient appropriate audit evidence has been obtained. Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion, is a matter of professional judgment. CAS 200 contains discussion of such matters as the nature of audit procedures, the timeliness of financial reporting, and the balance between benefit and cost, which are relevant factors when the auditor exercises professional judgment regarding whether sufficient appropriate audit evidence has been obtained. Sources of Audit Evidence CAS 500.A11 Some audit evidence is obtained by performing audit procedures to test the accounting records, for example, through analysis and review, reperforming procedures followed in the financial reporting process, and reconciling related types and applications of the same information. Through the performance of such audit procedures, the auditor may determine that the accounting records are internally consistent and agree to the financial statements. CAS 500.A12 More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. For example, corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation. CAS 500.A13 Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from third parties, and information from an external information source, including analysts' reports, and comparable data about competitors (benchmarking data). CAS 330.27 If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements. CAS 500.7 When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence, including information obtained from an external information source. (Ref: Para. A30-A44) Relevance and Reliability (Ref: Para. 7) CAS 500.A30 As noted in paragraph A5, while audit evidence is primarily obtained from audit procedures performed during the course of the audit, it may also include information obtained from other sources such as, for example, previous audits, in certain circumstances, firm's quality control procedures for client acceptance and continuance and complying with certain additional responsibilities under law, regulation or relevant ethical requirements (e.g., regarding an entity's non-compliance with laws and regulations) . The quality of all audit evidence is affected by the relevance and reliability of the information upon which it is based. Relevance CAS 500.A31 Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and, where appropriate, the assertion under consideration. The relevance of information to be used as audit evidence may be affected by the direction of testing. For example, if the purpose of an audit procedure is to test for overstatement in the existence or valuation of accounts payable, testing the recorded accounts payable may be a relevant audit procedure. On the other hand, when testing for understatement in the existence or valuation of accounts payable, testing the recorded accounts payable would not be relevant, but testing such information as subsequent disbursements, unpaid invoices, suppliers' statements, and unmatched receiving reports may be relevant. CAS 500.A32 A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not others. For example, inspection of documents related to the collection of receivables after the period end may provide audit evidence regarding existence and valuation, but not necessarily cut-off. Similarly, obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding another assertion, for example, the valuation of that inventory. On the other hand, audit evidence from different sources or of a different nature may often be relevant to the same assertion. CAS 500.A33 Tests of controls are designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Designing tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor. CAS 500.A34 Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures. Designing substantive procedures includes identifying conditions relevant to the purpose of the test that constitute a misstatement in the relevant assertion. Reliability CAS 500.A35 The reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. Therefore, generalizations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability. For example, information obtained from a source independent of the entity may not be reliable if the source is not knowledgeable, or a management's expert may lack objectivity. While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
CAS 500.9 When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor's purposes, including, as necessary in the circumstances: (a) Obtaining audit evidence about the accuracy and completeness of the information; and (Ref: Para. A60-A61) (b) Evaluating whether the information is sufficiently precise and detailed for the auditor's purposes. (Ref: Para. A62) Information Produced by the Entity and Used for the Auditor's Purposes (Ref: Para. 9(a)-(b)) CAS 500.A60 In order for the auditor to obtain reliable audit evidence, information produced by the entity that is used for performing audit procedures needs to be sufficiently complete and accurate. For example, the effectiveness of auditing revenue by applying standard prices to records of sales volume is affected by the accuracy of the price information and the completeness and accuracy of the sales volume data. Similarly, if the auditor intends to test a population (for example, payments) for a certain characteristic (for example, authorization), the results of the test will be less reliable if the population from which items are selected for testing is not complete. CAS 500.A61 Obtaining audit evidence about the accuracy and completeness of such information may be performed concurrently with the actual audit procedure applied to the information when obtaining such audit evidence is an integral part of the audit procedure itself. In other situations, the auditor may have obtained audit evidence of the accuracy and completeness of such information by testing controls over the preparation and maintenance of the information. In some situations, however, the auditor may determine that additional audit procedures are needed. CAS 500.A62 In some cases, the auditor may intend to use information produced by the entity for other audit purposes. For example, the auditor may intend to make use of the entity's performance measures for the purpose of analytical procedures, or to make use of the entity's information produced for monitoring activities, such as reports of the internal audit function. In such cases, the appropriateness of the audit evidence obtained is affected by whether the information is sufficiently precise or detailed for the auditor's purposes. For example, performance measures used by management may not be precise enough to detect material misstatements. CAS 500.11 If: (a) audit evidence obtained from one source is inconsistent with that obtained from another; or (b) the auditor has doubts over the reliability of information to be used as audit evidence, the auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit. (Ref: Para. A68) CAS 500.A68 Obtaining audit evidence from different sources or of a different nature may indicate that an individual item of audit evidence is not reliable, such as when audit evidence obtained from one source is inconsistent with that obtained from another. This may be the case when, for example, responses to inquiries of management, internal auditors, and others are inconsistent, or when responses to inquiries of those charged with governance made to corroborate the responses to inquiries of management are inconsistent with the response by management. CAS 230 includes a specific documentation requirement if the auditor identified information that is inconsistent with the auditor's final conclusion regarding a significant matter. Obtaining Evidence CSAE 3001.53R Based on the practitioner’s understanding (see paragraph 51R) the practitioner shall: (Ref: Para. A110-A114) (a) Identify and assess the risks of significant deviation; and (b) Design and perform procedures to respond to the assessed risks and to obtain reasonable assurance to support the practitioner’s conclusion. In addition to any other procedures on the underlying subject matter that are appropriate in the engagement circumstances, the practitioner’s procedures shall include obtaining sufficient appropriate evidence as to the operating effectiveness of relevant controls over the underlying subject matter when: (i) The practitioner intends to rely on the operating effectiveness of those controls in determining the nature, timing and extent of other procedures, or (ii) Procedures other than testing of controls cannot alone provide sufficient appropriate evidence. The Nature, Timing and Extent of Procedures (Ref: Para. 53(L)–54(R)) CSAE 3001. A110 The practitioner chooses a combination of procedures to obtain reasonable assurance or limited assurance, as appropriate. The procedures listed below may be used, for example, for planning or performing the engagement, depending on the context in which they are applied by the practitioner:
CSAE 3001.A111 Factors that may affect the practitioner’s selection of procedures include the nature of the underlying subject matter; the level of assurance to be obtained; and the information needs of the intended users and the engaging party, including relevant time and cost constraints. CSAE 3001.A112 In some cases, a subject-matter-specific CSAE may include requirements that affect the nature, timing and extent of procedures. For example, a subject-matter-specific CSAE may describe the nature or extent of particular procedures to be performed or the level of assurance expected to be obtained in a particular type of engagement. Even in such cases, determining the exact nature, timing and extent of procedures is a matter of professional judgment and will vary from one engagement to the next. CSAE 3001.A113 In some engagements, the practitioner may not identify any areas where a significant deviation is likely to arise. Irrespective of whether any such areas have been identified, the practitioner designs and performs procedures to obtain a meaningful level of assurance. CSAE 3001.55 When designing and performing procedures, the practitioner shall consider the relevance and reliability of the information to be used as evidence. If: (a) Evidence obtained from one source is inconsistent with that obtained from another; or (b) The practitioner has doubts about the reliability of information to be used as evidence, the practitioner shall determine what changes or additions to procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the engagement. CSAE 3001.56 The practitioner shall consider whether individual deviations identified during the engagement (other than those that are clearly trivial) have characteristics, for example a root cause or a problematic pattern, that indicate the aggregate effect of individual deviations is likely to be significant. (Ref: Para A120) CSAE 3001.A114 An assurance engagement is an iterative process, and information may come to the practitioner’s attention that differs significantly from that on which the determination of planned procedures was based. As the practitioner performs planned procedures, the evidence obtained may cause the practitioner to perform additional procedures. What is meant by sufficient and appropriate evidence?Sufficient appropriate audit evidence:
- Sufficient – is the measure of the quantity of audit evidence. E.g. the sample chosen should be large enough to be representative. - Appropriateness – is the measure of the quality of audit evidence. To be of good quality it should be relevant and reliable.
What is sufficient audit evidence?The audit teams obtain sufficient, relevant and reliable evidence. Sufficiency is the measure of the quantity of audit evidence, relevancy is the ability to answer the audit objective or assertion and reliability relates to credibility and consistency.
|
