Findings and conclusions should be fully supported by sufficient, appropriate i.e. relevant, valid and reliable evidence obtained and developed during the audit and recorded in audit documentation.
Obtaining audit evidence
The auditor should obtain audit evidence to draw reasonable conclusions on which to base the audit opinion by performing audit procedures to:
a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and relevant assertion levels (audit procedures performed for this purpose are referred to as risk assessment procedures);
b. When necessary, or when the auditor has determined to do so, test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level (audit procedures performed for this purpose are referred to as tests of controls); and
c. Detect material misstatements at the relevant assertion level (audit procedures performed for this purpose are referred to as substantive procedures and include tests of details of classes of transactions, account balances, and disclosures, and substantive analytical procedures).
The auditor must perform risk assessment procedures to provide a basis for the assessment of risks. Risk assessment procedures by themselves do not provide sufficient appropriate audit evidence on which to base the audit opinion and must be supplemented by further audit procedures in the form of tests of controls, when relevant or necessary, and substantive procedures.
Tests of controls are necessary in two circumstances. When the auditor's risk assessment includes an expectation of the operating effectiveness of controls, the auditor should test those controls to support the risk assessment. In addition, when the substantive procedures alone do not provide sufficient appropriate audit evidence, the auditor should perform tests of controls to obtain audit evidence about their operating effectiveness.
The auditor should use one or more types of the audit procedures:
Inspection of Records or Documents
Inspection consists of examining records or documents, whether internal or external, in paper form, electronic form, or other media. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records or documents for evidence of authorisation.Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract may provide audit evidence relevant to the entity's application of accounting principles, such as revenue recognition
Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract may provide audit evidence relevant to the entity's application of accounting principles, such as revenue recognition.
Inspection of Tangible Assets
Inspection of tangible assets consists of physical examination of the assets. Inspection of tangible assets may provide appropriate audit evidence with respect to their existence, but not necessarily about the entity's rights and obligations or the valuation of the assets. Inspection of individual inventory items ordinarily accompanies the observation of inventory counting. For example, when observing an inventory count, the auditor may inspect individual inventory items (such as opening containers included in the inventory count to ensure that they are not empty) to verify their existence.
Observation consists of looking at a process or procedure being performed by others. Examples include observation of the counting of inventories by the entity's personnel and observation of the performance of control activities. Observation provides audit evidence about the performance of a process or procedure but is limited to the point in time at which the observation takes place and by the fact that the act of being observed may affect how the process or procedure is performed.
Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, inside or outside the entity. Inquiry is an audit procedure that is used extensively throughout the audit and often is complementary to performing other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.
Inquiry normally involves:
Considering the knowledge, objectivity, experience, responsibility, and qualifications of the individual to be questioned.
Asking clear, concise, and relevant questions.
Using open or closed questions appropriately.
Listening actively and effectively.
Considering the reactions and responses and asking follow-up questions.
Evaluating the response.
In some cases, the auditor should obtain replies to inquiries in the form of written representations from management. For example, when obtaining oral responses to inquiries, the nature of the response may be so significant that it warrants obtaining written representation from the source.
The auditor should perform audit procedures in addition to the use of inquiry to obtain sufficient appropriate audit evidence. Inquiry alone ordinarily does not provide sufficient appropriate audit evidence to detect a material misstatement at the relevant assertion level. Moreover, inquiry alone is not sufficient to test the operating effectiveness of controls.
Confirmation, which is a specific type of inquiry, is the process of obtaining a representation of information or of an existing condition directly from a third party. For example, the auditor may seek direct confirmation of receivables by communication with debtors. Confirmations are frequently used in relation to account balances and their components but need not be restricted to these items. A confirmation request can be designed to ask if any modifications have been made to the agreement, and if so, what the relevant details are. For example, the auditor may request confirmation of the terms of agreements or transactions an entity has with third parties. Confirmations also are used to obtain audit evidence about the absence of certain conditions, for example, the absence of an undisclosed agreement that may influence revenue recognition.
Recalculation consists of checking the mathematical accuracy of documents or records.
Reperformance is the auditor's independent execution of procedures or controls that were originally performed as part of the entity's internal control, either manually or through the use of CAATs, for example, reperforming the aging of accounts receivable.
Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data. Analytical procedures also encompass the investigation of identified luctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts.