Audit evidence is a crucial concept which underlying the entire audit process. In order to draw a conclusion, audit evidence is the important information that used by auditor in arriving at the conclusions which audit opinion is a base in this process. (ISA 500), (Messier, Glover, Prawitt & Poh, Margaret, 2007), (Proposed SAS)
However, according to AU section 326, audit evidence is the data used by the auditor come to the conclusion base on the opinion of audit and comprise the data contained in the accounting records underlying the financial statements and other data. Auditors are not required to check all data that may exist. No matter the audit evidence are obtained by proper audit procedures or obtained from other sources, the audit evidence is consider as cumulative in nature. (AU section 326[AICPA, Professional Standards, vol. 1])
Audit procedures are the specific acts that perform by auditor to collect evidence in order to arriving at the reasonable conclusions on which to base on the audit opinion are audit procedures. (Messier, Glover, Prawitt & Poh, Margaret, 2007), (AI 500 @ ISA 500)
Auditor need to understand the entity and entity's environment, it is include risk assessment of material misstatement at the financial statement, internal control and levels of assertion. Auditor has to test the effectiveness of operating of controls in detecting or preventing and correcting and detect material misstatements at the level of assertion as well. (AI 500 @ ISA 500)
According to AU section 326, the auditor must acquire adequate proper audit evidence by fulfilling audit procedures to provide a reasonable basis for a view regarding the financial statements under audit. (AU section 326[AICPA, Professional Standards, vol. 1])
Circumstance is one of the factors that will influence the obtaining of audit evidence. Therefore, the auditor ought to design and carry out audit procedures that are suitable for the certain circumstance for the purpose of acquiring adequate appropriate audit evidence. (ISA 500 @ AI 500)
20. The auditor always performs risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and assertion levels. Risk assessment procedures by themselves do not provide sufficient appropriate audit evidence on which to base the audit opinion, however, and are supplemented by further audit procedures in the form of tests of controls, when necessary, and substantive procedures.
21. Tests of controls are necessary in two circumstances. When the auditor's risk assessment includes an expectation of the operating effectiveness of controls, the auditor is required to test those controls to support the risk assessment. In addition, when substantive procedures alone do not provide sufficient appropriate audit evidence, the auditor is required to perform tests of controls to obtain audit evidence about their operating effectiveness.
22. The auditor plans and performs substantive procedures to be responsive to the related assessment of the risks of material misstatement, which includes the results of tests of controls, if any. The auditor's risk assessment is judgmental, however, and may not be sufficiently precise to identify all risks of material misstatement. Further, there are inherent limitations to internal control, including the risk of management override, the possibility of human error and the effect of systems changes. Therefore, substantive procedures for material classes of transactions, account balances, and disclosures are always required to obtain sufficient appropriate audit evidence.
23. The auditor uses one or more types of audit procedures described in paragraphs 26 to 38 below. These audit procedures, or combinations thereof, may be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor. In certain circumstances, audit evidence obtained from previous audits may provide audit evidence where the auditor performs audit procedures to establish its continuing relevance.
24. The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. Source documents, such as purchase orders, bills of lading, invoices, and checks, may be replaced with electronic messages. For example, entities may use electronic commerce or image processing systems. In electronic commerce, the entity and its customers or suppliers use connected computers over a public network, such as the Internet, to transact business electronically. Purchase, shipping, billing, cash receipt, and cash disbursement transactions are often consummated entirely by the exchange of electronic messages between the parties. In image processing systems, documents are scanned and converted into electronic images to facilitate storage and reference, and the source documents may not be retained after conversion. Certain electronic information may exist at a certain point in time. However, such information may not be retrievable after a specified period of time if files are changed and if backup files do not exist. An entity's data retention policies may require the auditor to request retention of some information for the auditor's review or to perform audit procedures at a time when the information is available.
25. When the information is in electronic form, the auditor may carry out certain of the audit procedures described below through CAATs.
There are many ways are used to collect audit evidence, there are observation, inquiry, analytical procedures, inspecting, physical examination, confirmation, recalculating, reconciliation and detail testing. (Franklin,n.d.)
Four concepts of audit evidence are underlying under this topic, which is the nature of audit evidence, the appropriateness of audit evidence, the sufficiency of audit evidence and the evaluation of audit evidence. All of these concepts are important to comprehend the conduct of the audit.
The nature of audit evidence contains accounting records. The subsidiary ledgers, the general ledgers, invoices, contracts, and journal entries are examples of accounting records. Actually accounting records are supporting records and records of initial entries.
Furthermore, minutes of meeting, analysts' reports and confirmation from third party also consider as accounting records.
According to the Companies Act, Section 167, subsection 1 mention that the directors and the management demanded to keep proper accounting that sufficiently clarify the financial position and transactions of the company as well as to enable the financial statement reflect true and fair view. Besides, the companies act also requires that those accounting records must be preserving in such manner so that enable them to be appropriately and easily audited.
Except accounting records, other forms of data and information also can be used as evidence for example comparable data from outside resources, confirmation from outside third parties and other material develops by the auditor to draw conclusions through inference. The audit evidence, which is cumulative in nature, includes information from previous audits. While corroborating evidence is the information obtained through inspection, inquiry or physical examination.
In order to be able to draw reasonable conclusions, sufficient appropriate audit evidence is needed. The audit evidence is considered appropriate when the evidence is both reliable and relevant.
The sufficiency of evidence can be measured by quantity of audit evidence. More audit evidence is required when assess the greater risk. And the higher the quality of audit evidence, the less evidence that may be required. The relationship between appropriateness and sufficiency is an inverse.
Another important skill that must be developed by auditor is the capability to evaluate appropriately. The auditor can only understand the evidence just when the auditor knows the proper evaluation of evidence. The auditor can more clearly about types of evidence that are relative reliability and available through proper evaluation. The purpose of proper evaluation is to determine whether the management's assertion can be supported. (Messier, Glover, Prawitt & Poh, Margaret,2007)
However, Risk assessment procedures refers to a set of procedures in assessing statements which are materially misstated and presented in financial reports by gaining an understanding of the entity, and therefore further audit procedures could be created. Examples of these procedures are such as inquiry, analytical procedures, observation and inspection.
Test of control refers to a set of procedures that performed by auditor to ensure the effectiveness of the operation inside the entity. Examples of these procedures are such as inquiry, inspection of document, observation, walkthroughs, and re-performance.
Substantive procedures refer to a set of procedures to undercover material misstatement at the level of assertion. Normally is detecting monetary errors in the financial statement. Substantive procedures can divide into two categories. There are tests of details of account balances, transactions and disclosure.
Franklin (n.d.). Audit Services. Retrieved from http://www.auditservices.com/aevidence.html at 15 August 2010.
Messier, Glover, Prawitt & Poh, Margaret, Auditing and Assurance Services in Malaysia. Third Edition. Kuala Lumpur: McGraw-Hill,2007.
