Audit Evidence


Auditing is the process of examining whether the financial statements containing material misstatement. In doing so, auditors need to gather and evaluate audit evidence related to various audit assertions.

Audit evidence

Audit evidence is the information auditors obtain in performing their audit work in order to form the basis of their opinion on financial statements. In this case, auditors have responsibilities to gather sufficient appropriate evidence on which to base their audit opinion. 

Several factors such as type of evidence, quality and quantity of evidence, and audit procedures to gather evidence will decide whether auditors have obtained sufficient appropriate audit evidence in forming an opinion.

Types of Audit Evidence

In performing the audit, auditors may obtain evidence of different types from different sources of information.

Types of audit evidence include:

  • Auditors generated evidence such as observing the client’s performing the control procedures.
  • External evidence such as bank statement issued by the client’s bank
  • Internal evidence such as client’s receiving report
  • Written evidence such as client’s depreciation schedule
  • Original form of evidence such as original supplier’s invoice
  • Photocopied form of evidence such as photocopy of client’s purchase order  
  • Oral form of evidence such as client’s explanation on a certain control procedure

In performing the audit, auditors may need to obtain many types and forms of the evidence. Below are the examples of evidence that auditors may need to obtain:

Example of Audit Evidence
Legal Employee agreement, loan agreement, lease agreement, sales agreement, maintenance contract, royalty agreement, etc.
Business Sale invoice, supplier’s invoice, purchase order, goods received note or receiving report, etc.
Accounting Fixed assets register, depreciation schedule, bank reconciliation statement, employee time cards, standard cost computation and schedule, etc.
Third-party Bank statements, supplier statements, confirmation from the bank, confirmation from suppliers, confirmation from customers, etc.
Other documents    Credit rating report, industry statistics, market research surveys, etc.

Different types of audit evidence provide different quality which are the direct measurements of the reliability of the evidence. The decision of using which type of the evidence depends on the level of audit risks and availability of such evidence.

Quality of Audit Evidence

Appropriate audit evidence is the context that refers to the quality or reliability of information used as evidence. Auditors need to consider the relevance and reliability of information if they intend to use any particular information as the evidence.

Qaulity or reliability of audit is highly affected by the type and sources of information auditors use as the evidence. 

Below is an example of the level of quality or reliability of information used as evidence:

Type of Evidence Quality of Audit Evidence
Auditors generated Evidence obtained directly by auditors, such as reperforming or recalculation, is more reliable than those obtained by inference.
External Evidence obtained from an external source is more reliable more than internally generated information due to its independence of the client.
Internal Evidence from a good internal control system is more reliable than those from poor internal control.
Written Written information in the form of the document is more reliable than the oral form of information.
Original Original document is more reliable than those of the photocopied one.

The reliability of audit evidence is heavily affected by the source and nature of the information including the preparation and maintenance of such information.

Quantity of Audit Evidence

Sufficient evidence is the context that refers to quantity of audit evidence. The quantity of evidence that auditors need to gather will depend on what level of risk auditors have in the area being audited.

The quantity is also affected by the quality of evidence that auditors obtain. For example, auditors may need to obtain less evidence if the evidence obtained are of high quality.

However, the opposite cannot be applied here as the high quantity of audit evidence cannot cancel out their low quality. So, auditors should not try to use high quantity of evidence in order to offset their low quality.

Auditors should always consider the relevance and reliability of any information that they use as evidence while performing their audit work.

Procedures for Obtaining Evidence

Auditors can obtain audit evidence by performing the following audit procedures:

Procedures for Obtaining Audit Evidence
Inspection of documents or records This is the process of examination of documents or records. It can be used to test the existence or occurrence assertion of transactions or balances. 
Inspection of tangible assets This is the process of physical examination of tangible assets. Inspection of tangible assets needs to include their condition too. For example, for an item such as machinery, auditors may need to verify if it’s still working or not.
Observation This is the process of watching the client’s staff performing a particular control procedure.
Inquiry This is the process of asking information from a relevant party, internal or external, in written form or oral form. This process is usually performed with other procedures such as inspection of documents.  
Confirmation This is the process of obtaining a representation of information or of an existing condition directly from a third party.
Recalculation This is the process of checking the mathematical accuracy of documents or records.
Reperformance This is the process of auditor’s independent execution of procedures that were originally performed by the client’s staff as part of the internal control.
Analytical procedures This is the process of evaluation of trends, ratios, and relationships of data, both financial and non-financial data.

Risk Assessment and Audit Procedures 

Auditors need to perform suitable audit procedures in order to obtain sufficient appropriate audit evidence. Auditors’ judgment of which type of audit procedure to perform is very important in producing a good quality audit. 

In order to obtain sufficient appropriate audit evidence, auditors need to perform audit procedures of the following:

  • Risk assessment
  • Test of controls
  • Substantive procedures

Risk Assessment

It is important for auditors to perform the risk assessment before they can decide what types of audit evidence they need to obtain. This is due to the quality and quantity of audit evidence that auditors need to obtain will be heavily affected by the level of risk that auditors face when gathering the evidence.

In this case, auditors need to obtain a good understanding of the client’s business and its control environment. This will help auditors to perform risk assessment procedures in order to assess the risk of material misstatement at both financial statements and assertion levels.

However, it is useful to note that the risk assessment procedures alone do not provide sufficient appropriate audit evidence for auditors to form their basis of opinion. They need to perform further audit procedures including tests of controls and substantive procedures.

Test of controls

Auditors usually perform the test of controls, if necessary, to evaluate the effectiveness of the internal controls in preventing and detecting material misstatement at the relevant assertion level.

It is necessary for auditors to perform tests of controls in two circumstances:

  • To support the risk assessment that expects the effectiveness of internal controls
  • To obtain evidence when substantive procedures alone do not provide sufficient appropriate audit evidence

Substantive procedures

Substantive procedures which include test of details and substantive analytical procedures are the procedures that auditors need to perform in order to detect material misstatements at the assertion level.

Auditors should design and perform substantive procedures to be responsive to the level of detection risk taking the consideration of the results of tests of controls, if any.

In order to obtain sufficient appropriate audit evidence, auditors need to perform substantive procedures for all relevant assertions in each material class of transactions, account balances, and disclosures.