Auditing- I: Audit Evidence 2014

CHAPTER SIX

Audit Evidence

The foundation of any audit is the evidence obtained and evaluated by the auditor. The auditor
must have the knowledge and skill to accumulate sufficient appropriate evidence on every audit
to meet the standards of the profession. This chapter deals with the nature of evidence, the types
of evidence decisions auditors make, the evidence available to auditors, and the use of that
evidence in performing audits.

6.1. Nature of audit evidence

Evidence was defined in Chapter 1 as any information used by the auditor to determine whether
the information being audited is stated in accordance with the established criteria. The
information varies greatly in the extent to which it persuades the auditor whether financial
statements are fairly stated. Evidence includes information that is highly persuasive, such as the
auditor’s count of inventories, and less persuasive information, such as responses to questions of
client employees.

Audit evidence decisions

A major decision facing every auditor is determining the appropriate types and amounts of
evidence needed to be satisfied that the client’s financial statements are fairly stated.
There are four decisions about what evidence to gather and how much of it to accumulate:
1. Which audit procedures to use?
2. What sample size to select for a given procedure?
3. Which items to select from the population?
4. When to perform the procedures?
1. Audit Procedures
An audit procedure is the detailed instruction that explains the audit evidence to be obtained
during the audit. It is common to spell out these procedures in sufficiently specific terms so an
auditor may follow these instructions during the audit. For example, the following is an audit
procedure for the verification of cash disbursements:

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 1
 Auditing- I: Audit Evidence 2014
Examine the cash disbursements journal in the accounting system and compare the payee,
name, amount, and date with online information provided by the bank about checks processed
for the account.
2. Sample Size
Once an audit procedure is selected, auditors can vary the sample size from one to all the items
in the population being tested. In an audit procedure to verify cash disbursements, suppose 6,600
checks are recorded in the cash disbursements journal. The auditor might select a sample size of
50 checks for comparison with the cash disbursements journal. The decision of how many items
to test must be made by the auditor for each audit procedure. The sample size for any given
procedure is likely to vary from audit to audit.
3. Items to Select
After determining the sample size for an audit procedure, the auditor must decide which items in
the population to test. If the auditor decides, for example, to select 50 cancelled checks from a
population of 6,600 for comparison with the cash disbursements journal, several different
methods can be used to select the specific checks to be examined. The auditor can (1) select a
week and examine the first 50 checks, (2) select the 50 checks with the largest amounts, (3)
select the checks randomly, or (4) select those checks that the auditor thinks are most likely to be
in error. Or, a combination of these methods can be used.
4. Timing
An audit of financial statements usually covers a period such as a year. Normally an audit is not
completed until several weeks or months after the end of the period. The timing of audit
procedures can therefore vary from early in the accounting period to long after it has ended. In
part, the timing decision is affected by when the client needs the audit to be completed. In the
audit of financial statements, the client normally wants the audit completed 1 to 3 months after
year-end. However, timing is also influenced by when the auditor believes the audit evidence
will be most effective and when audit staff is available. For example, auditors often prefer to do
counts of inventory as close to the balance sheet date as possible.
Persuasiveness of evidence
Audit standards require the auditor to accumulate sufficient appropriate evidence to support the
opinion issued. Because of the nature of audit evidence and the cost considerations of doing an
audit, it is unlikely that the auditor will be completely convinced that the opinion is correct.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 2
 Auditing- I: Audit Evidence 2014
However, the auditor must be persuaded that the opinion is correct with a high level of
assurance. By combining all evidence from the entire audit, the auditor is able to decide when he
or she is persuaded to issue an audit report. The two determinants of the persuasiveness of
evidence are appropriateness and sufficiency.
a) Appropriateness
Appropriateness of evidence is a measure of the quality of evidence, meaning its relevance and
reliability in meeting audit objectives for classes of transactions, account balances, and related
disclosures. If evidence is considered highly appropriate, it is a great help in persuading the
auditor that financial statements are fairly stated.
Note that appropriateness of evidence deals only with the audit procedures selected.
Appropriateness cannot be improved by selecting a larger sample size or different population
items. It can be improved only by selecting audit procedures that are more relevant or provide
more reliable evidence.
Relevance of Evidence: Evidence must pertain to or be relevant to the audit objective that the
auditor is testing before it can be appropriate. For example, assume that the auditor is concerned
that a client is failing to bill customers for shipments (completeness transaction objective). If the
auditor selects a sample of duplicate sales invoices and traces each to related shipping
documents, the evidence is not relevant for the completeness objective and therefore is not
appropriate evidence for that objective. A relevant procedure is to trace a sample of shipping
documents to related duplicate sales invoices to determine whether each shipment was billed.
The second audit procedure is relevant because the shipment of goods is the normal criterion
used for determining whether a sale has occurred and should have been billed. By tracing from
shipping documents to duplicate sales invoices, the auditor can determine whether shipments
have been billed to customers. In the first procedure, when the auditor traces from duplicate sales
invoices to shipping documents, it is impossible to find unbilled shipments.
Relevance can be considered only in terms of specific audit objectives, because evidence may be
relevant for one audit objective but not for a different one. In the previous shipping example,
when the auditor traced from the duplicate sales invoices to related shipping documents, the
evidence was relevant for the occurrence transaction objective. Most evidence is relevant for
more than one, but not all, audit objectives.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 3
 Auditing- I: Audit Evidence 2014
Reliability of Evidence: Reliability of evidence refers to the degree to which evidence can be
believable or worthy of trust. Like relevance, if evidence is considered reliable it is a great help
in persuading the auditor that financial statements are fairly stated. For example, if an auditor
counts inventory, that evidence is more reliable than if management gives the auditor its own
count amounts.
Reliability, and therefore appropriateness, depends on the following six characteristics of reliable
evidence:
i. Independence of provider: Evidence obtained from a source outside the entity is more
reliable than that obtained from within. Communications from banks, attorneys, or
customers is generally considered more reliable than answers obtained from inquiries of
the client. Similarly, documents that originate from outside the client’s organization, such
as an insurance policy, are considered more reliable than are those that originate within
the company and have never left the client’s organization, such as a purchase requisition.
ii. Effectiveness of client’s internal controls: When a client’s internal controls are effective,
evidence obtained is more reliable than when they are weak.
iii. Auditor’s direct knowledge: Evidence obtained directly by the auditor through physical
examination, observation, recalculation, and inspection is more reliable than information
obtained indirectly.
iv. Qualifications of individuals providing the information: Although the source of
information is independent, the evidence will not be reliable unless the individual
providing it is qualified to do so. Therefore, communications from attorneys and bank
confirmations are typically more highly regarded than accounts receivable confirmations
from persons not familiar with the business world. Also, evidence obtained directly by
the auditor may not be reliable if the auditor lacks the qualifications to evaluate the
evidence. For example, examining an inventory of diamonds by an auditor not trained to
distinguish between diamonds and glass is not reliable evidence for the existence of
diamonds.
v. Degree of objectivity: Objective evidence is more reliable than evidence that requires
considerable judgment to determine whether it is correct. Examples of objective evidence
include confirmation of accounts receivable and bank balances, the physical count of

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 4
 Auditing- I: Audit Evidence 2014
securities and cash, and adding (footing) a list of accounts payable to determine whether
it agrees with the balance in the general ledger.
vi. Timeliness: The timeliness of audit evidence can refer either to when it is accumulated or
to the period covered by the audit. Evidence is usually more reliable for balance sheet
accounts when it is obtained as close to the balance sheet date as possible. For example,
the auditor’s count of inventories on the balance sheet date is more reliable than a count
two months earlier. For income statement accounts, evidence is more reliable if there is a
sample from the entire period under audit, such as a random sample of sales transactions
for the entire year, rather than from only a part of the period, such as a sample limited to
only the first 6 months.
b) Sufficiency
The quantity of evidence obtained determines its sufficiency. Sufficiency of evidence is
measured primarily by the sample size the auditor selects. For a given audit procedure, the
evidence obtained from a sample of 100 is ordinarily more sufficient than from a sample of 50.
Several factors determine the appropriate sample size in audits. The two most important ones are
the auditor’s expectation of misstatements and the effectiveness of the client’s internal controls.
In addition to sample size, the individual items tested affect the sufficiency of evidence. Samples
containing population items with large dollar values, items with a high likelihood of
misstatement, and items that are representative of the population are usually considered
sufficient.
Combined Effect
The persuasiveness of evidence can be evaluated only after considering the combination of
appropriateness and sufficiency, including the effects of the factors influencing appropriateness
and sufficiency. A large sample of evidence provided by an independent party is not persuasive
unless it is relevant to the audit objective being tested. A large sample of evidence that is relevant
but not objective is also not persuasive. Similarly, a small sample of only one or two pieces of
highly appropriate evidence also typically lacks persuasiveness. When determining the
persuasiveness of evidence, the auditor must evaluate the degree to which both appropriateness
and sufficiency, including all factors influencing them, have been met.
Persuasiveness and Cost

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 5
 Auditing- I: Audit Evidence 2014
In making decisions about evidence for a given audit, both persuasiveness and cost must be
considered. It is rare when only one type of evidence is available for verifying information. The
persuasiveness and cost of all alternatives should be considered before selecting the best type or
types of evidence. The auditor’s goal is to obtain a sufficient amount of appropriate evidence at
the lowest possible total cost. However, cost is never an adequate justification for omitting a
necessary procedure or not gathering an adequate sample size.
6.2. Types of audit evidence

In deciding which audit procedures to use, the auditor can choose from eight broad categories of
evidence, which are called types of evidence. Every audit procedure obtains one or more of the
following types of evidence:

1. Physical examination 5. Inquiries of the client

2. Confirmation 6. Recalculation
3. Documentation 7. Reperformance
4. Analytical procedures 8. Observation
1. Physical Examination
Physical examination is the inspection or count by the auditor of a tangible asset. This type of
evidence is most often associated with inventory and cash, but it is also applicable to the
verification of securities, notes receivable, and tangible fixed assets. There is a distinction in
auditing between the physical examination of assets, such as marketable securities and cash, and
the examination of documents, such as cancelled checks and sales documents. If the object being
examined, such as a sales invoice, has no inherent value, the evidence is called documentation.
For example, before a check is signed, it is a document; after it is signed, it becomes an asset;
and when it is cancelled, it becomes a document again. For correct auditing terminology,
physical examination of the check can occur only while the check is an asset.
Physical examination is a direct means of verifying that an asset actually exists (existence
objective), and to a lesser extent whether existing assets are recorded (completeness objective). It
is considered one of the most reliable and useful types of audit evidence. Generally, physical
examination is an objective means of ascertaining both the quantity and the description of the
asset. In some cases, it is also a useful method for evaluating an asset’s condition or quality.
However, physical examination is not sufficient evidence to verify that existing assets are owned

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 6
 Auditing- I: Audit Evidence 2014
by the client (rights and obligations objective), and in many cases the auditor is not qualified to
judge qualitative factors such as obsolescence or authenticity (realizable value objective).
Also, proper valuation for financial statement purposes usually cannot be determined by physical
examination (accuracy objective).

2. Confirmation
Confirmation describes the receipt of a direct written response from a third party verifying the
accuracy of information that was requested by the auditor. The response may be in electronic or
paper form. The request is made to the client, and the client asks the third party to respond
directly to the auditor. Because confirmations come from sources independent of the client, they
are a highly regarded and often-used type of evidence.
However, confirmations are relatively costly to obtain and may cause some inconvenience to
those asked to supply them. Therefore, they are not used in every instance in which they are
applicable. Thus, confirmations aren't usually asked for ordinary changes that can be obtained by
physical examination or documentation. Extra ordinary items may however, require
confirmations.
There are three types of confirmation.
Positive confirmation:- the recipient is required to return the confirmation in all circumstances.
It is highly reliable because the respondent required spending much effort.
Alternative procedure
When the auditor fails to receive the positive confirmation, he/she will send a form that contains
the information to be confirmed. This is less reliable than the first.
Negative confirmation:- the recipient is requested to respond only when the information is
incorrect. This is less competent than positive since they mayn't be returned.
According to SAS, confirmation is required for account receivable account only. But it is also
useful for other type of accounts.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 7
 Auditing- I: Audit Evidence 2014

3. Documentation
It is the auditor's investigation of the client's documents and records to substantiate the
information that is or should be in the financial statements. Because each transaction is supported
by documents there is a large volume of documents. This evidence is readily available at low
cost.
Documents can be internal or external. Internal documents are prepared by the organization
and retained there without going to external party. Examples include duplicate sales invoice,
inventory-receiving report, and employee time record. External documents are in the hands of
outsider who is involved in the transaction. This may be currently in the hands of the client or
they are readily available. Examples include vendor's invoices, canceled notes payable and

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 8
 Auditing- I: Audit Evidence 2014
cheques. External documents are more reliable than internal because they are at the hands of both
internal and external parties.
When auditors use documentation to support recorded transaction or amounts it is called
vouching. The direction of vouching is from accounting records (journals) to documents instead
of the reverse
4. Analytical Procedures
Analytical procedures use comparisons and relationships to assess whether account balances or
other data appear reasonable compared to the auditor’s expectations. For example, an auditor
may compare the gross margin percent in the current year with the preceding years. Analytical
procedures are used extensively in practice, and are required during the planning and completion
phases on all audits. As you remember we have discussed this in chapter four.
5. Inquiries of the Client
Inquiry is the obtaining of written or oral information from the client in response to questions
from the auditor. Although considerable evidence is obtained from the client through inquiry, it
usually cannot be regarded as conclusive because it is not from an independent source and may
be biased in the client’s favor. Therefore, when the auditor obtains evidence through inquiry, it is
normally necessary to obtain corroborating evidence through other procedures. (Corroborating
evidence is additional evidence to support the original evidence.)
6. Recalculation
Recalculation involves rechecking a sample of calculations made by the client. Rechecking client
calculations consists of testing the client’s arithmetical accuracy and includes such procedures as
extending sales invoices and inventory, adding journals and subsidiary records, and checking the
calculation of depreciation expense and prepaid expenses. A considerable portion of auditors’
recalculation is done by computer assisted audit software.
7. Reperformance
Reperformance is the auditor’s independent tests of client accounting procedures or controls that
were originally done as part of the entity’s accounting and internal control system. Whereas
recalculation involves rechecking a computation, reperformance involves checking other
procedures. For example, the auditor may compare the price on an invoice to an approved price
list, or may reperform the aging of accounts receivable. Another type of reperformance is for the
auditor to recheck transfers of information by tracing information included in more than one

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 9
 Auditing- I: Audit Evidence 2014
place to verify that it is recorded at the same amount each time. For example, the auditor
normally makes limited tests to ascertain that the information in the sales journal has been
included for the proper customer and at the correct amount in the subsidiary accounts receivable
records and is accurately summarized in the general ledger.
8. Observation
Observation is the use of the senses to assess client activities. Throughout the engagement with a
client, auditors have many opportunities to use their senses—sight, hearing, touch, and smell—to
evaluate a wide range of items. The auditor may tour the plant to obtain a general impression of
the client’s facilities, or watch individuals perform accounting tasks to determine whether the
person assigned a responsibility is performing it properly. Observation is rarely sufficient by
itself because of the risk of client personnel changing their behavior because of the auditor’s
presence. They may perform their responsibilities in accordance with company policy but
resume normal activities once the auditor is not in sight. Therefore, it is necessary to follow up
initial impressions with other kinds of corroborative evidence. Nevertheless, observation is
useful in most parts of the audit.
6.3 Auditing sampling
As business entities have evolved in size and complexity, auditors increasingly have had to rely
upon sampling procedures as the only practical means of obtaining for sufficient, competent
evidential matter as the basis for audit reports. This reliance upon sampling procedures is one of
the basic reasons that audit reports are regarded as expressions of opinion, rather than absolute
certificates of the fairness of financial statements.
It is neither practicable nor necessary for the auditor to check all the transactions in a client’s
accounting records or to verify or confirm all individual items comprising the assets, liabilities,
revenues, equities, and expenses. The auditor will examine only a representative sample of such
transactions and will form his/her opinion on the reliability of the accounting records as a basis
for the correctness of the financial statements under audit opinion from the results of such tests.
Auditors frequently use sampling, usually in combinations with other auditing procedures, in
examining account balances or classes of transactions. Audit sampling is the application of an
audit procedure to less than 100% of the items within an account balance or class of transactions
for the purpose of evaluating some characteristic of the balance or class. According to SAS # 39,
Audit Sampling, three conditions must be met to constitute audit sampling. First, less than 100%

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 10
 Auditing- I: Audit Evidence 2014
of the population must be examined. Second, the sample results must be projected as population
characteristic. Third, the projected sample results must be compared to an existing client-
determined account balance to determine whether to accept or reject the client’s balance, or the
projected sample results must be used to assess control risk. For example, in determining
whether inventory quantities are appropriately recorded, an auditor may complete an internal
control structure questionnaire on inventory and also may select some items for independent
count. Completing the questionnaire is a nonsampling procedure, whereas making independent
counts is a sampling procedure if the auditor projects the sample findings to evaluate the
accuracy of the client’s inventory count.
The aim of sampling as related to auditing, whether statistical or nonstatistical, may be stated as
to draw conclusions about a large group of data, e.g., all the entries in the purchase of day book
or all the items in stock from an examination of a sample. The underlying assumption is that the
sample will allow the auditors to make accurate inferences about the population. Basic to audit
sampling is sampling risk- the risk that the auditors’ conclusions based on a sample might be
different from the conclusion they would reach if they examined every item in the entire
population. In other words, it is the risk that there will be sampling error, that is, that the
projected sample results and the true condition will differ. For example, an auditor selecting a
sample of sales invoices processed during 1997 may project that a maximum of 6% of the total
sales invoices were not properly stamped with “credit approval.” If the auditor were to examine
all credit sales for 1997, he or she might find that the true deviation rate (unstamped credit
approvals) is actually 9%. The difference between the projected sample rate of 3% and the true
deviation rate is the sampling error.

Numerous situations exist in an audit when an auditor does not use audit sampling. For example,
sometimes an auditor may perform a 100% examination of an account or transaction balance
because he or she not willing to accept any sampling risk for the balance. Alternatively, the
auditor may select a transaction for purposes of following it through the client’s accounting
system (a walk-through) to gain an understanding of how transactions are processed. In those
situations, the auditor is not sampling. Likewise, an auditor may examine all large-amount
account balances, such as buildings, equipments, and properties. In such cases, the auditor has

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 11
 Auditing- I: Audit Evidence 2014
not engaged in sampling but, in effect, has limited the population to material items and has
audited the entire population of material items.
Sampling risk is reduced by increasing the size of the sample. At the extreme, when the entire
population is examined there is no sampling risk. But, auditing large samples or the entire
population is costly. A key element in efficient sampling is to balance the sampling risk against
the cost of using large samples.
Auditors may also draw erroneous conclusions because of nonsampling errors- those due to
factors not directly caused by sampling. For example, the auditors may fail to apply appropriate
audit procedures, or they may fail to recognize errors in the documents or transactions that are
examined. The risk pertaining to nonsampling errors is referred to nonsampling risk.
Nonsampling risk can generally be reduced to low levels through effective planning and
supervision of audit engagements and implementation of appropriately designed quality control
procedures by the CPA firm.

If sampling risk is subtracted from audit risk, the balance or remainder is equal to nonsampling
risk. That is,
Audit Risk – Sampling Risk = Non-sampling Risk.
Statistical Vs. Non-Statistical Samplings
Audit sampling methods can be divided into two broad categories: statistical and non-statistical.
In all of the sampling methods, there are four steps:
i) planning the sample,
ii) selecting the sample,
iii) performing the sample, and
iv) Evaluating the results and drawings conclusions.
However, statistical sampling differs from non-statistical in that the former applies mathematical
models to quantify or measure sampling risk in planning the sample (step 1) and evaluating the
results (step 4).A sample is said to be nonstatistical (or judgments) when the auditors estimate
sampling risk by using professional judgment rather than using statistical techniques. This is not
to say that nonstatistical samples are carelessly selected samples. Indeed, both nonstatistical and
statistical audit samples should be selected in a way that they may be expected to allow the
auditor to draw valid inferences about the population. In addition, the misstatements found in

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 12
 Auditing- I: Audit Evidence 2014
either a nonstatistical or a statistical sample should be used to estimate the total amount of
misstatement in the population (called the projected misstatement). However, nonstatistical
sampling provides no means of quantifying sampling risk. Thus, the auditors may find
themselves taking larger and more costly samples than are necessary, or unknowingly accepting
a higher than acceptable degree of sampling risk.
The use statistical sampling does not eliminate professional judgment from the sampling process.
It does, however, allow the auditors to measure and control sampling risk. Through statistical
sampling techniques, the auditors may specify in advance the sampling risk that want in their
sample results and then compute a sample size that controls sampling risk at the desired level.
Since statistical sampling techniques are based upon the laws of probability, the auditors are able
to control the extent of the sampling risk in relying upon sample results. Thus, statistical
sampling may assist auditors in (1) designing efficient samples, (2) measuring the efficiency of
the evidence obtained, and (3) objectively evaluating sample results. However, these advantages
are not obtained without additional costs of training the audit staff, designing sampling plans,
and selecting items for examination. For these reasons, nonstatistical samples are widely used by
auditors, especially for tests of relatively small populations. Both statistical and nonstatistical
sampling can provide auditors with sufficient competent evidential matter.

Sample Selection
In auditing, a sample should be:
a. Random- a random sample is one where each item of the population has an equal (or
specified) chance of being selected. Statistical inferences may not be valid unless the
sample is random.
b. Representative- the sample should be representative of the differing items in the whole
population. For example, it should contain a similar proportion of high and low value items
to the population (e.g. all the accounts receivable).
c. Protective- protective, that is, of the auditor. More intensive auditing should occur on high
value items known to be high risk.
d. Unpredictable- client should not be able to know or guess which items will be examined.
There are several methods available to an auditor for selecting items. These include:

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 13
 Auditing- I: Audit Evidence 2014
a. Haphazard: simply choosing items subjectively but avoiding bias. Bias might come
conversely by tendency to favor items in a particular location or in an acceptable file or
conversely in picking items because they appear unusual. This method is acceptable for
non-statistical sampling but is insufficiently rigorous for statistical sampling.
b. Simple random: all items in the population have (or are given) a number. Numbers are
selected by a means which gives every number an equal chance of being selected. This is
done using random number tables or computer or calculator generated random numbers.
c. Stratified: auditors often stratify a population before computing the required sample and
selecting the sample. Stratified means dividing the population into sub population (strata=
layers) and is useful when parts of the population have higher than normal risk (e.g. high
value items, oversea customers). Frequently, high value items form a small part of the
population and are 100% checked and the remainders are sampled.
d. Cluster sampling: This is useful when data is maintained in clusters (= groups or
bunches) as salary records are kept in weeks or sales invoices in months. The idea is to
select a cluster randomly and then to examine all the items in the cluster chosen. The
problem with this method is that this sample may not be representative.
e. Random systematic: This method involves making a random start and then taking every
nth item thereafter. This is a commonly used method which saves the work of computing
random numbers. However, the sample may not be representative as the population may
have some serial properties.
f. Multi stage sampling: this sampling is appropriate when data is stored in two or more
levels. For example, inventory in retail chain of shops. This stage is to randomly select a
sample of shops and the second stage is to randomly select inventory items from the
chosen shops.
g. Block sampling: simply choosing at random one block of items e.g. all June invoices.
This common sampling method has none of the detailed characteristics and is not
recommended.
h. Value weighted selection: this method uses the currency unit value rather than the items
as the sampling population. It is now very popular and is described more fully later in the
chapter, under unit sampling.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 14
 Auditing- I: Audit Evidence 2014
Sample Size
There are several factors which must be considered when deciding upon the sample size. These
include:
a. Population size- surprisingly, in most instances this is not important and is only relevant
in very small population.
b. Level of Confidence- Even a 100% sample (for human consideration reasons) will not
give complete assurance. Auditors work to levels of confidence which can be expressed
precisely, for example 95%.
c. Precision- from a sample, it is not possible to say that I am 95% certain that, for example,
the error rate in a population of inventory calculations is x% but only that the error rate is
x% + y% where + is the precision interval. Clearly the level of confidence and the
precision interval are related, in that for a given sample size higher confidence can be
expressed in a wider precision interval and vice versa.
d. Risk- risk is a highly important concept in modern auditing and in high risk areas a large
sample will be desirable, because high confidence levels and narrow precision intervals
are required.
e. Materiality- this is really a subset of risk.
f. Subjective Factors- this is the most important and yet difficult area of consideration.
g. Expected error/deviation rate- the theory requires that the sample size required is a
function of the error/deviation rate. This is only known after the results have been
evaluated.
Statistical Sampling Audit Uses
Statistical sampling plans can be used in all auditing situations when evidence about a population
is obtained by sampling. Some popular uses include:
Compliance Testing- the issue of sales credit notes is controlled by the requirements that all such
should be approved by a departmental manager and this approval evidenced by a signature. The
auditor would wish to confirm that this control was compiled with by sampling the sales credit
notes.
Substantive testing- in a client with very unreliable internal controls, the auditor may wish to
verify that all dispatches in year have resulted in invoices in that year. The correspondence
between dispatch note and invoice can be sampled.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 15
 Auditing- I: Audit Evidence 2014
6.4 Electronic data processing (EDP) audit

An Information technology audit (or IT audit) is a review of the controls within an entity's
technology infrastructure. These reviews are typically performed in conjunction with a financial
statement audit, internal audit review, or other form of attestation engagement. Formerly called
an Electronic data processing (EDP) audit and IT audit is the process of collecting and evaluating
evidence of an organization's information system, practices, and operations. Evaluation of the
evidence ensures whether the organization's information system safeguards assets, maintains data
integrity, and is operating effectively and efficiently to achieve the organization's goals.

An IT audit is also known as an EDP Audit, an Information Systems Audit, and a computer
audit.
Purpose
An IT audit is similar to a financial statement audit in that the study and evaluation of the basic
elements of internal control are the same. However, the purpose of a financial statement audit is
to determine whether an organization's financial statements and financial condition are presented
fairly in accordance with generally accepted accounting principles (GAAP) or with international
financial reporting standards (IFRS). The purpose of an IT audit is to review and evaluate an
organization's information system's availability, confidentiality, and integrity by answering
questions such as:
 Will the organization's computer systems be available for the business at all times when
required? (Availability)
 Will the information in the systems be disclosed only to authorize users?
(Confidentiality)
 Will the information provided by the system always be accurate, reliable, and timely?
(Integrity)
Types of IT Audits
a) Computerized Systems and Applications: an audit to verify that systems and
applications are appropriate to the entity's needs is efficient, and adequately controlled to
ensure valid, reliable, timely, and secure input, processing, and output at all levels of a
system's activity.
b) Information Processing Facilities: an audit to verify that the processing facility is
controlled to ensure timely, accurate, and efficient processing of applications under
normal and potentially disruptive conditions.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 16
 Auditing- I: Audit Evidence 2014
c) Systems Development: an audit to verify that the systems under development meets the
objectives of the organization, and ensures the systems are developed in accordance with
generally accepted standards for systems development.
d) Management of IT and Enterprise Architecture: an audit to verify that IT
management has developed an organizational structure and procedures to ensure a
controlled and efficient environment for information processing.
e) Client/Server, Telecommunications, Intranets, and Extranets: an audit to verify that
controls are in place on the client (computer receiving services), server, and on the
network connecting the clients and servers.

Compiled by: Daniel M. Lecturer: Accounting and Finance, Arba Minch University Page 17