ACC 302: Principles of Auditing II

Course Outline

i. Audit Planning and Documentation

ii. Knowledge of the Client’s business
iii. Audit Risks Assessment and Planning for Materiality
iv. Audit Evidence and Verification Procedures
v. Audit Documentation: Audit Files and Working Papers
vi. Audit sampling
vii. Audit Report

Topic 1: AUDIT PLANNING AND DOCUMENTATION

CHAPTER CONTENTS

a. Audit Planning
b. Audit Plan Procedures
c. Overall Audit Strategy
d. Audit Planning Memorandum

Learning Outcomes

At the end of the week/module, you should be able to:

a) describe the aims of audit planning;

b) outline the audit planning procedures;
c) Essence of a preliminary engagement
d) Meaning of small entity audit

Introduction

Overall objectives of the independent auditor and the conduct of an audit in

accordance with International Standards on Auditing ISA 200

The primary objective of an independent auditor is to “obtain reasonable assurance”

about whether the financial statements as a whole are free from material misstatement,
whether due to fraud or error. This allows the auditor to give an opinion on whether the
financial statements have been prepared in accordance with the applicable financial
reporting framework.

1.1 Audit Planning Procedures

Audit planning definition: Audit planning refers to the formulation of the general
strategy for audit, which helps to set the audit direction, describes its expected scope
and conduct, as well as provides guidance for the development of the audit programme.
Put differently, it is the design of an audit describing the overall audit strategy and
guidelines to follow while performing the audit. It helps in the successful completion of
the audit process.

Planning for auditing is the initial step in an audit. It helps the auditor efficiently
manage the audit by analysing the prime focus areas, proactive problem management,
and allocating responsibilities to team members.

To conduct an audit effectively and efficiently, the work needs to be planned and
controlled. Meanwhile, the form and nature of the planning required for any audit is
often affected by the size and complexity of the organization being audited, the
commercial environment in which it operates, the methods of processing transactions
and the reporting requirements to which it is subjected.

Key Takeaways from Audit Planning

 An audit plan represents a blueprint for conducting an audit. It addresses why,
when, how, where, and by whom questions associated with audit performance.
 A good audit design identifies all the risks involved in the operations and
employs specific audit procedures to minimize them.
 Successful planning for audit necessitates the cooperation of the management.
Auditor has the authority to question the concerned personnel in case of any
discrepancies.
 Auditors follow more or less the same procedure for auditing most of the
companies by adhering to the standard auditing procedures.

1.2 Audit Plan Process

A plan is a course of action, decided in advance, to achieve a stated goal or objective. A
plan is necessary for each audit so that the auditor can decide in advance what needs to
be done so that (by the required date for completion of the audit) he will be able to
express an opinion on the truth and fairness of the financial statements and achieve the
objectives of ISA 200.

The extent and type of audit work performed is determined largely by the professional
judgement of the auditor. The planning process enables the auditor to apply his
judgement to the circumstances of the particular audit to decide how the audit will be
conducted.

The need for an audit plan (strategy document)

According to the International Standard of Auditing (ISA), an audit plan should be based
on an overall audit strategy. The audit strategy must explain the scope, timing, and
direction of the audit. In addition, strategy formulation depends on the features of audit
engagement like its characteristics, reporting objectives, auditor’s professional
judgment, the outcome of preliminary engagement activities, and the resources
necessary to perform the audit engagement.

According to ISA, in addition to client information, audit planning steps should contain
the description for nature, timing, and extent of:

 Planned risk assessment procedures;

 Programmed further audit procedures at the assertion level;
  Other programmed audit procedures that are required to accomplish so that the
engagement complies with professional standards

Sample of an Audit Plan

Why it is important to Plan our Audit/ Aims of Audit Planning

Adequate planning of an audit work aims at:

i. Establishing the intended means of achieving the objectives of the audit.

ii. Assisting in the direction and control of the assignment.
iii. Helping to ensure that attention is devoted to critical aspects of the audit
assignment.
iv. Ensuring that the task is completed expeditiously.
v. Facilitating review of the audit work.
vi. Helping to assign tasks to the appropriate members of the audit team and
coordinates outside experts.

An Overview of the Audit Planning, Procedures and Documentation

 Audit States/Process/Scope OR Audit Planning Processes Importance/Essence
1 Pre-Audit Before Ascertain the type of Audit The auditor maintains the
Evidence Commencement Documentation from client necessary independence and
(Preliminary company ability to perform the
Assessment) engagement; There are no
Gain Knowledge of the
issues with management
business
integrity that may affect the
Preparations by client
auditor’s willingness to
continue the engagement;
there is no misunderstanding
with the client as to the terms
of the engagement.
2. How to Audit Plan Overall plan Audit Programme is same as
gather AP but more encompassing in
Evidence Audit Programme that it documents what
procedures an auditor will
follow to validate that an
organization is in
conformance with compliance
regulations.
3 Evidence Audit Evidence Internal Controls Account balances,
about Transactions transactions, disclosures, and
what? risks.
Balance
4 Methods Audit Inspection Direction, supervision, and
of Techniques Observation Review
obtaining Enquiry
Evidence Confirmation
Analytical Review
5 Steps in Audit Evaluate Controls
obtaining Procedures Vouching
Evidence Check posting
Check Casting
Ledger Scrutiny
Verification
Valuation
Disclosure
6 Record Audit Papers Audit notebook/working
Evidence papers
7 Evaluate Audit Reports Give Opinion
Evidence

The nature and extent of planning activities will vary according to the size and
complexity of the entity, the auditor’s previous experience with the entity, and changes
in circumstances that occur during the audit engagement.

Planning is not a discrete phase of an audit, but rather a continual and iterative
process that often begins shortly after (or in connection with) the completion of the
previous audit and continues until the completion of the current audit engagement.
However, in planning an audit, the auditor considers the timing of certain planning
activities and audit procedures that need to be completed prior to the performance of
further audit procedures.

For example, the auditor plans the discussion among engagement team members, the
analytical procedures to be applied as well as risk assessment procedure, the obtaining
of a general understanding of the legal and regulatory framework applicable to the
entity and how the entity is complying with that framework, the determination of
materiality, the involvement of experts and the performance of other risk assessment
procedures prior to identifying and assessing the risks of material misstatement and
performing further audit procedures at the assertion level for classes of transactions,
account balances, and disclosures that are responsive to those risks.

1.1.3 Preliminary Engagement Activities (What to do prior to undertaking an

Audit assignment)

The auditor should perform the following activities at the beginning of the current audit
engagement:

a. Consider his responsibilities as laid down in terms of engagement.

b. Familiarize himself with the client’s business and the entire company
c. Obtain a preliminary understanding of the principal features accounting and
internal control systems.
d. Determine and record the audit strategy
e. Where the auditor is to rely on any part or whole of the client’s accounting and
internal control system, he must document in detail a description of the
accounting and internal control systems.
f. Based on e above, he must also critically review and evaluate them.
g. He must discuss any weakness detected in the system.
h. Report and document any weakness observed and detected in the management
letter.
i. Perform procedures regarding the continuance of the client relationship and the
specific audit engagement.
j. Evaluate compliance with ethical requirements, including independence.
k. Establish an understanding of the terms of the engagement.

Essence of the Preliminary Engagement

The purpose of performing these preliminary engagement activities is to help ensure

that the auditor has considered any events or circumstances that may adversely affect
the auditor’s ability to plan and perform the audit engagement to reduce audit risk to an
acceptably low level. Performing these preliminary engagement activities helps to
ensure that the auditor plans audit engagement for which:

i. The auditor maintains the necessary independence and ability to perform the
engagement.
 ii. There are no issues with management integrity that may affect the auditor’s
willingness to continue the engagement.
iii. There is no misunderstanding with the client as to the terms of the engagement.

The Overall Audit Strategy

The Auditor should establish the overall audit strategy for the audit because this would
help to set the scope, timing and direction of the audit, and guide the development of the
more detailed audit plan. The establishment of the overall audit strategy involves:

a) Determining the characteristics of the engagement that define its scope, such as the
financial reporting framework used, industry-specific reporting requirements and the
locations of the components of the entity;

b) Ascertaining the reporting objectives of the engagement to plan the timing of the
audit and the nature of the communications required, such as deadlines for interim and
final reporting, and key dates for expected communications with management and
those charged with governance; and

c) Considering the important factors that will determine the focus of the engagement
team’s efforts, such as determination of appropriate materiality levels, preliminary
identification of areas where there may be higher risks of material misstatement,
preliminary identification of material components and account balances, evaluation of
whether the auditor may plan to obtain evidence regarding the effectiveness of internal
control, and identification of recent significant entity-specific, industry, financial
reporting or other relevant developments.

In developing the overall audit strategy, the auditor also considers the results of
preliminary engagement activities and, where practicable, experience gained on other
engagements performed for the entity.
The process of developing the overall audit strategy helps the auditor to ascertain the
nature timing and extent of resources necessary to perform the engagement.

The overall audit strategy sets out clearly:

i. The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high-risk areas or the involvement of experts on
complex matters;
ii. The number of resources to allocate to specific audit areas, such as the material
locations, the extent of review of other auditors work in the case of group audits,
or the audit budget in hours to allocate to high risk areas;
iii. When to deploy the resources, such as at an interim audit stage or at key cut-off
dates; and
iv. How the resources are to be managed, directed and supervised, such as when
team briefing and debriefing meetings are expected to be held, how engagement
 partner and manager reviews are expected to take place (for example, on-site or
off-site), and whether to complete engagement quality control reviews.

Once the overall audit strategy has been established, the auditor will be able to start the
development of a more detailed audit plan to address the various matters identified in
the overall audit strategy, considering the need to achieve the audit objectives through
the efficient use of the auditor’s resources.
Although the auditor ordinarily establishes the overall audit strategy before developing
the detailed audit plan, the two planning activities are not necessarily discrete or
sequential processes but are closely inter-related since changes in one may result in
consequential changes to the other.

Audits of Small Entities

In audits of small entities, the entire audit may be conducted by a very small audit team.
Many audits of small entities involve the audit engagement partner (who may be a sole
practitioner) working with one engagement team member (or without any engagement
team member). With a smaller team, co-ordination and communication between team
members are easy. Establishing the overall audit strategy for the audit of a small entity
need not be a complex or time-consuming exercise; it varies according to the size of the
entity and the complexity of the audit. For example, a brief memorandum prepared at
the completion of the previous audit, based on a review of the working papers and
highlighting issues identified in the audit just completed, update, and changed in the
current period based on discussions with the owner-manager, can serve as the basis for
planning the current audit engagement.

Changes to Planning Decisions during an Audit

The Overall audit strategy and the audit plan should be updated and changed as
necessary during the course of the audit. Planning an audit is a continual and iterative
process throughout the audit engagement. As a result of unexpected events, changes in
conditions, or the audit evidence obtained from the results of audit procedures, the
auditor may need to modify the overall audit strategy and audit plan and thereby the
resulting planned nature, timing and extent of further audit procedures.

Information may come to the auditor’s attention that differs significantly from the
information available when obtaining audit evidence through the performance of
substantive procedures that contradicts the audit evidence obtained with respect to the
testing of the operating effectiveness of controls. In such circumstances, the auditor re-
evaluates the planned audit procedure, based on the revised consideration of assessed
risks at the assertion level for all or some of the classes of transactions, account
balances or disclosures.

Direction, Supervision and Review

The auditor should plan the nature, timing and extent of direction and supervision of
engagement team members and review of their audit work. The nature, timing and
extent of the direction and supervision of engagement team members and review of
their work vary depending on many factors, including the size and complexity of the
entity, the area of audit, the risks of material misstatement, and the capabilities and
competence of personnel performing the audit work.

Procedures of Audit Planning / Points to Note in Audit Planning

The auditor should consider the outline audit approach he proposes to adopt, including
the extent to which he may wish to rely on internal controls and any aspects of the audit
which need particular attention. He should also consider in his planning, any additional
work which he has agreed to undertake.
Preparatory procedures which the auditor should consider include the following:
1. Preeliminary work to be done in addition to the main audit assignment.
Examples include stock taking, physical cash count, debtors circularization etc.
This would assist the auditor with reviewing matters raised in the audit of the
previous year which may have continuing relevance in the current year.
2. Assess if the is any changes in legislation or accounting practice, and the effects
of any changes in legislation or accounting practice affecting the financial
statements.
3. Reviewing interim or management accounts where these are available and
consulting with the management and staff of the enterprise. Matters to be
considered include current trading circumstances, and significant changes in the
business carried on and in the management of the entity;
4. Identifying any significant changes in the entity’s accounting procedures, such as
introduction of a new accounting software.
5. Identifying any significant changes in the entity’s management composition.
6. Determining the number of audit staff required, the experience and special skills
they need to possess and the timing of their audit visits.
7. Briefing the audit team members about the client company’s affairs and the
nature and scope of the work they are required to carry out;
8. Deadlines established for the submission of audit reports.
9. Notifying the client of the expected date of attendance by the auditor’s staff; and
10. Liaising or consulting with the joint auditors to determine the allocation of the
work to be undertaken and the procedures for its control and review (in the case
of joint audits).

2 POINT TO CONSIDER IN AUDIT PLANNING MEMORANDUM (APM)

It is essential for the auditor to consider the under listed points in their Audit planning
Memorandum
i. Terms of the engagement especially if it is a new/first time engagement,
engagement letter must be prepared while for continued assignment,
engagement letter should be reviewed.
ii. Critical review of audit risk areas.
iii. Presence of internal auditorsThe need for specialists i.e., consider whether there
might be a need for expert help and the involvement of other auditors in group
audits.
 iv. The timing of the audit work
v. The changes of the client’s business since the previous audit
vi. The various decisions taken as a result of the planning process.
vii. The assessment of the internal audit of the client
viii. The briefing instructions to the audit team
ix. The control of the audit, supervision and review of the audit work
x. The staff and time budget.
xi. Setting staff allocation and a fee budget. The budget should be used to control
the time spent on that audit and any major variations (time, both under and
overspent) should be investigated by the manager responsible for the audit.

NOTE: The work of planning is a continuous process throughout the audit. Although the
planning memorandum is prepared before the start of the audit work, it is worth noting
that the planning work does not end there.
 Week 2: 27th May 2024

Topic: KNOWLEDGE OF THE CLIENTS’ BUSINESS

Introduction

Understanding a client's business is a fundamental aspect of providing effective accounting and

consulting services. This knowledge enables accountants and consultants to offer tailored advice,
identify risks, and add value to the client's operations.

Prior to acceptance of an engagement, the auditors should obtain a preliminary

knowledge of the industry and ownership, management, and operations of the
prospective client, sufficient to enable them to consider their ability and willingness to
undertake the audit.

Upon acceptance of an engagement, the auditors should obtain more detailed

knowledge and information sufficient to enable them to plan the audit, develop effective
audit approach and understand the events and practices that will have significant effect
on the financial statement or their audit work.

Why it is necessary to understand the Client’s Business

1. Tailored Services: Knowledge of the client's industry, operations, and market environment
allows for customized advice and solutions.
2. Risk Identification: Understanding the client’s business helps in identifying specific risks and
opportunities.
3. Enhanced Relationships: Demonstrates commitment and builds trust with the client.
4. Effective Communication: Facilitates clearer and more relevant communication with the
client.
5. Compliance and Regulation: Ensures that the client adheres to relevant regulations and
standards specific to their industry.

Components of Knowledge of the Client’s Business

What should be known about the client company include:

1. Industry Knowledge
a. Key players and competitors
b. Industry trends and dynamics
c. Regulatory environment etc., In short, the general economic factors and industry
conditions affecting the entity’s business.
2. Client’s Organizational Structure i.e., The general level of competence of the
management and recent management changes. This will include:
a. Ownership structure
b. Management hierarchy
c. Key personnel and their roles.
3. Operations
a. Core business processes: The auditors’ cumulative knowledge of the accounting
and internal control systems and any expected changes.
b. Products and services offered
c. Supply chain and logistics
 4. Financial Environment i.e., Important characteristics of the entity, its business, its
financial performance, and its reporting requirements; including changes since
the date of the last audit exercise. This will also cover:
a. Revenue streams and profitability
b. Cost structure
c. Financial health and stability
5. Strategic Goals
a. Short-term and long-term objectives
b. Market positioning and competitive strategy:
c. The accounting policies adopted by the entity and changes in those
policies.
d. Innovation and growth plans
6. Risk Environment
a. Operational risks
b. Market risks
c. Regulatory risks i.e., The effect of new legislation, accounting, or auditing
pronouncements; the regulatory framework if any guiding the clients business.

In succeeding periods, the auditors should consider the information gathered

previously and should perform procedures designed to identify significant changes that
have taken place since the last audit.

Methods of Acquiring Knowledge/Sources of Knowledge of the Client’s Business

The auditors can obtain knowledge of the industry and the entity through:

i. Previous experience with the entity and its industry

ii. discussion with people within the entity (for example the junior and senior
managers)
iii. Client Interviews and Meetings
a. Engage with key personnel to understand their perspectives and insights Ex:
discussion with internal audit personnel and review of internal audit reports
b. Regular meetings to stay updated on changes and developments.
iv. discussion with auditors (including predecessor auditors) and with legal and
other advisors who have provided services for the entity or within the industry.
v. discussion with knowledgeable people outside the entity, (for example industry
experts, industry regulators, customers, suppliers, competitors).
vi. Industry Research
a. Stay informed about industry news and trends through journals, reports, and news
articles.
b. Attend industry conferences and seminars.
vii. publications related to the industry (from government, banks and regulators,
financial newspapers), etc. legislations and regulations that significantly affect
the entity.
viii. Site Visits i.e., visits to the entity’s premises and plant facilities.
a. Observe operations firsthand to gain practical insights.
b. Meet with employees across various departments.
ix. Document Review
a. Analyze financial statements, business plans, and internal reports.
b. Review organizational charts and procedural documents.
 c. Internal documents produced by the entity (for example minutes of meetings,
materials sent to shareholders, promotional literature, prior years' annual and
financial reports, budgets, management reports, interim financial reports,
management policies, accounts, job descriptions, marketing and sales plans.
x. Industry-specific guidance.
xi. SWOT Analysis
a. Assess the client’s strengths, weaknesses, opportunities, and threats.
b. Use this analysis to inform strategic advice and risk management.
xii. Benchmarking
a. Compare the client’s performance with industry standards and competitors.
b. Identify areas for improvement and best practices.

Applying Knowledge/Using the Knowledge Gathered about the Client’s Business

1. Risk Assessment and Management

o Identify specific risks based on industry and operational knowledge.
o Develop risk mitigation strategies tailored to the client’s context.
o Assessing risks and identifying problems.
o Planning and performing the audit effectively and efficiently.
o Evaluating audit evidence
2. Strategic Planning and Advice
o Provide recommendations aligned with the client’s strategic goals and industry
conditions.
o Assist in developing business plans and growth strategies.
3. Audit Planning
o Design audit procedures that address the client’s unique risks and operational
aspects.
o Focus on areas of high risk and significant impact.
o Evaluating accounting estimates and management representations.
o Identifying areas where special audit considerations and skills may be necessary
o Identifying related parties and related party transactions
4. Tax Planning and Compliance
o Ensure compliance with industry-specific tax regulations.
o Optimize tax strategies based on the client’s financial and operational profile.
5. Performance Measurement and Improvement
o Develop key performance indicators (KPIs) relevant to the client’s business.
o Suggest improvements based on benchmarking and industry standards.

The audit engagement partner should ensure that assistants assigned to an audit
engagement obtain sufficient knowledge of the business of the entity being audited to
enable them to carry out audit work delegated to them. Such knowledge may be passed
to assistants initially by means of the audit planning memorandum or an audit-briefing
meeting and subsequently during the course of the audit.

In addition, the audit engagement partner must ensure that audit assistants understand
the need to be aware of and to share additional information.
Matters to Consider in Relation to Knowledge of the Clients’ Business

The following matters are to be considered in relation to knowledge of the clients‟

business.

1. General Economic Factors:

a. General level of economic activity (for example growth, recession, etc.)
b. Interest rate and availability of financing
c. Inflation
d. Government’s monetary, fiscal and trade restriction policies
e. Foreign currency rates and control

2. The Industry Conditions Affecting the Clients’ Business. For instance:

a. The market and competition; Cyclical and seasonal activities
b. Changes in product technology
c. Business risk (for example high technology, high fashion, ease of entry for competition)
d. Declining or expanding operations
e. Adverse conditions (for example declining demand, excess capacity, serious price
competition)
f. Key ratios and operating statistics; Specific accounting practices and problems
g. Environmental requirements and problems; Regulatory framework
h. Energy supply and cost
i. Specific or unique practices (for example reacting to labour contracts, financing methods,
accounting methods)
j. Management and Ownership of the Entity
k. Corporate structure – private, public, government
l. Beneficial owners and related parties (local, foreign, business reputation and experience)
m. The relationship between owners, directors, and management
n. Capital structure (including any recent or planned changes) and/or Organization structure
o. Management objectives, philosophy and strategic plans
p. Acquisitions, mergers or disposals of business activities planned or recently executed
q. Sources and methods of financing (current, historical)
r. Board of directors (composition, business reputation and experience, independence from
and control over operating management, frequency of meetings, existence of audit
committee and scope of its activities, existence of policy on corporate conduct, changes in
professional advisors)
s. Operating management (experience and reputation, turnover, key financial personnel and
other status in the organization, staffing of accounting department,
t. incentive or bonus plans as part of remuneration, use of forecasts and budgets, pressures
on management, management information systems)
u. Internal Audit function (existence, quality, etc.)
v. Attitude to internal control environment.

3. The Entity’s Business –Products, Markets, Suppliers, Expenses and Operations:

a. Nature of business (for example manufacturer, wholesaler, financial services,
imports/exports)
b. Location of production facilities, warehouses, offices, etc.
c. Employment (for example by location, supply, wage levels, union contracts, pension
commitments, government regulations)
d. Products or services and markets (for example major customers and contracts, terms of
payments, profit margins, reputation of products warranties, order book, trends,
marketing strategy and objectives, manufacturing processes)
 e. Important suppliers of goods and services (for example long term contracts, stability of
supply, terms of payment, imports, methods of delivery)
f. Inventories (for example location, quantities)
g. Franchises, licenses, patents
h. Important expense categories
i. Research and development
j. Foreign currency assets, liabilities and transactions by currency, hedging
k. Legislation and regulations that significantly affect the entity
l. Information systems (including computerized information systems) – current plans to
change
m. Debt structure, including covenants and restrictions.

4. Financial Performances:
Factors concerning the entity’s financial conditions and Profitability are:
a. Accounting policies
b. Earnings and cash-flow trends
c. Leasing and other financial commitments
d. Availability of lines of credit
e. Off balance sheet finance issues
f. Foreign exchange and interest rate exposures
g. Comparison with industrial trends

5. Reporting Environment:
External influences which affect the directors in the preparation of the financial
statements are:

a. Legislation
b. Regulatory environment and requirements
c. Taxation
d. Accounting requirements
e. Measurement and disclosure issues peculiar to the business
f. Audit reporting requirements
g. Users of the financial statements
h. Communication of Knowledge about the Business

Knowledge of the clients’ business becomes useful to the auditors if it is made known to
the audit team members. The audit engagement partner should therefore ensure that
the audit team obtains such knowledge of the business of the entity being audited as
may reasonably be expected to be sufficient to enable it to carry out the audit work
effectively.

Such information will be provided in the planning documentation, but the partner
should ensure that staff regularly share any subsequent knowledge they have gained
with the rest of the team.

Practice Questions:

1. Why is it important to understand the client’s business in detail?

2. What are the key components of knowledge about a client’s business that accountants
should focus on?
3. How can accountants effectively acquire and apply knowledge of the client’s business in
their practice?
 Week 3: 3rd June 2024

Topic 3: Audit Risks Assessment and Planning for Materiality

Learning Outcomes:

At the end of the week/module, you should:

a) have gained idea of what an audit risk is;

b) have gained knowledge about the components of risks (audit risk model);
c) be able to distinguish between each component of the audit risk;
d) be able to state and describe the sources of each risk type;
e) be able to explain the techniques for assessing Internal Controls for Risk
f) be able to describe the general ways of minimizing audit risk
g) be able to illustrate mathematically how to compute audit risk.

Introduction

Audit risk assessment is a fundamental step in the audit process, as it helps to ensure that auditors
can identify and respond to risks of material misstatement in financial statements. Understanding
and effectively assessing audit risks allows auditors to plan and execute their audits more effectively,
ultimately enhancing the reliability of the audit opinion. There are some levels of risks associated
generally with audit assignments. However, the riskier the nature of the client’s business, the
more work the auditor will have to do before expressing an audit opinion.

What is audit risk?

Audit risk refers to ‘the risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. It is a function of material
misstatement and detection risk.’ It is the probability that the company’s financial
statements contain an error that is material to the company even though the same has
been verified and audited by the company’s auditor without any qualification concerning it.

The audit risk refers to a type of risk in the business in which the auditors may not issue a correct
opinion about the true financial condition of the business. In this type of risk, the auditor may be
unable to point out any misstatement in the financial statement. or unable to identify an important
error or fraud. This will lead to inappropriate audit opinions about the financial statement.

How Audit Risk Arise

It is necessary to understand that Audit risk arises due to various factors like complex
transactions, type of industry, rules and bylaws of the company and transparency of the
management. Most importantly however is that it arises due to two reasons (i.e., mistakes/errors
or a deliberate misstatement) spurring from either the Clients or Auditors or both.

Sometimes even the internal risk control processes fail to identify the frauds. Audit
risk assessment shows that internal control systems are not efficient enough to reflect
misstatements. But the auditors may fail to detect frauds due to nature of the transaction or
limited timing of the audit procedure.
It is important to understand that the auditors may try to minimize and control the risk, but it is
impossible to eliminate it from the system totally. For this reason, the organization must aim for
proper and maximum management of such a risk so that the financial statements would have
reasonable accuracy and reliability.

Source: Audit Risk (wallstreetmojo.com)

In simple terms, Audit risk is defined as the risk of financial statements not being truly
representative of an actual financial position of the organization or a deliberate attempt to
conceal the facts even though audit opinion confirms that statements are free from any
material misstatement. This risk can have a detrimental effect on shareholders, creditors, and
prospective investors.

Risk- based Audit

It is the system of audit used by auditors to concentrate on high-risk clients and on high risks
areas of a client’s business rather than performing detailed audit tests on all areas of a client’s
business. It enables the achievement of cost-effectiveness in audits.

Objectives of Audit Risk Assessment

1. Identify Risks of Material Misstatement: Determine where and how the financial
statements might be materially misstated.
2. Assess the Risks Identified: Evaluate the likelihood and potential impact of these risks.
3. Design Audit Procedures: Develop audit procedures responsive to the assessed risks.

Steps in Audit Risk Assessment

1. Understanding the Entity and Its Environment:

o Industry Factors: Consider industry-specific risks, such as economic conditions,
regulatory environment, and market competition.
o Nature of the Entity: Understand the client's operations, ownership structure, and
governance.
o Objectives and Strategies: Identify business objectives and the strategies used to
achieve them.
o Measurement and Review of Financial Performance: Examine how the client
measures and reviews its financial performance.
 o Internal Control: Assess the design and implementation of the client’s internal
control system.
2. Identifying and Assessing Risks:
o Significant Risks: Identify risks that require special audit consideration, such as those
involving fraud or complex transactions.
o Risk of Material Misstatement: Assess both inherent and control risks to determine
areas that are more likely to contain material misstatements.
3. Performing Risk Assessment Procedures:
o Inquiries of Management and Others: Engage in discussions with the management
team and others within the entity.
o Analytical Procedures: Use analytical procedures to identify unusual transactions or
trends.
o Observation and Inspection: Observe operations and inspect documents and
accounting records.
o Understanding of Internal Control: Evaluate the effectiveness of the entity’s internal
controls.
4. Responding to Assessed Risks:
o Designing Further Audit Procedures: Tailor audit procedures to address the specific
risks identified.
o Nature, Timing, and Extent of audit procedures: Determine the nature (what
procedures to perform), timing (when to perform them), and extent (how much
work is necessary).

Audit Risk Model (Components of Audit Risk)

Audit Risk(AR)=Inherent Risk(IR)×Control Risk(CR)×Detection Risk(DR)

The Audit Risk Model (What constitutes Audit Risk)

The audit risk model breaks audit risk down into three components popularly referred to as the
components of audit risk. These are inherent risk; control risk and detection risk.
1. Inherent risk: This is the susceptibility of an assertion about a class of transaction,
account balance, or disclosure to a misstatement that could be material, either individually
or when aggregated with other misstatements before consideration of any related controls.
In developing the overall audit plan, the auditors should assess inherent risk at the
financial statement level. In developing the audit programme, the auditor should relate
such assessments to material account balances and classes of transactions.

In the absence of knowledge or information to enable the auditors to assess inherent risk
for a specific material account balance or class of transactions, the auditors assume that
inherent risk is high.

To assess inherent risk, the auditors use their experience of the client company from their
previous audits together with professional judgement to evaluate numerous factors,
example of which are:

1. At the financial statement level

a. The integrity of management

b. Management experience, knowledge, and changes in management during the

period. For example, the inexperience of management may affect the preparation of the
financial statements of the entity.
 c. Unusual pressures on management: For example, circumstances that might
predispose management to misstate the financial statements, such as the industry
experiencing many business failures or an entity that lacks sufficient capital to continue
operations.

d. The nature of the entity’s business: For example, the potential for technological
obsolescence of its products and services, the complexity of its capital structure, the
significance of related parties and the number of locations and geographical spread of its
production facilities.

e. Factors affecting the industry in which the entity operates: For example, economic
and competitive conditions as indicated by financial trends and ratios, and changes in
technology, consumer demand and accounting practices common to the industry.

2. At the account balance and class of transactions level

a. Financial statements likely to be susceptible to misstatement: For example, accounts
which require adjustment in the previous period, or which involve a high degree of
estimation.

b. The complexity of understanding transactions and other events which might require the
use of the work of an expert.

c. The degree of judgement involved in determining account balances.

d. Susceptibility of assets to loss or misappropriation: For example, assets which are highly
desirable and movable such as cash.

e. The completion of unusual and complex transactions, particularly at or near period end

f. Transactions not subjected to ordinary processing.

The inherent risk could not be prevented due to uncontrollable factors, and it is also not found in
the Audit.
Example: transactions involving high-value cash amount carry more inherent risk than
transaction involving high-value cheques.

Sources of Inherent Risk:

• Complex business transactions involving derivative instruments.
• Transactions requiring a high level of judgment may lead to the risk of not being
identified.
• Industry having frequent technological developments may expose the firms to technology
obsolescence risk.
• A company that has already misreported certain figures in the past may be more likely to
misreport it again.

2. Control Risk: Control Risk is the risk of error or misstatement in financial statements due
to the failure of internal controls. This is the risk that a misstatement could occur in an
assertion about a class of transaction, account balance or disclosure, and that the
misstatement could be material, either individually or when aggregated with other
misstatements, and will not be prevented or detected and corrected, on a timely basis, by
the entity’s internal control.
After obtaining an understanding of the accounting system and control environment, the auditors
should make a preliminary assessment of control risk for material financial statement assertions.
The preliminary assessment of control risk is the process of evaluating the likely effectiveness of
an entity’s accounting and internal control systems in preventing and correcting materials
misstatements. There is always some control risk because of the inherent limitations of any
internal control system.
The more effective the entity’s accounting and internal control systems are assessed to be, the
lower the auditor’s assessment of control risk. Where the auditors obtain satisfactory audit
evidence from tests of control as to the effectiveness of the accounting and internal control
systems, the extent of substantive procedures may be reduced.
On another hand, the auditors may conclude that the accounting and internal control systems are
not effective. In these circumstances, the auditors plan the audit approach as if they had made an
adverse preliminary assessment of control risk, and sufficient appropriate audit evidence needs to
be obtained entirely from substantive procedures.
When control risk is assessed at less than high, the auditors need to document the basis for the
conclusion. Different techniques may be used to document information relating to accounting and
internal control systems and the assessment of control risk. Selection of a particular technique is a
matter for the auditor’s judgement.

Techniques for Assessing Internal Controls for Risk

Common techniques, used alone or in combination, are:
 Narrative Descriptions
 Questionnaire
 Check lists and;
 Flow charts.

The form and extent of this documentation are influenced by the size and complexity of the entity
and the nature of the entity’s accounting and internal control systems. Generally, the more
complex the entity’s accounting and internal control systems, the more extensive the auditor’s
procedures and the more extensive the auditor’s documentation needs to be.

Example of Control Risk: Failure on the part of management to control and prevent transaction
carried out by staff who is not authorized to carry out those transactions in the first place.

Sources of Control Risk:

1. Failure of management to install proper and effective internal control for financial
reporting.
2. Failure to ensure proper segregation of duties among people responsible for financial
reporting;
3. The non-existence of the culture of proper documentation and filing;

Relationship between the assessment of inherent and control risk

Management often reacts to situations where inherent risk is high by designing accounting and
internal control systems to prevent and detect misstatements and therefore, in many cases,
inherent risk and control risk are highly interrelated.
In such a situation, if the auditors attempt to assess inherent risk and control risks separately,
there is a possibility of inappropriate risk assessment.
As a result, the effects of inherent risk and the preliminary assessment of control risk are often
performed simultaneously.

3. Detection risk
Detection risk is the risk of failure on the auditor’s part to detect any errors or misstatements in
financial statements, thereby giving an incorrect opinion about the firm’s financial statements.

Detection risk can also be referred to as the risk that the procedures performed by the auditor to
reduce audit risk to an acceptably low level will not detect a misstatement that exists and that
could be material, either individually or when aggregated with other misstatements in other
balances or classes.
Regardless of the assessed levels of inherent and control risks, the auditors should perform
some substantive procedures for material account balances and transactions classes.

The higher the assessment of inherent and control risks the more audit evidence the auditors
should obtain from the performance of substantive procedures.

When both inherent and control risk are assessed as high, the auditors need to consider
whether substantive procedures can provide sufficient appropriate audit evidence to reduce
detection risk, and therefore audit risk, to an acceptably low level.

When the auditors determine that detection risk regarding a material financial statement
assertion cannot be reduced to an acceptably low level, the auditors need to consider the
implication for their audit report and may consider whether to withdraw from the engagement.

The auditors’ assessment of the components of audit risk may change during the cause of an
audit, for example information may come to the auditor’s attention (when performing
substantive procedures) that differs significantly from the information on which the auditors
originally assessed inherent and control risks. In such cases, the auditors need to modify the
planned substantive procedures based on a revision of the assessed levels of inherent and
control risks for the relevant financial statement assertions.

Example: Failure by Auditors to identify the company’s continuous misreporting of financial

statements.

Sources of Detection Risk:

1. Poor audit planning, selection of wrong audit procedures on the part of the auditor;
2. Poor interaction and engagement with audit management by Auditor;
3. Poor understanding of the client’s business and complexity of financial statements;
4. Wrong selection of sample size.

Arithmetically, overall risk can be computed using the

formula below:

Overall, the risk is calculated by combining all the above three types
of audit risk assessment using the formula below:

Note that this is what is generally referred to as the “Audit

Risk model”. Therefore;
Audit Risk model = Inherent Risk X Control Risk X
Detection Risk
 Mitigating Audit Risks (How to Minimize Audit Risk)
To successfully reduce the risk of material misstatement in the financial statement, it is essential
to:

1. Enhanced Audit Procedures:

o Substantive Procedures: Tests of details and substantive analytical procedures.
o Tests of Controls: Evaluating the effectiveness of the client’s internal controls.
2. Professional Skepticism: Maintain an attitude of professional skepticism throughout the
audit, being alert to conditions that may indicate possible misstatements.
3. Use of Technology: Leverage audit software and data analytics to identify and assess risks
more effectively.
4. Have a strong Audit team that has sufficient knowledge of the business and transactions
involved. This helps in identifying the areas where risk may exist.
5. Ensure that sufficient time is provided to the team to analyse financials. This will help
the auditors perform thorough testing of transactions, account balance and disclosures.
It will also assist to identify misstatement that led to audit risk assessment.
6. Ensure strong engagement with the management of the client firm to understand
business philosophy and practices.
7. Ensuring proper and adequate sampling techniques is required.
8. Accurately assess the client’s internal control systems to know whether the control is
strong or weak. Proper quality control ensures that the audit is conducted in a
professional manner. The process involves challenging and questioning assumptions
and evidence.
9. Make proper audit planning and selection of Audit procedure.

Summary:

key components of Audit Risk

1. Audit Risk: The risk that the auditor may unknowingly fail to appropriately modify their
opinion on financial statements that are materially misstated.
o Inherent Risk (IR): The susceptibility of an assertion to a material misstatement,
assuming there are no related controls.
o Control Risk (CR): The risk that a material misstatement that could occur in an
assertion will not be prevented or detected and corrected on a timely basis by the
entity's internal control.
o Detection Risk (DR): The risk that the auditor's procedures will not detect a material
misstatement that exists in an assertion.
Types of Audit Risks and how they arise

1. Inherent Risks: Inherent Audit risk arises from the possibility of material misstatements
in financial statements due to inherent risks associated with the nature of the
transaction or limited timing of the audit procedure. It may arise due to the following:
o Complex Transactions: Transactions that are inherently complex or unusual.
o Estimates and Judgments: Areas requiring significant judgment or estimation.
o Susceptibility to Fraud: Situations where there is a higher risk of fraudulent activity.
2. Control Risks: Control risk relates to the risk of misstatements not being prevented,
detected, or corrected by the entity’s internal controls. It considers the effectiveness of
internal controls in mitigating the inherent risks. It may arise due to the following:
o Weak Internal Controls: Inadequate design or implementation of internal controls.
o Changes in Internal Control: Recent changes that might affect control effectiveness.
3. Detection Risks: Detection risk refers to the risk that auditors fail to detect material
misstatements in financial statements during the audit process. The nature, timing, and
extent of audit procedures performed influence it. It may arise due to the following:
o Sampling Risk: The risk that a sample may not be representative of the population.
o Non-Sampling Risk: The risk that the auditor may not detect a misstatement due to
failures in performing the audit procedures correctly.

Practice Questions

 What are the main components of audit risk, and how do they interact?

 Why is it important to understand the client's industry and environment in assessing audit risk?

 How can auditors use analytical procedures in the risk assessment process?
 Week 4: 10th June 2024

Topic 4: Audit Evidence and Verification Procedures

Learning Outcomes
At the end of this module/week, the reader should be able to:
(a) describe the concept of Audit Evidence and be able to give some examples
(b) explain why audit evidence is vital;
(c) state types of Audit Evidence
(d) describe the sources through which audit evidence may be gathered
(e) state the different methods of obtaining evidence
(f) State the essentials of good Audit Evidence
(g) Reliability of Audit evidence and relying on the third-party evidence

Objective

The main aim of this module/session is to provide guidance on what

constitutes audit evidence in the audit of corporate annual reports, the
quantity and quality of audit evidence to be obtained, and the audit
procedures that auditors use for obtaining that audit evidence. Expectation
is that, the auditor would obtain sufficient and appropriate audit evidence to
be able to draw reasonable conclusions on which to base his/her audit
opinion.

NATURE AND SCOPE OF AUDIT EVIDENCE

Introduction

Audit evidence is a critical component of the audit documentation process. It refers to the
information and supporting documentation obtained during the fieldwork phase of an audit.
Audit evidence is essential for auditors to evaluate the reliability of financial information and to
substantiate the significant findings and conclusions derived from the audit.

Definitions of Audit Evidence

 Audit evidence is the information used by the auditor to arrive at conclusions on which the
audit opinion is based. This evidence supports the assertions made in the financial statements
and includes all information, both written and oral, that auditors collect during an audit.
 Audit evidence refers to all the information, whether obtained from audit procedures or
otherwise used by the auditor in arriving at the conclusions on which to base his/her opinion.
 Audit Evidence is the information that the auditor uses in arriving at a conclusion on the
basis of which he forms his opinion.
 Audit evidence consists of both information that supports and corroborates management's
assertions regarding the financial statements or internal control over financial reporting and
information that contradicts such assertions.
 Audit evidence includes both information included in the accounting records underlying the
financial statements and other information. The amount and type of audit evidence differ
from one audit to another based on the business industry, the company's financial system, the
scope of the audit, and the type of audit. Evidence collected by the auditor should support the
contents of his audit report.
“Sufficiency” of audit evidence is the measure of the quantity of audit evidence while
“Appropriateness” of evidence is the quality of the evidence, i.e., its relevance and reliability
to support the auditor’s opinion. Thus, Audit evidence includes information provided in books of
accounts as well as information from other sources.
Examples of auditing evidence – Purchase invoice and material received note prepared by the
store’s department are evidence to support the purchase; bank accounts, management accounts,
payrolls, bank statements, invoices, and receipts are all examples of audit evidence.

Important Note:
 Auditors are not expected to address all information that may exist: In forming the
audit opinion, the auditor does not examine all the information available because
conclusions ordinarily can be reached by using sampling approaches and other means
of selecting items for testing.
 Also, the auditor ordinarily finds it necessary to rely on audit evidence that is persuasive
rather than conclusive.
 However, to obtain reasonable assurance, the auditor is not satisfied with audit
evidence that is less than persuasive.
 The auditor uses professional judgment and exercises professional scepticism in
evaluating the quantity and quality of audit evidence, and thus, its sufficiency and
appropriateness, to support the audit opinion.

Why Audit Evidence is Important?

1. Basis of Auditors’ Opinion: Audit evidence plays a vital role in auditing because it
allows the auditors to justify their conclusions effectively. The opinions expressed by
auditors in their audit reports rely heavily on the quality of the evidence they have
gathered. Moreover, should any disputes arise regarding the audit findings, auditors
depend on the strength and credibility of the audit evidence to substantiate their stance.
2. To ensure accuracy of financial statements: Publicly traded companies audit their
financial statements annually to render stewardship to their investors since the financial
statements contains enormous amount of information that investors use to decide whether
to invest their fund. Therefore, the accuracy of the financial statements is a high priority.
3. To enhance credibility of the client’s financial statement: For the audit opinion to be
credible, the company’s claims about its financial performance must be corroborated
either by external evidence (such as a bank statement) or through an analysis conducted
by the auditors. By exercising their professional judgments, experienced auditors assure
the accuracy of the information provided by the company.

Types of Audit Evidence

There are several types of audit evidence with each type having its specific purpose depending on
the audit’s goal, the client’s objectives, and the assertion being tested. Meanwhile, Audit evidence
can be obtained in various forms. They include the following:
1. Physical Evidence: They are obtained by the auditor through physical inspection of assets. This
involves inspecting tangible assets like inventory, machinery, or other documents, to verify
their existence, condition, or ownership. Physical examination provides direct evidence and
is often documented in audit working papers.
Example: Counting inventory, inspecting fixed assets etc.

2. Confirmation Evidence: This are evidences obtained from independent third parties. They
refer to relying on third parties such as banks to confirm various aspects of the financial
statements (for example, the closing bank balance or accounts payable records).
Confirmation often require the balance confirmations from third parties to ensure that the
clients do not manipulate the balances reflected in the annual reports. The receipt of the
written response directly from third parties to verify the accuracy and authenticity of
different information required by the auditor.
 Example: Confirmation of receivables from customers, bank confirmations.

3. Documentary Evidence: This consists of written documents that support the financial
statements. Here, the Auditors will gather documentation or collect written documents such
as purchase and sales invoice, policy documents of the entity, internal process documents,
emails, or call logs, to help with different portions of the overall audit. All of this could be
internal or external.
Example: Invoices, contracts, bank statements etc. T he auditors may use the documentation
for vouching or tracing a process flow as a part of the audit procedures. Documentary
evidences are more reliable since there will be some proof in writing based on which the
auditor will base his opinion.

4. Analytical Evidence: This are derived from evaluating financial and non-financial information.
It includes any analysis performed by the auditors using their calculations to substantiate
the financial information and any accounting records provided by the client to find
discrepancies. Auditors uses this procedure to derive the required data to know the
correctness of different information. It comprises the usage of comparisons, calculations,
and the relationships between the various data by the auditor.
Example: Ratio analysis and trend analysis.
5. Oral Evidence: Are obtained through discussions and interviews with management and
employees. Auditors may hold question-and-answer sessions with their client’s senior
leadership team to inquire about the business operations when audit planning and
designing the audit procedures.
Example: Inquiries about processes and controls.

6. Observatory Evidence: Auditors may observe various activities or processes of the client
company and its employees during site visits or walkthroughs before making any
conclusion. This allows them to assess the effectiveness of internal controls, compliance
with regulatory requirements, or adherence to specific procedures.
7. Computational Evidence: This are evidences derived from recalculations and verifying
mathematical accuracy. Example: Recalculating depreciation, verifying interest calculations.
Others include:

1. Accounting system: This allows the auditor to access financial reporting documents and any
information related to financial statements. The accounting system may also act as the
source of audit evidence.
2. Re-performance: The auditor assesses the control risk by re-performing key internal
control processes to check for deficiencies.

Sources of Audit Evidence

The audit evidence gathered by the Auditor can be sourced internally and/or externally through:

a. Accounting Records

Accounting records generally include the records of initial entries and supporting records, such
as cheques and records of electronic fund transfers, invoices, contracts, the general and
subsidiary ledgers, journal entries and other adjustments to the financial statements that are
not reflected in formal journal entries, and records such as work sheets and spreadsheets
supporting cost allocations, computations, reconciliations, and disclosures. In addition, the
accounting records may be part of integrated systems that share data and support all aspects of
the entity’s financial reporting, operations, and compliance objectives.

b. Financial Statements Prepared by Management

Management is responsible for the preparation of the financial statements based upon the
accounting records of the entity. The auditor obtains some audit evidence by testing the
accounting records, for example, through analysis and review, re- performing procedures
followed in the financial reporting process, and reconciling related types and applications of the
same information. Through the performance of such audit procedures, the auditor may
determine that the accounting records are internally consistent and agree to the financial
statements.

However, because accounting records alone do not provide sufficient audit evidence on which
to base an audit opinion on the financial statements, the auditor will need to obtain other audit
evidence.

c. Other Sources

Other information that the auditor may use as audit evidence includes minutes of meetings;
confirmations from third parties; analysts‟ reports; information obtained by the auditor from
such audit procedures as inquiry; observation; and inspection; and other information developed
by; or available to; the auditor that permits the auditor to reach conclusions through valid
reasoning.

Verification Procedures

Verification procedures are the specific methods auditors use to gather audit evidence. They
ensure that the financial statements are free from material misstatement and provide a true
and fair view of the entity’s financial position.

Methods of obtaining Evidence

Audit evidence should be sufficient, reliable, and provided from an appropriate source.
Obtaining audit evidence can be collected by different methods, the following are the most
common methods auditors use to get audit evidence:

• Inspection
This is the main method of obtaining audit evidence. This method involves examining all
records, documents, whether internal or external, in paper form, electronic form, or other
media, and physical assets. The source of records and documents provided as audit evidence
considers its reliability. The executed contracts as an example by the company may provide
audit evidence relevant to accounting policies, such as revenue recognition.

• Observation
Observation consists of looking at a process or procedure being performed by others, for
example, the auditor’s observation of inventory counting by the company's personnel, or of the
performance of control activities. Observation is also the main method of audit evidence. In this
method, the auditor obtains the testimony of witnesses, after this auditor can get the pinpoints
of facts.

Observation provides audit evidence about the performance of a process but is limited to the
time the observation takes place.

• Inquiry and Confirmation

Inquiry is the research of information from knowledgeable resources within the entity or
outside the entity. Inquiries may vary from formal written inquiries to informal oral inquiries.
Confirmation consists of responses to inquiries. After true confirmation, the auditor can trust
and audit evidence.

Evaluating responses to inquiries is an essential part of the inquiry process. Responses to

inquiries may provide the auditor with information not previously obtained. In some cases,
responses to inquiries provide a basis for the auditor to modify or conduct additional audit
procedures. Considering some issues, the auditor may consider it necessary to obtain written
representations from management and, where appropriate, those charged with governance to
confirm responses to oral inquiries.

• Computation
Computation is the calculation of the correctness of accounting data. To prove the arithmetical
accuracy of an entity's records, the auditor creates computations independently as another
form of audit evidence. Computations verify the mathematical processes and are used to prove
the calculation of the entity.

• Analytical Review
Analytical review can indicate possible problems with the financial records of a company with
the medium of ratio analysis.

Analytical procedures involve comparisons of different sets of financial and operational

information, to see if historical relationships are continuing forward into the period under
review. In most cases, these relationships should remain consistent over time. If not, it can
imply that the entity’s financial records are incorrect.

Essential Attributes of a Good Audit Evidence

1. Relevance: The evidence must be directly related to the audit objective. However, the
relevancy of any audit evidence depends on the purpose of the audit procedures.
2. Reliability: The source and nature of an evidence must make it trustworthy. Evidence
obtained by the auditor should be persuasive rather than conclusive. We cannot
consider an evidence 100% reliable for forming an opinion. Rather the reliability of the
audit evidence must depend on its source and nature of such evidence.
3. Sufficient: Sufficiency is the measure of quantity. Audit evidence will be deemed
sufficient when they are available in adequate quantity. An auditor applies different
 audit procedures to obtain sufficient audit evidence like test checking. Therefore, the
quantity of an evidence must be enough to support the audit opinion.
4. Timeliness: The evidence should be collected during the appropriate period of the audit.
5. Source: Audit evidence obtained within the entity’s business is known as the internal
source. Evidence obtained from an outside the entity like confirmation from third party
is known as the external source. External sources are deemed to be more reliable than
internal sources.
6. Nature: Can be documentary (like bills, vouchers), visual (like the physical verification of
fixed assets), or oral (confirmation from employees)

Rules of Thumb for Determining the Reliability of Audit Evidence

Below are the rules of thumb that often helps in identifying the appropriateness of Audit
evidence.

1. Written (documentary) evidence is better than testimonial evidence. For instance, Audit
evidence on paper, electronic forms, or other medium (a contemporaneously written
record of a meeting is more reliable than a subsequent oral representation of the
matters discussed).
2. Evidence from external sources is more reliable than internal sources.
3. Original documents are preferable over their photocopies.
4. The auditor should have a good understanding of internal control systems in place in
the organization as it enables him to obtain relevant evidence.
5. Evidence obtained by auditor through direct observation, inspection, physical
verification, and computations are better than the evidence obtained indirectly.

Reliability of Third-Party Evidence

The auditor should determine whether the use of external confirmations is necessary to obtain
sufficient appropriate audit evidence. In making this determination, the auditor should consider
the assessed risk of material misstatement at the assertion level and how the audit evidence from
other planned audit procedures will reduce the risk of material misstatement at the assertion level
to an acceptably low level.
The reliability of audit evidence is influenced by its source and by its nature, and more dependent
on the individual circumstances under which it is obtained.
Accordingly, audit evidence in the form of original written responses to confirmation requested
and received directly by the auditor from third parties who are not related to the entity being
audited, may assist in reducing the risk of material misstatement for the related assertions to an
acceptably low level.

Quiz

 State the important factors that the auditor needs to consider while obtaining
evidence?
Solution to Quiz

Some important factors to consider while obtaining evidence are:

1. Quality of evidence (its relevance, reliability, and appropriateness)

2. The materiality of evidence, i.e., their significance
3. Whether there is a requirement of an audit level of assurance (high) or a review level of
assurance (moderate).
4. The risk involved in making an incorrect conclusion

Using the Work of An Expert

International Standard on Auditing (ISA) 620 (Revised and Redrafted) focuses on “Using the
Work of an Auditor’s Expert”.

Who is an Expert for the purpose of Audit?

Expert – A person or organization, possessing expertise in a field other than accounting or

auditing.

Expertise – Skills, knowledge and experience in a particular profession or specialized occupation.

Auditor’s expert – An expert employed or engaged by the auditor to assist the auditor to obtain
sufficient appropriate audit evidence.

Auditor’s external expert – An auditor’s expert who is engaged, not employed, by the auditor.
An auditor’s external expert is not a member of the engagement team.

Therefore, when using the work performed by an expert, the auditor should obtain sufficient
appropriate audit evidence that such work is adequate for the purposes of the audit.

In a nutshell, an “Expert” means a person or firm possessing special skill, knowledge and
experience in a particular field other than accounting and auditing.

The auditor’s education and experience enable him to be knowledgeable about business
matters in general, but he is not expected to have the expertise of a person trained for or
qualified to engage in the practice of another profession or occupation, such as an actuary or
engineer.

An expert may be:

a) Engaged by the entity;

b) Engaged by the auditor;

c) Employed by the entity; or

d) Employed by the auditor.

When the auditor uses the work of an expert employed by him, that work is used in the
employee’s capacity as an expert rather than as an assistant on the audit. Accordingly, in such
circumstances the auditor will need to apply relevant procedures to the employee’s work and
findings but will not ordinarily need to evaluate for each engagement, the employee’s skills and
competence.

Note
When determining the need to use the work of an expert, the auditor would consider:
i. The engagement team’s knowledge and previous experience of the matter being considered;

ii. The risk of material misstatement based on the nature, complexity, and materiality of the
matter being considered; and

iii. The quantity and quality of other audit evidence expected to be obtained.

Determining the Need for an Auditor’s Expert

If expertise in a field other than accounting or auditing is required to obtain sufficient

appropriate audit evidence, the auditor shall determine whether to use the work of an auditor’s
expert with due consideration to;

1. Nature, Timing and Extent of Audit Procedures

The nature, timing and extent of the auditor’s procedures with respect to the requirements in
the appropriate standards of ISA will vary depending on the circumstances. In determining the
nature, timing and extent of those procedures, matters considered by the auditor shall include:

(a) The nature of the matter to which that expert’s work relates;

(b) The risks of material misstatement in the matter to which that expert’s work relates;

(c) The significance of that expert’s work in the context of the audit;

(d) The auditor’s knowledge of and experience with previous work performed by that expert;
and (e) Whether the expert is subject to the auditor’s firm’s quality control policies and
procedures.

2. The Capabilities, Competence and Objectivity of the Expert

When planning to use the work of an expert, the auditor should evaluate the professional
competence of the expert. This will involve considering the expert’s:
a) Professional certification or licensing by, or membership in, an appropriate professional body
b) Experience and reputation in the field in which the auditor is seeking audit evidence.
c) The auditor should evaluate the objectivity of the expert.

The risk that an expert’s objectivity will be impaired increases when the expert is:
i) employed by the entity; or
ii) related in some other manner to the entity, for example, by being financially dependent upon
or having an investment in the entity.
Hence, the auditor shall evaluate whether the auditor’s expert whose work is to be used has the
necessary capabilities, competence and objectivity for the purposes of the audit. In the case of
an auditor’s external expert, the evaluation of objectivity shall include inquiry regarding
interests and relationships that may create a threat to that expert’s objectivity.

3. Obtaining an Understanding of the Field of Expertise of the Auditor’s Expert

The auditor shall obtain a sufficient understanding of the field of expertise of the auditor’s
expert to enable the auditor to:

(a) Determine the nature, scope and objectives of that expert’s work for the purposes of the
audit.

(b) Evaluate the adequacy of that work for the purposes of the audit.

4. Agreement with the Auditor’s Expert

The auditor shall agree, in writing when appropriate, the following matters with the auditor’s
expert:

(a) The nature, scope and objectives of that expert’s work;

(b) The respective roles of the auditor and that of the expert; and

(c) The nature, timing and extent of communication between the auditor and that expert,
including the form of any report to be provided by that expert.

5. Evaluating the Adequacy of the Auditor’s Expert’s Work

The auditor shall evaluate the adequacy of the auditor’s expert’s work for the purposes of the
audit, including:

(a) The relevance and reasonableness of that expert’s findings, and their consistency with other
audit evidence; and

(b) If significant to the auditor’s use of that expert’s work:

(i) The relevance and reasonableness of the expert’s assumptions and methods; and

(ii) The completeness, relevance and accuracy of source data used by the expert

However, if the auditor concludes that the work of the auditor’s expert is not adequate for the
purposes of the audit, the auditor shall:

(a) Agree with that expert on the nature and extent of further work to be performed by that
expert;
(b) Perform further audit procedures appropriate to the circumstances.

6. Reference to the Auditor’s Expert in the Auditor’s Report

i. The auditor shall not refer to the work of an auditor’s expert in an auditor’s report
containing an unmodified opinion unless required by law or regulation to do so. If such
reference is required by law or regulation, the report shall indicate that the reference
does not diminish the auditor’s responsibility for the audit opinion.
ii. If reference to the work of an auditor’s expert is relevant to an understanding of a
modification to the auditor’s opinion, the auditor’s report shall indicate that such
reference does not diminish the auditor’s responsibility for that opinion.

Key Takeaways

 Audit evidence helps to ensure the auditor’s accuracy and authenticity of the
information provided to him by his client.
 Audit evidence will generally form the basis of an auditor’s opinion.
 The auditor can obtain several types of audit evidence via different sources which must
both be relevant and reliable.
 The evidence can be sought through account records, financial statements and other
sources which can be both internal and external to the client company.
 The type and amount of audit evidence will be dependent on the kind of company being
audited and the scope of audit.
 Audit evidence gathered through external sources are more reliable than if sourced
internally.