Show
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada. 1051
Sufficient appropriate audit evidence must be obtained to provide a reasonable basis to support the conclusion(s) expressed in an assurance engagement report. This section explains
Auditors shall obtain sufficient appropriate audit evidence to provide a reasonable basis to support the conclusion(s) expressed in the assurance engagement report. [Nov-2011]
The concepts of sufficient (quantity) and appropriate (quality) in relation to evidence are interrelated. Auditors use professional judgment and exercise professional skepticism to determine the quantity and quality of audit evidence (OAG Audit 1041 and OAG Audit 1042), and thus its sufficiency and appropriateness to support the assurance engagement opinion and/conclusion and/or report. Ordinarily, auditors find it necessary to rely on audit evidence that is persuasive rather than conclusive. In gathering and evaluating audit evidence, auditors cannot be satisfied with audit evidence that is less than persuasive. The quantity of evidence is sufficient if, when taken as a whole, its weight is adequate to provide persuasive support for the contents of the assurance engagement report. For evidence to be appropriate, the information must be relevant, reliable, and valid. In exercising professional judgment, auditors should ask themselves whether the collective weight of the evidence that exists would be enough to persuade a reasonable person that the observations and conclusions are valid, and that the recommendations are appropriate. Important factors to consider in making these judgments include
We use one or more types of audit procedures to obtain audit evidence. When selecting audit procedures, it is reasonable to take into account the relationship between the cost of obtaining the audit evidence and the usefulness of the information obtained. Consequently, in forming the assurance engagement opinion/conclusion and/or report, auditors are generally not required to examine all the information available because they can ordinarily reach conclusions using sampling and other means of selecting items for testing. The following rules of thumb have proven helpful in judging the appropriateness of evidence:
The Office balances different types of audit evidence to perform an audit that is both effective and efficient. If sufficient appropriate audit evidence has not been obtained, follow the guidance in OAG Annual Audit 1022 on determining the need for additional audit procedures, and consider the impact on the opinion based on the overall objectives of the auditor as set out in OAG Annual Audit 1011. Sources of audit evidenceRecords from a single source often do not provide sufficient audit evidence on which to base an audit opinion, so auditors obtain additional audit evidence. For example, accounting records are verified by performing audit procedures to test their attributes through, for example, analysis and review, re-performance, and reconciliation. Through the performance of such audit procedures, the auditor may determine that the accounting records are internally consistent and agree with the financial statements. More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. For example, corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally, such as evidence existing within records, minutes of meetings, or a management representation. Information that auditors may use as audit evidence includes
Relevant audit evidenceRelevance refers to the extent to which the information bears a clear and logical relationship to the audit criteria and objectives. Relevance also refers to the relationship of evidence to its use. The information used to prove or disprove an issue is relevant if it has a logical, sensible relationship to that issue. Information that does not is irrelevant and, therefore, should not be included as evidence. Reliable audit evidenceReliability concerns whether there is a likelihood of coming up with the same answers when either the audit test is repeated or information is obtained from different sources. This means that a measurement or evidence-gathering process is more reliable when repeated measures or performances of the process produce the same result or a consistent result that is minimally affected by measurement errors (or a random distribution of measurement errors). When using entity-produced information, an evaluation should be undertaken to ascertain whether the information is sufficiently reliable for the auditor’s purpose, including, as required by the circumstances, obtaining audit evidence concerning the accuracy and completeness of the information and evaluating the sufficiency of the precision and detail of the information for the auditor's purpose. If the reliability of information is in doubt, the audit team modifies the audit procedures as necessary to resolve the issues. An engagement rarely involves the authentication of documentation, nor are auditors trained or expected to be experts in such authentication. However, the reliability of information to be used as audit evidence is considered. This is of particular relevance where original documentation may not be readily available and engagement teams may be provided only with scanned or digitized copies, for example, when entities use a shared service centre. In such circumstances, engagement teams need to assess the adequacy and reliability of such documents as appropriate audit evidence. While recognizing that exceptions may exist, the reliability of audit evidence often increases when it is obtained from independent sources outside the entity. Corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence generated internally, such as evidence existing within the entity's records, minutes of meetings, or a management representation. Regarding communications from third parties, the more important the evidential nature of the communication, the more important it is to have a signed original. For example, for annual audits, a confirmation from a lender with respect to a significant loan transaction is more reliable when we receive it in original form or in electronic form through Capital Confirmation Inc. Confirmation.com (CCI) (see guidance in OAG Annual Audit 7054). Other audit evidence is not acceptable in other than original form, such as certain management representations and other important evidence of a similar nature. We need to apply professional skepticism throughout the entire audit process and our skepticism needs to extend to the reliability of information and audit evidence obtained. This includes, but is not limited to, considering and, where relevant, obtaining further evidence as to reliability. The nature and extent of additional audit procedures necessary is a matter of professional judgment and depends on the engagement circumstances. Some examples of procedures designed to obtain evidence about reliability of information and/or audit evidence, include the following:
AuthoritativenessInformation obtained from an expert, knowledgeable, objective, and external source is usually considered more reliable than that obtained from within the audited organization. Relying on the work of others as evidenceSee OAG Audit 6034 Evaluation of the work of the internal auditors for guidance. |