ISA 500 Audit Evidence is one of the International Standards on Auditing. It serves to guide the auditor on obtaining audit evidence through the application of an appropriate mix of tests of control systems and substantive tests of transaction and balances.
It requests the auditor to obtain 'sufficient' and 'appropriate' audit evidence in order to draw reasonable conclusions on which to base the audit opinion.
The auditor considers reliability of audit evidence collected. For instance, audit evidence is more reliable when it exists in documentary form rather than subsequent oral representation of the matters. Auditors consider reliability of information but involve little authentication of evidence.
It is stated in ISA 315 (paragraph A.124) that the auditor should use assertions for classes of transactions, account balances, and presentation and disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and the design and performance of further audit procedures.
The auditor uses assertions in assessing risks by considering potential misstatements that may occur, and thereby designing audit procedures that are responsive to the particular risks.
Assertions used by the auditor fall into the following categories:
(a) Assertions about classes of transactions and events for the period ended:
(b) Assertions about account balances at the period end:
(c) Assertions about presentation and disclosure:
The assertions are not individually assessed but quite often at the same time. For example, to ensure completeness of electricity expense, the auditor ensures the 12 months of payments were booked. Since the client may record the bills paid on a cash basis, electricity expense of a month of previous basis period might be entered in the current year. Electricity expense of last month of current year might be recorded next year. If the monthly fluctuation is immaterial, the auditor always ignore the cut-off issue. In case where electricity is a material expense, the auditor considers preparing adjustments for year ended cut-off purpose so that the profit or loss would not be materially misstated.
Methods or techniques of audit evidence gathering are classified in 7 categories: 1. Inspection This involves physical examination of supporting accounting documentation, contracts, records and board of director minutes. It also includes physical examination of the assets. This enables the auditor to verify the existence but not necessarily ownership and valuation of assets. 2. Observation This involves looking at a process or procedure being performed by others. For instance, observation of payment of wages and salaries, physical count of inventory or opening of mail. This helps the auditor to have an assurance whether official procedures are followed 3. Inquiry Inquiry consists of seeking information of knowledgeable person inside or outside the entity. It may range from formal written inquiry to oral inquiries.
Confirmation consists of corroborating evidence from third parties with the internal evidence. For instance the auditor may verify accounts receivables by circularizing the debtors. 4. Confirmation (audit) 5. Re-performance 6. Analytical procedures 7. Recalculation, it means to check the mathematical accuracy of the figures in the book, for e.g; Reculation of Accruals and Prepayments This involves analysis of significant accounting ratios and trend performance including investigations of fluctuations that occur between the current financial performance with the previous one and check whether other information is consistent with such relationship.
For example, the auditor perform vouching to ensure such electricity expense occurred and whether correct amount was booked. The auditor compares electricity expense of current and last year to see whether there are fluctuations. If there are huge fluctuations, the auditor may examine electricity together with rental expense, water expense to find out reasons.
The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations. The act, Pub. L.Tooltip Public Law 107–204 (text)(PDF), 116 Stat. 745, enacted July 30, 2002, also known as the "Public Company Accounting Reform and Investor Protection Act" and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" and more commonly called Sarbanes–Oxley, SOX or Sarbox, contains eleven sections that place requirements on all U.S. public company boards of directors and management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.
Financial statements are formal records of the financial activities and position of a business, person, or other entity.
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.
A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.
An auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit, as an assurance service in order for the user to make decisions based on the results of the audit.
Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial Statement Audit, commonly abbreviated as SAS 99, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in October 2002. The original exposure draft was distributed in February 2002. Please see PCAOB AS 2401.
Information technology controls are specific activities performed by persons or systems to ensure that computer systems operate in a way that minimises risk. They are a subset of an organisation's internal control. IT control objectives typically relate to assuring the confidentiality, integrity, and availability of data and the overall management of the IT function. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC includes controls over the hardware, system software, operational processes, access to programs and data, program development and program changes. IT application controls refer to controls to ensure the integrity of the information processed by the IT environment. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches.
An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.
Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).
Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework, such as the Generally Accepted Accounting Principles (GAAP) which is the accounting standard adopted by the U.S. Securities and Exchange Commission (SEC).
Audit evidence is evidence obtained by auditors during a financial audit and recorded in the audit working papers.
Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.
In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.
Sampling risk is one of the many types of risks an auditor may face when performing the necessary procedure of audit sampling. Audit sampling exists because of the impractical and costly effects of examining all or 100% of a client's records or books. As a result, a "sample" of a client's accounts are examined. Due to the negative effects produced by sampling risk, an auditor may have to perform additional procedures which in turn can impact the overall efficiency of the audit.
Fraud deterrence has gained public recognition and spotlight since the 2002 inception of the Sarbanes-Oxley Act. Of the many reforms enacted through Sarbanes-Oxley, one major goal was to regain public confidence in the reliability of financial markets in the wake of corporate scandals such as Enron, WorldCom and Waste Management. Section 404 of Sarbanes Oxley mandated that public companies have an independent Audit of internal controls over financial reporting. In essence, the intent of the U.S. Congress in passing the Sarbanes Oxley Act was attempting to proactively deter financial misrepresentation (Fraud) in order to ensure more accurate financial reporting to increase investor confidence. This same concept is applied in the discussion of fraud deterrence.
Management assertions or financial statement assertions are the implicit or explicit assertions that the preparer of financial statements (management) is making to its users. These assertions are relevant to auditors performing a financial statement audit in two ways. First, the objective of a financial statement audit is to obtain sufficient appropriate audit evidence to conclude on whether the financial statements present fairly, in all material respects, the financial position of a company and the results of its operations and cash flows. In developing that conclusion, the auditor evaluates whether audit evidence corroborates or contradicts financial statement assertions. Second, auditors are required to consider the risk of material misstatement through understanding the entity and its environment, including the entity's internal control. Financial statement assertions provide a framework to assess the risk of material misstatement in each significant account balance or class of transactions.
Substantive procedures are those activities performed by the auditor to detect material misstatement or fraud at the assertion level.
In accounting, reconciliation is the process of ensuring that two sets of records are in agreement. It is a general practice for businesses to create their balance sheet at the end of the financial year as it denotes the state of finances for that period. Reconciliation is used to ensure that the money leaving an account matches the actual money spent. This is done by making sure the balances match at the end of a particular accounting period.
XBRL assurance is the auditor's opinion on whether a financial statement or other business report published in XBRL, is relevant, accurate, complete, and fairly presented. An XBRL report is an electronic file and called instance in XBRL terminology.
An entity-level control is a control that helps to ensure that management directives pertaining to the entire entity are carried out. These controls are the second level to understanding the risks of an organization. Generally, entity refers to the entire company.