ISA 500: What Is Sufficient Appropriate Audit Evidence?
Explore how an auditor's judgment on evidence quality and quantity under ISA 500 forms the essential basis for the conclusions in an audit report.
Explore how an auditor's judgment on evidence quality and quantity under ISA 500 forms the essential basis for the conclusions in an audit report.
International Standard on Auditing (ISA) 500, “Audit Evidence,” dictates that an auditor must obtain enough high-quality evidence to form a reasonable basis for their opinion on a company’s financial statements. This evidence directly influences the final audit report that stakeholders rely upon. The principles within ISA 500 ensure that the audit is conducted with a consistent level of diligence and professional skepticism.
The effectiveness of an audit hinges on collecting what ISA 500 terms “sufficient appropriate audit evidence.” This phrase combines two distinct but interconnected concepts: quantity (sufficiency) and quality (appropriateness). An auditor must satisfy both benchmarks to form a credible opinion, and the interaction between them is dynamic; a higher quality of evidence may mean that a smaller quantity is needed.
Sufficiency refers to the amount of audit evidence gathered. Determining what is “enough” is a matter of professional judgment that varies with each audit. A primary factor is the auditor’s assessment of the risk of material misstatement. If an auditor identifies a high risk in a particular area, they must obtain more evidence, while a lower risk may require less.
Appropriateness is the measure of the quality of audit evidence, broken down into relevance and reliability. Relevance is the logical connection between an audit procedure and the assertion being tested. For instance, inspecting shipping documents and customer-signed delivery receipts for a sample of recorded sales is a relevant procedure for testing if the transaction took place.
Reliability pertains to the dependability of the evidence. Evidence is considered more reliable when it is obtained from independent sources outside the entity, such as a bank statement. Evidence generated internally is more reliable when the company’s internal controls are effective. Furthermore, evidence obtained directly by the auditor is more reliable than evidence obtained indirectly, and documentary evidence is more reliable than an oral response.
Auditors gather evidence to test the specific claims management makes within the financial statements, known as financial statement assertions. These representations are embodied in the financial statements. ISA 500 requires auditors to use assertions to form a basis for assessing risks and designing the audit procedures that will gather evidence.
The first category concerns assertions about classes of transactions and events for the period under audit. For example, to test the Accuracy of sales, an auditor would compare the prices on a sample of invoices to the company’s official price list. This category includes:
A second category covers assertions about account balances at the end of the period. A common procedure here is for an auditor to physically inspect a piece of equipment on the factory floor to provide evidence for the Existence assertion. This category includes:
The final category relates to assertions about presentation and disclosure in the financial statements. An auditor might read the notes to the financial statements to ensure that the details of a significant debt agreement are clearly described and complete. This category includes:
To obtain sufficient appropriate evidence, auditors perform a variety of audit procedures. The selection of these actions is a matter of professional judgment, based on the auditor’s understanding of the entity and its internal controls. Often, a combination of these procedures is used to gather persuasive evidence.
Inspection involves the physical examination of records, documents, or tangible assets. When an auditor reviews contracts or invoices, they are performing an inspection of documents. Physically examining an asset, like a vehicle, provides strong evidence for its existence, though not its value or ownership.
Observation consists of looking at a process or procedure being performed by others. For example, an auditor might watch the company’s employees conduct a physical inventory count. This allows the auditor to directly see how the count is being performed and assess the reliability of the company’s procedures.
External confirmation is the process of obtaining evidence directly from a third party in written form. A common example is when an auditor sends a request to a company’s bank to confirm its account balances and loan details. Confirmations are also used to verify accounts receivable balances with customers.
Recalculation involves checking the mathematical accuracy of documents or records. An auditor might recalculate the depreciation expense for a sample of assets to ensure it aligns with the company’s stated policy. This procedure provides strong evidence regarding the accuracy assertion.
Reperformance is the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. For instance, an auditor might reperform the aging of accounts receivable to test the company’s process for estimating the allowance for doubtful accounts.
Analytical procedures consist of evaluating financial information by analyzing plausible relationships among both financial and non-financial data. An auditor might compare a company’s gross profit margin over several years or against industry averages. An unexpected fluctuation could indicate a potential misstatement that requires further investigation.
Inquiry involves seeking information from knowledgeable persons, both financial and non-financial, inside or outside the entity. An auditor might ask the sales manager about changes in marketing strategies or inquire with the company’s legal counsel about ongoing litigation. Inquiry usually needs to be corroborated with evidence from other procedures.