Post on 03-Jan-2016
Presented by
David B. Crawford, CIA, CCSA, CPA
Justina A. Crawford, MA, BMEJDEnterprises
crawfordjd@earthlink.net
2
Definition of EvidenceDefinition of Evidence• Any information used by the auditor to determine
whether the information being audited is stated in accordance with the established criteria.
Why Audit Evidence:Why Audit Evidence:Support for Elements of Audit FindingsSupport for Elements of Audit Findings
• Criteria
• Condition
• Cause
•Effect
•Recommendation
3
Characteristics of EvidenceCharacteristics of Evidence
• Use
• Nature
• Evaluator
• Certainty of conclusions derived
• Nature of conclusions
• Consequences of incorrect conclusions
4
Audit Evidence DecisionsAudit Evidence Decisions
• What type of evidence– What audit procedure to use– When to perform the procedure
• How much evidence– What sample size to select for the procedure– What items to select from the population
5
Audit Procedure & Audit Procedure & Audit ProgramAudit Program
• AUDIT PROCEDURE is a detailed set of instructions for the collection of a type of audit evidence that is to be obtained at some time during the audit
• AUDIT PROGRAM is list of audit procedures for an audit
6
Evidence StandardsEvidence Standards
• IIA Standard 2310 Identifying Information– Internal auditors should identify sufficient,
reliable, relevant, and useful information to achieve the engagement objectives.
• GAAS Third Standard of Field Work– Sufficient, competent evidential matter is to be
obtained…..to afford a reasonable basis for an opinion…..
7
IIA Standards: Evidence TermsIIA Standards: Evidence Terms(Practice Advisory 2310-1: Identifying Information)(Practice Advisory 2310-1: Identifying Information)
• Sufficient – factual, adequate, convincing so that a prudent, informed person would reach same conclusion
• Competent – reliable and best attainable through use of appropriate …techniques
• Relevant – …is consistent with the objectives of the engagement
• Useful – helps the organization meet its goals
8
Competence (Reliability) Competence (Reliability) of Informationof Information
• The degree to which evidence is considered believable or worthy of trust
• Established solely by the audit procedure selected– Cannot be improved by increasing sample size
or selecting different items in sample– Can only be improved by selecting an audit
procedure with higher quality of one or more of seven characteristics of competence
9
Seven Characteristics of Seven Characteristics of Competence of InformationCompetence of Information
• Relevance
• Independence of provider
• Effectiveness of auditee’s internal controls
• Auditor’s direct knowledge
• Qualifications of person providing the info
• Degree of Objectivity
• Timeliness
10
Sufficiency of EvidenceSufficiency of Evidence
• Quantity of evidence determines sufficiency
• Determined usually by size and composition of the sample (items selected for testing)
• Appropriate sample size usually determined by – Expectations of error or misstatement– Effectiveness of internal controls
11
Types of EvidenceTypes of Evidence• Physical examination
• Confirmation
• Documentation
• Analytical procedures
• Inquiries of client
• Reperformance
• Observation
Cost of EvidenceCost of Evidence• Auditor’s goal is to obtain a sufficient amount
of competent evidence at the lowest possible total cost (usually equates to direct audit hours)
12
Relationship Between Standards, Types of Relationship Between Standards, Types of Evidence, and Audit ProceduresEvidence, and Audit Procedures
• Standards - broad guidelines for the accumulation and documentation of evidence
• Types of evidence – broad categories of evidence available to auditors to satisfy standards
• Audit Procedures –specific instructions for accumulating a type of evidence to meet audit objectives
13
Physical ExaminationPhysical Examination• The inspection or count by the auditor of a
tangible asset
• To be a tangible asset the item examined must have inherent value; inventory item, cash, fixed asset, etc.
Pros & ConsPros & Cons• Pros– Direct evidence of existence– Highly reliable
• Cons– Not sufficient to establish ownership– Not sufficient to establish value
14
ConfirmationConfirmation• The receipt of written or oral response from an
independent third party verifying the accuracy of information that was requested by the auditor
• Use of confirmations depends upon– Reliability needs to meet audit objective– Availability of alternate evidence
Types of ConfirmationsTypes of Confirmations• Positive
– Blank– Information included
• Negative
15
DocumentationDocumentation
• The examination of client documents and records to substantiate the information that is being audited
• Usually the most available type of evidence
• May be the only type of evidence that can reasonably be obtained by the auditor
• Two types – Internal or External
16
Reliability of DocumentationReliability of Documentation
• External
• Internal– Good internal control– Poor internal control
17
Analytical ProceduresAnalytical Procedures
• Use comparisons and relationships to determine whether data appears reasonable
• Uses include– Planning and final working paper review stages
of an audit
– Understand the auditee’s operations
– Indicate the presence of errors or fraud
– Reduce detailed audit tests
18
Use of Analytical Procedures Use of Analytical Procedures during Fieldworkduring Fieldwork
(Practice Advisory 2320-1: Analysis & Evaluation)(Practice Advisory 2320-1: Analysis & Evaluation)
• Factors to consider– Significance of area being examined
– Adequacy of internal control
– Availability and reliability of information
– Precision with which results of analytical procedures can be predicted
– Availability and comparability of like external information
– Other procedures that already provide support for objectives
19
InquiryInquiry
• Obtaining of written or oral information from the client in response to questions from the auditor
• Generally, must be corroborated through the application of other audit procedures
20
ReperformanceReperformance
• Rechecking of computations, such as– extensions and
– footings
• Rechecking of transfers of information, such as – movement of a transaction through the information
system (manual or electronic)
– the accumulation of information in a bank reconciliation
21
ObservationObservation
• Use of sight to assess activities
• Usually must be supported by corroborating evidence obtained through another audit procedure
22
Competence of Types of EvidenceCompetence of Types of Evidence
• Depends upon the design and effectiveness of internal controls
• A single type of evidence is rarely sufficient by itself
• There is usually a correlation between the level of competence of evidence and its costs to produce
23
Cost of EvidenceCost of Evidence
• Expensive– Physical examination– Confirmation– Documentation
• Moderately expensive– Analytical procedures– Reperformance (manual)
• Less expensive– Inquiries of client– Observations– Reperformance (CAAT)
24
Documentation Evidence Documentation Evidence Gathering TechniquesGathering Techniques
• Read – examination of written info to determine facts pertinent to audit
• Examine - reasonably detailed study of document or record to determine specific facts about it
• Trace – to follow the movement of a document & its info from origination to recording
• Compare – make a comparison of info in two different places
• Vouch – to validate a recorded transaction or amount by examining the originating document or record
25
Analytical Procedures Evidence Analytical Procedures Evidence Gathering TechniquesGathering Techniques
• Scan – A less detailed examination of a document or record to determine whether there is anything unusual warranting further attention
• Compute – A calculation done by the auditor independent of the client
26
Reperformance Evidence Reperformance Evidence Gathering TechniquesGathering Techniques
• Recompute – a calculation done by the auditor to determine if the client’s calculation is correct
• Foot and Cross foot – addition of columns and rows of numbers to determine that totals are the same as the client’s
27
Physical Examination Evidence & Physical Examination Evidence & Observation Evidence Observation Evidence Gathering TechniquesGathering Techniques
• Count – a determination by the auditor of the
quantity of assets on hand at a given time. Only
associated with Physical Examination type of
evidence
• Observe – visually monitoring an activity by the
auditor to obtain info. Only associated with
Observation type of evidence
28
Inquiries of Clients Evidence Inquiries of Clients Evidence Gathering TechniquesGathering Techniques
• Inquiry – a written or verbal question of the client about information pertinent to the audit
29
Special Considerations for Special Considerations for Electronic EvidenceElectronic Evidence
• Risk Areas– Authentication
– Integrity
– Authorization
– Nonrepudiation
• Audit Approach– Test of Controls
– Combined Test of Controls and Substantive Tests
30
Test of I/S ControlsTest of I/S Controls
• General Controls– Segregation of incompatible functions– Lifecycle controls
• Application Controls– Access controls– Audit trails– Retention
• Security– Archiving– Encryption– Electronic signatures & digital certificates– Management and audit trails
Type of Evidence Matrix
31
32
SUMMARYSUMMARY
• Characteristics
• Types
• Reliability versus Cost
• Electronic Transactions
33
Working Papers: Working Papers: Audit DocumentationAudit Documentation
IIA Standard 2330: IIA Standard 2330: Recording InformationRecording Information
Internal auditors should record relevant information to support the conclusions and engagement results.
34
Working Papers DefinitionWorking Papers Definition
• The record kept by the auditor of the – planning done,– procedures applied, – the test performed, – the information obtained, – the analysis made, – the conclusions reached, – the supervision performed, and – the observations made and reported in the engagement.
35
Uses of Working PapersUses of Working PapersIIA Practice Advisory 2330-1IIA Practice Advisory 2330-1
Recording InformationRecording Information
• Provide support for engagement report
• Aid in planning, performance, and review of the engagement work
• Document that the engagement objectives are achieved
• Aid in the professional development of the internal auditing staff
36
Uses of Working PapersUses of Working Papers (cont’d) (cont’d)
• Demonstrate compliance with the Standards for the Professional Practice of Internal Auditing
• Facilitate third-party review
• Provide basis for evaluating quality assurance program
• Provide support when reports are challenged
37
Examples of Working PapersExamples of Working Papers
• Planning working papers
• Fieldwork working papers
• Report working papers
• Review working papers
38
Planning Working PapersPlanning Working Papers
• Organization data• Control questionnaires• Flowcharts• Risk assessment results• Important documents• Policies and Procedures• Planning Memorandum• Audit Program
39
Fieldwork Working PapersFieldwork Working Papers
• Lead schedules
• Abstracts
• Notes
• Supporting schedules
• Copies of documents
• Memos
40
Reporting Working PapersReporting Working Papers
• Summary of Potential Report Items
• Draft Report
• Memos
• Client action plan
• Final Report
• Distribution list
41
Review Working PapersReview Working Papers
• Manager review checklist
• Quality Assurance review checklist
• Director Sign-off sheet
42
Working Paper Characteristics Working Paper Characteristics
• ID of the engagement• Purpose of working paper• Content of working paper• Source of content• Preparer initials and date• First level reviewer initials and date• Conclusion• Index or reference number • Appropriate cross-referencing• Audit verification symbols (tick marks)
43
Working Paper PresentationWorking Paper Presentation
• Detailed schedule
• Abstract
• Memo
• Copies of client documents
• Interview notes
• Externally received documents
44
Helpful WebsitesHelpful Websites
www.utsystem.edu/AUD
www.theiia.org
www.gain2.org