Please enjoy this excerpt from Professor James Crockett’s self-study book entitled The Audit Risk Formula available here on YellowBook-CPE for 3.5 hours of CPE credit. In this chapter, he discusses types of audit evidence.
There are several different lists of types of audit evidence contained in the audit literature. The following is my attempt to capture all the types of audit evidence in a general listing of broad categories.
Physical evidence is evidence produced by auditors’ senses, i.e., evidence gained from seeing, touching, and maybe even hearing, smelling, or tasting. When auditors see or touch something, they know that item exists.
Whether that item has the qualities it is represented to have may sometimes be confirmed or disproved by the sound made when it is struck, the odor it emits or the way it tastes.
Remember audit evidence is anything that causes an auditor to get closer to knowing that assertions are true. Physical evidence is usually a very persuasive form of evidence.
Arithmetical evidence is produced by auditors performing arithmetical calculations, i.e., “crunching numbers.” Auditors often need evidence that numbers reflecting such things as the value of inventory or pension fund liability have been properly computed.
Auditors first make sure that the data and assumptions used by the preparer are appropriate then do the arithmetical calculations themselves and compare their numbers to those used by the preparer. Arithmetical evidence is confirming. Auditors can prove the accuracy of numbers given the assumptions used and the proper application of math. Two plus two always equals four.
However, assumptions used by preparers are very important. I am familiar with a legal case in which accountants and other experts were asked to compute the liability of one party to another in a civil suit. Both sides of the case had their experts submit numbers. Given the written contract between the parties, undisputed history, and projections of future events, the range of the liability projections ran from $6.8 million to $470.8 million – an astonishing $464 million difference.
The differences were entirely attributable to different interpretations of the contract and assumptions about future events. Of course, the plaintiff’s experts came up with relatively high numbers and the defendant’s experts proposed relatively low numbers! Is anyone surprised?
Analytical evidence is produced by drawing conclusions from valid comparisons (data interrelationships). Remember the postulate that states: “In the absence of clear evidence to the contrary, what has held true in the past for the enterprise under examination will hold true in the future.”
Given this postulate, it should take very strong evidence to the contrary that an audited expense item that has ranged from $19,000 to $21,000 over the prior three years should appear on the latest financial statement as either $100,000 or $1,000. Given no dramatic change in the entity’s business, auditors would form an expectation that the expense reflected in the financial statement for the current year would be fairly close to $20,000. Something must have changed dramatically to make either $100,000 or $1,000 appear reasonable to auditors.
While performing analytical review or “analytics,” auditors would discover this unexpected change. Then they would secure other evidence as to the validity of the reported expense figure.
Notice that the analytical evidence itself does not provide enough information to show that the reported figure is valid or invalid. The analytical evidence simply says that the figure does not appear to be reasonable and therefore substantial evidence is needed to accept or reject the figure. If, however, the figure reported for this year was $20,000, it would appear reasonable, and auditors could be satisfied with less or less weighty evidence to accept the figure as valid.
Testimonial evidence is secured as auditors talk to people, ask relevant questions (inquire), and get answers orally (oral evidence) from which auditors draw conclusions.
Oral evidence is the least weighty type of audit evidence and it usually needs to be corroborated by one or more other forms of evidence. (A former federal prosecutor told me that more innocent people have been sent to jail based on eyewitness testimony than any other kind of evidence!) Oral evidence is the most common form of evidence auditors secure.
Auditing involves a lot of talking to people. When I teach auditing, I tell students that being a good auditor requires being able to ask the right questions to the right people in the right tone of voice.
Asking the right questions requires auditors to do their homework and plann the audit properly. The right person is someone considered reliable and, who by virtue of their position, is knowledgeable enough and has the authority to answer the question properly. Asking in the right tone of voice helps to assure persons being queried that auditors are not their adversaries.
I am familiar with a situation where an auditor asked the right question to an honest person who unknowingly gave a flawed answer because he lacked knowledge about the matter. The auditor had asked the right question to the wrong person. The auditor accepted the incorrect response, and this led to chagrin later as the audit report had to be withdrawn.
Documentary evidence is a type of audit evidence developed by auditors as they examine documents.
One of the main sources of documentary evidence is the entity’s accounting information system (ledgers and journals). But there are numerous other internal and external sources of documentary evidence auditors must rely on to achieve their audit objectives related to financial representations and other matters.
There are four types of documents that may produce evidence with various levels of quality:
1) documents produced and retained by the entity under audit,
2) documents produced by the entity’s system that circulate outside the entity’s system and return to the entity’s system where they are retained,
3) documents that are produced by another organization that enter the entity’s system and are retained,
4) documents that are produced by other organizations or by the auditor and never enter the entity’s system.
Documents that are produced and retained by the entity are generally subject to its internal controls. Examples include journal vouchers, payroll records, and documents produced when materials are transferred from inventory to production. The better the design and functioning of the control system the higher the quality of the documentary evidence it produces. Nevertheless, documents produced and retained internally generally produce a low form of documentary evidence because they may be manipulated by the entity. Theoretically, auditors cannot perform audits relying wholly on evidence secured from internally generated and controlled documents (internal documents).
Documents may be produced by the entity and circulated outside the entity before they are returned to the entity and become a part of its records. Such documents may be marked some way by the external party indicating their agreement with what is recorded on the documents. The marking by the external party is sometimes called “cleansing.” It is difficult for the entity to manipulate this type of document. This type of document may be subjected to the entity’s internal controls before it leaves the entity and when it returns to the entity. Since the information on the retained documents has been attested to by an outside party, the evidence produced by examining such documents is generally considered to be of higher quality than that secured from internal documents. The classic example of such documents is the canceled check (internal/external documents).
Documents may be produced by an external party and flow into the entity’s system where they are retained. Such documents are usually subjected to the entity’s internal controls when they enter its system. This type of document is difficult to manipulate because the entity generally has nothing to do with its production. The evidence produced by examining this type of document is considered to be of a higher quality than that produced by examining either internal or internal/external documents. A good example of this type of document is a purchase order received from a customer (external/internal documents).
Examination of documents produced by a third party that flow directly from the third party to the auditor and never get into the entity’s system generally produces documentary evidence of the highest quality. Documents of this type are never subjected to the entity’s internal controls. For this potential source of audit evidence to be reliable, auditors must be able to assume that the document was submitted to the auditor by a person (or system) with the requisite knowledge, integrity, and authority to ensure that the information contained in the document is accurate. This assumption is generally made in the absence of evidence to the contrary. Confirmations of receivables and bank balances are examples of sources of this type of documentary evidence (external evidence).
Documenting Testimonial Evidence
Interviews, actions, and documents can be recorded electronically. Once accessed, the information can be printed out, listened to, or viewed to produce documentary, oral, or physical evidence. Some electronic information may not be retrievable after a certain period of time if the information is not backed up. Auditees should be advised to properly backup information that auditors may need in a manner that will allow it to be accessed.
Client representations are sometimes listed as a type of audit evidence. Such representations may be made orally (in which case they may be better characterized as oral testimony evidence) or they may be in writing (in which case they may be characterized as written testimony evidence). The same is true with third-party representations, which is sometimes referred to as a type of evidence..
A word needs to be said about the confusion in the audit literature about types of audit evidence and audit procedures, tests, or audit techniques. (This is a hang-up of mine!)
Audit procedures, tests, and techniques are often said to be forms or types of audit evidence. One widely used audit text lists physical examination, confirmation, documentation, analytical procedures, inquiries, recalculation, re-performance, and observation as types of audit evidence.
All of these are actually audit techniques that produce evidence. That is, they help auditors make decisions as to the validity of assertions.
In reality, evidence is what influences auditors’ minds concerning assertions, not what is done to produce that influence. The following examples explain what I mean:
Analytical procedures, for example, ratio analysis, provide analytical evidence as to reasonableness.
Inquiry produces either testimony (oral) evidence or documentary evidence, depending on whether the inquiry is answered orally or in writing.
Inspection (sometimes called physical examination) of items, records, or documents produces either physical evidence or documentary evidence.
Observation produces physical evidence.
Confirmation produces either documentary evidence or oral evidence depending on whether the auditor’s request for information is answered in writing or orally.
Recalculation is a mathematical technique that produces arithmetical evidence. Re-performance is a technique that requires the auditor to accomplish the same procedure the entity did to arrive at what is being subjected to verification. Re-performance provides either arithmetical or analytical evidence.
The term ‘documentation’ is particularly troublesome in the audit standards
The audit procedure documentation involves inspection of the entity’s documents and records, and it produces documentary evidence. The term documentation is also used in audit literature in regard to what auditors reduce to writing in accomplishing their work. This involves such things as planning documents, developing expectations used in analytical review, and recording the results of interviews with entity personnel.
Documents and physical things are sometimes (and better) referred to as evidential matter. They are not evidence in and of themselves.
I feel better now!
The following are additional audit procedures or techniques that are used to secure evidence:
Tracing – Involves selecting information from original source documents which should have been recorded in the accounting records and by using information in the accounting system determining whether the information was in fact recorded correctly. Tracing produces documentary evidence.
Vouching – Involves starting with an entry in the accounting records and by using information in the accounting system finding and examining the original source of the information to determine whether the entry was made properly. This technique is the opposite of tracing and it is sometimes called retracing. Vouching usually produces documentary evidence.
Reconciliation – This is a very powerful technique by which auditors take information from different sources (such as accounting records and bank statements) and make sure the information jibes. It should be possible to make the balance in the cash in bank account (when adjusted for unrecorded accurate information on the bank statement) agree with the balance on the bank statement (when adjusted for accurate information recorded in the cash account). Reconciliation produces documentary evidence.
Account Analysis – This technique is used in financial audits and it involves vouching for every entry to an account made during the period under audit to original source documents. It is used to audit accounts that have material balances but few entries such as depreciable equipment, and it produces documentary evidence.
Autopsies of some major frauds have revealed that young inexperienced auditors were intimidated by older and more experienced fraudsters. As a young auditor, I was convinced by a manager of a theater that I simply didn’t understand why a reconciliation of ticket sales to cash deposits would not work. I finally gave up and accepted the manager’s explanation that I couldn’t really understand.
After doing many other similar reconciliations it finally dawned on me that I had made a mistake in the theater audit. (Things that are supposed to be reconcilable must always reconcile or there is something wrong.) Now, I warn my students about more experienced people who may try to intimidate them.
I also tell (senior and graduate) students that they are smart people who can understand, or they would never have progressed so far as accounting majors. The take-away is that auditors should never quit a quest for evidence until the auditor understands what really happened.
Two categories of audit procedures
Audit procedures can be classified into two categories: Risk assessment procedures and further audit procedures, which are subdivided into tests of controls, substantive tests, and dual-purpose tests.
- Tests of controls are procedures employed to evaluate the design and functioning of control systems.
- Substantive tests are procedures to directly evaluate the validity of representations (assertions).
- Dual-purpose tests are procedures designed to test the functioning of the control system and to test the validity of representations at the same time.
The types of audit procedures listed above are used in performing both tests of controls and substantive tests.
Data Analytics and Big Data
In baseball, football and basketball sophisticated computer algorithms are being used to analyze large data sets (Big Data) and the results are changing the way the games are played. We now know that the risks associated with stealing bases are usually not worth taking. That going for it on fourth and short is more productive than trying a field goal in most cases and that, although 3-point shots carry more risk of a miss than 2-point shots, the expected payoff usually makes the risk worth taking.
Basically, the same thing is happening in auditing, at least in large organizations with well-designed and maintained data bases. Auditors need to be aware of the nature of audit analytics and be prepared to learn more so they can design and use those powerful tools in situations where such use can be efficient and appropriate.
Data analysis (analytics) has been defined as a process of inspecting, cleansing, transforming, and modeling data with the goal of discovering useful information, informing conclusions, and supporting decision-making.
Data analysis has multiple facets and approaches, encompassing diverse techniques under a variety of names, and is used in different business, science, and social science domains. In today’s business world, data analysis plays a role in making decisions more scientific and helping businesses operate more effectively.
In auditing, data analytics is especially useful in assessing risk. That is, analytics makes it possible to access entire data bases, even multiple data bases, to mine the data to discover key characteristics and relationships. This makes it easy to identify high risk areas, for example outliers and unexpected relationships such as unusual debit-credit combinations. Fictitious or fraudulent entries are often made on weekends or holidays.
Data analytics can be tailored to highlight all such entries. Many other examples could be cited such as payments to vendors not on approved vendors lists and lack of correlation of things expected to correlate and correlation of things not expected to correlate.