Audit evidence is all the information used by the auditor in arriving at the conclusions on which his opinion is based and includes the information contained in the procurement records and other information. It is obtained from audit procedures performed during the course of audit and may include audit evidence obtained from other sources such as pervious audits and a firm’s quality control procedures for client acceptance and continuance.
Essentials of Good Audit Evidence
ISA 500 requires that ‘the auditor should obtain sufficient audit evidence to be able to draw reasonable conclusions on which to base the audit opinion.
Sufficient and appropriate audit evidence.
a) Sufficient relates to the quantity of evidence.
The sufficiency of audit evidence is the measure of the quantity of audit evidence. The quantity of audit evidence required is affected by the auditor’s assessment of the risks of material misstatement and also by the quality of such audit evidence.
The factors to consider when evaluating whether the expectation can be developed sufficiently to identify a misstatement that may cause the procurement records to be materially misstated are:
- The accuracy with which the expected results of analytical procedures can be predicted
- The degree to which information can be disaggregated
- The availability of the information
b) Appropriate relates to the quality (relevance and reliability) of the evidence
The appropriateness of audit evidence is the measure of the quality of it, that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based.
i) Relevance: Relevance of audit evidence should be considered in relation to the overall audit objective of forming an opinion and reporting on procurement records. It therefore refers to the ability of the evidence to assist the auditor in testing management assertions.
ii) Reliability: Reliability of audit evidence refers to the credibility of that evidence. Credibility is influenced by its source and its nature. For example, information may be more reliable when obtained from independent sources outside the entity; controls over the preparation of the information to ensure its completeness, accuracy and validity; comparability of information.
The auditor will need to consider testing the controls, if any, over the preparation of information used in applying analytical procedures. When such controls are effective, the auditor will have greater confidence in the reliability of the information, and therefore in the results of analytical procedures.
Sources of Audit Evidence
i) Internal source
The main internal sources of audit evidence include the data of procurement electronic system, stock-taking materials, internal control system, procurement
managers, procurement employees, other primary or supporting documentation of the audited entity etc.
ii) External source
The main external sources of audit evidence include the data from third parties, i.e. suppliers, customers, bankers, legal advisers and other parties who have knowledge of the enterprise.
Common procurement audit evidence
- Purchase Orders: Document initiating the acquisition of materials and services
- Purchasing manual: Policies and procedures of the organization regarding purchasing
- Vendor lists: Lists of authorized vendors to contact for purchasing
- Purchase file: List of outstanding purchase orders
- Receiving documents: Indication of goods received, this should reconcile to purchase orders
- RPQ’s or RFP: Requests for price quotation/Request for proposals, documents asking vendors to bid on particular item
- Advertisements and solicitation letters: General requests to all vendors to bid on a particular item or service
- Vendor Proposals: Offers from vendors in response to RPQ’s and other
- Vendor Catalogs: Listing of the products and the prices at which vendors offer products and services
- History file: Recordings of past vendor activity
- Adjustments and write-offs: Changes made to purchase order and other documents
- Purchase file totals: Totals over items in the purchasing file, independently maintained totals, or both.
Use of Assertions in Generating Audit Evidence
Management is responsible for the fair presentation of procurement records that reflect the nature and operations of the entity. In representing that the procurement records give a true and fair view (or are presented fairly, in all material respects) in accordance with the applicable procurement and financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and disclosure of the various elements of procurement records and related disclosures.
The auditor should use assertions for classes of transactions, account balances, and presentation and disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and the design and performance of further audit procedures. The auditor uses assertions in assessing risks by considering the different types of potential misstatements that may occur, and thereby, designing audit procedures that are responsive to the assessed risks.
Assertion used by the auditor fall into the following categories:
i. Assertions about classes of transactions and events for the period under audit, which include;
- Occurrence – transactions and events that have been recorded have occurred and pertain to the entity,
- Completeness – all transactions and events that should have been recorded have been recorded,
- Accuracy – amounts and other data relating to recorded transactions and events have been recorded appropriately,
- Cutoff – transactions and events have been recorded in the correct procurement period, and
- Classification – transactions and events have been recorded in the proper accounts.
ii. Assertions about account balances at the period end, which include;
- Existence – assets, liabilities, and equity interests exist,
- Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the obligations of the entity,
- Completeness – all assets, liabilities and equity interests that should have been recorded have been recorded, and
- Valuation and allocation – assets, liabilities and equity interests are included in the procurement records at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.
iii. Assertions about presentation and disclosure, which include;
- Occurrence and rights and obligations – disclosed events, transactions, and other matters have occurred and pertain to the entity,
- Completeness – all disclosures that should have been included in the procurement records have been included,
- Classification and understandability – financial information is appropriately presented and described, and disclosures are clearly expressed, and
- Accuracy and valuation on financial and other information are disclosed fairly and at appropriate amounts.
Procedures/ Methods/Techniques of Obtaining Procurement Audit Evidence
Techniques of audit are the methods or means adopted by an auditor for the collection and evaluation of audit evidences for his audit work.
Inspection: Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a physical examination of an asset. An example of inspection used as a test of controls is inspection of records for evidence of authorization.
Observation: Observation consists of looking at a process or procedure being performed by others, for example, the auditor’s observation of inventory counting by the entity’s personnel, or of the performance of control activities. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place, and by the fact that the act of being observed may affect how the process or procedure is performed
External confirmation: An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.
Inquiry: Inquiry consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity.
Recalculation: Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically
Re- performance: Re-performance involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control.
Analytical procedures: Analytical procedures consist of evaluations of financial information through analysis of plausible relationships among both financial and non-financial data to identify consistency and predicted patterns or significant fluctuations, unexpected relationships and results of
Source: BR Professional Education. (2013). Auditing and assurance, CPA study text
An auditor’s expert is an individual or organization who has expertise in a field other than procurement, auditing or procurement, whose work in that field is used by the auditor to assist the auditor in obtaining sufficient appropriate audit evidence. An auditor’s expert may be an auditor’s internal expert (partner or staff, including temporary staff, of the auditor’s firm or network firm) or an auditor’s external expert.
Management’s expert is an individual or organization having expertise in a field other than procurement, auditing or procurement, whose work in that field is used by the entity to assist the entity in preparing the procurement records Situations where the auditor may require work of an expert/specialist
a) The legal interpretation of contracts, laws and regulations
b) Valuations of certain types of assets e.g. precious stones, minerals and buildings
c) Actuarial valuation e.g. for pension funds
d) When measuring the work to be completed in construction contracts.
Factors Considered Before Relying on the Work of the Expert
The auditor should consider;
- The skills and competence of the expert. The auditor should consider this by examining the expert’s professional qualifications, licenses or membership of an appropriate professional body. The experience and reputation of the expert in the field in which the auditor is seeking evidence is very important.
- Objectivity and independence of the expert. The auditor should consider whether the expert is independent from the client. The risk of independence being impaired increases where the expert is employed by the client. In such cases he owes his loyalty to the client because there exists a financial relationship.
- The source of the data used by the expert in arriving at his opinion. If the source of the data can be regarded as reliable, then the auditor can reasonably use the work of the expert as audit evidence.
- The assumptions and methods used. The auditor should consider whether the methods used by the expert in arriving at his opinion are appropriate to the circumstances. He should also obtain an understanding of those assumptions and methods to determine that they are reasonable based on the auditor’s knowledge of the client’s business and the results of his other audit procedures.
Using the Work of Internal Audit
The external auditors need to evaluate and perform audit procedures on the work done by internal auditors that they might be able to use, in order to determine its adequacy.
The evaluation includes the following:
a) Whether the work was done by internal auditors having adequate technical training and proficiency
b) Whether the work was properly supervised, reviewed and documented
c) Whether adequate audit evidence was obtained to allow the internal auditors to draw reasonable conclusions
d) Whether the conclusions reached are appropriate and any reports are
consistent with the results of the work done
e) Whether any exceptions or unusual matters disclosed are properly resolved
The nature, timing and extent of the audit procedures performed on specific work of the internal auditors will depend upon the external auditor’s assessment of the risk of material misstatement of the area concerned, the evaluation of internal audit and the evaluation of the specific work of the internal auditors. It may not be possible to rely on the work of internal auditors if they:
– Are not competent (this relates to experience as well as qualifications);
– Lack integrity;
– Do not properly plan or document their work, or if management does not act on (or at least respond to) recommendations made;
– Do not perform work relevant to the external auditor.
(ii) It will also not be possible to rely on internal audit if internal audit is insufficiently independent within the organisation, i.e. where internal auditors have insufficient operational freedom, where they are reporting to those who control the functions that they work on, or where they are reporting on their own work.
Factors to Consider When Evaluating Internal Audit Function
Before deciding whether to rely on the work of the internal audit function with the intention of reducing audit procedures the external auditor should evaluate the internal audit function to determine the scope of the function, its independence and hence how much reliance can be placed on the work that it carries out. The external auditor can only rely on the work of the internal auditor as one element of the internal control system.
In evaluating this function, the external auditor should consider the following factors:
a) Organization status
Since internal audit function is part of the entity it cannot be totally independent. To boost its independence, the status of the function within the organization should be such that the internal auditor reports to the highest level of management. The internal auditor should also be free of any other operating responsibility such as performing accounting functions, which may conflict with his role as an independent watchdog of controls and operations of the entity. There should be no restrictions placed upon his work by management. Such restrictions could impair the effectiveness of the function.
b) Scope of the function
The external auditor should ascertain the nature and depth of coverage of internal audit assignments. He should also ascertain whether management considers and acts upon internal audit recommendations. Where the recommendations are not acted upon this represents a weakness in the function and hence the level of reliance should consequently be reduced.
c) Technical competence
The external auditor should ascertain whether internal audit work is performed by persons having adequate technical training and proficiency as auditors. Qualifications and experience of the internal audit staff should be considered.
d) Due professional care
The external auditor should ascertain whether internal audit work appears to be properly planned, supervised, reviewed and documented. Exercise of due professional care is evidenced by the existence of adequate audit manuals, work programs and working papers.
e) Internal audit reports
The external auditor should consider the quality of the internal audit reports prepared and submitted for management action. He should ascertain whether management considers, responds to and acts upon internal audit reports and whether there is evidence to prove that action.
f) Level of resources available
The external auditor should consider whether internal audit has adequate resources to be able to carry out their duties effectively. Such resources would include staff and computer facilities.