ACCA Paper F8

AUDIT AND INTERNAL REVIEW INTERNATIONAL

STREAM

Lecture 2: Audit Evidence, Sampling and

Documentation

DATE: Autumn 2008

TUTOR:

Learning Objectives:

At the end of this session, the students should be able to:-

• Describe and illustrate the contents of work plans, work

programs and working papers.
• Describe the nature of documentation required for different
types of assignment.
• Explain the importance of documentation
• Have an understanding of the design and documentation of
the audit program.

Created on 6/6/2010 19:27:00 a6/p6 1

ISA 500 AUDIT EVIDENCE

ISA 500.2 “Auditors should obtain sufficient appropriate audit

evidence to able them to draw reasonable conclusion on which to
base their audit opinion.” Sufficient relates to quantity. Appropriate
relates to quality.

Audit evidence is obtained by performing risk assessment

procedures, tests of controls and substantive procedures. The type
of audit procedure to be performed is important to an
understanding of the application of audit sampling in gathering
audit evidence.

In obtaining audit evidence from tests of control, auditors should

consider the sufficiency and appropriateness of the audit evidence
to support the assessed level of control risk. In test of controls the
auditor needs evidence about the operating effectiveness of the
controls.

In obtaining audit evidence from substantive tests/procedures,

auditors should consider the extent of the evidence together with
any evidence from tests of control to support the relevant financial
statement assertions made by directors.

Created on 6/6/2010 19:27:00 a6/p6 2

The directors are responsible for the production of the company’s
financial statements and also for making assertion about the items
in the financial statements.

The following SIX assertions the director makes:

• Assertions about existence: an asset and liability must exist

at balance sheet. (The key objective is that assets are not
overstated and liabilities are not understated).

• Assertions about the rights and obligation: Entities have legal

or other rights or obligations relating to the assets and
liabilities. The auditor must ensure that it is the business
which owns the assets and liabilities at balance sheet date.

• Assertions about occurrence: A financial or non financial

transaction occurred during the accounting period (Over and
understatement transactions).

• Assertions about completeness: There are no unrecorded

assets or liabilities at balance sheet. The auditor must ensure
there is no under/overstatement of transaction in the Balance
Sheet.

• Assertions about valuation: The assets and liabilities are

recorded at an appropriate value. For all non current assets
this would be initial cost plus increases or minus decreased
in value.

• Assertions about presentation and disclosures: Must be in

accordance with relevant national legislation and accounting
standard.

Created on 6/6/2010 19:27:00 a6/p6 3

 Factors that influence sufficiency include:-

• Risk assessment procedures. The auditor obtains an

understanding of the entity and its environment including
internal controls to assess risk. The main purpose of risk
assessment procedures is to help the auditor obtain an
understanding of the audit client. The procedures will provide
audit evidence relating to the auditor’s risk assessment of a
material misstatement in the client’s financial statements.
The auditor will also obtain initial evidence regarding the
classes of transactions at the client and the operating
effectiveness of the client’s internal controls.

• Nature of the systems

• Materiality of the item
• Experience of the auditor in that area
• Source and reliability of the evidence
• Results of procedures.

Audit evidence should be reliable, relevant and sufficient. If

sufficient, reliable and relevant audit evidence does not exist, an
auditor should seek written management representations. This is a
letter covering general as well as specific issues. The auditors
should not use this as a substitute for other independent evidence
that may be available. The auditor should also confirm that
representations are consistent with other sources of evidence.

Reliability is affected by the following rules:-

• External evidence obtained from outside the entity/company

is more reliable than evidence obtained from within the
entity/company.

Created on 6/6/2010 19:27:00 a6/p6 4

 • Evidence generated and collected by the auditor is more
reliable than evidence obtained from the entity/company.
• Written evidence is more reliable than oral.
• Original evidence is more reliable than copies of the original.

Sufficiency is assessed on the following factors:

• Nature of the business and industry

• Nature and materiality of the items
• Auditor experience of the client and staff
• Financial position of the client.

• Persuasiveness of the evidence.

• Nature of accounting systems and internal control systems.

Relevance of the evidence- the evidence gathered should be

relevant for the work carried out by the auditor.

11 Methods of collecting audit evidence:

1. Observation. This includes physical examination and

witnessing the internal control and bookkeeping procedures.
In respect of internal control, observation will only inform the
auditor that the control was effective at the time of
observation.
2. Inspection of original documents and assets to confirm their
existence. However, if internal controls are poor, the
reliability of this method is limited.
3. Inquiry or requesting information. The reliability of this
method depends on the integrity of the source from which
this inquiry is made.

Created on 6/6/2010 19:27:00 a6/p6 5

 4. Confirmation. Bank letters, account receivables (debtors)
circularisation, management representations, confirmation of
inventory held by third parties. This method has limitations
and the auditor must assess the extent to which he can rely
on these confirmations. Alternatively, the auditor should test
internal controls in this area.

Limitations:-

A bank confirmation letter provides good evidence on the existence

of the company’s bank accounts as the bank has confirmed this
information in writing. A bank letter cannot necessarily be relied on
to provide complete or accurate information. Most banks place a
disclaimer on the letter of ‘errors and omissions excepted’
indicating that the auditor must review this evidence against other
cash and bank evidence obtained.

Accounts receivable letter provides evidence of the existence of the

receivable when a reply is returned from that receivable direct to
the auditor.
It provides evidence on cut-off because sales or cash receipts
recorded in the incorrect accounting period will have to be
reconciled to the balance provided by the receivable. However,
such a circularisation letter does not provide evidence of
completeness of the receivables balance because receivables may
not query balances which are understated. The letter does not
provide evidence of the valuation of the receivables balance
because the receivable cannot be expected to list all outstanding
balances and confirmation of the debt does not mean it will be paid.

Created on 6/6/2010 19:27:00 a6/p6 6

A letter from the third party holding the inventory will provide
evidence of the existence of that inventory because the third party
has confirmed this in writing. However, the letter does not provide
evidence regarding the valuation of the inventory; confirming
something exists does not necessarily mean it is in good condition.

5. Recalculation and re-performance.

6. Analytical Procedures. This involves establishing trends in
financial and non-financial information such as ratio analysis.
This method is used at the audit planning stage to identify
areas of risk and also to gather substantive evidence.
Usefulness depends on reliability of the underlying
information. If there are inherent control weaknesses, the
information obtained from analytical procedures will not be
reliable.
7. Test of controls
8. Detailed testing of transactions and balances.
9. Computer assisted audit techniques (CAATs). CAAT’s include
audit software, test data and embedded audit facilities such
as integrated test facilities (ITF) and systems control and
review file (SCARF).

Advantages of using CAAT’s :-

* Use of the CAAT enables the auditor to meet the auditing
standard requirement of obtaining appropriate audit evidence
and enables the auditor to test the actual accounting records
(the electronic version) rather then relying on printouts or other
copies of the data.
* It is always appropriate for the auditor to test original
documentation
where possible. CAATs enable the auditors to test a large
volume of data, or the operation of the controls in a system,
accurately and quickly. * They are therefore very-cost efficient

Created on 6/6/2010 19:27:00 a6/p6 7

 when operated properly. CAATs reduce the level of human error
in testing and enable a very high level of audit evidence to be
derived.
* Embedded audit facilities allow continuous review of the
client’s systems.

Disadvantages of CAAT’s

• CAATs are expensive to set up and require the co-operation

of the client. It is usually necessary for a continuing audit
relationship to be present before it is worth committing the
audit resources.
• Major changes in client systems often require major changes
in CAATs, which is expensive.

10. Management representations. These are a form of

audit evidence contained in a letter, written by the
company’s directors and sent to the auditor, just prior to the
completion of audit work and before the audit report is
signed.

Representations are required for two reasons:

(i) So that the directors can acknowledge their collective

responsibility for the preparation of the financial statements and to
confirm that they have approved those statements.

Created on 6/6/2010 19:27:00 a6/p6 8

(ii). To confirm any matters, which are material to the financial
statements where representations are crucial to obtaining sufficient
and appropriate audit evidence.

Obtaining representations does not mean that other evidence does

not have to be obtained. Audit evidence must still be collected and
the representation should be used to support that evidence. Any
contradiction between sources of evidence should be investigated.

ISA 530 Audit Sampling and other means of testing.

Audit sampling is defined as the application of audit procedures to

less than 100% of the population to enable the auditor to evaluate
audit evidence about some characteristic of the items selected in
order to form or assist in forming a conclusion concerning the
population.

Statistical sampling involves the use of techniques from which

mathematically constructed conclusions regarding the population
can be drawn.

Non statistical sampling results should not be extrapolated over the

population as the sample is unlikely to be representative of the
population.

When designing the size and structure of an audit sample, auditors

should consider the specific audit objectives, the nature of the
population and the sampling and selection methods.

Created on 6/6/2010 19:27:00 a6/p6 9

When determining sample size, the auditor should consider the
sampling risk, the amount of the error that would be acceptable
and the extent to which errors are expected.

Sampling risk arises from the possibility that the auditor's

conclusion may be different from the conclusion that would be
reached if the entire population were subjected to the same audit
procedure.

Sample size is affected by the level of sampling risk that the auditor
is willing to accept.

There are two types of sampling risks:-

• The risk of incorrect acceptance - the risk that material

misstatement is assessed as unlikely, when in fact the
population is materially misstated.
• The risk of incorrect rejection - the risk that material
misstatement is assessed as likely, when in fact the
population is not materially misstated.

Tolerable error is the maximum error in the population that

auditors are willing to accept and still conclude that the audit
objective has been achieved. For substantive tests, tolerable
error is related to the auditor's judgment about materiality. In
compliance tests, it is the maximum rate of deviation from a
prescribed control procedure that the auditor is willing to accept.

There are four commonly used sample selection methods:

Statistical Sampling Methods

Created on 6/6/2010 19:27:00 a6/p6 10

  (i). Random sampling - ensures that all combinations
of sampling units in the population have an equal chance
of selection.


 (ii). Systematic sampling - involves selecting sampling

units using a fixed interval between selections, the first
interval having a random start. Examples include Monetary
Unit Sampling where each individual monetary value (e.g.,
£1) in the population is given an equal chance of selection.
As the individual monetary unit cannot ordinarily be
examined separately, the item which includes that
monetary unit is selected for examination. This method
systematically weights the selection in favour of the larger
amounts but still gives every monetary value an equal
opportunity for selection. Another example includes
selecting every 'nth sampling unit.

Non Statistical Sampling Methods

 (iii). Haphazard sampling - in which the auditor selects

the sample without following a structured technique,
however avoiding any conscious bias or predictability.
However, analysis of a haphazard sample should not be
relied upon to form a conclusion on the population


 (iv). Judgmental sampling - in which the auditor places

a bias on the sample (e.g., all sampling units over a certain
value, all for a specific type of exception, all negatives, all
new users, etc.). It should be noted that a judgmental
sample is not statistically based and results should not be
extrapolated over the population as the sample is unlikely
to be representative of the population.

Created on 6/6/2010 19:27:00 a6/p6 11

ISA 230: DOCUMENTATION (Working paper file)

This ISA states that auditors should document in their working

papers matters that are important in supporting the Auditors
Report.

- Working papers should provide evidence on how the audit

procedures were performed and how it is concluded.
- Auditors should record in their working papers their
reasoning on all significant matters that require the exercise
of judgement and their conclusions thereon.
- The auditor should maintain confidentiality and custody of
the working papers.

The Purpose of documentation:-

• To control current year work.

• Record the work.
• Evidence of work carried out.
• Verification.
• Briefing for next audit.

Two main types of documentation:-

1. The Permanent File

Includes:-

• Statutory documents.
• Company rules and regulations.
• Letter of Engagement.

Created on 6/6/2010 19:27:00 a6/p6 12

 • Legal documents (e.g. debenture deeds, leases, loan
agreements etc).

2. The Current Audit file:

Includes:-

• Copy of last year’s Audited Financial Statements.

• Audit Programme & Checklist.
• Accounts schedule (Working Papers).
• Minutes.
• Copy of Management letter
• Copy of Letter of Representation.
The auditor should record who performed the work on which date
and who reviewed the work on which date.
Documents should be retained for at least 5 years from the date of
the audit report.

Types of Documentation:-

• Narrative Notes
• Flow Charts
• Questionnaires
• Checklists

Created on 6/6/2010 19:27:00 a6/p6 13

Created on 6/6/2010 19:27:00 a6/p6 14