Good Audit Evidence

by Kara M. Curtis, CPA, Audit Manager

Posted on August 18, 2022

As the nature of business and technology continues to advance, audits are also changing and developing. Auditors use professional judgment and professional skepticism to determine if evidence is sufficient and appropriate. Usually when you think of audit evidence, you may think of an invoice or a bank statement. However, audit evidence can be any information used by the auditor in arriving at the audit opinion. The auditor applies comprehensive procedures to audit evidence to come to that conclusion. But, with so much information available, how do we determine what is good audit evidence?

Because not all evidence is equal, there is now a new standard that helps auditors evaluate the attributes of that information. In July 2020, the American Institute of Certified Public Accountants (AICPA) released a new auditing standard: Statement on Auditing Standards (SAS) No. 142, Audit Evidence. This standard defines what audit evidence is and provides guidance to auditors to determine how to evaluate that information using attributes. SAS No. 142 also discusses the use of automated tools and techniques in auditing. This standard is effective for audits of financial statements for periods ending on or after December 15, 2022.

Prior to SAS No. 142, the focus was on designing and performing sufficient and appropriate audit procedures, but now the emphasis will be on evaluating the audit evidence obtained. While the standard does not offer step-by-step procedures, it does provide auditors important principles to use when evaluating evidence.

When evaluating audit evidence, auditors will take into consideration the source, relevancy, and reliability of the information, as well as the authenticity and susceptibility to management bias. The auditor should also evaluate whether the information is sufficiently precise and detailed for the auditor’s purpose and if the audit evidence is accurate and complete. Lastly, the auditor must determine whether the information corroborates or contradicts assertions in the financial statements.

So what does all this mean for you? Most firms have already incorporated the principles of SAS No. 142 into their day-to-day client requests, so you are probably already noticing it. Most of the visible changes relate to how information is being requested. Any documentation provided to the auditor that may be subject to alteration may be requested using another method. For example, the auditor may request read-only access to your accounting system to download reports directly, or the auditor may want to observe you downloading bank statements directly from your banking institution. In addition, rather than just having internal control process discussions, auditors may need to observe a process in action or review documentation of the process occurring. Your auditor may also ask for information in a different format than usual to use automated tools and techniques (which may reduce the number of transactions sampled).

Auditing services will continue to evolve, but these standard principles provide a solid framework for whatever is to come. More information on the Statement on Auditing Standards (SAS) No. 142, Audit Evidence can be found on the AICPA website.

For a print-ready version of this article: Click here