FAZE PROCESA REVIZIJE

ROMNEY
OVERVIEW OF THE AUDIT PROCESS
All audits follow a similar sequence of activities. Audits may be divided into four
stages: planning, collecting evidence, evaluating evidence, and communicating audit
results. Figure 11-1 is an overview
of the auditing process and lists many of the procedures performed within each of
these stages.
AUDIT PLANNING Audit planning determines why, how, when, and by whom the audit
will be performed. The first step is to establish the audit’s scope and objectives. For
example, an audit of a publicly held corporation determines whether its financial
statements are presented fairly. In contrast, an internal audit may examine a specific
department or a computer application. It may focus on internal controls, financial
information, operating performance, or some combination of the three.
An audit team with the necessary experience and expertise is formed. They become
familiar with the auditee by conferring with supervisory and operating personnel,
reviewing system documentation, and reviewing prior audit findings.
An audit is planned so the greatest amount of audit work focuses on the areas with
the highest risk factors. There are three types of audit risk:
1. Inherent risk is the susceptibility to material risk in the absence of controls. For
example, a system that employs online processing, networks, databases,
telecommunications, and other forms of advanced technology has more inherent risk
than a batch processing system.
2. Control risk is the risk that a material misstatement will get through the internal
control structure and into the financial statements. A company with weak internal
controls has a higher control risk than one with strong controls. Control risk can be
determined by reviewing the control environment, testing internal controls, and
considering control weaknesses identified in prior audits and evaluating how they
have been rectified.
3. Detection risk is the risk that auditors and their audit procedures will fail to
detect a material error or misstatement.
To conclude the planning stage, an audit program is prepared to show the nature,
extent, and timing of the procedures needed to achieve audit objectives and
minimize audit risks. A time budget is prepared, and staff members are assigned to
perform specific audit steps.

TURNER
During the planning phase of an audit, the auditor must gain a thorough understanding of the company’s
business and financial reporting systems. In doing so, auditors review and assess the risks and controls related
to the business, establish materiality guidelines, and develop relevant tests addressing the assertions and
objectives (presented earlier). A process map of the planning phase of the audit is presented in Exhibit 7-5.
The tasks of assessing materiality and audit risk are very subjective and are therefore typically performed by
experienced auditors. In determining materiality, auditors estimate the monetary amounts that are large
enough to make a difference in decision making. Materiality estimates are then assigned to account balances
so that auditors can decide how much evidence is needed. Transactions and account balances that are equal to
or greater than the materiality limits will be carefully tested.
Those below the materiality limits are often considered insignificant (if it is unlikely that they will impact
decision making) and therefore receive little or no attention on the audit. Some of these items with immaterial
balances may still be audited, though, especially if they are considered areas of high risk. Risk refers to the
likelihood that errors or fraud may occur. Risk can be inherent in the company’s business (due to such things as
the nature of operations, the nature of data available, the economy, or management’s strategies), or it may be
caused by weak internal controls.
Auditors need to perform risk assessment to carefully consider the risks and the resulting problems to which
the company may be susceptible. There will always be some risk that material errors or fraud may not be
discovered in an audit. Accordingly, each risk factor and the materiality estimates are important to consider in
determining the nature and extent of audit tests to be applied.
A big part of the audit planning process is the gathering of evidence about the company’s internal controls.
Auditors typically gain an understanding of internal controls by interviewing key members of management and
the IT staff. They also observe policies and procedures and review IT user manuals and system flowcharts. They
often prepare narratives or memos to summarize the results of their findings. In addition, company personnel
may be asked to complete a questionnaire about the company’s accounting systems, including its IT
implementation and operations, the types of hardware and software used, and control of computer resources.
The understanding of internal controls provides the basis for designing appropriate audit tests to be used in
the remaining phases of the audit. Therefore, it is very important that the auditor understand how complex its
clients’ IT systems are and what types of evidence may be available for use in the audit.
The process of evaluating internal controls and designing meaningful audit tests is more complex for
automated systems than for manual systems. Using just human eyes, an auditor cannot easily spot the
controls that are part of an automated (computer) system. In recognition of the fact that accounting records
and files often exist in both paper and electronic form, auditing standards address the importance of
understanding both the automated and manual procedures that make up an organization’s internal controls.
In addition to their increasingly complex automated systems, many large and medium‐size business
organizations are becoming more challenging to audit due to the abundance of data that exists. Many modern
businesses have a growing number of transactions with an expanding network of external parties, resulting in
a surplus of data that is available to audit. Yet every company is different in terms of the various kinds of data
used to support decision‐making and how the data is managed. The availability of Big Data sets in auditing may
complicate the auditors’ judgment, making it difficult to determine the extent to which data must be analyzed.
Yet auditors are always required to consider how misstatements may occur. Accordingly, auditors must adapt
the scope of their data analysis to the various sizes and sources of data that impact business decisions.
Regardless of the volume and velocity of the underlying data, auditors need to obtain evidence for the
following:
• How data is captured and used
• How standard journal entries are initiated, recorded, and processed
• How nonstandard journal entries and adjusting entries are initiated, recorded, and processed
IT auditors may be called upon to consider the effects of computer processing on the audit or to assist in
testing those automated procedures.

BODNAR
The initial review phase of an information systems audit determines the course of action
the audit will take and includes decisions concerning specific areas to be investigated,
the deployment of audit labor, the audit technology to be used, and the development of
a time and/or cost budget for the audit. Documentation and review of performance are
the primary control over the conduct of an information systems audit. Each general
phase of an audit, as well as specific steps within each phase, should have the
preparation of documentation as an objective. Such documentation provides a tangible
output and goal for each audit step, allows effective supervision, and facilitates review.
Audit resources are usually limited, so it generally will not be possible to audit each
application every year. Applications that are more subject to fraud or serious financial
error are likely targets for audit. Frequently, a rotating system of selection is used to
choose audit areas, with each application being audited according to some multiyear
schedule.
Decisions concerning the deployment of auditing labor, the audit technology to be used,
and the time/cost budget for the overall audit should also be made according to some
systematic procedure. The outcome of all these decisions and the product of the initial
review phase of an information systems audit is the audit program. An audit program is
a detailed list of the audit procedures to be applied on a particular audit. Standardized
audit programs for particular audit areas have been developed and are common in all
types of auditing. The use of a standardized audit program is often possible, with
modifications made to reflect the particular situation subject to audit.

PRIKUPLJANJE DOKAZA
ROMNEY
COLLECTION OF AUDIT EVIDENCE Most audit effort is spent collecting evidence.
Because many audit tests cannot be performed on all items under review, they are often
performed on a sample basis. The following are the most common ways to collect audit
evidence:
●● Observation of the activities being audited (e.g., watching how data control personnel
handle data processing work as it is received)
●● Review of documentation to understand how a particular process or internal control
system is supposed to function
●● Discussions with employees about their jobs and about how they carry out certain
procedures
●● Questionnaires that gather data
●● Physical examination of the quantity and/or condition of tangible assets, such as
equipment and inventory
●● Confirmation of the accuracy of information, such as customer account balances,
through communication with independent third parties
●● Reperformance of calculations to verify quantitative information (e.g., recalculating the
annual depreciation expense)
●● Vouching for the validity of a transaction by examining supporting documents, such as
the purchase order, receiving report, and vendor invoice supporting an accounts payable
transaction
●● Analytical review of relationships and trends among information to detect items that
should be further investigated. For example, an auditor for a chain store discovered that one
store’s ratio of accounts receivable to sales was too high. An investigation revealed that the
manager was diverting collected funds to her personal use.
A typical audit has a mix of audit procedures. For example, an internal control audit makes
greater use of observation, documentation review, employee interviews, and reperformance
of control procedures. A financial audit focuses on physical examination, confirmation,
vouching, analytical review, and reperformance of account balance calculations.

ANDERSON
The quality of internal auditors’ conclusions and advice depends on their ability to gather and
appropriately evaluate sufficient appropriate audit evidence. Audit procedure are performed
throughout the audit process to gather the evidence needed to achieve the prescribed
engagement objectives. Gathering suficient appropriate evidence requires extensive
interaction and communication with auditee personnel throughout the engagement.
Persuasiveness of Audit Evidence
Audit evidence is persuasive if it enables the internal auditor to formulate wellfounded
conclusions and advice conidently. To be persuasive, evidence must be:
-  Relevant. Is the evidence pertinent to the audit objective? Does it logically support the
internal auditor’s conclusion or advice?
-  Reliable. Did the evidence come from a credible source? Did the internal auditor directly
obtain the evidence?
-  Suficient. Has the internal auditor obtained enough evidence? Do different but related,
pieces of evidence corroborate each other?
The American Institute of Certiied Public Accountants (AICPA) states that Appropriateness
is the measure of the quality of audit evidence, that is, its relevance and reliability..." and that
"Sufficiency is the measure of the quantity of audit evidence."1 Why audit evidence must be
relevant to be persuasive is clear: relying on evidence that has little or no pertinence to a
specific audit objective greatly increases audit risk, that is, the risk of reaching invalid
conclusions and/or providing faulty advice based on the audit work conducted. Although
there are no hard and fast rules regarding reliability and suficiency of evidence, there are
useful guidelines internal auditors can follow if they remember that guidelines are generally
characterized by exceptions. Such guidelines include:
-  Evidence obtained from independent third parties is more reliable than evidence obtained
from auditee personnel.
-  Evidence produced by a process or system with effective controls is more reliable than
evidence produced by a process or system with ineffective controls.
-  Evidence obtained directly by the internal auditor is more reliable than evidence obtained
indirectly.
-  Documented evidence is more reliable than undocumented evidence.
-  Timely evidence is more reliable than untimely evidence.
-  Corroborated evidence is more suficient than uncorroborated or contradictory evidence.
-  Larger samples produce more suficient evidence than smaller samples.
Documentary evidence is a significant portion of the evidence gathered during most internal
audit engagements. The reliability of documentary evidence depends, to a large extent, on its
origin and the route it follows before being examined by the internal auditor.
AUDIT PROCEDURES
Audit procedures are specific tasks performed by the internal auditor to gather the evidence
required to achieve the prescribed audit objectives. They are applied during the audit process
to:
-  Obtain a thorough understanding of the auditee, including the auditee’s objectives, risks,
and controls.
-  Test the design adequacy and operating effectiveness of the targeted area’s system of
internal controls.
-  Analyze plausible relationships among different elements of data.
-  Directly test recorded financial and nonfinancial information for errors and fraud.
-  Obtain suficient appropriate evidence to achieve the prescribed audit objectives involved in
determining the nature, extent, and timing of audit procedures to perform.
Nature of audit procedures. The nature of audit procedures relates to the types of tests the
internal auditor performs to achieve his or her objectives. One-to-one relationships between
audit objectives and audit procedures are rare. Individual audit procedures often provide
evidence that is pertinent to more than one audit objective, and more than one audit procedure
often is required to meet a particular audit objective. Different types of tests provide varying
levels of assurance, take different amounts of time to conduct, and are more or less
expensive. The internal auditor must weigh the relative benefits and costs of conducting
different types of procedures. Depending on the nature of the engagement, an internal auditor
may use manual audit procedures, computer-assisted audit techniques (CAATs), or a
combination of the two to gather suficient appropriate evidence. Manual audit procedures and
CAATs are discussed further in subsequent sections of this chapter.
Extent of audit procedures. The extent of audit procedures pertains to how much audit
evidence the internal auditor must obtain to achieve his or her objectives (suficiency). An
internal auditor must, for example, determine the appropriate combination of procedures to
apply. The degree to which individual tests are to be conducted also must be determined. The
internal auditor might decide, for example, that some types of transactions should be tested
100 percent, whereas others may be tested on a sample basis. Audit sampling is discussed in
detail in chapter
11, "Audit Sampling." Ultimately, the internal auditor must gather and evaluate enough
evidence to support well-founded conclusions and advice. Timing of audit procedures. The
timing of audit procedures pertains to when the tests are conducted and the period of time
covered by the tests. For example:
-  An internal auditor testing the operating effectiveness of a manual control over a period of
time on a sample basis must take appropriate steps to gain assurance that the sample selected
is representative of the entire period.
-  An internal auditor testing whether transactions are recorded in the appropriate fiscal year
will focus his or her tests on transactions immediately before and after year-end.
-  An internal auditor will test the operation of a computerized application control at a given
time to determine whether the control is operating effectively at that time. The internal
auditor will then rely on different tests, such as tests over access and modification of
application programs during a period of time, to gain assurance that the control operated
consistently over that period of time.

HAYES
Auditing is a systematic process of objectively obtaining and evaluating evidence regarding
assertions about economic actions and events. It is the auditor’s job to “obtain sufficient
appropriate audit evidence to be able to draw reasonable conclusions on which to base the
audit opinion.”1 Evidence is anything that can make a person believe that a fact, proposition,
or assertion is true or false. Audit evidence is all of the information used by the auditor in
arriving at the conclusions on which the audit opinion is based. It includes the accounting
records and other information underlying the financial statements.
■ Accounting Records
Accounting records, the primary basis of audit evidence, generally include the records of
initial entries and supporting records. Initial entries include point of sales transactions,
electronic data interchange (EDI), electronic fund transfers (EFT), contracts, invoices,
shipping notices, purchase orders, sales orders, the general and subsidiary ledgers, journal
entries, and other adjustments to the financial statements. Supporting records examples are
computer files, databases, worksheets, spreadsheets, computer and manual logs,
computations, reconciliations, and disclosures.
Most accounting records are initiated, recorded, processed, and reported in electronic form
such as a database. For the larger companies, accounting records are part of enterprise
resource planning (ERP) which is a system that integrates all aspects of an organization’s
activities (such as database maintenance, financial reporting, operations and compliance) into
one accounting information system.
Sufficient Appropriate Audit Evidence
The auditor should conclude whether sufficient appropriate audit evidence has been obtained
to reduce to an acceptably low level the risk of material misstatements in the financial
statements._6 Sufficiency is the measure of the quantity (amount) of audit evidence.
Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its
reliability in providing support for, or detecting misstatements in, the classes of transactions,
account balances and disclosures, and related assertions.
Reliability is the quality of information when it is free from material error and bias and can
be depended upon by users to represent faithfully that which it either purports to represent or
could reasonably be expected to represent. Relevance of evidence is the appropriateness
(pertinence) of the evidence to the audit objective being tested. The quantity (relevance and
reliability) of audit evidence needed is affected by the risk of misstatement (the greater the
risk, the more audit evidence is required) and also by the quality of the audit evidence (the
higher the quality of evidence, the less is required). Therefore, the sufficiency and
appropriateness of audit evidence are interrelated._7
The sufficiency and appropriateness of audit evidence to support the auditor’s conclusions are
a matter of professional judgment. The auditor’s judgment as to what constitutes sufficient
appropriate audit evidence is influenced by such factors as:_8
■ the significance of the potential misstatement in the assertion and the likelihood of its
having a material effect, individually or aggregated with other potential misstatements, on the
financial statements: the more material the item, the greater the required sufficiency and
appropriateness of evidence;
■ the effectiveness of management’s responses and controls to address the risks: strong
controls reduce evidence requirements;
■ the experience gained during previous audits with respect to similar potential
misstatements: prior experience with the client will indicate how much evidence was taken
before and if that was enough or appropriate;
■ results of audit procedures performed, including whether such audit procedures identified
specific instances of fraud or error;
■ source and reliability of the available information;
■ persuasiveness of the audit evidence;
■ understanding of the entity and its environment, including its internal control.
Illustration 10.4 summarizes the considerations for determining whether audit evidence is
“sufficient appropriate evidence.”
Reliable
The reliability of audit evidence is influenced by its source and its nature. (See Illustration
10.5.) The independence and qualification of the person providing evidence is important for
reliability. Audit evidence is more reliable when it is obtained from independent sources
outside the entity. The source of information may be internal – originating inside the client
operation – or external, originating from a more objective party outside the organization. The
source may be from an employee, third party or the auditor. Internal information that comes
from a system with good internal controls is more reliable than information from a system
where internal controls are not effective. The nature of the audit evidence may be visual,
documentary, or oral.
Persuasive
Unlike legal evidence, audit evidence does not have to be conclusive to be useful. Ordinarily,
the auditor finds it necessary to rely on audit evidence that is persuasive rather than
conclusive and will often seek audit evidence from different sources or of a different nature
to support the same assertion. Not all the information available is examined. Conclusions can
be reached about controls, transactions, or the account balance by using a sample of the
available information that is analyzed by statistical sampling or judgment. Audit evidence is
more persuasive when there is consistency between items from different sources or of a
different nature. Evidence is usually more persuasive for balance sheet accounts when it is
obtained close to the balance sheet date. For income statements, evidence is more persuasive
if it is a sample from the entire period. A random sample from the entire period is more
persuasive than a sample from the first six months.
External_Internal
In general, audit evidence from external sources (e.g. external confirmation of cash account
received from a bank) is more reliable than evidence generated internally. Internal
information is made more reliable if the accounting and internal control systems are effective.
Evidence obtained directly by the auditor is more reliable than that obtained from the client
entity. Audit evidence obtained directly by the auditor (e.g. observation of the application of
a control) is more reliable than audit evidence obtained indirectly or by inference (e.g. inquiry
about the application of a control). Written documents are the second most reliable audit
evidence. The least reliable audit evidence is oral representation of the client personnel. Oral
interviews with third parties are more reliable than insider interviews, but less reliable than
written documents.
■ Original Documentation
Audit evidence provided by original documents is more reliable than audit evidence provided
by photocopies or facsimiles. Although forensic accounting frequently involves the
authentication of documentation, financial statement audits rarely do, nor is the financial
statement auditor expected to be an expert in such authentication. However, the financial
statement auditor must consider the reliability of the information to be used as audit evidence,
for example, how reliable are photocopies, facsimiles, or filmed, digitized or other electronic
documents? An auditor may consider the relevance of controls over their preparation and
maintenance of the documentation.
■ Cost_Benefit
The auditor also needs to think about the relationship between the cost of obtaining audit
evidence and the usefulness of the information obtained. However, the matter of difficulty
and expense involved is not in itself a valid basis for omitting a necessary procedure. If an
auditor is unable to obtain sufficient appropriate audit evidence, he should express a qualified
opinion or a disclaimer of opinion.
If the auditor has not obtained sufficient appropriate audit evidence as to a material financial
statement assertion, he should attempt to obtain further audit evidence. If the auditor is unable
to obtain sufficient appropriate audit evidence, he should express a qualified opinion or a
disclaimer of opinion.

ARENS
The foundation of any audit is the evidence obtained and evaluated by the auditor. The
auditor must have the knowledge and skill to accumulate sufficient appropriate evidence on
every audit to meet the standards of the profession.
Evidence was defined in Chapter 1 as any information used by the auditor to determine
whether the information being audited is stated in accordance with the established criteria.
The information varies greatly in the extent to which it persuades the auditor whether
financial statements are fairly stated. Evidence includes information that is highly persuasive,
such as the auditor’s count of marketable securities, and less persuasive information, such as
responses to questions of client employees.
A major decision facing every auditor is determining the appropriate types and amounts of
evidence needed to be satisfied that the client’s financial statements are fairly stated. There
are four decisions about what evidence to gather and how much of it to accumulate:
1. Which audit procedures to use
2. What sample size to select for a given procedure
3. Which items to select from the population
4. When to perform the procedures.
An audit procedure is the detailed instruction that explains the audit evidence to be obtained
during the audit. It is common to spell out these procedures in sufficiently specific terms so
an auditor may follow these instructions during the audit.
Once an audit procedure is selected, auditors can vary the sample size from one to all the
items in the population being tested. The decision of how many items to test must be made by
the auditor for each audit procedure. The sample size for any given procedure is likely to vary
from audit to audit, depending on client characteristics such as the extent of automated
controls and the required level of assurance from the procedure.
After determining the sample size for an audit procedure, the auditor must decide which
items in the population to test.
Audit standards require the auditor to accumulate sufficient appropriate evidence to support
the opinion issued. Because of the nature of audit evidence and the cost considerations of
doing an audit, it is unlikely that the auditor will be completely convinced that the opinion is
correct. However, the auditor must be persuaded that the opinion is correct with a high level
of assurance. By combining all evidence from the entire audit, the auditor is able to decide
when he or she is persuaded to issue an audit report. The two determinants of the
persuasiveness of evidence are appropriateness and sufficiency.
Appropriateness of evidence is a measure of the quality of evidence, meaning its relevance
and reliability in meeting audit objectives for classes of transactions, account balances, and
related disclosures. If evidence is considered highly appropriate, it is a great help in
persuading the auditor that financial statements are fairly stated. Note that appropriateness of
evidence deals only with the audit procedures selected. Appropriateness cannot be improved
by selecting a larger sample size or different population items. It can be improved only by
selecting audit procedures that are more relevant or provide more reliable evidence.
Relevance of Evidence Evidence must pertain to or be relevant to the audit objective that
the auditor is testing before it can be appropriate. Relevance can be considered only in terms
of specific audit objectives, because evidence may be relevant for one audit objective but not
for a different one. Most evidence is relevant for more than one, but not all, audit objectives.
Reliability of Evidence Reliability of evidence refers to the degree to which evidence can
be believable or worthy of trust. Like relevance, if evidence is considered reliable it is a great
help in persuading the auditor that financial statements are fairly stated. For example, if an
auditor counts inventory, that evidence is more reliable than if management gives the auditor
its own count amounts. Reliability, and therefore appropriateness, depends on the following
six characteristics of reliable evidence:
- Independence of provider. Evidence obtained from a source outside the entity is more
reliable than that obtained from within.
- Effectiveness of client’s internal controls. When a client’s internal controls are
effective, evidence obtained is more reliable than when they are not effective.
- Auditor’s direct knowledge. Evidence obtained directly by the auditor through
physical examination, observation, recalculation, and inspection is more reliable than
information obtained indirectly.
- Qualifications of individuals providing the information. Although the source of
information is independent, the evidence will not be reliable unless the individual
providing it is qualified to do so.
- Degree of objectivity. Objective evidence is more reliable than evidence that requires
considerable judgment to determine whether it is correct.
- Timeliness. The timeliness of audit evidence can refer either to when it is accumulated
or to the period covered by the audit.
The quantity of evidence obtained determines its sufficiency. For some audit objectives,
sufficiency of evidence is measured primarily by the sample size the auditor selects. For
other objectives, sufficiency is determined primarily by the number and quality of procedures
performed to meet the audit objective.
Several factors determine the appropriate sample size in audits. The two most important ones
are the auditor’s expectation of misstatements and the effectiveness of the client’s internal
controls.
In addition to sample size, the individual items tested affect the sufficiency of evidence.
Samples containing population items with large dollar values, items with a high likelihood of
misstatement, and items that are representative of the population are usually considered
sufficient. In contrast, most auditors usually consider samples insufficient that contain only
the largest dollar items from the population, unless these items make up a large portion of the
total population amount.
The persuasiveness of evidence can be evaluated only after considering the combination of
appropriateness and sufficiency, including the effects of the factors influencing
appropriateness and sufficiency. A large sample of evidence provided by an independent
party is not persuasive unless it is relevant to the audit objective being tested. A large sample
of evidence that is relevant but not objective is also not persuasive. Similarly, a small sample
of only one or two pieces of highly appropriate evidence also typically lacks persuasiveness.
When determining the persuasiveness of evidence, the auditor must evaluate the degree to
which both appropriateness and sufficiency, including all factors influencing them, have been
met.
In making decisions about evidence for a given audit, both persuasiveness and cost must be
considered. It is rare when only one type of evidence is available for verifying information.
The persuasiveness and cost of all alternatives should be considered before selecting the best
type or types of evidence. The auditor’s goal is to obtain a sufficient amount of appropriate
evidence at the lowest possible total cost. However, cost is never an adequate justification for
omitting a necessary procedure or not gathering an adequate sample size.

MESSIER
Audit evidence is the information used by the auditor in arriving at the conclusions on which
the audit opinion is based, and it includes the information contained in the accounting records
underlying the financial statements and other information. A solid understanding of the
characteristics of evidence is obviously an important conceptual tool for auditors as well as
for
professionals in a variety of other settings. The following concepts of audit evidence are
important to understanding the conduct of the audit:
∙ The nature of audit evidence.
∙ The sufficiency and appropriateness of audit evidence.
∙ The evaluation of audit evidence.
The Nature of Audit Evidence
The nature of the evidence refers to the form or type of information, which includes
accounting records and other available information. Accounting records include the records
of initial entries and supporting records, such as checks and records of electronic fund
transfers; invoices; contracts; the general and subsidiary ledgers, journal entries, and other
adjustments to the financial statements that are not reflected in formal journal entries; and
records such as work sheets and spreadsheets supporting cost allocations, computations,
reconciliations, and disclosures. Other information that the auditor may use as audit evidence
includes minutes of meetings; confirmations from third parties; industry analysts’ reports;
comparable data about competitors (benchmarking); controls manuals; information obtained
by the auditor from such audit procedures as inquiry, observation, and inspection; and other
information developed by, or available to, the auditor that permits the auditor to reach
conclusions through valid reasoning.
For some entities, accounting records and other information may be available only in
electronic form. Thus, source documents such as purchase orders, bills of lading, invoices,
and checks are replaced with electronic messages or electronic images. In such cases,
electronic evidence may exist at only a certain point in time and may not be retrievable later.
This may require the auditor to select sample items several times during the year rather than
at year-end.
The Sufficiency and Appropriateness of Audit Evidence
Sufficiency is the measure of the quantity of audit evidence. Appropriateness is a measure of
the quality of audit evidence. Sufficiency and appropriateness of audit evidence are
interrelated. The auditor must consider both concepts when assessing risks and designing
audit
procedures. The quantity of audit evidence needed is affected by the risk of material
misstatement and by the quality of the audit evidence gathered. Thus, the greater the risk of
material misstatement, the more audit evidence is likely to be required to meet the audit test.
And the higher the quality of the evidence, the less evidence that may be required to meet the
audit test. Accordingly, there is an inverse relationship between the sufficiency and
appropriateness of audit evidence.
In most instances, the auditor relies on evidence that is persuasive rather than convincing in
forming an opinion on a set of financial statements. This occurs for two reasons. First,
because an audit must be completed in a reasonable amount of time and at a reasonable cost,
the auditor examines only a sample of the transactions that compose the account balance.
Thus, the auditor reaches a conclusion about the account based on a subset of the available
evidence.
Second, due to the nature of evidence, auditors must often rely on evidence that is not
perfectly reliable. As discussed in the next section, the types of audit evidence have different
degrees of reliability, and even highly reliable evidence has weaknesses. For example, an
auditor can physically examine inventory, but such evidence will not ensure that
obsolescence is not a problem. Therefore, the nature of the evidence obtained by the auditor
seldom provides absolute assurance about an assertion. Evidence is considered appropriate
when it provides information that is both relevant and reliable.
Relevance The relevance of audit evidence refers to its relationship to the assertion being
tested. If the auditor relies on evidence that is unrelated to the assertion, he or she may reach
an incorrect conclusion about the assertion.
Reliability The reliability of evidence refers to whether a particular type of evidence can be
relied upon to signal the true state of an assertion. The reliability of evidence is influenced by
its source and by its nature and is dependent on the individual circumstances under which it is
obtained.
∙ Independent source outside the entity. Evidence obtained by the auditor from an
independent source outside the entity is usually viewed as more reliable than evidence
obtained solely from within the entity. Additionally, evidence that is obtained from the entity,
but that has been subjected to verification by an independent source, is viewed as more
reliable than evidence obtained solely from within the entity.
∙ Effectiveness of internal control. A major objective of an entity’s system of internal control
is to generate reliable information to assist management decision making. As part of the
audit, the effectiveness of internal control is assessed. When the auditor assesses internal
control as effective (that is, low control risk), evidence generated by that accounting system is
viewed as reliable. Conversely, if internal control is assessed as ineffective (that is, high
control risk), the evidence from the accounting system would not be considered reliable.
Thus, the more effective the entity’s internal control, the more assurance it provides about the
reliability of audit evidence.
∙ Auditor’s direct personal knowledge. Evidence obtained directly by the auditor is generally
considered to be more reliable. There are, of course, exceptions to this general rule. For
example, if an auditor examined an inventory composed of diamonds or specialty computer
chips, the auditor may lack the expertise to appropriately assess the validity and valuation of
such inventory items. In such cases, the auditor may need the skill and knowledge of a
specialist to assist with the inventory audit.
∙ Documentary evidence. Audit evidence is more reliable when it exists in documentary form,
whether paper, electronic, or other medium.
∙ Original documents. Audit evidence provided by original documents is more reliable than
audit evidence provided by photocopies or facsimiles. An auditor’s examination of an
original, signed copy of a lease agreement is more reliable than a photocopy.
Determining the sufficiency and appropriateness of evidence are two of the more critical
decisions the auditor faces on an engagement.
VREDNOVANJE DOKAZA
ROMNEY
EVALUATION OF AUDIT EVIDENCE The auditor evaluates the evidence gathered and
decides whether it supports a favorable or unfavorable conclusion. If inconclusive,
the auditor performs sufficient additional procedures to reach a definitive conclusion.
Because errors exist in most systems, auditors focus on detecting and reporting
those that significantly impact management’s interpretation of the audit findings.
Determining materiality, what is and is not important in an audit, is a matter of
professional judgment. Materiality is more important to external audits, where the
emphasis is fairness of financial statement, than to internal audits, where the focus
is on adherence to management policies.
The auditor seeks reasonable assurance that no material error exists in the
information or process audited. Because it is prohibitively expensive to seek
complete assurance, the auditor has some risk that the audit conclusion is incorrect.
When inherent or control risk is high, the auditor must obtain greater assurance to
offset the greater uncertainty and risks.
In all audit stages, findings and conclusions are documented in audit working papers.
Documentation is especially important at the evaluation stage, when conclusions
must be reached and supported.

ROMNEY
COMMUNICATION OF AUDIT RESULTS The auditor submits a written report
summarizing audit findings and recommendations to management, the audit
committee, the board of directors, and other appropriate parties. Afterwards,
auditors often do a follow-up study to ascertain whether recommendations were
implemented.