Effective Date: For audits of fiscal years beginning on or after Dec. 15, 2010
Final Rule: PCAOB Release No. 2010-004
Summary Table of Contents
- (1 - 2) Introduction
- (3) Objective
- (4 - 10) Sufficient Appropriate Audit Evidence
- (11 - 12) Financial Statement Assertions
- (13 - 21) Audit Procedures for Obtaining Audit Evidence
- (22 - 28) Selecting Items for Testing to Obtain Audit Evidence
- (29) Inconsistency in, or Doubts about the Reliability of, Audit Evidence
1. This standard explains what constitutes audit evidence and establishes requirements regarding designing and performing audit procedures to obtain sufficient appropriate audit evidence.
2. Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor's opinion is based. Audit evidence consists of both information that supports and corroborates management's assertions regarding the financial statements or internal control over financial reporting and information that contradicts such assertions.
3. The objective of the auditor is to plan and perform the audit to obtain appropriate audit evidence that is sufficient to support the opinion expressed in the auditor's report.1/
4. The auditor must plan and perform audit procedures to obtain sufficient appropriate audit evidence to provide a reasonable basis for his or her opinion.
5. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the following:
- Risk of material misstatement (in the audit of financial statements) or the risk associated with the control (in the audit of internal control over financial reporting). As the risk increases, the amount of evidence that the auditor should obtain also increases. For example, ordinarily more evidence is needed to respond to significant risks.2/
- Quality of the audit evidence obtained. As the quality of the evidence increases, the need for additional corroborating evidence decreases. Obtaining more of the same type of audit evidence, however, cannot compensate for the poor quality of that evidence.
6. Appropriateness is the measure of the quality of audit evidence, i.e., its relevance and reliability. To be appropriate, audit evidence must be both relevant and reliable in providing support for the conclusions on which the auditor's opinion is based.
Relevance and Reliability
7. Relevance. The relevance of audit evidence refers to its relationship to the assertion or to the objective of the control being tested. The relevance of audit evidence depends on:
- The design of the audit procedure used to test the assertion or control, in particular whether it is designed to (1) test the assertion or control directly and (2) test for understatement or overstatement; and
- The timing of the audit procedure used to test the assertion or control.
8. Reliability. The reliability of evidence depends on the nature and source of the evidence and the circumstances under which it is obtained. For example, in general:
- Evidence obtained from a knowledgeable source that is independent of the company is more reliable than evidence obtained only from internal company sources.
- The reliability of information generated internally by the company is increased when the company's controls over that information are effective.
- Evidence obtained directly by the auditor is more reliable than evidence obtained indirectly.
- Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized, or otherwise converted into electronic form, the reliability of which depends on the controls over the conversion and maintenance of those documents.
9. The auditor is not expected to be an expert in document authentication. However, if conditions indicate that a document may not be authentic or that the terms in a document have been modified but that the modifications have not been disclosed to the auditor, the auditor should modify the planned audit procedures or perform additional audit procedures to respond to those conditions and should evaluate the effect, if any, on the other aspects of the audit.
Using Information Produced by the Company
10. When using information produced by the company as audit evidence, the auditor should evaluate whether the information is sufficient and appropriate for purposes of the audit by performing procedures to:3/
- Test the accuracy and completeness of the information, or test the controls over the accuracy and completeness of that information; and
- Evaluate whether the information is sufficiently precise and detailed for purposes of the audit.
11. In representing that the financial statements are presented fairly in conformity with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation, and disclosure of the various elements of financial statements and related disclosures. Those assertions can be classified into the following categories:
- Existence or occurrence – Assets or liabilities of the company exist at a given date, and recorded transactions have occurred during a given period.
- Completeness – All transactions and accounts that should be presented in the financial statements are so included.
- Valuation or allocation – Asset, liability, equity, revenue, and expense components have been included in the financial statements at appropriate amounts.
- Rights and obligations – The company holds or controls rights to the assets, and liabilities are obligations of the company at a given date.
- Presentation and disclosure – The components of the financial statements are properly classified, described, and disclosed.
12. The auditor may base his or her work on financial statement assertions that differ from those in this standard if the assertions are sufficient for the auditor to identify the types of potential misstatements and to respond appropriately to the risks of material misstatement in each significant account and disclosure that has a reasonable possibility4/ of containing misstatements that would cause the financial statements to be materially misstated, individually or in combination with other misstatements.5/
13. Audit procedures can be classified into the following categories:
- Risk assessment procedures,6/ and
- Further audit procedures,7/ which consist of:
(1) Tests of controls, and (2) Substantive procedures, including tests of details and substantive analytical procedures.
14. Paragraphs 15-21 of this standard describe specific audit procedures. The purpose of an audit procedure determines whether it is a risk assessment procedure, test of controls, or substantive procedure.
15. Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or physically examining an asset. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records for evidence of authorization.
16. Observation consists of looking at a process or procedure being performed by others, e.g., the auditor's observation of inventory counting by the company's personnel or the performance of control activities. Observation can provide audit evidence about the performance of a process or procedure, but the evidence is limited to the point in time at which the observation takes place and also is limited by the fact that the act of being observed may affect how the process or procedure is performed.8/
17. Inquiry consists of seeking information from knowledgeable persons in financial or nonfinancial roles within the company or outside the company. Inquiry may be performed throughout the audit in addition to other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.9/
Note: Inquiry of company personnel, by itself, does not provide sufficient audit evidence to reduce audit risk to an appropriately low level for a relevant assertion or to support a conclusion about the effectiveness of a control.
18. A confirmation response represents a particular form of audit evidence obtained by the auditor from a third party in accordance with PCAOB standards.10/
19. Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically.
20. Reperformance involves the independent execution of procedures or controls that were originally performed by company personnel.
21. Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data. Analytical procedures also encompass the investigation of significant differences from expected amounts.11/
22. Designing substantive tests of details and tests of controls includes determining the means of selecting items for testing from among the items included in an account or the occurrences of a control. The auditor should determine the means of selecting items for testing to obtain evidence that, in combination with other relevant evidence, is sufficient to meet the objective of the audit procedure. The alternative means of selecting items for testing are:
- Selecting all items;
- Selecting specific items; and
- Audit sampling.
23. The particular means or combination of means of selecting items for testing that is appropriate depends on the nature of the audit procedure, the characteristics of the control or the items in the account being tested, and the evidence necessary to meet the objective of the audit procedure.
Selecting All Items
24. Selecting all items (100 percent examination) refers to testing the entire population of items in an account or the entire population of occurrences of a control (or an entire stratum within one of those populations). The following are examples of situations in which 100 percent examination might be applied:
- The population constitutes a small number of large value items;
- The audit procedure is designed to respond to a significant risk, and other means of selecting items for testing do not provide sufficient appropriate audit evidence; and
- The audit procedure can be automated effectively and applied to the entire population.
Selecting Specific Items
25. Selecting specific items refers to testing all of the items in a population that have a specified characteristic, such as:
- Key items. The auditor may decide to select specific items within a population because they are important to accomplishing the objective of the audit procedure or exhibit some other characteristic, e.g., items that are suspicious, unusual, or particularly risk-prone or items that have a history of error.
- All items over a certain amount. The auditor may decide to examine items whose recorded values exceed a certain amount to verify a large proportion of the total amount of the items included in an account.
26. The auditor also might select specific items to obtain an understanding about matters such as the nature of the company or the nature of transactions.
27. The application of audit procedures to items that are selected as described in paragraphs 25-26 of this standard does not constitute audit sampling, and the results of those audit procedures cannot be projected to the entire population.12/
28. Audit sampling is the application of an audit procedure to less than 100 percent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class.13/
29. If audit evidence obtained from one source is inconsistent with that obtained from another, or if the auditor has doubts about the reliability of information to be used as audit evidence, the auditor should perform the audit procedures necessary to resolve the matter and should determine the effect, if any, on other aspects of the audit.
1/ Auditing Standard No. 14, Evaluating Audit Results, establishes requirements regarding evaluating whether sufficient appropriate evidence has been obtained. Auditing Standard No. 3, Audit Documentation, establishes requirements regarding documenting the procedures performed, evidence obtained, and conclusions reached in an audit.
2/ Paragraph A5 of Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement.
3/ When using the work of a specialist engaged or employed by management, see AU sec. 336, Using the Work of a Specialist. When using information produced by a service organization or a service auditor's report as audit evidence, see AU sec. 324, Service Organizations, and for integrated audits, see Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements.
4/ There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in the FASB Accounting Standards Codification, Contingencies Topic, paragraph 450-20-25-1.
5/ For an integrated audit, also see paragraph 28 of Auditing Standard No. 5.
6/ Auditing Standard No. 12.
7/ Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.
8/ AU sec. 331, Inventories, establishes requirements regarding observation of the counting of inventory.
9/ AU sec. 333, Management Representations, establishes requirements regarding written management representations, including confirmation of management responses to oral inquiries.
10/ AU sec. 330, The Confirmation Process.
11/ AU sec. 329, Substantive Analytical Procedures, establishes requirements on performing analytical procedures as substantive procedures.
12/ If misstatements are identified in the selected items, see paragraphs 12-13 and paragraphs 17-19 of Auditing Standard No. 14.
13/ AU sec. 350, Audit Sampling, establishes requirements regarding audit sampling.