Statement on Auditing Standards – SA 500
Scope and objectives
The Auditing standards provides guidance to auditors on the concept of audit evidence and the procedures to obtain sufficient appropriate evidence to support the auditor’s opinion on the financial statements. The objective of the auditor is to design and perform audit procedures that enable them to obtain evidence that is of sufficient quality and quantity to draw reasonable conclusions on which to base their opinion.
The SA 500 applies to all audit evidence obtained during the audit, including evidence derived from the entity’s accounting records and information obtained from other sources. However, specific SA 500 deal with different aspects of the audit, such as obtaining audit evidence related to specific topics, procedures to obtain evidence, and evaluation of the sufficiency and appropriateness of the evidence obtained.
The SA 500 provides definitions for terms used in the context of audit evidence, such as accounting records, appropriateness, audit evidence, management’s expert, and sufficiency. Accounting records refer to the records of initial accounting entries and supporting records used to prepare the financial statements. Appropriateness refers to the quality of audit evidence, which depends on its relevance and reliability in supporting the auditor’s opinion. Audit evidence includes information obtained from the accounting records underlying the financial statements and other sources. Management’s expert is an individual or organization with expertise in a field other than accounting or auditing, whose work is used to assist the entity in preparing the financial statements. Sufficiency refers to the quantity of audit evidence needed, which depends on the auditor’s assessment of the risks of material misstatement and the quality of the evidence obtained.
In this SA 500 emphasizes the importance of obtaining sufficient appropriate audit evidence to support the auditor’s opinion on the financial statements and provides guidance to auditors on how to achieve this objective.
Sufficient Appropriate Audit Evidence
The requirements and considerations related to obtaining sufficient and appropriate audit evidence by an auditor. The auditor must design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence.
The audit evidence is necessary to support the auditor’s opinion and report and is primarily obtained from audit procedures performed during the course of the audit. Audit evidence may also include information obtained from other sources such as previous audits, firm’s quality control procedures, and the entity’s accounting records.
The auditor’s work in forming the opinion involves obtaining and evaluating audit evidence using various audit procedures such as inspection, observation, confirmation, recalculation, reperformance, analytical procedures, and inquiry. However, inquiry alone does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level or of the operating effectiveness of controls.
The sufficiency and appropriateness of audit evidence are interrelated, with sufficiency being the measure of the quantity of audit evidence and appropriateness being the measure of the quality of audit evidence. The auditor must use professional judgment to conclude whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level and enable them to draw reasonable conclusions on which to base their opinion.
The quality of evidence is influenced by its source and nature and is dependent on individual circumstances. The auditor’s judgment is also affected by factors such as the nature of audit procedures, the timeliness of financial reporting, and the balance between benefit and cost.
Sources of Audit Evidence
The certain objectives describe different sources of audit evidence that an auditor may use to support their opinion and report.
The auditor can obtain audit evidence by performing audit procedures to test the accounting records. These procedures may include analysing and reviewing the records, re-performing procedures followed in the financial reporting process, and reconciling related types and applications of the same information. Through these procedures, the auditor may determine that the accounting records are internally consistent and agree to the financial statements.
SA 500 also notes that more assurance is usually obtained when audit evidence is consistent and obtained from different sources or of a different nature. For example, corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally. The text suggests that such independent sources of audit evidence may include confirmations from third parties, analysts’ reports, and comparable data about competitors.
Overall, SA 500 emphasizes that the auditor’s assessment of the sufficiency and appropriateness of audit evidence is a matter of professional judgment, and that the reliability of evidence is influenced by its source and nature. The auditor should design and perform audit procedures that are appropriate in the circumstances to obtain sufficient and appropriate audit evidence to support their opinion and report.
Audit Procedures for Obtaining Audit Evidence
It provides an overview of various audit procedures that auditors use to obtain audit evidence to draw reasonable conclusions on which to base their opinion. The audit procedures are divided into two categories: risk assessment procedures and further audit procedures.
The risk assessment procedures are used to obtain an understanding of the entity and its environment, including its internal control. These procedures help the auditor to identify and assess the risks of material misstatement in the financial statements due to fraud or error.
The further audit procedures include tests of controls and substantive procedures, which comprise tests of details and substantive analytical procedures. Tests of controls are performed to obtain audit evidence about the operating effectiveness of controls in preventing or detecting material misstatements in the financial statements. Substantive procedures are performed to obtain audit evidence directly about the amounts and disclosures in the financial statements.
It highlights that audit procedures may be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor. The nature and timing of the audit procedures used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time.
SA 500 also discusses various audit procedures that auditors use to obtain audit evidence, such as inspection, observation, external confirmation, recalculation, reperformance, analytical procedures, and inquiry. These procedures provide varying degrees of reliability of audit evidence, depending on their nature and source, and the effectiveness of the controls over their production.
The SA 500 emphasizes that audit evidence obtained from previous audits may provide appropriate audit evidence where the auditor performs audit procedures to establish its continuing relevance. Finally, the text explains that evaluating responses to inquiries is an integral part of the inquiry process, and in some cases, responses to inquiries may provide a basis for the auditor to modify or perform additional audit procedures.
Information to be Used as Audit Evidence
The requirements and considerations for auditors when using information as audit evidence during an audit engagement. The relevance and reliability of the information are two key factors that the auditor must take into account when designing and performing audit procedures.
Relevance refers to the logical connection with or bearing upon the purpose of the audit procedure and the assertion under consideration. The direction of testing also affects relevance. For example, testing recorded accounts payable may be relevant when testing for overstatement, but not for understatement, when other information such as subsequent disbursements, unpaid invoices, suppliers’ statements, and unmatched receiving reports may be more relevant.
The reliability of information used as audit evidence depends on its source, nature, and the circumstances under which it was obtained, including the controls over its preparation and maintenance. The generalization about the reliability of audit evidence may be useful to consider when assessing the reliability of audit evidence. For example, audit evidence from independent sources outside the entity is considered more reliable than audit evidence generated internally. Audit evidence in documentary form is also considered more reliable than evidence obtained orally.
In addition, the notes that specific standards provide further guidance on the reliability of data used for analytical procedures and how to handle circumstances where the auditor has reason to believe that a document may not be authentic or may have been modified without disclosure.
Reliability of Information Produced by a Management’s Expert
The requirements and considerations that an auditor should take into account when evaluating information prepared by a management’s expert. An entity may need to employ experts with specialized knowledge and skills, such as in actuarial calculations, valuations, or engineering data, to prepare financial statements. If the information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor needs to evaluate the reliability of that information.
The auditor should evaluate the competence, capabilities, and objectivity of the management’s expert. Competence refers to the nature and level of expertise of the expert, while capability refers to the ability of the expert to exercise that competence in the circumstances. Objectivity relates to the possible effects that bias, conflict of interest, or the influence of others may have on the professional or business judgment of the management’s expert. The auditor can gather information on the expert’s competence, capabilities, and objectivity from various sources, such as personal experience, discussions with the expert, knowledge of their qualifications or professional recognition, and published papers or books.
The nature, timing, and extent of audit procedures should be determined based on the significance of the expert’s work and the risks of material misstatement. The auditor should consider the nature and complexity of the matter to which the expert’s work relates, the availability of alternative sources of audit evidence, and whether the expert is subject to technical performance standards or other professional or industry requirements. Other factors to consider include the extent to which management can influence or control the expert’s work, the auditor’s knowledge and experience of the expert’s field of expertise, and the auditor’s previous experience of the expert’s work.
Threats to the expert’s objectivity, such as self-interest, advocacy, familiarity, self-review, or intimidation, may compromise the reliability of the expert’s work. Safeguards, such as quality control policies and procedures, may reduce these threats, but cannot eliminate them entirely. The auditor should also remain alert to unexpected events, changes in conditions, or audit evidence obtained from the results of audit procedures that may require reconsideration of the expert’s competence, capabilities, and objectivity as the audit progresses.
Information Produced by the Entity and Used for the Auditor’s Purposes
The auditor’s responsibility to assess the reliability of information produced by the entity being audited, which the auditor plans to use for the audit. The auditor should evaluate the accuracy, completeness, precision, and detail of the information to determine whether it is sufficiently reliable for the auditor’s purposes.
If the auditor is auditing revenue, they may need to use sales volume data and standard prices to calculate the expected revenue. In this case, the auditor needs to evaluate the accuracy and completeness of both sales volume data and price information. Similarly, if the auditor is testing a population of payments for a specific characteristic such as authorization, the auditor needs to ensure that the population is complete.
The auditor can obtain audit evidence of the accuracy and completeness of the information in different ways. For example, the auditor may perform audit procedures concurrently with the information being used or by testing controls over the preparation and maintenance of the information. If the auditor determines that the information is not sufficiently precise or detailed, then the audit evidence obtained may not be appropriate for the auditor’s purposes.
In conclusion, the auditor must assess the reliability of information produced by the entity and used for the audit to ensure that the evidence obtained is appropriate for their purposes. The auditor should consider the accuracy, completeness, precision, and detail of the information and may obtain audit evidence of the information through various means.
Selecting Items for Testing to Obtain Audit Evidence
The section discusses how auditors select items for testing in order to obtain audit evidence that is effective and sufficient for their purposes. The auditor has three main means of selecting items for testing: selecting all items, selecting specific items, and audit sampling.
Selecting all items is when the auditor decides to examine the entire population of items that make up a class of transactions or account balance. This method is most commonly used for tests of details, and is appropriate when the population is small, consists of a few large value items, there is significant risk, or when the process is performed automatically by an information system.
Selecting specific items is when the auditor decides to select specific items from a population based on certain factors, such as high value or key items, items that are suspicious or risk-prone, or items that can provide information about the nature of the entity or transactions. However, selective examination of specific items does not provide audit evidence concerning the remainder of the population.
Audit sampling is a technique designed to enable the auditor to draw conclusions about an entire population on the basis of testing a sample drawn from it. It is discussed in more detail in SA 530.15. The auditor should select a sample that is representative of the population and that provides sufficient appropriate audit evidence. The choice of audit sampling method will depend on the nature of the population and the auditor’s assessment of the risks of material misstatement.
Ultimately, the auditor must select items for testing that are effective in meeting the purpose of the audit procedure, taking into consideration the risks of material misstatement related to the assertion being tested, and the practicality and efficiency of the different means available.
Inconsistency in, or Doubts over Reliability of, Audit Evidence
An auditor should do if there are inconsistencies in the audit evidence obtained from different sources or if the auditor has doubts about the reliability of the information used as audit evidence.
In such cases, the auditor is required to determine what modifications or additions to audit procedures are necessary to resolve the matter. For example, the auditor may need to perform additional testing or obtain additional information from a different source to resolve the inconsistency or doubt.
Furthermore, the auditor should consider the effect of the matter on other aspects of the audit. For instance, if the inconsistency or doubt pertains to a particular financial statement assertion, the auditor should assess the potential impact on other related assertions and financial statement elements.
They certain notes that obtaining audit evidence from different sources or of different types may indicate that a particular item of audit evidence is not reliable. For instance, if responses to inquiries of management, internal audit, and others are inconsistent, or if responses to inquiries of those charged with governance are inconsistent with management’s responses, it may indicate that the information provided is not reliable.
SA 500 also references a specific documentation requirement under SA 230 if the auditor identifies information that is inconsistent with the auditor’s final conclusion regarding a significant matter.
Quiz: Audit Evidence – SA 500
1. What is the objective of audit evidence according to SA 500?
a) To obtain evidence of high quantity
b) To support the auditor’s opinion on financial statements
c) To identify material misstatements
d) To evaluate the entity’s internal control
2. How does SA 500 define “accounting records”?
a) Records of financial transactions only
b) Records used to prepare tax returns
c) Records of initial accounting entries and supporting records
d) Records of shareholder information
3. What does “appropriateness” of audit evidence refer to?
a) The quantity of evidence obtained
b) The relevance and reliability of evidence obtained
c) The timeliness of evidence obtained
d) The cost-effectiveness of evidence obtained
4. Which of the following is NOT mentioned as a source of audit evidence in SA 500?
a) Accounting records
b) Confirmations from third parties
c) Analysts’ reports
d) Management’s opinions
5. SA 500 categorizes audit procedures into two main categories. What are they?
a) Risk assessment procedures and substantive procedures
b) Risk assessment procedures and compliance procedures
c) Analytical procedures and substantive procedures
d) Compliance procedures and substantive procedures
6. Which type of audit procedures are used to obtain an understanding of the entity and its internal control?
a) Risk assessment procedures
b) Substantive procedures
c) Analytical procedures
d) Confirmation procedures
7. According to SA 500, which type of audit evidence is considered more reliable?
a) Evidence obtained from independent sources outside the entity
b) Evidence generated internally by the entity
c) Evidence obtained through inquiry alone
d) Evidence obtained from the entity’s accounting records
8. What factors should the auditor consider when evaluating the reliability of information prepared by a management’s expert?
a) The expert’s competence, capabilities, and objectivity
b) The expert’s compensation and qualifications
c) The expert’s work experience in the auditing field
d) The expert’s relationship with the entity’s management
9. What should the auditor consider when assessing the reliability of information produced by the entity being audited?
a) The accuracy, completeness, precision, and detail of the information
b) The timing of the information’s availability
c) The cost of obtaining the information
d) The auditor’s personal judgment about the entity’s management
10. What should the auditor do if there are inconsistencies in the audit evidence obtained from different sources or doubts about the reliability of the information used as audit evidence?
a) Accept the inconsistencies and proceed with the audit
b) Modify or perform additional audit procedures to resolve the matter
c) Ignore the inconsistencies and focus on other aspects of the audit
d) Rely solely on the information obtained from the entity being audited
11. Which term refers to the quantity of audit evidence needed to reduce audit risk to an acceptably low level?
12. SA 500 emphasizes the importance of obtaining sufficient appropriate audit evidence to support the auditor’s:
a) Report on internal control
b) Opinion on financial statements
c) Assessment of risk
d) Management representation letter
13. Which of the following audit procedures involves examining documentation, records, or tangible assets?
14. When evaluating the reliability of information used as audit evidence, which source is considered more reliable?
a) Audit evidence obtained from independent sources outside the entity
b) Audit evidence obtained from the entity’s accounting records
c) Audit evidence obtained through recalculation
d) Audit evidence obtained through analytical procedures
15. SA 500 states that if audit evidence is inconsistent, the auditor may need to:
a) Rely solely on the evidence obtained from management
b) Accept the inconsistency and proceed with the audit
c) Modify or perform additional audit procedures to resolve the matter
d) Disregard the evidence and rely on external sources
16. Which of the following is NOT a consideration when evaluating the reliability of information produced by a management’s expert?
a) Competence and objectivity of the expert
b) Nature and complexity of the matter
c) Availability of alternative sources of audit evidence
d) Auditor’s personal relationship with the expert
17. SA 500 discusses which type of audit evidence obtained from previous audits?
a) Evidence obtained from third-party confirmations
b) Evidence obtained from analytical procedures
c) Evidence obtained from the entity’s accounting records
d) Evidence obtained from management’s expert
18. When selecting items for testing, audit sampling is a technique used to:
a) Examine the entire population of items
b) Select specific items based on certain factors
c) Determine the risk of material misstatement
d) Draw conclusions about an entire population based on a sample
19. The reliability of information used as audit evidence depends on its:
a) Source, nature, and timing of preparation
b) Relevance and completeness for the audit purpose
c) Compliance with industry regulations
d) Accuracy and precision in financial reporting
20. What should the auditor do if there are doubts over the reliability of audit evidence obtained from a management’s expert?
a) Rely solely on the expert’s work
b) Document the doubts and proceed with the audit
c) Perform additional procedures to address the doubts
d) Disregard the evidence and rely on other sources