Audit Evidence

Internal & Performance Auditing

by David R. Hancox, CIA, CGFM

Auditing Concepts – Evidence and Workpapers – Week 8 ©

Audit Evidence

  1. Government Auditing Standards
    1. Sufficient, competent, and relevant evidence is to be obtained to afford a reasonable basis for the auditors’ findings and conclusions. A record of the auditors’ work should be retained in the form of working papers. Working papers should contain sufficient information to enable an experienced auditor having no previous connection with the audit to ascertain from them the evidence that supports the auditors’ significant conclusions and judgments.
  2. Internal Audit Standards
    1. 420 – Examining and Evaluating Information
      1. Internal Auditors should collect, analyze, interpret, and document information to support audit results.
  3. Generally Accepted Audit Standards
    1. The third standard of field work:
      1. Sufficient, competent evidential matter is to be obtained through inspection, observation, inquires, and confirmations to afford a reasonable basis for an opinion regarding the financial statements under audit.
      2. The measure of the validity of the evidence for audit purposes lies in the judgment of the auditor; in this respect audit evidence differs from legal evidence, which is circumscribed by rigid rules.
      3. Auditor may rely on evidence that is persuasive rather than convincing (beyond a shadow of a doubt) section 326.20
  4. Quantity and Quality of Evidence
    1. Sufficient
      1. the presence of enough factual and convincing evidence to support the auditors’ findings, conclusions, and any recommendations. Determining sufficiency requires judgment. When appropriate, statistical methods may be used to establish sufficiency.
    2. Competent
      1. evidence must be reliable and valid. (Does the auditor have any reason to doubt the evidence?)
      2. The following is considered in evaluating competency:
        1. evidence obtained from an independent source is more reliable than that secured from the audited organization.
        2. evidence developed under a good system of internal controls is more reliable than evidence obtained under a weak system of internal control.
        3. evidence obtained through physical examination, observation, computation, and inspection is more reliable than evidence obtained indirectly.
        4. original documents are more reliable than copies.
        5. testimonial evidence obtained under conditions where persons may speak freely is more credible than testimonial evidence obtain under compromising conditions.
    3. Relevant
      1. refers to the relationship of evidence to its use. The information used to prove or disprove an issue is relevant if it has a logical, sensible relationship to that issue.
  5. Types of Evidence
    1. Internal Controls
      1. helps to determine the competency of all other evidence gathered.
      2. helps to determine what is sufficient evidence.
        1. good controls –> Limit testing
        2. poor controls –> Extend testing
    2. Physical evidence
      1. Physical Observation
        1. the auditor is responsible but the auditor can only verify the quantity – can’t always judge the quality.
        2. Doesn’t establish ownership – many times it must be supported by other types of evidence.
        3. Insurance Companies renting GINNIE MAES from unscrupulous companies – to inflate balance sheet
        4. Direct inspection of activities of people, property or events.
          1. Examples – State painters, OGS inspectors, fuel oil inspection, Empire State Games
    3. Documentary evidence
      1. Transmitted to auditor by outside organization or person
        1. Bank Confirmation
        2. A/R Confirmation
        3. Insurance Listing from broker
      2. Created outside the organization but held by the client
        1. Bank Statements
        2. Vendor Invoice
        3. Contracts
        4. Bond, Stock Certificate
        5. Auditor must consider how easy could the document be created or altered by someone within the organization.
        6. These are the documents used most extensively by the auditor
      3. Created within the organization
        1. Paid Checks
        2. Sales Invoice
        3. Purchase Orders
        4. Receiving Reports
      4. Competency of evidence depends on the system of internal control
      5. Paid Check is the best of the above group because it circulated outside the organization.
      6. Advantages of Documentary Evidence – usually (assuming no fraud):
        1. more reliable
        2. more objective
        3. easier to assemble
        4. easier to document
    4. Testimonial evidence
      1. Evidence obtained through statements received in response to inquires, through interviews, surveys or questionnaires.
      2. Statements made should normally be corroborated with additional evidence.
    5. Accounting Records and Other Data Systems
    6. Analytical evidence
      1. Comparisons and ratios
      2. Trend Analysis
      3. Calculations
      4. Reasoning
      5. Value depends on:
        1. the data used
        2. the detail of data
        3. the logic applied to the analysis
  6. Cost of Obtaining Evidence
    1. There ought to be a cost benefit associated with the evidence gathering process.
      1. Different types of evidence can be accepted.
      2. Should obtain evidence adequate under the circumstances
      3. The more material the issue – the more there is a need for sufficient, competent and relevant evidence
    2. Calculated Risk:
      1. Statistical Sampling – we can calculate confidence level, precision level.
      2. Auditors can not review 100% of the transactions. Would be duplicating management
  7. Evidence Common in all Engagements
    1. Planning and supervision (1st standard of fieldwork)
    2. Internal control system (2nd standard of fieldwork)
    3. Evidential matter (3rd standard of fieldwork)
  8. Categories of Value
    1. Primary or Direct Evidence
      1. signed contract
    2. Secondary or Indirect Evidence
      1. interviews
      2. internally prepared documents
    3. Corroborative Evidence
      1. checks
      2. invoices
      3. minutes
  9. Grouping of Sensitive Information
    1. Unfounded or unsupported allegations
    2. Confidential or Protected information
      1. – medical
      2. drug records
      3. tax returns
  10. Basic Procedures to Satisfy Audit Objectives
    1. Observation
    2. Documentation
    3. Confirmation
    4. Tests of Data
    5. Comparisons
    6. Inquires

Interesting Sites

Suffolk Medical Audit Advisory Group


  1. Purpose
    1. Serve as the connecting link between the auditor’s fieldwork and the report. Should contain the evidence accumulated in support of the conclusions and recommendations included in the report.
      1. Coordinate and organize all phases of the audit.
      2. Allows supervisory review of staff work.
      3. Assists in monitoring and controlling audit
      4. Assists in conduct of audit work
      5. Documents work performed
      6. Provides a record of audit information
      7. Provides a basis for auditor’s evaluation


  1. Definition
    1. The term workpapers is a comprehensive one, it includes:
      1. all evidence gathered by the auditor to show the work done.
      2. the methods and procedures followed (audit plans, audit programs)
      3. * Workpapers provide the basis for:
        1. the audit report
        2. evidence of the extent of the examination
        3. proof that due professional care was exercised during the audit
  2. General Guidelines:
    1. Completeness & Accuracy
      1. Should be complete and accurate to provide proper support for findings, judgments, and conclusions – and to demonstrate the nature and scope of work.
    2. Clarity & Understandability
      1. Should be understandable without detailed oral explanations from the auditor – should be understandable if reviewed by another auditor.
      2. Any other auditor should be able to readily determine their source, purpose, the nature and scope of work done and the auditor’s conclusions.
      3. Concise is important but should not be sacrificed to save paper , disk space or time.
    3. Legibility & Neatness
      1. Otherwise time will be wasted in reviewing them and in preparing the report.
      2. Sloppy w/ps may lose their worth as evidence.
      3. Crowding should be avoided.
    4. Pertinence
      1. The information in workpapers should be restricted to matters that are materially important and relevant to the objectives of the assignment.
    5. Heading, Source, Purpose, Conclusion
      1. Minimum amount of information that should be included on the workpaper.
  3. Examples of Work Papers
    1. Audit Programs
    2. Interviews
    3. Schedules
    4. Memoranda
    5. Analyses
    6. Correspondence; Documents
  4. Types of Workpapers
    1. Permanent file
    2. Current file
  5. Organization of Workpapers
    1. Index
    2. Audit Program
    3. Overall Conclusions – Summary
    4. Discussion of Results w/ Officials
    5. Tentative write-up
    6. Internal Controls – Conclusions
      1. Supporting workpapers
    7. Sub-section 1 – Conclusions
      1. Supporting workpapers
    8. Sub-section 2 – Conclusions
      1. Supporting workpapers – etc.
  6. Standards For Preparing Workpapers
    1. An auditor is judged by his/her workpapers The w/ps should convey:
      1. an impression of system and order
      2. conscientious attention to detail
      3. a clear distinction between important and trivial
    2. Every W/P must be identified (heading):
      1. Name of organization being audited
      2. Description of information being presented
      3. The period being audited
    3. Separate W/P for every topic
    4. Every W/P should contain the name or initials of auditor preparing it, the date prepared (also supervisor should initial)
    5. Source, Purpose, and Conclusion
    6. Legends
    7. Indexed, Cross-referenced
    8. Extent of testing
      1. how sample was chosen
      2. period of time reviewed
    9. W/Ps should only be prepared once.
  7. System of Indexing
    • A.1,
    • A.2
    • A.3
    • A.3.1
    • A.3.2
    • A.3.3
    • A.3.3.a
    • A.3.3.b
    • A.3.4
    • A.4


  1. Read Chapter 11 in Government Performance Audit in Action.
  2. Be prepared to discuss Regulatory Inspection Programs for the next class.
  3. Begin to prepare for the Case Study – Deploying Patrol Troopers