Evaluating the Sufficiency and Appropriateness of Evidence in Financial Audits: A Case Study on the Cash and Cash Equivalents Accounting Cycle
Author: Jorge Pinto de Carvalho Júnior
Undoubtedly, evidence is the cornerstone that auditors rely on to substantiate their findings during financial audits. A critical question for auditors is whether the quantity and quality of the evidence gathered during testing unequivocally support their conclusions.
To address this, it is essential to understand what constitutes sufficient and appropriate audit evidence, and the methodological steps required to obtain it in an adequate proportion. This is necessary to effectively support the auditor’s conclusions in the context of a specific examination.
In financial audits, at least three International Standards on Auditing (ISA) provide detailed guidance on this subject: ISA 500 – Audit Evidence, ISA 501 – Audit Evidence: Specific Considerations for Selected Items, and ISA 505 – External Confirmations.
To connect theory with practice, this article will explore some nuances of these standards through a hypothetical scenario, in which a newly hired auditor at a Court of Accounts has not undergone effective training programs nor received sufficient support from immediate supervisors regarding audit quality control. This auditor was assigned to conduct a financial audit of a municipality’s consolidated accounts, specifically focusing on the Cash and Cash Equivalents accounting cycle1, and must work by himself on this task.
Due to a lack of the necessary methodological tools for effective professional practice and facing tight deadlines, the auditor, eager to perform well, attempts to gather as much information as possible about the cycle he is responsible for. He accesses the accounting records within the audit scope and issues requests for additional data from the relevant parties. After analyzing the gathered documentation, the auditor plans and executes the tests he considers most appropriate.
Audit Procedure Planned by the Auditor
The auditor identified approximately 500 bank accounts recorded in the responsible party’s accounting system, totaling $ 20 million at the end of the audited period. He decided to select a non-statistical sample of accounts with the highest balances on that date, resulting in 20 sampled items amounting to $ 3 million, which represents 15% of the total balance.
Unable to map all internal controls associated with the cycle, the auditor opted to perform only substantive procedures. He applied the inspection technique to verify the reconciliation between the accounting balances as of December 31 and the bank statements obtained from the municipality’s finance department, along with the respective reconciliation forms.
The auditor did not identify any discrepancies in the examined sample. He completed the test documentation (“working papers”) and submitted it to the audit team leader for review.
Summary of Tests and Findings
| Accounting Cycle | Population | Sample | Audit Procedure | Audit Technique | Evidence Gathered | Misstatement Detected |
| Cash and Cash Equivalents | 500 bank accounts per accounting records; $ 20 million total balance as of 12/31/XX. | Non-statistical (20 bank accounts totaling $ 3 million, or 15% of the balance as of 12/31/XX) | Substantive Procedures (Tests of Details) | Inspection | – Accounting ledgers; – December bank statements provided by the auditee;- Reconciliation forms. | None |
Were the Audit Evidence Sufficient and Appropriate?
The most likely answer is NO.
The key considerations for this conclusion are summarised below. However, before delving into the merits of the evidence obtained in the illustrated hypothetical case, it is essential to emphasize that the definition of the audit approach for the cycle assigned to the auditor is intrinsically dependent on the risk assessment related to it. Decisions regarding the best responses to the identified risks will guide the auditor, among other things, on whether to combine operational effectiveness tests of controls with substantive procedures (thus reducing the sample size in the latter case) or rely exclusively on substantive procedures.
Furthermore, decisions about the audited statistical or non-statistical sample size , consequently, the volume of evidence needed, and their sources to provide relevant evidence to support the auditor’s conclusions robustly depend on the process of understanding the entity, identifying its inherent risks, and evaluating the controls it has designed and implemented. With these elements, the audit team could make well-founded decisions, satisfactorily managing the risk of issuing inappropriate opinions and performing their work efficiently. This, for example, would result in effective planning and executing tests in the necessary proportion, neither under-auditing nor over-auditing the assertions subject to examination.
With these preliminary considerations in mind, it’s possible to return to the hypothetical example:
Quantity of Evidence: The auditor tested only 20 out of 500 bank accounts, covering just 15% of the total balance as of the cutoff date, and did not correlate the sample to business risks. This does not guarantee that the evidence is sufficient. According to ISA 500:
Quality of Evidence: The auditor relied on bank statements provided by the finance department instead of using positive external confirmation techniques with the banks that hold the municipality’s funds. This approach would have significantly increased the reliability of the evidence. ISA 500 states:
The reliability of audit evidence is increased when it is obtained from independent sources outside the entity.
Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized or otherwise transformed into electronic form, the reliability of which may depend on the controls over their preparation and maintenance.
Assertions Addressed: The auditor focused on the “existence” assertion (verifying that accounting records were supported by bank statements showing the actual existence of financial balances at year-end) and the “accuracy, valuation, and allocation” assertion (cross-checking recorded values with statement balances adjusted for any reconciliations). However, the auditor overlooked other inherent risks associated with the Cash and Cash Equivalents cycle, such as risks related to “completeness” and “rights and obligations”:
Tracing techniques and data from the country’s Central Bank could allow for the identification of unrecorded bank accounts, potentially revealing fraud or material misstatements (completeness assertion).
External confirmations with banks holding recorded balances could uncover improperly recognized amounts that do not belong to the entity (rights and obligations assertion).
Scope Limitations: The auditor tested only year-end balances, neglecting inflows and outflows throughout the fiscal year and omitting necessary disclosure examinations.
Why Not Categorically Conclude on Insufficient and Inappropriate Evidence?
The sufficiency and appropriateness of the evidence are tied to risk assessment, which was absent in this scenario. If the risks of material misstatement related to the addressed assertions were low, it would have been possible to test the effectiveness of operational controls (if validated during the planning phase of the audit) and work with smaller samples without compromising quality. However, the lack of a risk-based approach undermines confidence in the evidence obtained.
References
- International Federation of Accountants (IFAC). International Standards on Auditing (ISA) 315.
- International Federation of Accountants (IFAC). International Standards on Auditing (ISA) 500.
- International Federation of Accountants (IFAC). International Standards on Auditing (ISA) 501.
- International Federation of Accountants (IFAC). International Standards on Auditing (ISA) 505.
About the Author, Jorge Pinto de Carvalho Júnior (São Paulo/SP, Brazil)
Auditor for the United Nations Board of Auditors (BoA), on behalf of the Federal Court of Accounts in Brazil (TCU). He is an External Control Auditor at the Court of Accounts of the Municipality of São Paulo (TCMSP). He holds a degree in Accounting from Uneb/BA and postgraduate qualifications in Municipal Public Management (Uneb), Governmental Accounting (Fundação Visconde de Cairú), and Public Law and Municipal Control (Unibahia).
Jorge has served as a Municipal Comptroller and Secretary of Administration, Finance, and Planning in municipalities in Bahia, where he also worked as an entrepreneur. He is a former Internal Control Analyst at the Rio de Janeiro State Treasury (Sefaz-RJ), where he held the position of Superintendent of Technical Standards and served as Acting State General Accountant. Additionally, he was a Technical Advisor to CTCONF – STN, nominated by the Rui Barbosa Institute (IRB), and a former member of the Permanent Committee for Public Sector Accounting in Brazil (CP Casp), established by the Federal Accounting Council (CFC).
Footnotes
- Accounting cycles are groupings of accounts used in the process of recognizing, measuring, and disclosing specific financial transactions of an entity. For instance, the accounting cycle for provisions includes liability accounts (current and non-current) that represent such obligations, as well as the related expenses associated with them. ↩︎
