International Standard On Auditing
ISA 500Issued March 2009;updated June 2018International Standard on Auditing Audit Evidence
INTERNATIONAL STANDARD ON AUDITING 500AUDIT EVIDENCEThe Malaysian Institute of Accountants has approved this standard in June 2018 for publication.This standard should be read in conjunction with the Preface to the Malaysian Quality Control,Auditing, Review, Other Assurance and Related Services Pronouncements; and the MalaysianApproved Preface to the International Quality Control, Auditing, Review, Other Assurance, andRelated Services Pronouncements; Glossary of Terms; and International Framework forAssurance Engagements.The status of International Standards on Auditing is set out in the Preface to the MalaysianQuality Control, Auditing, Review, Other Assurance and Related Services Pronouncements.ApplicabilityInternational Standards on Auditing are to be applied in the audit of historical financialinformation.Changes of substance from March 20091.2.Conforming amendments have been made to this Standard as a result of:(a)ISA 610 (Revised), Using the Work of Internal Auditors and those amendments areeffective for audits of financial statements for periods ending on or after 15December 2013. The conforming amendments are set out in ISA 610 (Revised)issued in September 2012.(b)ISA 720 (Revised), The Auditor’s Responsibilities Relating to Other Information andRelated Conforming Amendments and those amendments are effective for audits offinancial statements for periods ending on or after 15 December 2016. Theconforming amendments are set out in ISA 720 (Revised) issued in July 2015.Changes made as appropriate, for cross-referencing and other changes as necessary.Effective Date in MalaysiaThisISA iseffectiveforauditsbeginning on or after 1 January 2010.offinancialstatementsforperiodsCopyright December 2016 by the International Federation of Accountants (IFAC). All rightsreserved. Used with permission of IFAC. Contact Permissions@ifac.org for permission toreproduce, store or transmit, or to make other similar uses of this document.1
INTERNATIONAL STANDARD ON AUDITING 500AUDIT EVIDENCE(Effective for audits of financial statements for periodsbeginning on or after January 1, 2010)CONTENTSParagraphIntroductionScope of this ISA .1 2Effective Date .3Objective .4Definitions .5RequirementsSufficient Appropriate Audit Evidence .6Information to Be Used as Audit Evidence .7 9Selecting Items for Testing to Obtain Audit Evidence .10Inconsistency in, or Doubts over Reliability of, Audit Evidence .11Application and Other Explanatory MaterialSufficient Appropriate Audit Evidence .A1 A25Information to Be Used as Audit Evidence .A26 A51Selecting Items for Testing to Obtain Audit Evidence .A52 A56Inconsistency in, or Doubts over Reliability of, Audit Evidence .A57International Standard on Auditing (ISA) 500, Audit Evidence, should be read in conjunction with ISA200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance withInternational Standards on Auditing.2
AUDIT EVIDENCEIntroductionScope of this ISA1.This International Standard on Auditing (ISA) explains what constitutes audit evidence in an auditof financial statements, and deals with the auditor’s responsibility to design and perform auditprocedures to obtain sufficient appropriate audit evidence to be able to draw reasonableconclusions on which to base the auditor’s opinion.2.This ISA is applicable to all the audit evidence obtained during the course of the audit. Other ISAsdeal with specific aspects of the audit (for example, ISA 315 (Revised) 1), the audit evidence to beobtained in relation to a particular topic (for example, ISA 570 (Revised) 2), specific procedures toobtain audit evidence (for example, ISA 520 3), and the evaluation of whether sufficientappropriate audit evidence has been obtained (ISA 2004 and ISA 3305).Effective Date3.This ISA is effective for audits of financial statements for periods beginning on or after January 1,2010.Objective4.The objective of the auditor is to design and perform audit procedures in such a way as to enablethe auditor to obtain sufficient appropriate audit evidence to be able to draw reasonableconclusions on which to base the auditor’s opinion.Definitions5.For purposes of the ISA, the following terms have the meanings attributed below:(a)Accounting records – The records of initial accounting entries and supporting records, such aschecks and records of electronic fund transfers; invoices; contracts; the general and subsidiaryledgers, journal entries and other adjustments to the financial statements that are not reflectedin journal entries; and records such as work sheets and spreadsheets supporting costallocations, computations, reconciliations and disclosures.(b)Appropriateness (of audit evidence) – The measure of the quality of audit evidence; that is,its relevance and its reliability in providing support for the conclusions on which theauditor’s opinion is based.(c)Audit evidence – Information used by the auditor in arriving at the conclusions on which theauditor’s opinion is based. Audit evidence includes both information contained in theaccounting records underlying the financial statements and information obtained from othersources.(d)Management’s expert – An individual or organization possessing expertise in a field other thanaccounting or auditing, whose work in that field is used by the entity to assist the entity inpreparing the financial statements.(e)Sufficiency (of audit evidence) – The measure of the quantity of audit evidence. Thequantity of the audit evidence needed is affected by the auditor’s assessment of the risksof material misstatement and also by the quality of such audit evidence.1ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and ItsEnvironment2ISA 570 (Revised), Going Concern3ISA 520, Analytical Procedures4ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standardson Auditing5ISA 330, The Auditor’s Responses to Assessed Risks3
AUDIT EVIDENCERequirementsSufficient Appropriate Audit Evidence6.The auditor shall design and perform audit procedures that are appropriate in the circumstancesfor the purpose of obtaining sufficient appropriate audit evidence. (Ref: Para. A1–A25)Information to Be Used as Audit Evidence7.When designing and performing audit procedures, the auditor shall consider the relevance andreliability of the information to be used as audit evidence. (Ref: Para. A26–A33)8.If information to be used as audit evidence has been prepared using the work of a management’sexpert, the auditor shall, to the extent necessary, having regard to the significance of that expert’swork for the auditor’s purposes: (Ref: Para. A34–A36)9.(a)Evaluate the competence, capabilities and objectivity of that expert; (Ref: Para. A37–A43)(b)Obtain an understanding of the work of that expert; and (Ref: Para. A44–A47)(c)Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion.(Ref: Para. A48)When using information produced by the entity, the auditor shall evaluate whether the information issufficiently reliable for the auditor’s purposes, including, as necessary in the circumstances:(a)Obtaining audit evidence about the accuracy and completeness of the information; and(Ref: Para. A49–A50)(b)Evaluating whether the information is sufficiently precise and detailed for the auditor’spurposes. (Ref: Para. A51)Selecting Items for Testing to Obtain Audit Evidence10.When designing tests of controls and tests of details, the auditor shall determine means ofselecting items for testing that are effective in meeting the purpose of the audit procedure. (Ref:Para. A52–A56)Inconsistency in, or Doubts over Reliability of, Audit Evidence11.If:(a)audit evidence obtained from one source is inconsistent with that obtained from another; or(b)the auditor has doubts over the reliability of information to be used as audit evidence,the auditor shall determine what modifications or additions to audit procedures are necessary toresolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit.(Ref: Para. A57)***Application and Other Explanatory MaterialSufficient Appropriate Audit Evidence (Ref: Para. 6)A1.6Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in natureand is primarily obtained from audit procedures performed during the course of the audit. It may,however, also include information obtained from other sources such as previous audits (providedthe auditor has determined whether changes have occurred since the previous audit that mayaffect its relevance to the current audit 6) or a firm’s quality control procedures for clientacceptance and continuance. In addition to other sources inside and outside the entity, theentity’s accounting records are an important source of audit evidence. Also, information that mayISA 315 (Revised), paragraph 94
AUDIT EVIDENCEbe used as audit evidence may have been prepared using the work of a management’s expert.Audit evidence comprises both information that supports and corroborates management’sassertions, and any information that contradicts such assertions. In addition, in some cases theabsence of information (for example, management’s refusal to provide a requestedrepresentation) is used by the auditor, and therefore, also constitutes audit evidence.A2.Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating auditevidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation,recalculation, reperformance, and analytical procedures, often in some combination, in addition toinquiry. Although inquiry may provide important audit evidence, and may even produce evidence of amisstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of amaterial misstatement at the assertion level, nor of the operating effectiveness of controls.A3.As explained in ISA 200,7 reasonable assurance is obtained when the auditor has obtainedsufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditorexpresses an inappropriate opinion when the financial statements are materially misstated) to anacceptably low level.A4.The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measureof the quantity of audit evidence. The quantity of audit evidence needed is affected by theauditor’s assessment of the risks of misstatement (the higher the assessed risks, the more auditevidence is likely to be required) and also by the quality of such audit evidence (the higher thequality, the less may be required). Obtaining more audit evidence, however, may not compensatefor its poor quality.A5.Appropriateness is the measure of the quality of audit evidence; that is, its relevance and itsreliability in providing support for the conclusions on which the auditor’s opinion is based. Thereliability of evidence is influenced by its source and by its nature, and is dependent on theindividual circumstances under which it is obtained.A6.ISA 330 requires the auditor to conclude whether sufficient appropriate audit evidence has beenobtained.8 Whether sufficient appropriate audit evidence has been obtained to reduce audit riskto an acceptably low level, and thereby enable the auditor to draw reasonable conclusions onwhich to base the auditor’s opinion, is a matter of professional judgment. ISA 200 containsdiscussion of such matters as the nature of audit procedures, the timeliness of financial reporting,and the balance between benefit and cost, which are relevant factors when the auditor exercisesprofessional judgment regarding whether sufficient appropriate audit evidence has beenobtained.Sources of Audit EvidenceA7.Some audit evidence is obtained by performing audit procedures to test the accounting records,for example, through analysis and review, reperforming procedures followed in the financialreporting process, and reconciling related types and applications of the same information.Through the performance of such audit procedures, the auditor may determine that theaccounting records are internally consistent and agree to the financial statements.A8.More assurance is ordinarily obtained from consistent audit evidence obtained from differentsources or of a different nature than from items of audit evidence considered individually. Forexample, corroborating information obtained from a source independent of the entity may increasethe assurance the auditor obtains from audit evidence that is generated internally, such as evidenceexisting within the accounting records, minutes of meetings, or a management representation.A9.Information from sources independent of the entity that the auditor may use as audit evidencemay include confirmations from third parties, analysts’ reports, and comparable data aboutcompetitors (benchmarking data).7ISA 200, paragraph 58ISA 330, paragraph 265
AUDIT EVIDENCEAudit Procedures for Obtaining Audit EvidenceA10. As required by, and explained further in, ISA 315 (Revised) and ISA 330, audit evidence to drawreasonable conclusions on which to base the auditor’s opinion is obtained by performing:(a)Risk assessment procedures; and(b)Further audit procedures, which comprise:(i)Tests of controls, when required by the ISA or when the auditor has chosen to do so;and(ii)Substantive procedures, including tests of details and substantive analyticalprocedures.A11. The audit procedures described in paragraphs A14–A25 below may be used as risk assessmentprocedures, tests of controls or substantive procedures, depending on the context in which theyare applied by the auditor. As explained in ISA 330, audit evidence obtained from previous auditsmay, in certain circumstances, provide appropriate audit evidence where the auditor performsaudit procedures to establish its continuing relevance. 9A12. The nature and timing of the audit procedures to be used may be affected by the fact that someof the accounting data and other information may be available only in electronic form or only atcertain points or periods in time. For example, source documents, such as purchase orders andinvoices, may exist only in electronic form when an entity uses electronic commerce, or may bediscarded after scanning when an entity uses image processing systems to facilitate storage andreference.A13. Certain electronic information may not be retrievable after a specified period of time, for example, iffiles are changed and if backup files do not exist. Accordingly, the auditor may find it necessary as aresult of an entity’s data retention policies to request retention of some information for the auditor’sreview or to perform audit procedures at a time when the information is available.InspectionA14. Inspection involves examining records or documents, whether internal or external, in paper form,electronic form, or other media, or a physical examination of an asset. Inspection of records anddocuments provides audit evidence of varying degrees of reliability, depending on their nature andsource and, in the case of internal records and documents, on the effectiveness of the controls overtheir production. An example of inspection used as a test of controls is inspection of records forevidence of authorization.A15. Some documents represent direct audit evidence of the existence of an asset, for example, adocument constituting a financial instrument such as a stock or bond. Inspection of suchdocuments may not necessarily provide audit evidence about ownership or value. In addition,inspecting an executed contract may provide audit evidence relevant to the entity’s application ofaccounting policies, such as revenue recognition.A16. Inspection of tangible assets may provide reliable audit evidence with respect to their existence,but not necessarily about the entity’s rights and obligations or the valuation of the assets.Inspection of individual inventory items may accompany the observation of inventory counting.ObservationA17. Observation consists of looking at a process or procedure being performed by others, for example,the auditor’s observation of inventory counting by the entity’s personnel, or of the performance ofcontrol activities. Observation provides audit evidence about the performance of a process orprocedure, but is limited to the point in time at which the observation takes place, and by the fact thatthe act of being observed may affect how the process or procedure is performed. See ISA 501 forfurther guidance on observation of the counting of inventory.109ISA 330, paragraph A3510ISA 501, Audit Evidence—Specific Considerations for Selected Items6
AUDIT EVIDENCEExternal ConfirmationA18. An external confirmation represents audit evidence obtained by the auditor as a direct writtenresponse to the auditor from a third party (the confirming party), in paper form, or by electronic orother medium. External confirmation procedures frequently are relevant when addressingassertions associated with certain account balances and their elements. However, externalconfirmations need not be restricted to account balances only. For example, the auditor mayrequest confirmation of the terms of agreements or transactions an entity has with third parties;the confirmation request may be designed to ask if any modifications have been made to theagreement and, if so, what the relevant details are. External confirmation procedures also areused to obtain audit evidence about the absence of certain conditions, for example, the absenceof a “side agreement” that may influence revenue recognition. See ISA 505 for further guidance.11RecalculationA19. Recalculation consists of checking the mathematical accuracy of documents or records.Recalculation may be performed manually or electronically.ReperformanceA20. Reperformance involves the auditor’s independent execution of procedures or controls that wereoriginally performed as part of the entity’s internal control.Analytical ProceduresA21. Analytical procedures consist of evaluations of financial information through analysis of plausiblerelationships among both financial and non-financial data. Analytical procedures also encompasssuch investigation as is necessary of identified fluctuations or relationships that are inconsistentwith other relevant information or that differ from expected values by a significant amount. SeeISA 520 for further guidance.InquiryA22. Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, within the entity or outside the entity. Inquiry is used extensively throughout the audit inaddition to other audit procedures. Inquiries may range from formal written inquiries to informaloral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.A23. Responses to inquiries may provide the auditor with
International Standard on Auditing (ISA) 500, Audit Evidence, should be read in conjunction with ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with . ISA 315 (Revised)1), the audit evidence to be
Chapter 05 - Auditing and Advanced Threat Analytics 1h 28m Topic A: Configuring Auditing for Windows Server 2016 Overview of Auditing The Purpose of Auditing Types of Events Auditing Goals Auditing File and Object Access Demo - Configuring Auditing Topic B: Advanced Auditing and Management Advanced Auditing
of Auditing and Assurance-Introduction (Auditing 1) and Auditing and Assurance-Intermediate (Auditing 2). This course is designed to provide an introduction to auditing and assurance services. Level of Proficiency in Auditing 1: Foundation Subject Learning Outcome Upon completion of the subj
SECTION-1 (AUDITING) INTRODUCTION TO AUDITING STRUCTURE: 1.1 Objectives 1.2 Introduction -an overview of auditing 1.3 Origin and evolution 1.4 Definition 1.5 Salient features 1.6 Scope of auditing 1.7 Principles of auditing 1.8 Objects of audit 1.9 Detection and prevention of fraud 1.2 1.10 Concept of " true and fair view"
5 GMP Auditing 6 GCP Auditing 7 GLP Auditing 8 Pharmacovigilance Auditing 9 Vendor/Supplier Auditing 10 Remediation 11 Staff Augmentation 12 Data Integrity & Computer System Validation . the training it needs to maintain quality processes in the future. GxP Auditing, Remediation, and Staff Augmentation The FDAGroupcom 9
Introduction to Assurance and Financial Statement Auditing 1 Chapter 1 An Introduction to Assurance and Financial Statement Auditing 2 Tips for Learning Auditing 4 The Demand for Auditing and Assurance 5 Principals and Agents 5 The Role of Auditing 6 An Assurance Analogy: The Case of
Auditing-B.com 3rd Year Unit I Introduction to Auditing Meaning and Definition of Auditing The word Audit is derived from Latin word “Audire” which means ‘to hear’. Auditing is the verification of financial position as discl
1. AD and Azure AD change auditing and reporting 2. File server auditing (Windows, NetApp, EMC, Synology) 3. Group Policy settings change auditing 4. Windows server and member server auditing and reporting 5. Workstations auditing 6. User behavior analytics (UBA) 7. Privileged user monitoring www.adauditplus.com
auditing, performance auditing, comprehensive auditing, internal auditing and forensic auditing, as well as providing assurance on subject matter other than historical financial information. Major chapter sections The framework for assurance engagements and the types of assurance engagements
