Presented By,

Tanmayee Tilekar
 Audit evidence is the information you collect about processes
related to the operations of a specific department within your
organization.

 Auditors use this information to make findings about your

compliance efforts.

 Audit evidence can include documents, logs, and correspondence

generated within your organization, as well as materials generated
externally:
 Process documents

 Policy documents

 Accounting records

 Invoices

 System logs

 Reports
 Banks

 Debtors

 Suppliers

 Customers

 Stock exchanges

 The Internal Revenue Service

 Internal controls are policies, procedures, or technical safeguards
designed to prevent problems and protect your organization’s
assets.

 You need three types of internal controls to avoid or minimize loss.

 Detective internal controls are used after an event has

happened; they include:
◦ Internal audits
◦ Document reviews
◦ Reconciliations
◦ Interviews
 Preventive internal controls exist, as the name implies, to prevent
unwanted events from happening. These controls include:

◦ Training programs

◦ Drug testing

◦ Firewalls

◦ Computer and server backups

 Corrective internal controls are put in place after detective
controls discover a problem, to rectify whatever failure allowed the
event to happen.

 These include:
◦ Disciplinary action
◦ Reports filed
◦ Software patches
◦ New policies
 Physical examinations are one of the main sources of audit
evidence for fixed assets. In these, auditors physically verify the
existence of various assets:

visiting offices and warehouses, counting supplies, and so forth.

Auditors usually collect this type of audit evidence themselves, and
can use a physical examination to verify the state or condition of an
asset.

 Confirmations consist of third-party verifications to confirm

information such as the closing balance recorded in financial
statements.
 Documentary evidence is critical to any audit. It requires auditors
to gather documents regarding different aspects of an audit. The
sources of audit evidence also matter to documentation. Various
techniques such as vouching or tracing may be used as part of the
audit procedures.

 Analytical procedures include performing analyses to identify any

trends or discrepancies, and can help auditors detect any changes
since the last audit.
 Oral evidence is obtained through inquiries, and helps auditors to
understand the process to design audit procedures. Inquiries may
not be considered a strong form of audit evidence.

 Accounting systems allow auditors to obtain all the information

related to an organization’s financial statements, and can help
auditors to gather other types of audit evidence.
 Re performance evaluates internal controls to check for
deficiencies and determine control risk.

 Observatory evidence differs from a physical examination as it

focuses on processes rather than physical assets. In observation,
auditors observe various aspects of your operations or processes
(for example, how the security team vets the security of cloud-based
technology partners).
 Inspection involves examining documents or records in paper form,
electronic form, or other media. Whether internal or external,
inspection of documents and records may give evidence of
ownership (for example, title deeds), evidence that a control is
operating (say, stamped invoices), or evidence about cut-off (the
dates on invoices).

 This evidence can confirm value and purchase costs. Inspection of

tangible assets usually gives evidence of existence or valuation.
 Observation consists of looking at processes or procedures. It either
confirms or denies that a control was operating at the time of the
observation, keeping in mind that the auditor’s presence may have
had an influence on behaviors.

 Examples include an auditor’s observation of inventory counting or

of the performance of control activities.
 Inquiries involve seeking information from knowledgeable persons
within or outside the enterprise. Auditors conduct inquiries to:

 Get information about your business

 Develop the preliminary audit approach

 Collect specific evidence

 Corroborate evidence collected by other means

 Documentation should include:

 Output produced

 Description of the audit analysis work performed on the output

 Audit findings

 Audit conclusions

 Audit recommendations
 Computer-assisted audit tool (CAATs) or computer-assisted
audit tools and techniques (CAATTs) is a growing field within the
IT audit profession. CAATs is the practice of using computers to
automate the IT audit processes.

 CAATs normally include using basic office productivity software such

as spreadsheets, word processors and text editing programs and
more advanced software packages involving use statistical
analysis and business intelligence tools. But also more
dedicated specialized software are available

 CAATs have become synonymous with data analytics in the audit

process.
1. Absence of input documents or lack of a visible paper trail may
require the use of CAATs in the application of compliance and
substantive procedures.

2. Need for obtaining sufficient, relevant and useful evidence from the
IT applications or database as per audit objectives.

3. Ensuring audit findings and conclusions are supported by

appropriate analysis and interpretation of the evidence

4. Need to access information from systems having different hardware

and software environments, different data structure, record formats,
processing functions in a commonly usable format.
5. Need to increased audit quality and comply with auditing standards.

6. Need to identify materiality, risk and significance in an IT

environment.

7. Improving the efficiency and effectiveness of the audit process.

8. Ensuring better audit planning and management of audit resources.

 1. Identify the scope and objectives of the audit. Based on this,
auditor can decided about the need and the extent to which CAAT
could be used.
 2. Identify the critical data which is being audited as per audit scope
and objectives.
 3. Identify the sources of data from the enterprise information
system/application software. These could be relating to general
ledger, inventory, payroll, sundry debtors, sundry creditors.
 4. Identify the relevant personnel responsible for the data and
information system. These personnel could be from the IT
department, vendors, managers, etc.
 5. Obtain and review documents relating to data/information
systems. This should provide information about data types/data
structures and data fl ow of the system.
1. Identify exceptions: Identify exceptional transactions based on set
criteria. For example, cash transactions above Rs. 20,000.

2. Analysis of Controls: Identify whether controls as set have been

working as prescribed. For example, transactions are entered as per
authorized limits for specified users.

3. Identify errors: Identify data, which is inconsistent or erroneous. For

e.g.: account number which is not numeric.

4. Statistical sampling: Perform various types of statistical analysis to

identify samples as required.
6. Verify calculations: Re-perform various computations in audit
software to confirm the results from application software confirm
with the audit software. For e.g.: TDS rate applied as per criteria.

7. Existence of records: Identify fields, which have null values. For

example: invoices which do not have vendor name
1. File access: This refers to the capability of reading of different
record formats and file structures. These include common formats of
data such as database, text formats, excel fi les. This is generally
done using the import/ODBC function.

2. File reorganization: This refers to the features of indexing, sorting,

merging, linking with other identified files. These functions provide
auditor with an instant view of the data from different perspectives.

3. Data selection: This involves using of global filter conditions to

select required data based on specified criteria.
 4. Statistical functions: This refers to the features of sampling,
stratification and frequency analysis. These functions enable
intelligent analysis of data.

 5. Arithmetical functions: This refers to the functions involving use

of arithmetic operators. These functions enable performing re-
computations and re-performance of results
1. Identify correctly data to be audited
2. Collect the relevant and correct data files
3. Identify all the important fields that need to be accessed from the
system
4. State in advance the format the data can be downloaded and
defines the fields correctly
5. Ensure the data represent the audit universe correctly and
completely.
6. Ensure the data analysis is relevant and complete.
7. Perform substantive testing as required.
8. Information provided by CAATs could be only indicators of
problems as relevant and perform detailed testing as required.
 Audit evidence is the information you collect about processes
related to the operations of a specific department within your
organization. Auditors use this information to make findings about
your compliance efforts.
 Audit evidence can include documents, logs, and correspondence
generated within your organization, as well as materials generated
externally. Internal documents include:
 Process documents
 Policy documents
 Accounting records
 Invoices
 System logs
 Reports
 Physical examinations are one of the main sources of audit
evidence for fixed assets. In these, auditors physically verify the
existence of various assets: visiting offices and warehouses,
counting supplies, and so forth. Auditors usually collect this type of
audit evidence themselves, and can use a physical examination to
verify the state or condition of an asset.

 Documentary evidence is critical to any audit. It requires auditors

to gather documents regarding different aspects of an audit. The
sources of audit evidence also matter to documentation. Various
techniques such as vouching or tracing may be used as part of the
audit procedures
 Analytical procedures include performing analyses to identify any
trends or discrepancies, and can help auditors detect any changes
since the last audit.

 Oral evidence is obtained through inquiries, and helps auditors to

understand the process to design audit procedures. Inquiries may
not be considered a strong form of audit evidence.

 Accounting systems allow auditors to obtain all the information

related to an organization’s financial statements, and can help
auditors to gather other types of audit evidence.
 Re performance evaluates internal controls to check for
deficiencies and determine control risk.

 Observatory evidence differs from a physical examination as it

focuses on processes rather than physical assets. In observation,
auditors observe various aspects of your operations or processes
(for example, how the security team vets the security of cloud-based
technology partners).

 Confirmations consist of third-party verifications to confirm

information such as the closing balance recorded in financial
statements.