🎓 Prepared by students from Boğaziçi University

What is Audit Evidence and Sufficiency Assessment?

Audit evidence is all the information the auditor uses to reach the conclusions on which the audit opinion is based. Assessing it means judging whether there is enough evidence (sufficiency) of high enough quality (appropriateness) to support that opinion.

Short answer

Audit evidence sufficiency assessment is the process of evaluating whether the quantity (sufficiency) and quality — relevance and reliability (appropriateness) — of evidence gathered is enough to reduce audit risk to an acceptably low level.

Sufficiency vs. Appropriateness of Audit Evidence
Sufficiency (Quantity)
  • How much evidence is gathered
  • Driven by assessed risk of material misstatement
  • Higher risk → more evidence needed
  • Affected by sample size and population
Appropriateness (Quality)
  • Relevance — does it address the right assertion?
  • Reliability — how trustworthy is the source?
  • External evidence is generally more reliable than internal
  • Auditor-obtained evidence beats client-provided evidence
01

Try it: interactive calculator

Required detection risk
0.125
= 0.05/(0.8*0.5)
02

Step-by-step worked examples

The auditor wants overall audit risk of 5%. Inherent risk is assessed at 80% and control risk at 50%. What detection risk is required?

DR = AR / (IR × CR)
DR = 0.05 / (0.80 × 0.50) = 0.05 / 0.40 = 0.125 (12.5%)

For a high-risk revenue account (IR = 90%, CR = 70%), the auditor still wants 5% audit risk. What detection risk is needed, and what does it imply for evidence?

DR = 0.05 / (0.90 × 0.70) = 0.05 / 0.63 ≈ 0.079 (7.9%)
A lower detection risk than a low-risk account means more, and more reliable, evidence is required

An auditor receives a bank confirmation directly from the bank versus a copy of a bank statement printed by the client. Which is more appropriate evidence, and why?

The direct bank confirmation is obtained by the auditor from an independent external source
The client-printed statement passed through client hands, so it is less reliable → the confirmation is more appropriate
03

Flashcards

04

Quick quiz

Q1.What does 'sufficiency' of audit evidence refer to?

Correct answer: B. Sufficiency is about quantity; appropriateness is about quality (relevance and reliability).

Q2.AR target = 0.05, IR = 1.0, CR = 1.0 (no reliance on controls). What is the required detection risk?

Correct answer: A. DR = 0.05 / (1.0 × 1.0) = 0.05.

Q3.Which type of evidence is generally considered most reliable?

Correct answer: C. Evidence obtained directly by the auditor from an independent external source is the most reliable.

Q4.As assessed risk of material misstatement increases, what generally happens to the evidence needed?

Correct answer: B. Higher risk requires lower detection risk, which is achieved through more and higher-quality evidence.
📄Download this topic as a printable worksheet (PDF)Summary + 10 questions + answer key — print it, share it in class.
Study better with Bounlu apps
Notek
Notek

The full card deck, worked steps and AI-tutor support for “What is Audit Evidence and Sufficiency Assessment?” are in Notek — study by hand before your exam.

Get it free
Notek 1Notek 2Notek 3Notek 4Notek 5
05

Common mistakes

Assuming more evidence is always better regardless of quality.Correct: Evidence must be both sufficient (enough) AND appropriate (relevant and reliable) — quantity cannot compensate for poor quality.

Treating all client-provided documents as equally reliable.Correct: Reliability depends on the source and controls over its preparation — externally-sourced, auditor-obtained evidence is more reliable.

Confusing detection risk with control risk.Correct: Detection risk is controlled by the auditor through the nature, timing, and extent of procedures; control risk is a characteristic of the client's system.

Believing audit risk can be reduced to zero.Correct: Some audit risk always remains because auditors test on a sample basis and evidence is often persuasive, not conclusive.

06

FAQ

What is audit evidence?

Audit evidence is all the information the auditor uses — from accounting records and other sources — to support the audit opinion.

What is the formula linking audit evidence to risk?

The audit risk model: AR = IR × CR × DR. Rearranged, DR = AR / (IR × CR) shows how much detection risk — and thus how much evidence — is needed.

What are examples of sufficient and appropriate audit evidence?

External bank confirmations, physical inventory observation, and vouching transactions to independent third-party documents are strong examples.

How to assess if audit evidence is sufficient?

Compare the quantity and quality of evidence gathered to the assessed risk of material misstatement — higher risk requires more, and more reliable, evidence.

Related topics