What is Audit Evidence and Sufficiency Assessment?
Audit evidence is all the information the auditor uses to reach the conclusions on which the audit opinion is based. Assessing it means judging whether there is enough evidence (sufficiency) of high enough quality (appropriateness) to support that opinion.
Audit evidence sufficiency assessment is the process of evaluating whether the quantity (sufficiency) and quality — relevance and reliability (appropriateness) — of evidence gathered is enough to reduce audit risk to an acceptably low level.
- •How much evidence is gathered
- •Driven by assessed risk of material misstatement
- •Higher risk → more evidence needed
- •Affected by sample size and population
- •Relevance — does it address the right assertion?
- •Reliability — how trustworthy is the source?
- •External evidence is generally more reliable than internal
- •Auditor-obtained evidence beats client-provided evidence
Try it: interactive calculator
Step-by-step worked examples
The auditor wants overall audit risk of 5%. Inherent risk is assessed at 80% and control risk at 50%. What detection risk is required?
DR = AR / (IR × CR) DR = 0.05 / (0.80 × 0.50) = 0.05 / 0.40 = 0.125 (12.5%)
For a high-risk revenue account (IR = 90%, CR = 70%), the auditor still wants 5% audit risk. What detection risk is needed, and what does it imply for evidence?
DR = 0.05 / (0.90 × 0.70) = 0.05 / 0.63 ≈ 0.079 (7.9%) A lower detection risk than a low-risk account means more, and more reliable, evidence is required
An auditor receives a bank confirmation directly from the bank versus a copy of a bank statement printed by the client. Which is more appropriate evidence, and why?
The direct bank confirmation is obtained by the auditor from an independent external source The client-printed statement passed through client hands, so it is less reliable → the confirmation is more appropriate
Flashcards
Quick quiz
Q1.What does 'sufficiency' of audit evidence refer to?
Q2.AR target = 0.05, IR = 1.0, CR = 1.0 (no reliance on controls). What is the required detection risk?
Q3.Which type of evidence is generally considered most reliable?
Q4.As assessed risk of material misstatement increases, what generally happens to the evidence needed?
The full card deck, worked steps and AI-tutor support for “What is Audit Evidence and Sufficiency Assessment?” are in Notek — study by hand before your exam.
Common mistakes
Assuming more evidence is always better regardless of quality. — Correct: Evidence must be both sufficient (enough) AND appropriate (relevant and reliable) — quantity cannot compensate for poor quality.
Treating all client-provided documents as equally reliable. — Correct: Reliability depends on the source and controls over its preparation — externally-sourced, auditor-obtained evidence is more reliable.
Confusing detection risk with control risk. — Correct: Detection risk is controlled by the auditor through the nature, timing, and extent of procedures; control risk is a characteristic of the client's system.
Believing audit risk can be reduced to zero. — Correct: Some audit risk always remains because auditors test on a sample basis and evidence is often persuasive, not conclusive.
FAQ
What is audit evidence?
Audit evidence is all the information the auditor uses — from accounting records and other sources — to support the audit opinion.
What is the formula linking audit evidence to risk?
The audit risk model: AR = IR × CR × DR. Rearranged, DR = AR / (IR × CR) shows how much detection risk — and thus how much evidence — is needed.
What are examples of sufficient and appropriate audit evidence?
External bank confirmations, physical inventory observation, and vouching transactions to independent third-party documents are strong examples.
How to assess if audit evidence is sufficient?
Compare the quantity and quality of evidence gathered to the assessed risk of material misstatement — higher risk requires more, and more reliable, evidence.




