Evaluate evidence sufficiency, reliability, appropriateness, inconsistencies, exceptions, and fraud indicators.
Evidence evaluation asks whether the evidence obtained is sufficient and appropriate for the conclusion. Quantity alone is not enough. The evidence must be relevant to the risk, reliable for the source and circumstances, consistent with other evidence, and strong enough for the engagement objective.
The practical task is to decide whether the evidence supports the conclusion, whether contradictions or exceptions require more work, and whether fraud, error, or illegal-act indicators change the engagement response.
This lesson focuses on how to:
Sufficiency is about amount. Appropriateness is about quality. A large volume of weak evidence does not necessarily compensate for evidence that is irrelevant, biased, incomplete, or internally inconsistent.
| Quality | Question to ask | Weakness in a case |
|---|---|---|
| Sufficiency | Is there enough evidence for the level of assurance and risk? | Sample is too small, population coverage is incomplete, or high-risk items were not tested. |
| Relevance | Does the evidence address the assertion, criterion, or conclusion? | Procedure tests existence when completeness is the risk. |
| Reliability | Is the source independent, controlled, direct, and objective? | Evidence comes only from management without corroboration. |
| Timeliness | Does the evidence cover the correct period or point in time? | Testing is performed before a major year-end transaction or system change. |
| Consistency | Does the evidence agree with other evidence? | Confirmation, ledger, and management explanation point in different directions. |
| Precision | Is the analysis precise enough for the risk? | Analytical procedure uses broad expectations that cannot detect material differences. |
The level of evidence needed depends on risk and assurance level. Higher risk requires more persuasive evidence, not just more evidence.
Evidence reliability depends on source and circumstances. The hierarchy is useful, but a case response should still address specific facts.
| Evidence source | Reliability note |
|---|---|
| Direct observation or reperformance by the practitioner | Often persuasive for the event observed or calculation reperformed, but may not cover periods before or after observation. |
| External confirmation | Generally strong when received directly from an independent party, but non-response or vague replies require follow-up. |
| Third-party documents | Usually stronger than internally generated documents, especially when obtained directly or matched to independent records. |
| Internally generated reports | Depend on control over data capture, processing, access, and report logic. |
| Management inquiry | Useful for understanding context, but rarely sufficient alone for a significant conclusion. |
| Analytical procedures | Useful for identifying relationships and anomalies, but conclusions require precision and corroboration. |
Reliability can change with circumstances. A third-party document obtained through management may be less persuasive than one received directly. A system report may be reliable if access, change management, report logic, and reconciliation controls are sound.
Inconsistencies are not administrative annoyances. They are evidence signals. The practitioner should determine whether they are isolated, systematic, fraud-related, or caused by a misunderstanding of criteria.
| Finding | Assurance response |
|---|---|
| Management explanation contradicts external evidence | Obtain further corroboration and evaluate management bias or integrity concerns. |
| Several exceptions arise in a control test | Reassess control reliance and increase substantive procedures if necessary. |
| Analytical result is outside expectation | Investigate the cause, test underlying data, and update the risk assessment. |
| Evidence supports different conclusions for different periods | Separate the conclusion by period or perform procedures over the uncovered period. |
| Exceptions are small individually but common | Evaluate whether the pattern indicates a systematic error or control deficiency. |
| Evidence cannot be reconciled to source records | Test completeness and accuracy of the source data before using the evidence. |
The response should not average contradictory evidence. Identify which evidence is stronger, which evidence directly addresses the risk, and what uncertainty remains.
Findings suggesting fraud, error, or illegal acts require professional skepticism and escalation. The response should state what additional procedures and communications are needed.
| Signal | Response |
|---|---|
| Unusual manual journal entries near period end | Inspect support, approval, business purpose, and subsequent reversal or settlement. |
| Missing or altered documents | Expand testing, obtain evidence from independent sources, and consider fraud implications. |
| Management pressure to clear an exception | Escalate and evaluate whether objectivity or evidence sufficiency is impaired. |
| Non-compliance with policy or regulation | Determine criteria, extent, financial or reporting effect, and communication obligations. |
| Side agreements or undisclosed terms | Inspect contracts, confirmations, correspondence, and subsequent transactions. |
| Repeated override of controls | Reassess fraud risk and perform procedures targeted at management override. |
Not every exception is fraud. But fraud indicators change the work because ordinary control assumptions may no longer hold.
The original work plan should change when evidence shows that the risk is higher, the evidence is weaker, or the subject matter does not conform to criteria.
| Finding | Work plan effect |
|---|---|
| Evidence is insufficient | Increase extent, obtain independent evidence, or perform alternative procedures. |
| Evidence is unreliable | Test the source, use stronger evidence, or reduce reliance on that evidence. |
| Evidence is inconsistent | Investigate the contradiction before concluding. |
| Criteria are not met | Quantify or describe the departure and evaluate reporting or communication implications. |
| Fraud indicator exists | Escalate, add targeted procedures, and evaluate governance or regulatory communication. |
| Scope is limited | Attempt alternative procedures and evaluate whether the limitation affects the conclusion. |
If the evidence is already persuasive, more work may not be necessary. If the evidence is weak or contradictory, more of the same weak evidence is unlikely to solve the problem.
| Step | Question | Output |
|---|---|---|
| 1. Conclusion | What conclusion is the evidence meant to support? | Assertion, criterion, or report point. |
| 2. Evidence obtained | What evidence exists and from what source? | Evidence summary. |
| 3. Quality | Is the evidence sufficient and appropriate? | Sufficiency, relevance, reliability, consistency, precision. |
| 4. Issue | Is there an exception, inconsistency, fraud signal, or criteria departure? | Evidence issue. |
| 5. Response | What additional procedure, conclusion, or communication follows? | Engagement response. |
Use this framework when a case gives an evidence summary, analytical result, exception list, management explanation, contradictory document, fraud indicator, or criteria departure.
| Pitfall | Correction |
|---|---|
| Equating more evidence with better evidence. | Evaluate relevance, reliability, consistency, and precision. |
| Treating inquiry as sufficient for a significant risk. | Corroborate management explanations with independent or objective evidence. |
| Ignoring contradictory evidence. | Investigate inconsistencies before forming the conclusion. |
| Applying criteria vaguely. | State the standard, rule, policy, or engagement criterion and compare facts to it. |
| Stopping after identifying fraud risk. | State the additional procedures, escalation, and communication implications. |