ISA 500: Audit Evidence — What Counts and How to Get It Right

ISA 500 is the standard that defines what constitutes audit evidence and how auditors obtain it. Every opinion in every audit report rests on evidence that meets ISA 500's criteria for sufficiency and appropriateness.

Sufficient and Appropriate

These two words carry enormous weight:

• Sufficiency — the quantity of evidence. More evidence is needed for higher-risk areas, less reliable sources, or when individual items are immaterial.
• Appropriateness — the quality of evidence, comprising relevance (does it relate to the assertion?) and reliability (can we trust the source?).

The Six Audit Procedures

ISA 500 identifies six types of audit procedures for obtaining evidence:

1. Inspection — examining records, documents, or tangible assets
2. Observation — watching a process or procedure being performed
3. External confirmation — obtaining responses from third parties (ISA 505)
4. Recalculation — checking the mathematical accuracy of documents
5. Reperformance — independently executing procedures or controls
6. Analytical procedures — evaluating information through analysis of relationships (ISA 520)

Reliability Hierarchy

Not all evidence is equal. ISA 500 establishes that:

• Evidence from external sources is more reliable than internal sources
• Evidence obtained directly by the auditor is more reliable than indirect evidence
• Written evidence is more reliable than oral evidence
• Original documents are more reliable than copies

Browse the full standard: ISA 500 Reference