Understanding the Importance of Audit Evidence and External Sources in the Audit Process

July 28, 2025

The integrity of a financial statement audit is built upon the foundation of audit evidence. It is the information used by auditors to form an opinion on whether the financial statements of an entity are free from material misstatement. Among the various types of evidence gathered during an audit, external confirmation stands out as a particularly valuable and reliable source. This article delves into the role of audit evidence in financial audits, with a particular focus on the use of external confirmations to gather reliable and relevant evidence.

What constitutes audit evidence?

• As per SA500, "Audit Evidence" isthe information used by the auditor in arriving at the conclusions on which the auditor's opinion is based.
• Audit evidence includes both information contained in the accounting records underlying the financial statements and information obtained from other sources.
• Thus, auditor must obtain sufficient and appropriate evidence to support their opinion on the financial statements.
• Audit evidence comes from a variety of sources and can be classified into different types.

• Physical evidence: Tangible items that can be inspected (e.g., inventory count).
• Documentary evidence: Written or electronic records that substantiate transactions (e.g., invoices, contracts).
• Testimonial evidence: Information gathered from discussions with management or staff.
• Analytical evidence: Data obtained through analytical procedures, such as ratios or trend analysis.
• External evidence: Information provided by independent third parties, such as banks, customers, or suppliers.

Case Study:

WorldCom scandal (2002)

• This was one of the largest corporate frauds in history, exposing massive accounting fraud that led to the company’s bankruptcy.
• WorldCom executives inflated earnings by nearly $11 billion to hide the company’s financial struggles.
• They misclassified operating expenses (like network maintenance costs) as capital expenditures, making it appear that profits were higher than they actually were.
• This accounting manipulation misled investors and kept stock prices high.
• The fraud could have been detected if auditors had obtained independent and detailed documentation of capital expenditures versus operating expenses.
• Whistleblower Cynthia Cooper, head of internal auditing, discovered the fraud when she insisted on reviewing capital expenditure records.
• She found that $3.8 billion in expenses were falsely reclassified— without actual supporting audit evidence.
• Internal auditors acted independently and skeptically, unlike the external auditors.
• Auditors relied too heavily on WorldCom’s management statements rather than conducting independent verification.
• Instead of seeking original supporting documentation (such as vendor invoices or detailed expense reports), auditors accepted internal explanations at face value.
• If auditors had analysed financial ratios and compared expenses to revenue trends, the fraud would have been more apparent

Hence, Auditors must gather independent, verifiable audit evidence & Overreliance on management assertions without documentation is a major audit risk.

External Confirmations:

Different types of external confirmation

External confirmation can take various forms, and auditors typically choose the method based on the nature of the information being confirmed and the level of assurance required.

External confirmations are most commonly used to verify:

• Account balances: Confirming the balances of receivables, payables, or cash held by third parties
• Transactions: Verifying specific transactions, such as sales or purchases, with customers or suppliers.
• Legal matters: Confirming details of ongoing or potential litigation with the company's legal advisors
• Debt agreements: Verifying terms of loan agreements with lenders or financial institutions.

How different types of responses impact the auditor’s conclusion?

1. Positive Confirmation with Agreement

• If the external party confirms the requested information without discrepancies, the auditor obtains sufficient and appropriate audit evidence.

2. Positive Confirmation with Exceptions

• If the confirmation response contains discrepancies, the auditor should investigate the differences.
• If unresolved, it may indicate misstatements or control deficiencies.

3. Negative Confirmation

• If no response is received and the client has strong internal controls, the auditor may consider this as some level of assurance.
• However, negative confirmations provide less persuasive evidence than positive confirmations.

4. Non-Response to Positive Confirmation

• If no response is received, alternative audit procedures (e.g., reviewing subsequent payments, invoices) are required.
• If sufficient evidence is not obtained, it may impact the auditor’s opinion.

Case Study:

Parmalat Scandal (2003)

• Parmalat, an Italian dairy and food giant, falsified financial records for years.
• It falsely claimed it had a €3.95 billion bank account at Bank of America.
• Deloitte, Parmalat’s external auditor, requested a bank confirmation to verify the balance.
• Parmalat’s executives forged a letter from Bank of America confirming the account.
• Auditors accepted this fake confirmation without directly verifying with BoA.
• When regulators later contacted BoA, the bank denied the existence of the account—exposing the fraud.

Key Lessons:

• External confirmations must be directly obtained from banks, vendors, or customers—not through management
• If a company resists external confirmations or provides excuses, it's a red flag.
• Auditors must remain skeptical and verify unusual financial claims

Conclusion

In conclusion, a good audit needs strong and reliable evidence. This evidence helps auditors check for mistakes or fraud and follow professional rules. One of the best types is external confirmation, where information is verified by independent third parties. This makes the audit more trustworthy and reduces risks.