PCAOB offers guidance on using audit evidence from outside sources

The Public Company Accounting Oversight Board staff issued guidance Thursday on some of the considerations auditors should have about the relevance and reliability of information they get from external sources and plan to use as audit evidence.

The guidance also deals with the relationship between the quality and quantity of audit evidence.

The PCAOB has been working on an Audit Evidence project and weighing whether to make changes to its existing standard, AS 1105, Audit Evidence, given the widespread use of audit technology tools at firms and the ready availability of information from sources outside a company, both in the financial reporting process and as audit evidence.

The current AS 1105 standard explains what qualifies as audit evidence and lays out the requirements for designing and performing audit procedures to obtain sufficient appropriate audit evidence. The PCAOB staff noted in its new guidance that the expanded use of information from sources external to a company is affecting the volume and nature of information available to auditors to use in the performance of their audits.

Courtesy of PCAOB

“We also understand from our ongoing research project on audit evidence that auditors are seeking additional clarity on applying the requirements in AS 1105 when using information obtained from external sources as audit evidence,” said the document. “As part of our ongoing project, we continue to conduct research activities on other matters that may affect obtaining and evaluating audit evidence.”

The PCAOB has been undergoing an overhaul this year after the ouster of its chairman William Duhnke and SEC chairman Gary Gensler’s plans to replace the rest of the board members (see story). Much of the standard-setting work of the board is in a holding pattern, making the staff guidance even more critical.

The document discusses some examples of the types of externally sourced information that might or might not be used as audit evidence, including the year-end price of a publicly traded security on a stock exchange, pharmaceutical orders from wholesalers, historical loss information from other financial institutions, and weather data for predicting retail customer sales trends.

However, the guidance warns about the reliability of such information. “In general, information obtained directly by the auditor is more reliable than information obtained indirectly,” said the document. “For example, certain external information that is widely available can be obtained by the auditor directly from the source (e.g., the risk-free rate). External information whose distribution is more limited may need to be obtained by the auditor indirectly, for example, by extracting it from the information system of the company being audited (e.g., insurance claims data submitted to an insurer by a third-party health care provider). In this scenario, the effectiveness of the company’s controls over the external information may also affect the reliability of the information.”