The Importance of Audit Evidence in Compliance and Reporting

No matter the company, if you look at the bottom of vital financial documents—10-K and 10-Q, among others—you will notice one commonality. They are all signed by the company's top brass: CEO, CFO, principal accountant, and other stakeholders, frequently including the board of directors.

Does that mean the CEO of a Fortune 50 company is on the front lines of accounting? And that the CFO has memorized every line of the report? Not quite. After all, according to one Bloomberg report, the amount of text included in 10-Ks has quadrupled—from 15,000 words in 1995 to more than 60,000 in 2017. No one expects executives to absorb every last word.

Executives must trust the content inside, and that trust does not appear from out of the blue. If your signature is on the bottom of an internal control document, it is in your best interest to take the time to verify the findings inside are true. Plus, an evolving landscape of standards, such as the PCAOB Audit Reporting Standard, constantly shifts the landscape.

For audit professionals, this means they should come prepared with evidence.

The importance of audit evidence

Evidence is crucial to the audit and internal controls process because it affords signatories a reason to trust any outstanding claims. After all, a host of laws and regulations make it clear that the managers of public companies—not their auditors—are responsible for establishing and maintaining internal control over financial reporting (ICFR) and regularly assessing the effectiveness of those controls.

When a CFO's signature is at the bottom of a report, their reputation and the reputation of the business are on the line.

External auditors are frequently assigned the task of assessing the effectiveness of management’s efforts and forming an opinion as a basis for designing their audits. For certain large companies, auditors must also express a separate written opinion on those controls.

Still, just because collecting evidence is a best practice, does not mean it is always done well or accurately. There are a handful of reasons that companies fail to collect evidence.

Three reasons companies miss the mark on audit evidence

If you just scratch the surface of the issue, there are two general reasons why companies fail to collect the evidence needed to keep stakeholders and executives content with the information inside of vital reports: they don't collect enough, or they don't know how to store it.

Clearly, audit teams that don't collect evidence in the first place will stumble when pressed to back up any claims they made. But for organizations that don't know how to store evidence, three major issues arise.

1. There is a lack of a consistent, cost-effective way to collect and organize evidence

Imagine a dictionary where all the words are not in alphabetical order. All the words are there, but cannot easily be located when you need to know their definitions. In the same way, lack of organization and consistency drastically reduce the effectiveness of a reference tool.

The quality audit evidence of your team is only as valuable as the way it is collected and organized. Teams often overlook or omit applicable audit evidence and documentation when there is no easy way to collect, organize, and reference it.

2. There is an inability to share

Similarly, when teams lack a repository with the ability to share evidence from team member to team member—and across the organization—problems arise.

Without a single internal controls repository to store, organize, and access this evidence quickly and easily, audit teams run the risk of creating duplicate work or failing to account for necessary evidence.

3. They struggle with multiple versions of key documents and templates

Managing legacy spreadsheets and word processing documents as they are shared among teams is a challenge. After being passed around your team, it is nearly impossible to verify that the document that you are working on is the most up-to-date one. This can lead to miscommunication, inapplicable content being presented, or other errors.

Resources to help close the evidence gap

Gratefully, technology is available to help organizations gather the evidence they need to surmount the evidence gap. Take a deeper dive into eliminating the evidence gap in your organization by reading our white paper, Closing the Global Evidence Gap.