Audit Evidence
Domain 1 — Information Systems Auditing Process
Definition
Audit evidence is information collected by an auditor to support audit conclusions and opinions. It can be physical (documents, reports), testimonial (interviews), analytical (trend analysis), or digital (system logs, database queries). IS auditors evaluate evidence for sufficiency (enough to support the conclusion), reliability (source credibility), and relevance (directly tied to the audit objective). The more independent the source, the more reliable the evidence.
Real-World Audit Scenario
I once audited a client's change management process and asked for evidence of change approvals. The IT manager sent me a spreadsheet with 200 rows labelled "Change Approved." I asked to see the actual change tickets in the system. When I cross-referenced the spreadsheet against the system logs, I found 47 changes in the system that were not on the spreadsheet and 12 spreadsheet entries that had no corresponding system record. The audit conclusion changed completely once I had reliable evidence — the spreadsheet was a control illusion.
Common Exam Trap
A common exam question asks about the "most reliable" form of evidence. The hierarchy is: direct observation > system-generated evidence > documentary evidence > testimonial evidence. A system log is more reliable than a manager's verbal confirmation.
Test Your Understanding
Try a free practice question on this topic — see our 4-layer explanations and find out where you stand.
Try a Free Question →150 Free Practice Questions →