Evidence sufficiency
Definition
The standard that evidence must meet to support an audit conclusion. Evidence must be relevant to the control being tested, reliable in terms of its source and collection method, and sufficient in quantity to support the conclusion with reasonable assurance.
Related terms
- Audit chain of custody
- The documented record of when audit evidence was collected, by whom, from what source, and how it has been stored and accessed...
- Control criterion
- The standard against which a control is evaluated. Criteria may come from an external standard (ISO 27001 Annex A, NIST CSF, PCI-DSS),...
- Design effectiveness
- The assessment of whether a control is designed in a way that would prevent or detect the risk it targets, if it...
- Fieldwork
- The active evidence-gathering phase of an audit, during which the auditor applies testing procedures to specific controls and collects the evidence that...
- Operating effectiveness
- The assessment of whether a control has consistently functioned as designed over the audit period. Requires evidence of actual operation, such as...
Explained in
- Fieldwork, Evidence Collection, and Control TestingThe standard that evidence must meet to support an audit conclusion. Evidence must be relevant to the control being tested, reliable in terms of its source and...