The depth of evidence is relevant when conducting audit procedures, EQR reviews, and system and engagement monitoring.

ISA 500 (Audit Evidence): Paragraph 6 states the necessity for auditors to obtain sufficient and appropriate audit evidence to form the basis for an audit opinion.
ISQM 1: Paragraph 32 outlines the requirement for firms to establish a monitoring and remediation process that evaluates the system of quality management’s design, and operation.
ISA 220 (Revised) (Quality Management for an Audit of Financial Statements): Paragraph 27 discusses the role of the engagement quality reviewer in evaluating significant judgments and the conclusions reached by the engagement team.

When documenting these procedures, the auditor should be mindful of whether the documented evidence is sufficient. The level of evidence required involves not only reviewing documentation, but also ensuring that the actions documented were indeed performed. This is where the risk assessment relevant to procedures determines whether a documented procedure to ascertain whether an action has been performed, or an issue considered, is sufficient. Where the risk is higher, one would want to see details of whatever was inspected or considered. At even higher risk, one would want to see evidence from independent sources.

To lower the risk of internal sources used as evidence, the controls and previous results of evaluating those sources of evidence can contribute to lower risk assessment.

Auditors, EQRs and monitors will do well not to underestimate the importance of proper control, and risk assessment and evidence evaluations.