UNIT VI-AUDIT REPORT

AND CERTIFICATE
 TOPICS TO BE COVERED

Definition – Distinction between Report and

Certificate-
Different Types of Report Contents of Audit
Report (As per Companies Act and
Standards on Auditing.
True and Fair View – Concept Materiality –
Concept and Relevance.
 SA 700(R) FORMING AN OPINION AND
R E P O RT I N G O N F I N A N C I A L
S TAT E M E N T S

Scope
It covers the following:
i. Auditor’s responsibility to form an opinion on the
financial statements.
ii. Form and content of independent auditor’s report.
• It is framed in the context of an audit of a complete set of
general-purpose financial statements prepared in
accordance with general purpose framework.
• This SA also applies to audits for which SA 800 or SA 805
applies.
Objectives
a. Forming an opinion on the financial statements based on
conclusions drawn from evidences obtained and
b. Expressing clearly that opinion through a written report.
 Auditors have the option of choosing among four
different types of auditor opinion reports. An auditor
opinion report is a letter that auditors attach to the
statutory audit report that reflects their opinion of the
audit. The four types of auditor opinions are:

Unqualified opinion-clean report

FOUR TYPES
OF AUDIT Qualified opinion-qualified report
REPORTS

Disclaimer of opinion-disclaimer report

Adverse opinion-adverse audit report

• Unqualified Opinion – Clean Report
An unqualified opinion is considered a clean report. This is the type of
report that auditors give most often. This is also the type of report that
most companies expect to receive. An unqualified opinion doesn’t have
any kind of adverse comments and it doesn’t include any disclaimers
about any clauses or the audit process. This type of report indicates that
the auditors are satisfied with the company’s financial reporting. The
auditor believes that the company’s operations are in good compliance
with governance principles and applicable laws. The company, the
auditors, the investors and the public perceive such a report to be free
from material misstatements.
• Qualified Opinion-Qualified Report
When an auditor isn’t confident about any specific process or transaction
that prevents them from issuing an unqualified, or clean, report, the
auditor may choose to issue a qualified opinion. Investors don’t find
qualified opinions acceptable, as they project a negative opinion about a
company’s financial status. Auditors write up a qualified opinion in much
the same way as an unqualified opinion, with the exception that they
state the reasons they’re not able to present an unqualified opinion.
• Disclaimer of Opinion-Disclaimer Report
When an auditor issues a disclaimer of opinion report, it means that they are
distancing themselves from providing any opinion at all related to the financial
statements. Some of the reasons that auditors may issue a disclaimer of opinion are
because they felt like the company limited their ability to conduct a thorough audit or
they couldn’t get satisfactory explanations for their questions. They may not have
been able to decipher the correct nature of some transactions or to secure enough
evidence to support good financial reporting. Auditors that aren’t allowed an
opportunity to observe operational procedures or to review particular procedures may
feel like they’re not able to express a definite opinion, so they feel a disclaimer is
necessary and in order. The general consensus is that a disclaimer of opinion
constitutes a very harsh stance. As a result, it creates an adverse image of the
company.
• Adverse Opinion-Adverse Audit Report
The final type of audit opinion is an adverse opinion. Auditors who aren’t at all satisfied
with the financial statements or who discover a high level of material misstatements or
irregularities know that this creates a situation in which investors and the government
will mistrust the company’s financial reports.
An auditor’s adverse opinion is a big red flag. An adverse audit report usually indicates
that financial reports contain gross misstatements and have the potential for fraud.
Adverse opinions send out a high alert that the company’s records haven’t been
prepared according to GAAP. Financial institutions and investors take this opinion
seriously and will reject doing any kind of business with the company.
Auditors use all types of qualified reports to alert the public as to the transparency,
reliability and accountability of companies. Auditor opinions place pressure on companies
to change their financial reporting processes so that they’re clear and accurate.
Companies, investors and the public highly value unqualified reports.
 CONTENTS OF AUDIT REPORT
1. Title
2. Addressee
3. Opinion
4. Basis of opinion
5. Going concern(as per SA 570)
6. Key Audit Matters (as per SA 701)
7. Responsibility of Management
• Preparation of FS
• Internal Controls
• Assessing Going concern
• Fair presentation
8. Responsibility of Auditor
9. Other legal requirements
10. Date
11. Place
12. Signature
 Objective of the auditor
To express clearly an appropriately modified opinion
on the FS when the auditor:
a. Concludes, based on the evidences obtained
that the FS are not free from material
SA 705(R) misstatements, or
M O D I F I C AT I O N S T O b. Is unable to obtain sufficient and appropriate
THE OPINION IN THE evidences to conclude that financial statements
INDEPENDENT are free from material misstatements.
A U D I T O R ’ S R E P O RT
Types of modified opinion
i. A Qualified opinion
ii. An adverse opinion
iii. A disclaimer opinion
Determining type of modification

Nature of Matter Auditor’s Judgement about the

Giving Rise to the Pervasiveness of the Effects or Possible
Modification Effects on the Financial Statements
Material but Not Material and
Pervasive Pervasive
FS are materially Qualified opinion Adverse opinion
misstated
Inability to obtain Qualified opinion Disclaimer of opinion
sufficient appropriate
audit evidence
Note: Pervasive effects on the FS are those that, in the auditor’s judgement:
• Are not confined to specific elements, accounts or items of the FS;
• If so confined, represent or could represent a substantial proportion of the FS; or
• In relation to disclosures, are fundamental to users understanding of the FS.
 Qualified Opinion
The auditor shall express a qualified opinion
when:
• The auditor, having obtained sufficient
appropriate audit evidence, concludes
DETERMINING THE that misstatements, individually or in the
TYPE OF aggregate, are material, but not
MODIFICATION TO pervasive, to the financial statements; or
THE AUDITOR’S • The auditor is unable to contain sufficient
OPINION appropriate audit evidence on which to
base the opinion, but the auditor
concludes that the possible effects on the
financial statements of undetected
misstatements, if any, could be material
but not pervasive.
Adverse Opinion
The auditor shall express an adverse opinion when the
auditor, having obtained sufficient appropriate audit
evidence, concludes that misstatements, individually or
in the aggregate, are both material and pervasive to
the financial statements.
Disclaimer of Opinion
• The auditor shall disclaim an opinion when the auditor
is unable to obtain sufficient appropriate audit
evidence on which to base his opinion, and the
auditor concludes that the possible effects on the
financial statements of undetected misstatements,
could be both material and pervasive.
• The auditor shall disclaim an opinion when, in
extremely rare circumstances involving multiple
uncertainties, the auditor concludes that,
notwithstanding having obtained sufficient
appropriate audit evidence regarding each of the
individual uncertainties, it is not possible to form an
opinion on the financial statements due to the
potential interaction of the uncertainties and their
possible cumulative effect on the financial
statements.
 S A 7 0 6 E M P H A S IS OF M ATT E R PARAGRA P H S &
OT H E R M ATT E R PA RAGRAP H S I N T H E
IN D E P E N D E N T A U D I T OR ’ S R E P ORT

Objective of the auditor

To draw user’s attention by way of additional communication in the
auditor’s report, to
• Matter appropriately incorporated in the financial statements, that is of
such importance that it is fundamental to user’s understanding of
financial statements; or
• Any other matter(other than those in financial statements) relevant to
users or auditor’s responsibility or his report.
 ”EMPHASIS OF MATTER” PARA

Meaning
• Para which refers to a matter appropriately incorporated in the
financial statements,
• That is of such importance that it is fundamental to user’s
understanding of financial statements.
Note: SA 570(R) and SA 720(R) establishes requirements and
provides guidance about communication in the auditor’s report
relating to going concern and other information, respectively. Thus
he shall consider SA 570 and 720 in addition to this SA.
In audit report
The auditor shall include an Emphasis of Matter paragraph in the
auditor’s report provided:
1. The auditor would not be required to modify the opinion in
accordance with SA 705(Revised) as a result of the matter;
and
2. When SA 701 applies, the matter has not been determined to
be a key audit matter to be communicated in the auditor’s
report.
Heading
“Emphasis of matter”
It includes
• Clear reference to the matter being emphasized; and
• Where exactly it can be found in the financial statements.
Clarification by auditor
That audit opinion is not modified in respect of the matter emphasized
Examples where EOM may be necessary
• An uncertainty relating to the future outcome of exceptional litigation or regulatory
action
• A significant subsequent event that occurs between the date of the financial
statements and the date of the auditor’s report.
• Early application(where permitted) of a new accounting standard that has a
material effect on the financial statements
• A major catastrophe that has had, or continues to have, a significant effect on the
entity’s financial position.
 “OTHER MATTER” PARA
Meaning
• Para relating to matter other than those on financial statements which is relevant
to user’s understanding or auditor’s responsibility or his report
In audit report
The auditor shall include an Other Matter paragraph in the auditor’s report, provided:
• This is not prohibited by law or regulation; and
• When SA 701 applies, the matter has not been determined to be a key audit matter
to be communicated in the auditor’s report.
Heading
“Other Matter”
SA’s containing requirements for Other Matter paragraphs
• SA 560, Subsequent Events
• SA 710, Comparative Information- Corresponding Figures and Comparative
Financial Statements
• SA 720, The Auditor’s Responsibilities Relating to Other information in Documents
Containing Audited Financial Statements

Communication with TCWG

If auditor expects to include an EOM or OM paragraph, he shall communicate the
same to TCWG.
S A 315 I DENTIFYING A ND A SSESSING THE R ISK OF
MATE R I AL MISSTATEMENT THR OUGH
UN DE R STANDING THE ENTITY AND ITS
E N VI R ON ME NT

Scope of this SA
This Standard on Auditing (SA) deals with the auditor’s responsibility to identify and
assess the risks of material misstatement in the financial statements, through
understanding the entity and its environment, including the entity’s internal control.

Objective
The objective of the auditor is to identify and assess the risks of material
misstatement, whether due to fraud or error, at the financial statement and assertion
levels, through understanding the entity and its environment, including the entity’s
internal control, thereby providing a basis for designing and implementing responses
to the assessed risks of material misstatement. This will help the auditor to reduce
the risk of material misstatement to an acceptably low level.
Definitions
• (a) Assertions – Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the different
types of potential misstatements that may occur.
• (b) Business risk – A risk resulting from significant conditions, events, circumstances,
actions or inactions that could adversely affect an entity’s ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies.
• (c) Internal control – The process designed, implemented and maintained by those
charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, safeguarding of assets,
and compliance with applicable laws and regulations. The term “controls” refers to any
aspects of one or more of the components of internal control.
• (d) Risk assessment procedures – The audit procedures performed to obtain an
understanding of the entity and its environment, including the entity’s internal control,
to identify and assess the risks of material misstatement, whether due to fraud or error,
at the financial statement and assertion levels.
• (e) Significant risk – An identified and assessed risk of material misstatement that, in
the auditor’s judgment, requires special audit consideration.
RISK ASSESSMENT PROCEDURES AND REL ATED ACTIVITIES

• The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial
statement and assertion levels. Risk assessment procedures by themselves,
however, do not provide sufficient appropriate audit evidence on which to base the
audit opinion.
• The risk assessment procedures shall include the following:
• (a) Inquiries of management and of others within the entity who in the
auditor’s judgment may have information that is likely to assist in
identifying risks of material misstatement due to fraud or error.
• (b) Analytical procedures.
• (c) Observation and inspection.
• The auditor shall consider whether information obtained from the auditor’s client
acceptance or continuance process is relevant to identifying risks of material
misstatement.
• Where the engagement partner has performed other engagements for the entity,
the engagement partner shall consider whether information obtained is relevant to
identifying risks of material misstatement.
• When the auditor intends to use information obtained from the auditor’s previous
experience with the entity and from audit procedures performed in previous audits,
the auditor shall determine whether changes have occurred since the previous
audit that may affect its relevance to the current audit.
• The engagement partner and other key engagement team members shall discuss
the susceptibility of the entity’s financial statements to material misstatement, and
the application of the applicable financial reporting framework to the entity’s facts
and circumstances. The engagement partner shall determine which matters are to
be communicated to engagement team members not involved in the discussion.
 IDENTIFYING AND ASSESSING THE
RISKS OF MATERIAL MISSTATEMENT
• The auditor shall identify and assess the risks of material misstatement at:
• (a) the financial statement level; and
• (b) the assertion level for classes of transactions, account balances, and disclosures;
to provide a basis for designing and performing further audit procedures.
• For this purpose, the auditor shall:
• (a) Identify risks throughout the process of obtaining an understanding of the entity and its
environment, including relevant controls that relate to the risks, and by considering the classes of
transactions, account balances, and disclosures in the financial statements;
• (b) Assess the identified risks, and evaluate whether they relate more pervasively to the financial
statements as a whole and potentially affect many assertions;
• (c) Relate the identified risks to what can go wrong at the assertion level, taking account of relevant
controls that the auditor intends to test; and
• (d) Consider the likelihood of misstatement, including the possibility of multiple misstatements, and
whether the potential misstatement is of a magnitude that could result in a material misstatement.
 RISKS FOR WHICH SUBSTANTIVE
PROCEDURES ALONE DO NOT PROVIDE
SUFFICIENT APPROPRIATE AUDIT
EVIDENCE

• In respect of some risks, the auditor may judge that it is not

possible or practicable to obtain sufficient appropriate audit
evidence only from substantive procedures. Such risks may
relate to the inaccurate or incomplete recording of routine and
significant classes of transactions or account balances, the
characteristics of which often permit highly automated
processing with little or no manual intervention. In such cases,
the entity’s controls over such risks are relevant to the audit
and the auditor shall obtain an understanding of them.
 REVISION OF RISK ASSESSMENT

• The auditor’s assessment of the risks of material misstatement

at the assertion level may change during the course of the
audit as additional audit evidence is obtained. In circumstances
where the auditor obtains audit evidence from performing
further audit procedures, or if new information is obtained,
either of which is inconsistent with the audit evidence on which
the auditor originally based the assessment, the auditor shall
revise the assessment and modify the further planned audit
procedures accordingly.
 S A 320 (REVISED) MATERIALITY IN
PL ANNING AND PERFORMING AN AUDIT

Concept
• Materiality vs. Performance Materiality
• SA 320 (R) only defines ‘Performance Materiality’.
• Particular information are considered to be material if the their
misstatement, disclosure or non-disclosure, individually or in the
aggregate, could reasonably be expected to influence the economic
decisions of users taken on the basis of the financial statements.
• Judgments about materiality are made in the light of surrounding
circumstances, and are affected by the size or nature of a
misstatement, or a combination of both
 JUDGMENTS AFFECTING
MATERIALITY

 Whether a particular item is material or not can be judged from:

 Its size or amount
 Its nature
 Its legality
 Contractual violation (if any)
 Qualitative aspects (like inadequate or non-disclosure of related party
relationships, etc.)
 The auditor’s determination of materiality is a matter of professional
judgement, and is affected by the auditor’s perception of the financial
information needs of users of the financial statements.
 PERFORMANCE MATERIALITY

 Performance materiality means the amount or amounts set by

the auditor at less than materiality for the financial statements
as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements
as a whole.
 If applicable, performance materiality also refers to the amount
or amounts set by the auditor at less than the materiality level
or levels for particular classes of transactions, account
balances or disclosures.
 DETERMINING MATERIALITY AND PERFORMANCE
MATERIALITY WHEN PL ANNING AN AUDIT

• When establishing the overall audit strategy, the auditor shall determine
materiality for the financial statements as a whole.
• If, in the specific circumstances of the entity, there is one or more particular
classes of transactions, account balances or disclosures for which
misstatements of lesser amounts than the materiality for the financial
statements as a whole could reasonably be expected to influence the
economic decisions of users taken on the basis of the financial statements,
the auditor shall also determine the materiality level or levels to be applied
to those particular classes of transactions, account balances or disclosures.
• The auditor shall determine performance materiality for purposes of
assessing the risks of material misstatement and determining the nature,
timing and extent of further audit procedures.
 REVISION AS THE AUDIT
PROGRESSES

• The auditor shall revise materiality for the financial statements as a whole
(and, if applicable, the materiality level or levels for particular classes of
transactions, account balances or disclosures) in the event of becoming
aware of information during the audit that would have caused the auditor
to have determined a different amount (or amounts) initially.

• If the auditor concludes that a lower materiality for the financial statements
as a whole (and, if applicable, materiality level or levels for particular
classes of transactions, account balances or disclosures) than that initially
determined is appropriate, the auditor shall determine whether it is
necessary to revise performance materiality, and whether the nature,
timing and extent of the further audit procedures remain appropriate.
 DOCUMENTATION

The audit documentation shall include the following amounts

and the factors considered in their determination:
a) Materiality for the financial statements as a whole;
b) If applicable, the materiality level or levels for particular
classes of transactions, account balances or disclosures;
c) Performance materiality; and
d) Any revision of (a)-(c) as the audit progressed.
 MATERIALITY AND AUDIT RISK

• Audit risk is the risk that the auditor expresses an inappropriate audit
opinion when the financial statements are materially misstated.
• Audit risk is a function of the risks of material misstatement and detection
risk.
• Materiality and audit risk are considered throughout the audit, in particular,
when:
a) Identifying and assessing the risks of material misstatement;
b) Determining the nature, timing and extent of further audit procedures;
and
c) Evaluating the effect of uncorrected misstatements, if any, on the
financial statements and in forming the opinion in the auditor’s report.
 INVERSE RELATION

• There is an inverse relationship between materiality and the

degree of audit risk which means higher the materiality level,
the lower the audit risk and lower the materiality level higher
the audit risk.

• For example: The probability that a large (material) amount in

an account will be left misstated in the financial statements is
lower than the probability that a small (immaterial) amount will
remain misstated.
 SA 330 THE AUDITOR’S
RESPONSES TO ASSESSED RISKS

Scope of this SA
This Standard on Auditing (SA) deals with the auditor’s responsibility to
design and implement responses to the risks of material misstatement
identified and assessed by the auditor in accordance with SA 315,
“Identifying and Assessing Risks of Material Misstatement Through
Understanding the Entity and Its Environment” in a financial statement
audit.
Objective
• The objective of the auditor is to obtain sufficient appropriate audit
evidence about the assessed risks of material misstatement, through
designing and implementing appropriate responses to those risks.
Definitions
• (a) Substantive procedure – An audit procedure designed to detect material
misstatements at the assertion level. Substantive procedures comprise:
• (i) Tests of details (of classes of transactions, account balances, and disclosures), and
• (ii) Substantive analytical procedures.
• (b) Test of controls – An audit procedure designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level.
 AUDI T PR OCEDUR ES RESPONSI VE T O T HE AS S ES S ED R I S KS OF
MATER I AL MI SSTATEMENT AT T HE AS S ERT I ON L EVEL
• The auditor shall design and perform further audit procedures whose nature, timing
and extent are based on and are responsive to the assessed risks of material
misstatement at the assertion level.
• In designing the further audit procedures to be performed, the auditor shall:
• (a) Consider the reasons for the assessment given to the risk of material
misstatement at the assertion level for each class of transactions, account balance,
and disclosure, including:
• (i) The likelihood of material misstatement due to the particular characteristics of the
relevant class of transactions, account balance, or disclosure (i.e., the inherent risk); and
• (ii) Whether the risk assessment takes into account the relevant controls (i.e., the control
risk), thereby requiring the auditor to obtain audit evidence to determine whether the
controls are operating effectively (i.e., the auditor intends to rely on the operating
effectiveness of controls in determining the nature, timing and extent of substantive
procedures); and
• (b) Obtain more persuasive audit evidence the higher the auditor’s assessment of
risk.
 TESTS OF CONTROLS
• The auditor shall design and perform tests of controls to obtain sufficient
appropriate audit evidence as to the operating effectiveness of relevant controls
when:
• (a) The auditor’s assessment of risks of material misstatement at the assertion
level includes an expectation that the controls are operating effectively (i.e., the
auditor intends to rely on the operating effectiveness of controls in determining the
nature, timing and extent of substantive procedures); or
• (b) Substantive procedures alone cannot provide sufficient appropriate audit
evidence at the assertion level.
• In designing and performing tests of controls, the auditor shall obtain more
persuasive audit evidence the greater the reliance the auditor places on the
effectiveness of a control.
 NATURE AND EXTENT OF TESTS OF
CONTROLS

• In designing and performing tests of controls, the auditor shall:

• (a) Perform other audit procedures in combination with inquiry to obtain
audit evidence about the operating effectiveness of the controls,
including:
• (i) How the controls were applied at relevant times during the period under audit.
• (ii) The consistency with which they were applied.
• (iii) By whom or by what means they were applied.
• (b) Determine whether the controls to be tested depend upon other
controls (indirect controls), and if so, whether it is necessary to obtain
audit evidence supporting the effective operation of those indirect
controls.
 TIMING OF TESTS OF CONTROLS
• The auditor shall test controls for the particular time, or throughout the period, for
which the auditor intends to rely on those controls, subject to paragraphs below, in
order to provide an appropriate basis for the auditor’s intended reliance. Using
audit evidence obtained during an interim period
• When the auditor obtains audit evidence about the operating effectiveness of
controls during an interim period, the auditor shall:
• (a) Obtain audit evidence about significant changes to those controls subsequent
to the interim period; and
• (b) Determine the additional audit evidence to be obtained for the remaining
period.
 USING AUDIT EVIDENCE OBTAINED IN
PREVIOUS AUDITS
• In determining whether it is appropriate to use audit evidence about the operating
effectiveness of controls obtained in previous audits, and, if so, the length of the time period
that may elapse before retesting a control, the auditor shall consider the following:
• (a) The effectiveness of other elements of internal control, including the control
environment, the entity’s monitoring of controls, and the entity’s risk assessment process;
• (b) The risks arising from the characteristics of the control, including whether it is manual or
automated;
• (c) The effectiveness of general IT-controls;
• (d) The effectiveness of the control and its application by the entity, including the nature
and extent of deviations in the application of the control noted in previous audits, and
whether there have been personnel changes that significantly affect the application of the
control;
• (e) Whether the lack of a change in a particular control poses a risk due to changing
circumstances; and
• (f) The risks of material misstatement and the extent of reliance on the control.
 SUBSTANTIVE PROCEDURES
• Irrespective of the assessed risks of material misstatement, the auditor shall design
and perform substantive procedures for each material class of transactions,
account balance, and disclosure.
• The auditor shall consider whether external confirmation procedures are to be
performed as substantive audit procedures.
• Substantive Procedures Related to the Financial Statement Closing Process
• The auditor’s substantive procedures shall include the following audit procedures
related to the financial statement closing process:
• (a) Agreeing or reconciling the financial statements with the underlying accounting
records; and
• (b) Examining material journal entries and other adjustments made during the
course of preparing the financial statements.
 SUBSTANTIVE PROCEDURES
RESPONSIVE TO SIGNIFICANT RISKS

• When the auditor has determined that an assessed risk of

material misstatement at the assertion level is a significant
risk, the auditor shall perform substantive procedures that are
specifically responsive to that risk. When the approach to a
significant risk consists only of substantive procedures, those
procedures shall include tests of details.
 TIMING OF SUBSTANTIVE
PROCEDURES

• When substantive procedures are performed at an interim date, the auditor shall
cover the remaining period by performing:
• (a) substantive procedures, combined with tests of controls for the intervening
period; or
• (b) if the auditor determines that it is sufficient, further substantive procedures
only;
• that provide a reasonable basis for extending the audit conclusions from the
interim date to the period end.
• If misstatements that the auditor did not expect when assessing the risks of
material misstatement are detected at an interim date, the auditor shall evaluate
whether the related assessment of risk and the planned nature, timing, or extent
of substantive procedures covering the remaining period need to be modified.
 EVALUATING THE SUFFICIENCY AND APPROPRIATENESS
OF AUDIT EVIDENCE
• Based on the audit procedures performed and the audit evidence obtained, the
auditor shall evaluate before the conclusion of the audit whether the assessments
of the risks of material misstatement at the assertion level remain appropriate.
• The auditor shall conclude whether sufficient appropriate audit evidence has been
obtained. In forming an opinion, the auditor shall consider all relevant audit
evidence, regardless of whether it appears to corroborate or to contradict the
assertions in the financial statements.
• If the auditor has not obtained sufficient appropriate audit evidence as to a
material financial statement assertion, the auditor shall attempt to obtain further
audit evidence. If the auditor is unable to obtain sufficient appropriate audit
evidence, the auditor shall express a qualified opinion or a disclaimer of opinion.