Audit quality today is judged less by the number of procedures performed and more by the reliability of the supporting evidence. Regulators, inspection teams, and audit committees increasingly ask a simple question: Could a reasonable auditor trust the evidence behind the opinion? This question sits at the heart of PCAOB AS 1105.
For CPAs, the standard is no longer theoretical guidance. It has become the operational core of audit execution in 2026, especially as accounting records move to cloud systems, confirmations become digital, and fraud risks evolve.
The Public Company Accounting Oversight Board has repeatedly observed a pattern in inspection findings over the past decade. Audit teams documented extensive procedures, yet the audit opinions still lacked adequate support. The issue was rarely missing documentation. Instead, auditors relied heavily on information prepared or influenced by management. As a result, PCAOB AS 1105 is now one of the most cited standards in PCAOB inspection reports.
Understanding the objective of PCAOB AS 1105
The standard focuses on whether audit evidence is both sufficient and appropriate.
- Sufficient refers to the quantity of evidence obtained
- Appropriateness refers to the quality and reliability of that evidence
Many audit deficiencies occur because teams focus on quantity while overlooking reliability.
The standard defines audit evidence as information used by the auditor to support the audit opinion. However, not all information qualifies as reliable evidence. The reliability of evidence depends primarily on its source and the auditor’s level of control over it.
How PCAOB AS 1105 interacts with other PCAOB standards
PCAOB AS 1105 does not operate in isolation. Evaluating the reliability of audit evidence requires integration with several other PCAOB standards that govern risk assessment, substantive testing, and sampling.
AS 2110 – Identifying and Assessing Risks of Material Misstatement
Risk assessment drives evidence requirements. Higher-risk areas require more persuasive and reliable evidence. If risks are not properly identified under AS 2110, the auditor may obtain insufficient or inappropriate evidence under AS 1105.
AS 2301 – The Auditor’s Responses to the Risks of Material Misstatement
AS 2301 links risk assessment to audit procedures. The nature, timing, and extent of procedures must be designed to obtain reliable evidence that responds directly to assessed risks. Weak evidence in high-risk areas is a common PCAOB inspection finding.
AS 2315 – Audit Sampling
When auditors use sampling, AS 2315 requires that the selected items provide a reasonable basis for conclusions. Even a properly designed sample fails AS 1105 if the underlying evidence within the sample lacks reliability.
Together, these standards reinforce that audit quality depends not only on performing procedures, but on obtaining evidence that is both responsive to risk and sufficiently reliable to support the audit opinion.
The reliability hierarchy of audit evidence
Evidence exists on a reliability spectrum. The higher the auditor’s control and independence, the more reliable the evidence. While PCAOB AS 1105 does not prescribe a formal hierarchy, in practice, inspection findings consistently reflect this reliability spectrum based on source and auditor control.
1. External third-party evidence (highest reliability)
Generally more reliable because it is obtained from independent sources, provided the auditor controls the confirmation process and verifies respondent authenticity.
Examples:
- Bank confirmations
- Accounts receivable confirmations
- Legal letters
- Custodian statements
2. Auditor-generated evidence
Reliable because the auditor performs the procedure.
Examples:
- Recalculations
- Reperformance of controls
- Physical inventory observations
- Independent analytical procedures
3. Internally generated evidence with effective controls
Reliability depends on control testing.
Examples:
- ERP system reports
- Approved contracts
- Authorized purchase orders
4. Management representations (lowest reliability)
Cannot stand alone under PCAOB AS 1105.
Examples:
- Verbal explanations
- Unsupported schedules
- Management estimates without corroboration
Digital systems and electronic evidence in 2026
Companies now maintain accounting records in:
- Cloud accounting software
- Integrated ERP platforms
- Automated revenue systems
- Digital banking platforms
Automation increases efficiency but not reliability. System-generated data reliability depends on the effectiveness of relevant controls, consistent with the linkages to AS 1105, AS 2110, and AS 2301.
Before relying on electronic evidence, auditors typically evaluate:
- Who generated the report
- Whether management can edit the data
- Access controls over the system
- Testing of IT general controls
- Reconciliation to the general ledger
- Independent assurance (such as SOC reports)
Without these steps, reliance on system reports does not meet PCAOB AS 1105 expectations.
Corroboration: a core requirement
Generally, no single document should support a material financial statement assertion. Evidence strength increases when multiple independent sources agree.
Example — revenue testing:
Weak evidence
- Internal sales register only
Strong evidence
- Signed contract
- Invoice
- Shipping documentation
- Payment receipt
- Customer confirmation
Inspectors frequently cite audits where auditors accepted internal schedules without verification. These are frequently cited PCAOB AS 1105 deficiencies.
Third-party confirmations
Confirmations directly address key assertions:
- Existence
- Rights and obligations
- Accuracy
However, confirmation risks have changed. Auditors typically now consider:
- Spoofed email responses
- Fake domains
- Management-controlled mailing lists
- Altered contact details
The auditor must control the process. Reliability decreases if management:
- Selects respondents
- Distributes confirmations
- Receives responses
Under PCAOB AS 1105, confirmation procedures typically remain under auditor control.
Evaluating information produced by the company (IPC)
Common IPC examples include:
- Aging reports
- Inventory listings
- Deferred revenue schedules
- Commission calculations
Auditors often use these reports but forget to test them. To rely on IPC, auditors must evaluate:
- Source data accuracy
- System logic
- Change management procedures
- Access controls
- Reconciliation to accounting records
Without these procedures, the evidence generally does not satisfy PCAOB AS 1105.
Professional skepticism and evidence evaluation
Professional skepticism is demonstrated through procedures, not attitude. Auditors must challenge evidence when:
- Management incentives exist
- Transactions are unusual
- Estimates are aggressive
- Related parties are involved
For example, a management revenue accrual spreadsheet requires:
- Recalculation
- Contract review
- Subsequent cash testing
- Independent corroboration
Accepting explanations without verification is a common PCAOB AS 1105 deficiency.
Inspector mindset: How PCAOB reviewers evaluate evidence
From an inspector’s perspective, the key question is not whether evidence exists, but whether the auditor demonstrated why it was reliable.
PCAOB inspectors rarely challenge whether documents were obtained. Instead, they evaluate whether the auditor:
- Maintained control over the evidence
- Corroborated management-provided information
- Addressed risks of manipulation or bias
- Clearly documented why the evidence was appropriate
When workpapers fail to explain why evidence can be trusted, inspectors frequently conclude that PCAOB AS 1105 was not satisfied—even if multiple procedures were performed.
High-risk audit areas
Revenue recognition
Auditors must verify:
- Contract terms
- Delivery or performance
- Payment conditions
- Collectability
Estimates and fair value
Reliable evidence requires:
- Independent assumptions
- Market data
- Sensitivity analysis
Related-party transactions
Reliability risk is high because independence is limited. External corroboration becomes essential.
Technology, data analytics, and AI
Modern audits increasingly use:
- Data analytics
- Anomaly detection
- AI-based risk identification
- Automated sampling
These tools improve risk assessment but do not replace evidence. AI outputs do not, on their own, constitute sufficient appropriate audit evidence. The auditor must still obtain independent support. Technology improves efficiency but, in and of itself, does not satisfy PCAOB AS 1105.
Common PCAOB inspection findings
Recurring inspection deficiencies include:
- Overreliance on inquiry
- Weak confirmation procedures
- Lack of testing of system reports
- Acceptance of management explanations
- Insufficient corroboration
The recurring issue is not the lack of documentation. It is insufficiently reliable documentation.
Practical steps CPAs should implement in 2026
To align with PCAOB AS 1105, audit teams should:
Strengthen confirmation controls
- Independently verify respondent identity
- Avoid client-provided contact information
- Maintain control of distribution and response
Validate system-generated reports
- Test IT general controls
- Reconcile to the general ledger
- Reperform report logic when necessary
Improve evidence corroboration
- Rely on multiple independent sources
- Avoid single-document support
Enhance documentation
- Explain why evidence is reliable
- Link evidence directly to assertions
Limit reliance on inquiry
- Inquiry should support evidence, not replace it
Documentation expectations
Audit workpapers must clearly demonstrate:
- How the auditor obtained the evidence
- Why the evidence is reliable
- How the evidence supports the audit opinion
Inspectors often conclude that auditors gathered documents but failed to prove appropriateness. Proper documentation must explicitly address reliability under PCAOB AS 1105.
Legal and litigation perspective
In audit litigation, the central argument often becomes:
Should the auditor have trusted this evidence?
Courts often evaluate whether a reasonable auditor would have questioned the documentation. If yes, the matter becomes a failure to comply with PCAOB AS 1105. Therefore, evidence reliability is also a key element of audit defensibility.
Conclusion
Modern auditing centers on evaluating evidence rather than merely completing procedures. Auditors must move beyond checklists and focus on the credibility of the information supporting their opinion.
As accounting systems become digital and remote, the risk of manipulated documentation increases. Independent and verified evidence is therefore more important than ever.
Secure confirmation workflows, identity-verified responses, and controlled third-party communication significantly strengthen audit support and help auditors meet PCAOB AS 1105 expectations. AuditConfirm supports auditors in this environment by enabling secure audit confirmations, structured workflows, and authenticated respondent verification. By strengthening third-party evidence and reducing confirmation risk, AuditConfirm helps CPAs obtain higher-quality audit evidence and better withstand regulatory scrutiny.
Ultimately, the audit opinion is only as strong as the evidence behind it. Reliable evidence remains the defining factor of audit quality in 2026.
FAQs
PCAOB AS 1105 sets the standard for evaluating the reliability of audit evidence. Auditors use it to determine whether the evidence they gather is sufficient and appropriate to support their audit opinion. Following this standard helps CPAs reduce risk and comply with regulatory expectations.
Auditors obtain reliable evidence by prioritizing independent sources, testing system-generated reports, and corroborating management-provided information. Using third-party confirmations and validated internal controls increases the strength and credibility of the audit evidence.
Auditors use technology and AI to identify anomalies and enhance risk assessment, but these tools cannot replace traditional evidence. Auditors must validate all AI-generated insights with independent or corroborated evidence to comply with PCAOB AS 1105.
Third-party confirmations provide highly reliable audit evidence because they come from independent sources. Auditors control the process, verify respondent identities, and avoid management interference to ensure the evidence meets PCAOB AS 1105 standards.
CPAs document evidence by clearly explaining how the auditor obtained it, why it is reliable, and how it supports the financial statement assertions. Proper documentation demonstrates compliance with PCAOB AS 1105 and strengthens audit defensibility.