Collect only evidence that is relevant to the audit procedure being tested. Every piece of evidence should directly support the audit objective and control testing being performed. Irrelevant or tangential documentation dilutes the evidence file and makes it harder to trace the audit work.

• Ensure evidence directly addresses the control being tested
• Document why specific evidence supports the audit conclusion
• Exclude general information that doesn't relate to the procedure

Collect enough evidence to support your conclusions. The amount of evidence needed depends on the risk level and nature of the control being tested. Higher-risk areas require more comprehensive evidence.

• For transactional testing, sample size should be statistically sound
• For walkthrough procedures, document system screenshots, interviews, and process flows
• For control testing, include both operating evidence and design evidence

Ensure evidence is authentic and comes from reliable sources. Use SmartHubs' evidence linking features to maintain a clear chain of custody and traceability from source to conclusion.

• Obtain evidence directly from the source when possible
• Document the source and date of evidence collection
• Use screenshots and data exports for system-generated information
• Maintain audit trails showing who uploaded evidence and when

Collect evidence contemporaneously during the audit execution phase. Gathering evidence as procedures are performed ensures accuracy and reduces the risk of incomplete or incorrect information.

• Upload evidence during audit execution, not after procedures are complete
• Document observations and conditions as they exist at the time of testing
• Avoid recreating or modifying evidence after the fact

SmartHubs includes an embedded Word editor within each audit procedure that allows you to document the detailed nature and extent of work performed. This feature is separate from uploading working papers and provides a way to describe your audit work in comprehensive detail directly within the SmartHubs platform.

The embedded Word editor is ideal for internal audit work where you need to document:

• Walkthrough Documentation: Detailed description of process walkthroughs performed, including who was interviewed, what system screens were reviewed, and key observations
• Control Testing Narrative: Detailed explanation of how controls were tested, sample sizes used, testing methodology, and transactions examined
• Testing Procedures: Step-by-step documentation of the specific procedures performed to test a control or audit objective
• Observation Notes: Detailed notes from observations, including dates, times, locations, and specific conditions observed
• Analysis Summary: Detailed explanation of how evidence was analyzed and conclusions reached
• Management Inquiry Results: Documentation of inquiries made to management, responses received, and how these informed audit conclusions
• Exception Descriptions: Detailed description of any exceptions or deviations found during testing, with context and significance

Best Practices for Using the Embedded Editor:

• Document work performed in real-time during the audit procedure execution
• Include sufficient detail so a reviewer can understand exactly what was tested and how conclusions were reached
• Use clear, professional language and organize information logically
• Reference uploaded working papers and evidence files within your documentation
• Document the date and time of work performed (especially important for internal audit fieldwork)
• Include any limitations or constraints encountered during the procedure
• Make your documentation suitable for audit file review—assume someone unfamiliar with the audit will read it

Embedded Editor vs. Uploaded Working Papers: Use the embedded Word editor to document your detailed audit work, testing methodology, and observations. Upload supporting working papers, evidence, and data files as separate attachments. Together, they create a complete audit trail that shows both the nature of your work and the supporting evidence.

SmartHubs allows you to link evidence directly to audit procedures. This creates a clear relationship between the work performed and supporting documentation. Always link evidence to the procedure it supports.

• Link evidence when uploading—don't leave it orphaned
• Use descriptive filenames that explain what the evidence contains
• Document the relationship between evidence and testing objectives in procedure notes
• Consider linking the same evidence to multiple procedures if relevant to multiple tests

Establish consistent file naming conventions across your organization. Clear naming makes evidence searchable and helps team members quickly understand evidence content.

Recommended format: [Date]_[Department]_[DocumentType]_[Description]
Example: 20260205_Finance_BankReconciliation_January2026

• Include date evidence was created or tested
• Include the area or department it relates to
• Specify document type (reconciliation, report, screenshot, etc.)
• Add a brief description of content
• Avoid special characters that may cause compatibility issues

Within each audit project, organize evidence by audit procedure or by logical groupings. A clear folder structure helps team members locate evidence and prevents duplication.

• Create folders by audit procedure or control tested
• Use subfolders for different types of evidence (design, operating, management response)
• Maintain consistent folder naming across all audit projects
• Document the folder structure for new team members

Different types of controls require different types of evidence. Consider the nature of the control and the testing performed when determining what evidence to collect and how to preserve it in SmartHubs.

• System Evidence: Screenshots, system reports, configuration settings, data exports
• Process Evidence: Documentation of walkthroughs, interviews, flowcharts, process descriptions
• Transactional Evidence: Samples of transactions tested, supporting documentation, exception reports
• Management Response: Written confirmations, email confirmations, signed management representations
• Video/Audio: Interview recordings (with appropriate permissions and consent)

Before uploading evidence to SmartHubs, prepare it properly:

• Scan paper documents to PDF format
• Redact sensitive or confidential information if necessary
• Verify that screenshots and exports are complete and legible
• Ensure file sizes are manageable (compress if needed)
• Remove any test data or draft versions

When uploading evidence in SmartHubs:

• Use clear, descriptive filenames
• Link to the appropriate audit procedure
• Add tags or metadata to improve searchability (if supported)
• Include a brief description of what the evidence shows
• Verify file upload completed successfully

After uploading evidence:

• Review uploaded evidence to ensure completeness
• Update procedure notes to reference uploaded evidence
• Document how evidence supports audit conclusions
• Verify linking between evidence and procedures
• Monitor evidence retention and archival as per your audit standards

Managers and reviewers should validate evidence quality during the evidence review process:

• Verify evidence is properly linked to procedures
• Confirm evidence is relevant and supports the procedure objective
• Check that evidence is appropriately organized and named
• Ensure sufficient evidence exists to support conclusions
• Verify evidence source and authenticity

Watch for these common evidence management issues:

• Orphaned Evidence: Files uploaded but not linked to any procedure
• Incomplete Screenshots: Truncated or partial system screens that don't show necessary details
• Poor Quality Scans: Illegible or incomplete document scans
• Missing Source Documentation: No indication of where evidence came from
• Excessive Evidence: Uploading unnecessary files that dilute the evidence file
• Outdated Evidence: Using evidence from a different period than the audit testing window

Establish an evidence retention policy consistent with your regulatory requirements and organizational standards. SmartHubs provides version control and audit trails, but you should document your retention requirements.

• Determine minimum retention period (typically 3-7 years for audit evidence)
• Document retention requirements in your audit manual
• Consider regulatory requirements for your industry
• Plan for archival or deletion of evidence at end of retention period

Ensure proper access controls for evidence, especially for sensitive findings or confidential information. SmartHubs' role-based access control allows you to limit evidence visibility.

• Assign evidence access based on user roles and module permissions
• Restrict highly sensitive evidence to audit leads and reviewers
• Monitor access to sensitive findings and evidence through audit trails
• Consider data classification for different types of evidence