An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.
Audits provide third-party assurance to various
stakeholders that the subject matter is free from
material
Material is a substance or mixture of substances that constitutes an object. Materials can be pure or impure, living or non-living matter. Materials can be classified on the basis of their physical and chemical properties, or on their geolo ...
misstatement. The term is most frequently applied to audits of the financial information relating to a
legal person
In law, a legal person is any person or 'thing' (less ambiguously, any legal entity) that can do the things a human person is usually able to do in law – such as enter into contracts, sue and be sued, own property, and so on. The reason for ...
. Other commonly audited areas include: secretarial and compliance, internal controls, quality management, project management, water management, and energy conservation. As a result of an audit, stakeholders may evaluate and improve the effectiveness of risk management, control, and governance over the subject matter.
Auditing has been a safeguard measure since ancient times, and has since expanded to encompass so many areas in the public and corporate sectors that academics have started identifying an "Audit Society".
Etymology
The word "audit" derives from the Latin word ''audire'' which means "to hear".
History
During medieval times, when manual bookkeeping was prevalent, auditors in Britain used to hear the accounts read out for them and checked that the organization's personnel were not negligent or fraudulent. In 1951, Moyer identified that the most important duty of the auditor was to detect fraud. Chatfield documented that early United States auditing was viewed mainly as verification of bookkeeping detail.
The
Central Auditing Commission of the Communist Party of the Soviet Union ( ru , Центральная ревизионная комиссия КПСС) operated from 1921 to 1990.
Information technology audit
An information technology audit, or information systems audit, is an examination of the management controls within an
Information technology
Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of Data (computing), data . and information. IT forms part of information and communications technology (ICT). An information te ...
(IT)
infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining
data integrity
Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...
, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a
financial statement audit,
internal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to ...
, or other form of attestation engagement.
Accounting
Financial auditives (including
taxation
A tax is a compulsory financial charge or some other type of levy imposed on a taxpayer (an individual or legal entity) by a governmental organization in order to fund government spending and various public expenditures (regional, local, o ...
,
misselling
Misselling is the deliberate, reckless, or negligent sale of products or services in circumstances where the contract is either misrepresented, or the product or service is unsuitable for the customer's needs. For example, selling life insurance t ...
and other forms of fraud) to misstate financial information, auditing has become a legal requirement for many entities who have the power to exploit financial information for personal gain. Traditionally, audits were mainly associated with gaining information about financial systems and the financial records of a company or a business.
Financial audits are performed to ascertain the
validity and
reliability
Reliability, reliable, or unreliable may refer to:
Science, technology, and mathematics Computing
* Data reliability (disambiguation), a property of some disk arrays in computer storage
* High availability
* Reliability (computer networking), a ...
of information, as well as to provide an
assessment of a system's
internal control Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad ...
. As a result, a third party can express an opinion of the person / organization / system (etc.) in question. The opinion given on financial statements will depend on the
audit evidence Audit evidence is evidence obtained by auditors during a financial audit and recorded in the audit working papers.
Audit evidence is required by auditors to determine if a company has correct information considering their financial statements. If ...
obtained.
A statutory audit is a legally required review of the accuracy of a company's or government's financial statements and records. The purpose of a statutory audit is to determine whether an organization provides a fair and accurate representation of its financial position by examining information such as bank balances, bookkeeping records, and financial transactions.
Due to constraints, an audit seeks to provide only reasonable assurance that the statements are free from
material
Material is a substance or mixture of substances that constitutes an object. Materials can be pure or impure, living or non-living matter. Materials can be classified on the basis of their physical and chemical properties, or on their geolo ...
error. Hence, statistical sampling is often adopted in audits. In the case of
financial audits, a set of
financial statements
Financial statements (or financial reports) are formal records of the financial activities and position of a business, person, or other entity.
Relevant financial information is presented in a structured manner and in a form which is easy to un ...
are said to be true and fair when they are free of material misstatements – a concept influenced by both
quantitative
Quantitative may refer to:
* Quantitative research, scientific investigation of quantitative properties
* Quantitative analysis (disambiguation)
* Quantitative verse, a metrical system in poetry
* Statistics, also known as quantitative analysis ...
(numerical) and
qualitative factors. But recently, the argument that auditing should go beyond just true and fair is gaining momentum. And the US
Public Company Accounting Oversight Board
The Public Company Accounting Oversight Board (PCAOB) is a nonprofit corporation created by the Sarbanes–Oxley Act of 2002 to oversee the audits of public companies and other issuers in order to protect the interests of investors and further t ...
has come out with a concept release on the same.
Cost accounting
Cost accounting is defined as "a systematic set of procedures for recording and reporting measurements of the cost of manufacturing goods and performing services in the aggregate and in detail. It includes methods for recognizing, classifying, al ...
is a process for verifying the cost of manufacturing or producing of any article, on the basis of accounts measuring the use of material, labor or other items of cost. In simple words, the term, ''
cost audit'' means a systematic and accurate verification of the cost accounts and records, and checking for adherence to the cost accounting objectives. According to the Institute of Cost and
Management Accountant
In management accounting or managerial accounting, managers use accounting information in decision-making and to assist in the management and performance of their control functions.
Definition
One simple definition of management accounting is th ...
s,
cost audit is "an examination of cost accounting records and verification of facts to ascertain that the cost of the product has been arrived at, in accordance with principles of cost accounting."
In most nations, an audit must adhere to generally accepted standards established by governing bodies. These standards assure third parties or external users that they can rely upon the auditor's opinion on the fairness of financial statements or other subjects on which the auditor expresses an opinion. The audit must therefore be precise and accurate, containing no additional misstatements or errors.
Integrated audits
In the US, audits of
publicly traded companies are governed by rules laid down by the
Public Company Accounting Oversight Board
The Public Company Accounting Oversight Board (PCAOB) is a nonprofit corporation created by the Sarbanes–Oxley Act of 2002 to oversee the audits of public companies and other issuers in order to protect the interests of investors and further t ...
(PCAOB), which was established by Section 404 of the
Sarbanes–Oxley Act
The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations.
The act, (), also known as the "Public Company Accounting Reform and Investor Protect ...
of 2002. Such an audit is called an integrated audit, where auditors, in addition to an opinion on the financial statements, must also express an opinion on the ''effectiveness'' of a company's ''internal control'' over financial reporting, in accordance with PCAOB Auditing Standard No. 5.
There are also new types of integrated auditing becoming available that use unified compliance material (see the unified compliance section in
Regulatory compliance). Due to the increasing number of regulations and need for operational transparency, organizations are adopting
risk-based audit
Risk-based auditing is a style of auditing which focuses upon the analysis and management of risk.
In the UK, the 1999 Turnbull Report on corporate governance required directors to provide a statement to shareholders of the significant risks to t ...
s that can cover multiple regulations and standards from a single audit event. This is a very new but necessary approach in some sectors to ensure that all the necessary
governance
Governance is the process of interactions through the laws, norms, power or language of an organized society over a social system ( family, tribe, formal or informal organization, a territory or across territories). It is done by the gove ...
requirements can be met without duplicating effort from both audit and audit hosting resources.
Assessments
The purpose of an assessment is to measure something or calculate a value for it. An auditor's objective is to determine whether financial statements are presented fairly, in all material respects, and are free of material misstatement. Although the process of producing an assessment may involve an audit by an independent professional, its purpose is to provide a measurement rather than to express an opinion about the fairness of statements or quality of performance.
Auditors
Auditors of financial statements & non-financial information (including compliance audit) can be classified into various categories:
*
External auditor
An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these enti ...
/
Statutory auditor
Statutory auditor is a title used in various countries to refer to a person or entity with an auditing role, whose appointment is mandated by the terms of a statute.
World usage
A "statutory audit" is a legally required review of the accuracy ...
is an independent firm engaged by the client subject to the audit to express an opinion on whether the company's
financial statements
Financial statements (or financial reports) are formal records of the financial activities and position of a business, person, or other entity.
Relevant financial information is presented in a structured manner and in a form which is easy to un ...
are free of material misstatements, whether due to fraud or error. For
publicly traded companies
A public company is a company whose ownership is organized via shares of stock which are intended to be freely traded on a stock exchange or in over-the-counter markets. A public (publicly traded) company can be listed on a stock exchange (l ...
, external auditors may also be required to express an opinion on the effectiveness of
internal controls Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A b ...
over
financial reporting
Financial statements (or financial reports) are formal records of the financial activities and position of a business, person, or other entity.
Relevant financial information is presented in a structured manner and in a form which is easy to un ...
. External auditors may also be engaged to perform other agreed-upon procedures, related or unrelated to financial statements. Most importantly, external auditors, though engaged and paid by the company being audited, should be regarded as independent and remain third party.
*
Cost auditor/Statutory cost auditor is an independent firm engaged by the client subject to the cost audit to express an opinion on whether the company's
cost statements and cost sheet are free of material misstatements, whether due to fraud or error. For
publicly traded companies
A public company is a company whose ownership is organized via shares of stock which are intended to be freely traded on a stock exchange or in over-the-counter markets. A public (publicly traded) company can be listed on a stock exchange (l ...
, external auditors may also be required to express an opinion on the effectiveness of
internal controls Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A b ...
over cost reporting. These are Specialized Persons called Cost Accountants in India & CMA globally either Cost & Management Accountants or Certified Management Accountants.
*Government Auditors review the finances and practices of federal agencies. These auditors report their finds to congress, which uses them to create and manage policies and budgets. Government auditors work for the U.S. Government Accountability Office, and most state governments have similar departments to audit state and municipal agencies.
*Secretarial
auditor
An auditor is a person or a firm appointed by a company to execute an audit.Practical Auditing, Kul Narsingh Shrestha, 2012, Nabin Prakashan, Nepal To act as an auditor, a person should be certified by the regulatory authority of accounting and a ...
/Statutory secretarial auditor is an independent firm engaged by the client subject to the audit of secretarial and applicable laws/compliances of other applicable laws to express an opinion on whether the company's
secretarial records and
compliance of applicable laws are free of material misstatements, whether due to fraud or error and inviting heavy fines or penalties. For
bigger public companies, external secretarial auditors may also be required to express an opinion on the effectiveness of
internal controls Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A b ...
over compliances system management of the company. These are Specialized Persons called Company Secretaries in India who are the members of Institute of Company Secretaries of India and holding Certificate of Practice. (http://www.icsi.edu/)
*
Internal auditor An internal auditor is an auditor who is appointed by the Board of directors of the company in order to carry out the internal audit function. Generally an employee of the company acts as an internal auditor, whereas some companies appoint an exter ...
s are employed by the organizations they audit. They work for government agencies (federal, state and local); for publicly traded companies; and for non-profit companies across all industries. The internationally recognized standard setting body for the profession is the Institute of Internal Auditors - IIA (www.theiia.org). The IIA has defined internal auditing as follows: "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes". Thus professional internal auditors provide independent and objective audit and consulting services focused on evaluating whether the board of directors, shareholders, stakeholders, and corporate executives have reasonable assurance that the organization's governance, risk management, and control processes are designed adequately and function effectively. Internal audit professionals (
Certified Internal Auditors
The Institute of Internal Auditors (IIA) is an organization which advocates, provides educational conferences, and develops standards, guidance, and certifications for the internal audit profession.
History
Established in 1941, the IIA today ...
- CIAs) are governed by the international professional standards and code of conduct of the Institute of Internal Auditors. While internal auditors are not independent of the companies that employ them, independence and objectivity are a cornerstone of the IIA professional standards; and are discussed at length in the standards and the supporting practice guides and practice advisories. Professional internal auditors are mandated by the IIA standards to be independent of the business activities they audit. This independence and objectivity are achieved through the organizational placement and reporting lines of the internal audit department. Internal auditors of publicly traded companies in the United States are required to report functionally to the board of directors directly, or a sub-committee of the board of directors (typically the audit committee), and not to management except for administrative purposes. As described often in the professional literature for the practice of internal auditing (such as Internal Auditor, the journal of the IIA) -, or other similar and generally recognized frameworks for management control when evaluating an entity's governance and control practices; and apply COSO's "Enterprise Risk Management-Integrated Framework" or other similar and generally recognized frameworks for entity-wide risk management when evaluating an organization's entity-wide risk management practices. Professional internal auditors also use
control self-assessment (CSA) as an effective process for performing their work.
*Consultant auditors are external personnel contracted by the firm to perform an audit following the firm's
auditing standards
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
. This differs from the
external auditor
An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these enti ...
, who follows their own auditing standards. The level of independence is therefore somewhere between the internal auditor and the external auditor. The consultant auditor may work independently, or as part of the audit team that includes internal auditors. Consultant auditors are used when the firm lacks sufficient expertise to audit certain areas, or simply for staff augmentation when staff are not available.
The most commonly used external audit standards are the US
GAAS
Gallium arsenide (GaAs) is a III-V direct band gap semiconductor with a zinc blende crystal structure.
Gallium arsenide is used in the manufacture of devices such as microwave frequency integrated circuits, monolithic microwave integrated circ ...
of the
American Institute of Certified Public Accountants and the
International Standards on Auditing
International Standards on Auditing (ISA) are professional standards for the auditing of financial information. These standards are issued by the International Auditing and Assurance Standards Board (IAASB). According to Olung M (CAO - L), ISA g ...
(ISA) developed by the
International Auditing and Assurance Standard.
Performance audits
Performance audit
Performance audit refers to an independent examination of a program, function, operation or the management systems and procedures of a governmental or non-profit entity to assess whether the entity is achieving economy, efficiency and effectivenes ...
refers to an independent examination of a program, function, operation or the management systems and procedures of a governmental or non-profit entity to assess whether the entity is achieving economy, efficiency and effectiveness in the employment of available resources.
Safety, security, information systems performance, and environmental concerns are increasingly the subject of audits.
There are now audit professionals who specialize in
security audit
An information security audit is an audit on the level of information security in an organization. It is an independent review and examination of system records, activities and related documents. These audits are intended to improve the level of in ...
s and
information systems audits. With nonprofit organizations and
government agencies
A government or state agency, sometimes an appointed commission, is a permanent or semi-permanent organization in the machinery of government that is responsible for the oversight and administration of specific functions, such as an administratio ...
, there has been an increasing need for performance audits, examining their success in satisfying mission objectives.
Quality audits
Quality audits are performed to verify conformance to standards through review of objective evidence. A system of quality audits may verify the effectiveness of a quality management system. This is part of certifications such as
ISO 9001
The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO ...
. Quality audits are essential to verify the existence of objective evidence showing conformance to required processes, to assess how successfully processes have been implemented, and to judge the effectiveness of achieving any defined target levels. Quality audits are also necessary to provide evidence concerning reduction and elimination of problem areas, and they are a hands-on management tool for achieving continual improvement in an organization.
To benefit the organization, quality auditing should not only report non-conformance and corrective actions but also highlight areas of good practice and provide evidence of conformance. In this way, other departments may share information and amend their working practices as a result, also enhancing continual improvement.
Project audit
A project audit provides an opportunity to uncover issues, concerns and challenges encountered during the project lifecycle. Conducted midway through the project, an audit affords the project manager, project sponsor and project team an interim view of what has gone well, as well as what needs to be improved to successfully complete the project. If done at the close of a project, the audit can be used to develop success criteria for future projects by providing a forensic review. This review identifies which elements of the project were successfully managed and which ones presented challenges. As a result, the review will help the organization identify what it needs to do to avoid repeating the same mistakes on future projects
Projects can undergo 2 types of Project audits:
[Different Types of Audits (June 2013]
Auditronix Guidance Note
* Regular Health Check Audits: The aim of a regular health check audit is to understand the current state of a project in order to increase project success.
* Regulatory Audits: The aim of a regulatory audit is to verify that a project is compliant with regulations and standards. Best practices of NEMEA Compliance Centre describe that, the regulatory audit must be accurate, objective, and independent while providing oversight and assurance to the organization.
Other forms of Project audits:
Formal: Applies when the project is in trouble, sponsor agrees that the audit is needed, sensitivities are high, and need to be able prove conclusions via sustainable evidence.
Informal: Apply when a new project manager is provided, there is no indication the projects in trouble and there is a need to report whether the project is as opposed to where its supposed to Informal audits can apply the same criteria as formal audit but there is no need for such a in depth report or formal report.
Energy audits
An energy audit is an inspection, survey and analysis of energy flows for
energy conservation in a building, process or system to reduce the amount of energy input into the system without negatively affecting the output(s).
Operations audit
An operations audit is an examination of the operations of the client's business. In this audit the auditor thoroughly examines the efficiency, effectiveness and economy of the operations with which the management of the entity (client) is achieving its objective. The operational audit goes beyond the internal controls issues since management does not achieve its objectives merely by compliance of satisfactory system of internal controls. Operational audits cover any matters which may be commercially unsound.
The objective of operational audit is to examine Three E's, namely:
Effectiveness – doing the right things with least wastage of resources.
Efficiency – performing work in least possible time.
Economy – balance between benefits and costs to run the operations
A
control self-assessment is a commonly used tool for completing an operations audit.
Forensic audits
Also refer to
forensic accountancy,
forensic accountant
Forensic accountants are experienced auditors, accountants, and investigators of legal and financial documents that are hired to look into possible suspicions of fraudulent activity within a company; or are hired by a company who may just want t ...
or
forensic accounting
Forensic accounting, forensic accountancy or financial forensics is the specialty practice area of accounting that investigates whether firms engage in financial reporting misconduct. Forensic accountants apply a range of skills and methods to de ...
.
It refers to an investigative audit in which accountants with specialized on both accounting and investigation seek to uncover frauds, missing money and negligence.
See also
*
Academic audit
In academia, an audit is an educational term for the completion of a course of study for which no assessment of the performance of the student is made nor grade awarded.
*
Accounting
*
Audit plan
*
Big Four accounting firms
The Big Four are the four largest professional services networks in the world, the global accounting networks Deloitte, Ernst & Young (EY), KPMG, and PricewaterhouseCoopers (PwC). The four are often grouped because they are comparable in size re ...
*
Clinical audit
Clinical audit is a process that has been defined as a quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change
The key component of ...
*
Comptroller,
Comptroller General
A comptroller (pronounced either the same as ''controller'' or as ) is a management-level position responsible for supervising the quality of accounting and financial reporting of an organization. A financial comptroller is a senior-level execut ...
, and
Comptroller General of the United States
The Comptroller General of the United States is the director of the Government Accountability Office (GAO, formerly known as the General Accounting Office), a legislative-branch agency established by Congress in 1921 to ensure the fiscal and man ...
*
Continuous auditing
Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of ...
*
Cost auditing
A cost audit represents the verification of cost accounts and checking on the adherence to cost accounting plan. Cost audit ascertains the accuracy of cost accounting records to ensure that they are in conformity with cost accounting principles, ...
*
COSO framework,
Risk management
*
EarthCheck
EarthCheck (previously known as EC3 Global), an international tourism advisory group. It is headquartered in Brisbane, Queensland and was developed by the Sustainable Tourism CRC, a research centre specialising in sustainable tourism and research ...
*
Financial audit,
External auditor
An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these enti ...
,
Certified Public Accountant (CPA), and
Audit risk
Audit risk (also referred to as residual risk) as per ISA 200 refers to the risk that the auditor expresses an inappropriate opinion when the financial statements are materiality misstated. This risk is composed of:
* Inherent risk (IR), the ri ...
*
Information technology audit
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the inform ...
,
History of information technology auditing, and
Information security audit
*
Internal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to ...
*
International Organization of Supreme Audit Institutions
The International Organization of Supreme Audit Institutions (INTOSAI) is an intergovernmental organization whose members are supreme audit institutions. Nearly every supreme audit institution in the world is a member of INTOSAI. Depending on t ...
(INTOSAI)
*
Lead auditor, under the
chief audit executive The chief audit executive (CAE), director of audit, director of internal audit, auditor general, or controller general is a high-level independent corporate executive with overall responsibility for internal audit.
Publicly traded corporations ...
or Director of audit
*
Mainframe audit
*
Management auditing
*
Operational auditing
Operational audit is a systematic review of effectiveness, efficiency and economy of operation. Operational audit is a future-oriented, systematic, and independent evaluation of organizational activities.
In Operational audit financial data may ...
*
Peer review
Peer review is the evaluation of work by one or more people with similar competencies as the producers of the work ( peers). It functions as a form of self-regulation by qualified members of a profession within the relevant field. Peer revie ...
*
Quality audit
Quality audit is the process of systematic examination of a quality system carried out by an internal or external quality auditor or an audit team. It is an important part of an organization's quality management system and is a key element in the ...
*
Risk-based internal audit
*
Technical audit
*
SOFT audit
References
Further reading
*
{{Authority control
Economics consulting