Audit

Last updated
Some typical stages in the audit process Audit Cycle.jpg
Some typical stages in the audit process

An audit is a systematic and independent examination of books, accounts, statutory records, documents and vouchers of an organization to ascertain how far the financial statements as well as non-financial disclosures present a true and fair view of the concern. It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics started identifying an "Audit Society". [1] The auditor perceives and recognizes the propositions before them for examination, obtains evidence, evaluates the same and formulates an opinion on the basis of his judgement which is communicated through their auditing report. [2]

Contents

Any subject matter may be audited. Audit is a safeguard measure since ancient times (Loeb & Shamoo, 1989). [3] Audits provide third party assurance to various stakeholders that the subject matter is free from material misstatement. The term is most frequently applied to audits of the financial information relating to a legal person. Other areas which are commonly audited include: secretarial & compliance audit, internal controls, quality management, project management, water management, and energy conservation.

In a corporation, a stakeholder is a member of "groups without whose support the organization would cease to exist", as defined in the first usage of the word in a 1963 internal memorandum at the Stanford Research Institute. The theory was later developed and championed by R. Edward Freeman in the 1980s. Since then it has gained wide acceptance in business practice and in theorizing relating to strategic management, corporate governance, business purpose and corporate social responsibility (CSR). The definition of corporate responsibilities through a classification of stakeholders to consider has been criticised as creating a false dichotomy between the "shareholder model" and the "stakeholders model" or a false analogy of the obligations towards shareholders and other interested parties.

Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework such as Generally Accepted Accounting Principles (GAAP).

A legal person in legal context typically is a person —whether human or non-human—that is recognized as having certain privileges and obligations such as the legal capacity to enter into contracts, to sue, and to be sued.

As a result of an audit, stakeholders may effectively evaluate and improve the effectiveness of risk management, control, and the governance process over the subject matter.

The word audit is derived from a Latin word "audire" which means "to hear". [4] During the medieval times when manual book-keeping was prevalent, auditors in Britain used to hear the accounts read out for them and checked that the organization's personnel were not negligent or fraudulent. [5] Moyer identified that the most important duty of the auditor was to detect fraud. [6] Chatfield documented that early United States auditing was viewed mainly as verification of bookkeeping detail. [7]

Information technology audit

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

Information technology (IT) is the use of computers to store, retrieve, transmit, and manipulate data, or information, often in the context of a business or other enterprise. IT is considered to be a subset of information and communications technology (ICT). An information technology system is generally an information system, a communications system or, more specifically speaking, a computer system – including all hardware, software and peripheral equipment – operated by a limited group of users.

Infrastructure Facilities and systems serving society

Infrastructure is the fundamental facilities and systems serving a country, city, or other area, including the services and facilities necessary for its economy to function. Infrastructure is composed of public and private physical improvements such as roads, railways, bridges, tunnels, water supply, sewers, electrical grids, and telecommunications. In general, it has also been defined as "the physical components of interrelated systems providing commodities and services essential to enable, sustain, or enhance societal living conditions".

Data integrity is the maintenance of, and the assurance of the accuracy and consistency of, data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. The term is broad in scope and may have widely different meanings depending on the specific context – even under the same general umbrella of computing. It is at times used as a proxy term for data quality, while data validation is a pre-requisite for data integrity. Data integrity is the opposite of data corruption. The overall intent of any data integrity technique is the same: ensure data is recorded exactly as intended and upon later retrieval, ensure the data is the same as it was when it was originally recorded. In short, data integrity aims to prevent unintentional changes to information. Data integrity is not to be confused with data security, the discipline of protecting data from unauthorized parties.

Accounting

Financial auditives (including taxation, misselling and other forms of fraud) to misstate financial information, auditing has become a legal requirement for many entities who have the power to exploit financial information for personal gain. Traditionally, audits were mainly associated with gaining information about financial systems and the financial records of a company or a business.

Misselling is the deliberate, reckless, or negligent sale of products or services in circumstances where the contract is either misrepresented, or the product or service is unsuitable for the customer's needs. For example, selling life insurance to someone who has no dependents is regarded as misselling. There is no legal definition of "misselling" in the U.K.

Financial audits are performed to ascertain the validity and reliability of information, as well as to provide an assessment of a system's internal control. As a result of this, a third party can express an opinion of the person / organization / system (etc.) in question. The opinion given on financial statements will depend on the audit evidence obtained.

Validity is the extent to which a concept, conclusion or measurement is well-founded and likely corresponds accurately to the real world. The word "valid" is derived from the Latin validus, meaning strong. The validity of a measurement tool is the degree to which the tool measures what it claims to measure. Validity is based on the strength of a collection of different types of evidence described in greater detail below.

Reliability in statistics and psychometrics is the overall consistency of a measure. A measure is said to have a high reliability if it produces similar results under consistent conditions. "It is the characteristic of a set of test scores that relates to the amount of random error from the measurement process that might be embedded in the scores. Scores that are highly reliable are accurate, reproducible, and consistent from one testing occasion to another. That is, if the testing process were repeated with a group of test takers, essentially the same results would be obtained. Various kinds of reliability coefficients, with values ranging between 0.00 and 1.00, are usually used to indicate the amount of error in the scores." For example, measurements of people's height and weight are often extremely reliable.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

Due to constraints, an audit seeks to provide only reasonable assurance that the statements are free from material error. Hence, statistical sampling is often adopted in audits. In the case of financial audits, a set of financial statements are said to be true and fair when they are free of material misstatements – a concept influenced by both quantitative (numerical) and qualitative factors. But recently, the argument that auditing should go beyond just true and fair is gaining momentum. [8] And the US Public Company Accounting Oversight Board has come out with a concept release on the same. [9]

Cost accounting is a process for verifying the cost of manufacturing or producing of any article, on the basis of accounts measuring the use of material, labor or other items of cost. In simple words, the term, cost audit means a systematic and accurate verification of the cost accounts and records, and checking for adherence to the cost accounting objectives. According to the Institute of Cost and Management Accountants, cost audit is "an examination of cost accounting records and verification of facts to ascertain that the cost of the product has been arrived at, in accordance with principles of cost accounting."[ citation needed ]

In most nations, an audit must adhere to generally accepted standards established by governing bodies. These standards assure third parties or external users that they can rely upon the auditor's opinion on the fairness of financial statements or other subjects on which the auditor expresses an opinion. The audit must therefore be precise and accurate, containing no additional misstatements or errors.

Integrated audits

In the US, audits of publicly traded companies are governed by rules laid down by the Public Company Accounting Oversight Board (PCAOB), which was established by Section 404 of the Sarbanes–Oxley Act of 2002. Such an audit is called an integrated audit, where auditors, in addition to an opinion on the financial statements, must also express an opinion on the effectiveness of a company's internal control over financial reporting, in accordance with PCAOB Auditing Standard No. 5. [10]

There are also new types of integrated auditing becoming available that use unified compliance material (see the unified compliance section in Regulatory compliance). Due to the increasing number of regulations and need for operational transparency, organizations are adopting risk-based audits that can cover multiple regulations and standards from a single audit event.[ citation needed ] This is a very new but necessary approach in some sectors to ensure that all the necessary governance requirements can be met without duplicating effort from both audit and audit hosting resources.[ citation needed ]

Assessments

The purpose of an assessment is to measure something or calculate a value for it. Although the process of producing an assessment may involve an audit by an independent professional, its purpose is to provide a measurement rather than to express an opinion about the fairness of statements or quality of performance. [11]

Auditors

Auditors of financial statements & non-financial information (including compliance audit) can be classified into three categories:

The most commonly used external audit standards are the US GAAS of the American Institute of Certified Public Accountants and the International Standards on Auditing (ISA) developed by the International Auditing and Assurance Standard.

Performance audits

Performance audit refers to an independent examination of a program, function, operation or the management systems and procedures of a governmental or non-profit entity to assess whether the entity is achieving economy, efficiency and effectiveness in the employment of available resources. Safety, security, information systems performance, and environmental concerns are increasingly the subject of audits. [15] There are now audit professionals who specialize in security audits and information systems audits. With nonprofit organizations and government agencies, there has been an increasing need for performance audits, examining their success in satisfying mission objectives.

Quality audits

Quality audits are performed to verify conformance to standards through review of objective evidence. A system of quality audits may verify the effectiveness of a quality management system. This is part of certifications such as ISO 9001. Quality audits are essential to verify the existence of objective evidence showing conformance to required processes, to assess how successfully processes have been implemented, and to judge the effectiveness of achieving any defined target levels. Quality audits are also necessary to provide evidence concerning reduction and elimination of problem areas, and they are a hands-on management tool for achieving continual improvement in an organization.

To benefit the organization, quality auditing should not only report non-conformance and corrective actions but also highlight areas of good practice and provide evidence of conformance. In this way, other departments may share information and amend their working practices as a result, also enhancing continual improvement.

Project audit

A project audit provides an opportunity to uncover issues, concerns and challenges encountered during the project lifecycle. [16] Conducted midway through the project, an audit affords the project manager, project sponsor and project team an interim view of what has gone well, as well as what needs to be improved to successfully complete the project. If done at the close of a project, the audit can be used to develop success criteria for future projects by providing a forensic review. This review identifies which elements of the project were successfully managed and which ones presented challenges. As a result, the review will help the organization identify what it needs to do to avoid repeating the same mistakes on future projects

Projects can undergo 2 types of Project audits: [15]

Other forms of Project audits:

Formal: Applies when the project is in trouble, sponsor agrees that the audit is needed, sensitivities are high, and need to be able prove conclusions via sustainable evidence.

Informal: Apply when a new project manager is provided, there is no indication the projects in trouble and there is a need to report whether the project is as opposed to where its supposed to Informal audits can apply the same criteria as formal audit but there is no need for such a in depth report or formal report. [17]

Energy audits

An energy audit is an inspection, survey and analysis of energy flows for energy conservation in a building, process or system to reduce the amount of energy input into the system without negatively affecting the output(s).

Operations audit

An operations audit is an examination of the operations of the client's business. In this audit the auditor thoroughly examines the efficiency, effectiveness and economy of the operations with which the management of the entity (client) is achieving its objective. The operational audit goes beyond the internal controls issues since management does not achieve its objectives merely by compliance of satisfactory system of internal controls. Operational audits cover any matters which may be commercially unsound. The objective of operational audit is to examine Three E's, namely:[ citation needed ] Effectiveness – doing the right things with least wastage of resources. Efficiency – performing work in least possible time. Economy – balance between benefits and costs to run the operations[ citation needed ]

A control self-assessment is a commonly used tool for completing an operations audit. [18]

Forensic audits

Also refer to forensic accountancy, forensic accountant or forensic accounting. It refers to an investigative audit in which accountants with specialized on both accounting and investigation seek to uncover frauds, missing money and negligence.

See also

Related Research Articles

Financial audit

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organisation. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

An auditor is a person or a firm appointed by a company to execute an audit. To act as an auditor, a person should be certified by the regulatory authority of accounting and auditing or possess certain specified qualifications. Generally, to act as an external auditor of the company, a person should have a certificate of practice from the regulatory authority.

In a U.S. publicly traded company, an audit committee is an operating committee of the board of directors charged with oversight of financial reporting and disclosure. Committee members are drawn from members of the company's board of directors, with a Chairperson selected from among the committee members. A qualifying audit committee is required for a U.S. publicly traded company to be listed on a stock exchange. Audit committees are typically empowered to acquire the consulting resources and expertise deemed necessary to perform their responsibilities.

Auditors report

The auditor's report is a disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit, as an assurance service in order for the user to make decisions based on the results of the audit.

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial Statement Audit, commonly abbreviated as SAS 99, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in October 2002. The original exposure draft was distributed in February 2002.

External auditor

An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.

Committee of Sponsoring Organizations of the Treadway Commission Institute of Management Accountants (IMA)

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative to combat corporate fraud. It was established in the United States by five private sector organizations, dedicated to guide executive management and governance entities on relevant aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reporting. COSO has established a common internal control model against which companies and organizations may assess their control systems. COSO is supported by five supporting organizations: the Institute of Management Accountants (IMA), the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), the Institute of Internal Auditors (IIA), and Financial Executives International (FEI).

Generally Accepted Auditing Standards

Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).

International Standards on Auditing

International Standards on Auditing (ISA) are professional standards for the performance of financial audit of financial information. These standards are issued by International Federation of Accountants (IFAC) through the International Auditing and Assurance Standards Board (IAASB). According to Olung M ISA guides the auditor to add value to the assignment hence building confidence of investors.

Internal audit An audit of accounting for audiences within a firm

Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing achieves this by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

The New Jersey State Auditor is a constitutional officer appointed by the New Jersey Legislature and administratively placed within the Office of Legislative Services. The Auditor conducts financial and performance audits of State agencies, certain school districts, and vicinages of the Judiciary. The State Auditor also conducts studies on the operation, economy and efficiency of State-run or State-supported programs.

SOX 404 top–down risk assessment

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. The term is used by the U.S. Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC). The TDRA is used to determine the scope and required evidence to support management's testing of its internal controls under SOX404. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.

Management assertions or financial statement assertions are the implicit or explicit assertions that the preparer of financial statements (management) is making to its users. These assertions are relevant to auditors performing a financial statement audit in two ways. First, the objective of a financial statement audit is to obtain sufficient appropriate audit evidence to conclude on whether the financial statements present fairly, in all material respects, the financial position of a company and the results of its operations and cash flows. In developing that conclusion, the auditor evaluates whether audit evidence corroborates or contradicts financial statement assertions. Second, auditors are required to consider the risk of material misstatement through understanding the entity and its environment, including the entity's internal control. Financial statement assertions provide a framework to assess the risk of material misstatement in each significant account balance or class of transactions.

The following outline is provided as an overview of and topical guide to accounting:

Entity-level controls

Entity-level controls are internal controls that help to ensure that management directives pertaining to the entire entity are carried out. They are the second level of a top-down approach to understanding the risks of an organization. Generally, entity refers to the entire company.

The chief audit executive (CAE), director of audit, director of internal audit, auditor general, or controller general is a high level independent corporate executive with overall responsibility for internal audit.

The Model Audit Rule 205, Model Audit Rule, or MAR 205 are the commonly applied terms for the Annual Financial Reporting Model Regulation. Model Audit Rule is a financial reporting regulation applicable to insurance companies, and borrows significantly from the Sarbanes Oxley Act of 2002. The Model Audit Rule is co-developed by the American Institute of Certified Public Accountants (“AICPA”) and National Association of Insurance Commissioners (“NAIC”) and issued by NAIC with revisions in 2006 and has taken effect in 2010.

References

  1. Power, Michael. 1999. The Audit Society: Rituals of Verification. Oxford: Oxford University Press.
  2. "Audit assurance".
  3. Loeb, Stephen E.; Shamoo, Adil E. (1989-09-01). "Data audit: Its place in auditing". Accountability in Research. 1 (1): 23–32. doi:10.1080/08989628908573771. ISSN   0898-9621. PMID   26859053.
  4. Assurance, Auditing and. ICAI - The Institute of Chartered Accountants of India. Chapter 1, Volume 1: Institute of Chartered Accountants of India. p. 1.
  5. Derek Matthews, History of Auditing (2006-09-27). The changing audit process from the 19th century till date. Routledge-Taylor & Francis Group. p. 6. ISBN   9781134177912.
  6. C. A., Moyer (January 1951). "Early Developments in American Auditing". Accounting Review. 26 (1): 3–8. JSTOR   239850.
  7. Michael, Chatfield (1974). "A History of Accounting Thought". Business History Review. 49.
  8. McKenna, Francine. "Auditors and Audit Reports: Is The Firm's "John Hancock" Enough?". Forbes. Retrieved 22 July 2011.
  9. "CONCEPT RELEASE ON POSSIBLE REVISIONS TO PCAOB STANDARDS RELATED TO REPORTS ON AUDITED FINANCIAL STATEMENTS" (PDF). Retrieved 22 July 2011.
  10. "Auditing Standard No. 5". pcaobus.org. Retrieved 2016-06-28.
  11. Ladda, R.L. Basic Concepts Of Accounting. Solapur: Laxmi Book Publication. p. 58. ISBN   978-1-312-16130-6.
  12. "Pages - Definition of Internal Auditing". Na.theiia.org. 2000-01-01. Retrieved 2013-09-02.
  13. "Pages - International Professional Practices Framework (IPPF)". Na.theiia.org. 2000-01-01. Retrieved 2013-09-02.
  14. "Professional internal auditors, in carrying out their responsibilities, apply COSO's Integrated Framework-Internal Control". Theiia.org.
  15. 1 2 Different Types of Audits (June 2013) Auditronix Guidance Note Archived July 18, 2013, at the Wayback Machine
  16. Stanleigh, Micheal (2009). "UNDERTAKING A SUCCESSFUL PROJECT AUDIT" (PDF). PROJECT SMART. Retrieved 18 May 2016.[ permanent dead link ]
  17. Clarke. K, Walsh. K & Flanagan. J (2015). "How prevalent are post-completion audits in australia. Accounting, Accountability & Performance". Accounting, Accountability & Performance.
  18. Gilbert W. Joseph and Terry J. Engle (December 2005). "The Use of Control Self-Assessment by Independent Auditors". The CPA Journal. Retrieved 10 March 2012.

Further reading