An audit is an independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form. When such an examination is conducted with a view to express an opinion thereon" It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics have started identifying an "Audit Society". Auditors perceive and recognize the propositions before them for examination, obtain evidence, evaluate the same and formulate an opinion on the basis of their judgement which is communicated through their auditing report.
A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organisation. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.
An auditor is a person or a firm appointed by a company to execute an audit. To act as an auditor, a person should be certified by the regulatory authority of accounting and auditing or possess certain specified qualifications. Generally, to act as an external auditor of the company, a person should have a certificate of practice from the regulatory authority.
An audit committee is a committee of an organisation's board of directors which is responsible for oversight of the financial reporting process, selection of the independent auditor, and receipt of audit results both internal and external.
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
A going concern is a business that is assumed will meet its financial obligations when they fall due. It functions without the threat of liquidation for the foreseeable future, which is usually regarded as at least the next 12 months or the specified accounting period. The presumption of going concern for the business implies the basic declaration of intention to keep operating its activities at least for the next year, which is a basic assumption for preparing financial statements that comprehend the conceptual framework of the IFRS. Hence, a declaration of going concern means that the business has neither the intention nor the need to liquidate or to materially curtail the scale of its operations.
Audit risk refers to the risk that an auditor may issue an unqualified report due to the auditor's failure to detect material misstatement either due to error or fraud. This risk is composed of:
The Institute of Internal Auditors (IIA) is an organization which advocates, provides educational conferences, and develops standards, guidance, and certifications for the internal audit profession.
Internal auditing is an independent, objective assurance and consulting activity designed to add value to and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing achieves this by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.
In the United States, the Single Audit, Subpart F of the OMB Uniform Guidance, is a rigorous, organization-wide audit or examination of an entity that expends $750,000 or more of federal assistance received for its operations. Usually performed annually, the Single Audit's objective is to provide assurance to the US federal government as to the management and use of such funds by recipients such as states, cities, universities, non-profit organizations, and Indian Tribes. The audit is typically performed by an independent certified public accountant (CPA) and encompasses both financial and compliance components. The Single Audits must be submitted to the Federal Audit Clearinghouse along with a data collection form, Form SF-SAC.
ISA 400 Risk Assessments and Internal Control is one of the International Standards on Auditing. It serves to require the auditor to understand the client's accounting system and internal control system and to assess control risk and inherent risk. The objective is to determine the nature, timing and extent of substantive procedures in order to reduce audit risk to an acceptable low level.
Audit evidence is evidence obtained by auditors during a financial audit and recorded in the audit working papers.
In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. The term is used by the U.S. Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC). The TDRA is used to determine the scope and required evidence to support management's testing of its internal controls under SOX404. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.
This page is a list of auditing topics.
Sampling risk is one of the many types of risks an auditor may face when performing the necessary procedure of audit sampling. Audit sampling exists because of the impractical and costly effects of examining all or 100% of a client's records or books. As a result, a "sample" of a client's accounts are examined. Due to the negative effects produced by sampling risk, an auditor may have to perform additional procedures which in turn can impact the overall efficiency of the audit.
A job safety analysis (JSA) is a procedure which helps integrate accepted safety and health principles and practices into a particular task or job operation. In a JSA, each basic step of the job is to identify potential hazards and to recommend the safest way to do the job. Other terms used to describe this procedure are job hazard analysis (JHA) and job hazard breakdown.
Entity-level controls are internal controls that help to ensure that management directives pertaining to the entire entity are carried out. They are the second level of a top-down approach to understanding the risks of an organization. Generally, entity refers to the entire company.
The chief audit executive (CAE), director of audit, director of internal audit, auditor general, or controller general is a high-level independent corporate executive with overall responsibility for internal audit.
Risk-based internal audit (RBIA) is an internal methodology which is primarily focused on the inherent risk involved in the activities or system and provide assurance that risk is being managed by the management within the defined risk appetite level. It is the risk management framework of the management and seeks at every stage to reinforce the responsibility of management and BOD for managing risk.
GRC Envelop is a risk management and audit management software tool. It enables process control managers, auditors and risk managers to document and manage their work. The entire tool is web based and is built using the Python/Django. The idea behind GRC Envelop is to help risk managers and auditors with a standard work flow and framework to help capture the process details within an organisation. This tool is mainly used for internal and external audits focused on financial, IT, HR and sales processes within firms.
