This article explains the process of auditing. The overview provides an introduction to the basic objectives and procedures involved in the auditing process. In addition, this article explains the process that auditors undertake as they plan and perform their audit and then prepare the audit report. This process includes such steps as designing the audit approach, performing tests of controls and transactions, performing analytical procedures and tests of details of balances, completing the audit and issuing an opinion. Explanations of factors affecting the audit process are also provided, such as materiality and risk, professional ethics and legal liability. Finally, examples of the various forms of auditing, including internal financial auditing, government financial auditing and operational auditing, are included to help illustrate the roles that auditing plays in various industries and in differing aspects of the business model.
Heather Newton earned her J.D., Cum Laude, from Georgetown University Law Center, where she served as Articles Editor for The Georgetown Journal of Legal Ethics. She worked as an attorney at a large, international law firm in Washington, DC, before moving to Atlanta, where she is currently an editor for a legal publishing company. Prior to law school, she was a high school English teacher and freelance writer, and her works have appeared in numerous print and online publications.
Keywords Adverse Opinion; Attest Function; Attestation; Audit; Audit Program; Audit Risk; Certified Public Accountant; Client; Common Law; Disclaimer of Opinion; Error; External Auditor; Financial Statement; Internal Auditor; Internal Control Structure; Internal Controls; Materiality; Negligence; Operational Auditing; Operations; Sampling; Sampling Risk; Vouching
Our society depends on timely and accurate financial information. Businesses and investors alike need current, reliable information in order to make the decisions that must be made every day. Much of the information that investors, companies and even the government receive and incorporate in their business decisions is provided by third parties. Investors depend on corporate financial statements, lenders depend on consumer applications and the government relies upon tax returns filed by individuals and businesses. However, investors, business leaders and government agents do not have the time or ability to verify all of the information on which they rely. Further, in many cases, the objectives of the information providers are at odds with the objectives of those who use the information. Thus, there is a need for objective third parties who will verify reported information and summarize their findings to the information users. In some industries, these third parties are known as independent auditors and the process they undertake to collect, track and verify information is called an audit. Independent auditors are highly trained professionals who are guided by ethical and legal standards that are designed to safeguard the social need for accurate information and the high regard given the reports they produce.
This article explains the basic concepts and techniques of the auditing profession. It explains the attestation function and the other objectives and procedures of the auditing process. It also provides a description of the internal control evaluations that take place to ensure the accuracy of the information being audited and the reports that are drafted to summarize the audit findings. Also, factors that affect the auditing process are discussed, which include materiality and risk, professional ethics and legal liability. Finally, the various types of auditing are explained, including internal financial auditing, government financial auditing and operational auditing. The following sections describe these concepts in more detail.
Professional auditors serve as objective intermediaries who lend credibility to financial information by reporting whether the information conforms to generally recognized accounting and auditing standards. Auditing consists only of the review of reported information, and thus does not include the actual production of financial reports. That function is performed by a company's accountants and financial analysts, who generally work under the direction of its controller or management team. Auditors collect evidence, which consists of financial statements and the supporting documentation, which they cross-check and verify in order to determine whether the information in the financial statements is reliable. After completing this process, auditors compile a report that summarizes whether the information reported in the company's financial statements is reliable. This report is essentially a professional opinion expressed by the auditing firm as to whether the company's reported financial position, operational capabilities, and any changes in its financial position, have been documented in accordance with generally accepted accounting principles.
This process is critical because reliable and timely information enables capital markets to operate efficiently and allows individuals who depend on reported financial information to make informed decisions on a wide variety of economic issues. The following sections will explain in more detail the objectives and procedures that guide auditors during the auditing process (Whittington & Pany, 2006).
Independent auditors are hired and paid by clients. A client is the person, company, board of directors, agency or group that retains the auditor to complete the auditing process, often called an "engagement," and pays the fee for the auditor's services. Audits may be financial, in which the client's financial statements and other economic data are examined, or operational, whereby an auditor examines the efficiency and effectiveness of a client's business operations. In financial audits, the client and the auditee are usually the same. The auditee is the company or entity whose financial statements are being audited. Occasionally, the client and the auditee are different, such as when Corporation A hires and pays the auditors to audit Corporation B in conjunction with a proposed merger or acquisition. In such cases, Corporation A is the client and Corporation B is the auditee (Whittington & Pany, 2006).
Once independent auditors have reviewed the financial information provided by a client, the auditors prepare a report that expresses an opinion as to whether the financial information provided by the client has been compiled and presented in accordance with generally accepted accounting principles. This third-party scrutiny lends a certain amount of credibility to the financial information and is often referred to as an attestation. Thus, to attest to information means to provide assurance as to its reliability. A financial statement audit is, by far, the most common type of attest function that auditors perform. However, professionally licensed auditors, known as certified public accountants ("CPAs"), also attest to the reliability of a wide range of other types of information including financial forecasts, internal control policies and procedures, compliance with laws and regulations and advertising claims. No matter what type of information is being examined, the objectives and techniques of the auditing process remain essentially the same.
The basic objectives for an audit are:
- To understand the responsibilities for the audit.
- To divide the financial statements into cycles.
- To know managements assertions about the accounts.
- To know the general audit objectives for classes of transactions and accounts.
- To know specific audit objectives for classes of transactions and accounts.
In order to meet these objectives, auditors gather evidence that enables them to determine the accuracy of management's assertion as to the reliability of the information. A company's financial statements are generally submitted with an assertion by its management that the financial records have been prepared in accordance with generally accepted accounting principles ("GAAP"). After reviewing the financial records, the auditors issue a report summarizing their findings. In order to issue a report, auditors must ensure that the objectives for the audit have been met. Although not an insurer or a guarantor of the fairness or reliability of the information in the financial statements, the auditor has considerable responsibility for notifying users whether the statements are properly stated. If the auditor believes that the statements are not fairly presented or is unable to reach a conclusion because of insufficient evidence, the auditor has the responsibility to convey this by altering the opinion expressed their report.
The amount of evidence collected and reviewed by the auditors and the content of the audit report depends on the nature of the engagement. The two most common forms of attestation engagements are examinations, which are referred to as audits when they involve the review of financial statements, and reviews.
An examination or audit provides the highest level of managerial assurance that its financial statements have been prepared following generally accepted accounting principles is reliable. In an audit, the auditor must obtain independent evidence to substantiate the assertions made by the association's employees and management.
In a review, unless deemed necessary, the auditor is not required to obtain any independent corroboration to substantiate the financial statements. A review is designed to lend only a limited, or moderate, amount of assurance about the management's assertions.
Auditors must follow careful procedures in order to preserve the objectivity and dependability of their reports. In a financial statement audit, the auditors begin by creating and drafting an audit plan that will guide every step of the audit process. The audit plan dictates not only the scope of the audit, but also the responsibilities of the auditors and accountants involved in the review of the financial records. Once the audit plan has been finalized, the audit begins. An audit involves searching and verifying the accounting records and examining other evidence supporting those financial statements. Auditors must also gain an understanding of the company's internal controls over errors or other misstatements in its financial records. In addition, auditors inspect documents, view and account for listed assets and make appropriate inquiries within and outside the company in order to satisfactorily perform the audit procedures. Through this process, the auditors gather the evidence necessary to issue an audit report. The evidence gathered by the auditors focuses on whether the financial statements are presented in accordance with GAAP.
In essence, an audit seeks to verity and lend credence to management's assertions that the assets listed in the balance sheet actually exist and remain at the values expressed, that the company has title to the assets and that the valuations assigned to the assets have been established in conformity with GAAP. Likewise, auditors also gather evidence to show that all the liabilities of a company are included on the balance sheet. Alterations or omissions of a company's liabilities could skew the information contained on a balance sheet and in other financial statements, thus misleading users who make investment and other financial decisions based on a company's financial well-being as expressed in its financial statements. Finally, the auditors gather evidence about the company's income statement. The auditors collect and verify evidence demonstrating that reported sales actually occurred, that the goods were indeed shipped to customers, that the recorded costs and expenses are applicable to the current period and that all expenses have been recognized.
Only if sufficient evidence is gathered in support of all of these significant assertions can the auditors issue an audit report. The audit report states that it is the auditors' opinion that the financial statements follow generally accepted accounting principles. If the auditors find information that leads them to conclude that the financial statements do not follow generally accepted accounting principles or are missing essential information, the auditor may issue a qualified or an adverse opinion. A qualified opinion is a statement written upon the front page of an audit that suggests that the information provided by management was limited in scope or the company's financial statements were not maintained in accordance with generally accepted accounting principles. An adverse opinion is the most severe opinion an auditor can issue and it indicates that a company's financial statements were misrepresented, misstated and/or did not accurately reflect its financial performance and health.
The Auditing Process
The auditing process requires careful planning and close attention to detail. The preparations begin even before the actual audit commences. In preparing for a potential audit engagement, auditors first investigate a prospective client in order to obtain an understanding of the client's business operations and to decide whether to accept the engagement. If the engagement is accepted, auditors then work on developing an overall strategy to organize, coordinate and schedule the activities of the audit staff. Even after the audit is underway, the planning process continues throughout the engagement. Whenever a problem is encountered during the course of the audit, the auditors must develop a response to the situation and determine how the problem affects their ability to continue the audit and issue an opinion. The following sections describe the dynamic process of planning and performing an auditing engagement, beginning with the acceptance of a client and proceeding through the design and completion of the audit and issuance of the audit report.
Before accepting any engagement, auditors must first consider the financial strength and credit rating of a prospective client in order to assess the overall risk of association with that business entity. When a potential client is facing financial difficulties, is in need of an inflow of additional capital or is facing government investigation, there is a risk that management will overstate or misstate financial information or operating results in an attempt to deflect the gravity of the company's standing. Auditors must be aware of this incentive and consider carefully whether to proceed with an audit engagement with such a client. If an audit client goes bankrupt or faces further financial turmoil, the auditors can be sued directly or named as defendants in lengthy and costly lawsuits. Thus, some auditors simply avoid accepting engagements that would expose them to the potential for an inflated risk of overstated or misstated financial or operational records or for future litigation. Other auditors may accept riskier engagements but implement greater controls over the scope and level of scrutiny in the document review process.
After the auditors have completed their review of a potential client, they then assess the levels of risks involved with completing the audit and make a final determination whether to accept or refuse the engagement. Even if an auditing or accounting firm decides to perform an audit for a potential client, the auditors may face a competitive bid process whereby the firm will be required to submit a competitive proposal that will include information on the nature of the services it provides, a fee structure, the qualifications of the firm's personnel and other relevant information.
Once the client has hired an auditing firm and the engagement has been accepted, the preparations for the audit escalate as the auditors work to gain a detailed understanding of the client's business and industry and compile and finalize an overall audit strategy. The auditors must obtain a detailed understanding of such factors as the client's organizational structure,...
(The entire section is 7128 words.)