financial reporting audit methodology

Financial Audit: Overview, and Best Practices

Brett Deemer

December 16, 2023

Internal Audit 101: This series explores the foundations of internal audit by industry, including basic definitions and concepts relative to auditors in specific sectors. 

What Is a Financial Audit ?

A financial audit typically refers to the annual audit of an organization’s financial statements to ensure its records are a fair and accurate representation of the organization’s financial transactions. The financial statement audit looks to understand the financial performance of an organization to provide reasonable assurance of the future performance of a company.

Often based on GAAP standards, the audited financial statements are reviewed yearly by independent auditors and include the income statement , balance sheet , and cash flow statement . GAAP stands for the generally accepted accounting principles and determines the set rules and accounting standards for presenting financial information to stakeholders .

A financial audit can also include an audit of the organization’s internal control over financial reporting , which is commonly integrated with an audit of financial statements . 

Both internal auditors and external auditors can conduct financial audits . The biggest difference between external and internal audits is the objectivity and independence of the external audit firm ’s opinion on the financial statements and internal controls audited.

Financial Audit versus IT Audit

While financial and IT audits both strive to enhance company transparency, their scopes are distinctly unique. A financial audit serves as a magnifying glass for financial statements, scrutinizing each detail for alignment with accounting laws and standards. It’s like taking a company’s financial pulse, making sure every heartbeat, or in this case, every transaction, is healthy and legitimate.

On the flip side, an IT audit takes a deep dive into the company’s technological veins. It assesses the infrastructure, policies, and operational aspects of the company’s information technology. It’s akin to a cyber check-up, ensuring the safety and effectiveness of the systems that process and safeguard the company’s crucial financial data.

The spotlight here is on data security, IT governance, IT infrastructure, and most importantly, the integrity of systems that crunch financial data. This demonstrates that while the realms of financial audits and IT audits may appear separate, they are intricately connected. They intersect at the critical juncture where financial data is processed, emphasizing the symbiotic relationship that exists between them in maintaining corporate health and transparency.

The History of the Financial Audit

Most companies receive a yearly audit of their financial statements to satisfy debt covenants to lenders . For publicly traded companies, financial audits are a legal requirement under the Sarbanes-Oxley Act (SOX) of 2002. In addition to requiring an audit of the company’s financial statements , SOX also requires public companies to receive an audit of management’s assessment of the effectiveness of the company’s internal control over financial reporting . SOX established the Public Company Accounting Oversight Board (PCAOB) to oversee the rules and standards for such audits. SOX audit programs can vary in maturity and status based on when the organization has gone public and whether or not the organization has undergone any updates to its SOX program since it was initially required in the early 2000s. Organizations planning for an initial public offering (IPO) will usually perform audit readiness activities to ensure they can meet SOX compliance once required.

The Backbone of Financial Audits: Generally Accepted Auditing Standards (GAAS)

When it comes to the bedrock of financial audits, Generally Accepted Auditing Standards, or GAAS, stand tall. GAAS equates to the minimum set of standards that auditors must turn to when conducting a financial audit. This vital set of guidelines applies to how financial statements are audited by CPA. Its well-defined structure and rigidity instill consistency and uniformity into the auditing process.

GAAS provides the path to follow to ensure an audit is carried out with the highest degree of professionalism. It fosters a culture of integrity and objectivity, which is paramount in establishing the credibility of financial audits.

GAAS focuses on the principles that govern the audit process , which include a comprehensive understanding of the company’s internal controls, a meticulous examination of the evidence supporting financial statements, and an objective review of the entire financial report and disclosures.

By following GAAS, auditors can dig into the details while keeping the big picture in mind, ultimately bolstering the reliability of financial statement audits . The result? Enhanced corporate transparency and strengthened investor confidence.  

Types of Financial Audits

While the purpose of all financial audits remains the same, there are three primary types that stakeholders should be aware of.

External Financial Audit

External financial audits are usually conducted by employees of an independent certified public accountant ( CPA ) firm and include an audit of both financial statements , accounting policies , and internal controls over financial reporting . External audits seek to identify if there are any material misstatements in the financial statements , as well as evaluate the effectiveness of existing accounting practices . An external auditor ’s findings result in an auditor’s opinion , included in the financial audit report . This opinion is a crucial accompaniment to the financial statements in helping analysts and investors gain comfort in an organization’s financial condition and performance as stated by management.

Internal Financial Audit

Internal financial audits are conducted by employees of the organization known as internal auditors to provide management with an assessment of the effectiveness of financial reporting processes and internal controls over financial reporting . Internal audit teams may complement the work of external auditors to understand the firm’s accounting system based on a pre-agreed plan and meetings. Internal audits help an organization improve its processes and internal controls by performing projects and controls assessments to identify any areas of improvement or deficiencies in the controls and reporting process, allowing the opportunity to remediate those issues before they become a material error (under generally accepted auditing standards , misstatements and omissions are considered material if they could “influence the judgment made by a reasonable user based on the financial statements .”) The results of an internal audit , along with the internal audit team ’s recommendations for improvement, are recorded in a financial audit report provided to the organization’s management and board of directors .

Internal Revenue Service ( IRS ) Audit

An IRS audit is a review of an individual’s or organization’s accounts and financial information to ensure information is reported correctly according to tax laws and to verify the amount of tax reported is accurate.

Here are the possible outcomes of the IRS Audit

• No Change: The auditor finds everything in order and makes no changes.
• Agreement: The auditor proposes changes, and the taxpayer understands and agrees with these changes.
• Disagreement: The auditor proposes changes, but the taxpayer disagrees. In this case, the taxpayer can request a conference with an IRS manager, file an appeal if eligible, or seek mediation. To effectively prepare for an IRS audit, it’s crucial first to understand the scope of the audit, as the IRS will inform you whether it’s a correspondence, office, or field audit. Organizing all relevant documentation is key, including receipts, bills, employment documents, business logs, and legal papers, to support your case. Before the audit, thoroughly review the tax return (s) in question to understand every item and how it was calculated. Being aware of your rights as a taxpayer is essential, including the right to professional representation and the right to appeal the IRS ‘s decision.

During the audit, answer all questions truthfully but avoid volunteering unsolicited information. Ensure to keep copies of all documents you provide to the IRS . Finally, once the audit is complete, make sure you understand the outcome and any subsequent expectations. If the audit reveals any mistakes, correct these in future tax returns to avoid similar issues.

Defining the Financial Audit Procedures

Substantive procedures are the procedures performed to support financial audits . A substantive procedure may be a process, step, or test that creates conclusive evidence regarding the completeness, existence, disclosure , rights, or valuation (the five audit assertions) of the financial statements . To qualify as a substantive procedure, enough documentation must be collected so another qualified auditor can conduct the same procedure on the same documents and come to the same conclusion.

Financial audit procedures are built around the five audit assertions at the account or asset level. They are as follows:

• Preparation
• Designating the team
• Communication and execution
• Forming the audit opinion
• Creating an action plan

Planning for a financial audit involves performing scoping and risk assessments before the audit project to understand areas that are material to the organization as well as evaluate areas of significant risk . External auditors will usually determine their level of reliance on the work of the internal audit function in obtaining audit evidence ahead of the audit. External auditors will evaluate the extent of their reliance on requirements set forth by the American Institute of Certified Public Accountants (AICPA).

What’s Audited? An Overview of Financial Statements

The financial audit primarily involves a microscopic examination of the four cornerstones of a company’s financial health: the balance sheet, income statement, statement of cash flows, and statement of changes in equity.

Imagine the balance sheet as a snapshot in time, a still frame capturing a company’s financial state at a particular moment. It records the company’s assets, liabilities, and shareholders’ equity. By analyzing this, auditors get a sense of the company’s net worth and how it is financed, whether it’s from debts, shareholders’ contributions, or earnings.

Moving onto the income statement, picture it as a video playing the company’s income and expenses over some time. It tells the story of a company’s profitability, demonstrating whether the company’s operations are bringing in more money than it’s spending.

The statement of cash flows, on the other hand, is like a company’s financial diary, documenting the tale of the company’s cash inflow and outflow. It’s a lens through which auditors see how a company is generating and spending its cash, breaking it down into activities like operating, investing, and financing.

Lastly, the statement of changes in equity. This is the tale of the company’s retained earnings, shareholder investments, and any dividends paid out. It’s like the company’s financial biography, narrating how its equity has evolved.

Together, these financial statements weave a comprehensive story of a company’s financial standing, performance, and cash management. It’s an auditors’ job to scrutinize these stories in depth, validating their truthfulness, and ensuring they abide by the established accounting principles. Each number, each figure, and each disclosure undergoes a thorough examination to confirm its accuracy and authenticity.

The process is detailed, diligent, and quite frankly, crucial. Because at the end of the day, it’s these audited financial statements that shape the company’s reputation, guide investors’ decisions, and influence the financial world’s trust in the company.

Financial Statement Review: The Complete Checklist

While there is variance across industries, the generic work steps of a typical financial statement review would include:

• For financial scoping, a determination of materiality in light of the financial review process is required. Any accounts identified over that benchmark individually would be considered. Additionally, the remaining accounts should be assessed in the aggregate to determine the appropriateness of coverage. Teams should confirm the remaining balance of accounts not tested is below the materiality threshold determined by the team.
• Reconciliation: Compare the sub-ledger balances received to the general ledger balance.
• Subledger analysis: Analyze all of the detailed transactions from the sub-ledger, and ensure the sum of all transactions agrees with the reconciliation. The sub-ledger should be at the lowest level of detail.
• Within the sampling of transactions, consider the coverage obtained from controls in place and the potential reduction of testing procedures based on control activities performed.
• Performance of account-specific procedures: Such as comparing transactions to the source invoice and confirming the completeness, accuracy, and validity of the transaction. 
• Errors identified should be analyzed and extrapolated to determine the impact on the organization.
• Remediation plans should be developed to remediate the current issue and to prevent it from happening again in the future.
• Hold conversations with the External Audit team to discuss findings, and be prepared to share documentation of testing procedures performed.
• Leverage Technology to Streamline the Process

Some of these steps can be reduced if control coverage is identified to be sufficient; for example, for a fully automated transaction type.

The Different Roles: Independent Auditors versus Internal and External Auditors

There are distinct roles for the characters each has a unique role when it comes to the financial audit – namely those of the independent auditors, internal auditors, and external auditors. While they all follow the script of GAAS, their roles in the narrative are diverse.

Independent auditors come from external entities, typically from reputable auditing firms, with no ties to the company they’re auditing. This gives them an impartial perspective, allowing them to assess the company’s financial statements with uncolored glasses. Independent auditors bring a fresh set of eyes, lending credibility and authenticity to the audit results.

Next are the internal auditors. These are the employees of the company, working tirelessly behind the scenes. Their prime focus is on the efficacy of internal control systems, which are crucial in maintaining financial accuracy and integrity. They’re like the company’s financial immune system, constantly monitoring and strengthening internal processes to prevent errors and fraud.

Last but not least, we have external auditors. Now, these aren’t to be confused with independent auditors. External auditors are also company insiders, but they’re engaged in a very specific mission. Their role is to conduct an audit of the company’s financial statements, primarily for regulatory bodies or stakeholders. They’re like the company’s financial press corps, communicating the company’s financial standing to the outside world with precision and clarity.

So, despite the apparent similarities in their names, the roles of independent, internal, and external auditors are nuanced and distinct. They’re different characters in the same play, working in harmony to bring the financial truth to light. Remember, in the grand narrative of a financial audit, each role is vital, and each character brings something unique to the audit. Together, they help craft a financial audit that is thorough, accurate, and credible.

Optimizing Financial Audits Using Technology

Performing a financial audit without technology can lead to breakdowns over version control, team communication, and comparisons to the prior year. For organizations performing financial audits not related to SOX, leveraging internal audit management software can help streamline the entire financial audit process and create automated workflows to promote efficiency and effectiveness throughout the end-to-end audit lifecycle. SOX-compliant organizations can easily link between controls testing and financial audit testing to identify efficiencies. 

Research performed over the last decade by global consulting firm Protiviti consistently reveals rising key control counts, increased hours spent on compliance, increased internal and external costs, and the continued inefficiency of manual processes specific to SOX. Organizations that have successfully implemented audit management software report time savings of 33% to 50% on administrative audit work performed during testing and documentation, time savings that can ultimately convert into more value-added projects for the business. 

This ongoing research points to one conclusion: the time has never been better to embrace SOX and audit automation software . First-rate audit management software can not only help strengthen internal controls but also seamlessly link together controls and substantive testing, which can reduce the amount of financial audit testing auditors need to perform to accomplish audit goals.

To learn how AuditBoard can help you streamline your financial audits and SOX audits, fill out the form below.

What are the three types of audits ?

There are three primary types of financial audits , these include, the external financial audit , the internal financial audit , and the IRS audit.

What is the purpose of a financial audit ?

The purpose of a financial audit is to ensure an organization’s financial statements are a fair and accurate representation of its financial transactions. The process involves reviewing the income statement , balance sheet , and cash flow statement .

What does the financial auditor look for?

A financial auditor looks for misrepresented information within the financial records and evaluates the effectiveness of internal controls over financial reporting . They perform substantive procedures to support audit assertions about the completeness, existence, disclosure , rights, or valuation of the financial statements , and aim to provide an auditor’s opinion on the financial condition and performance of the organization.

Brett Deemer began an extensive IT career in the United States Army, specializing in encrypted communications, and has spent the last 8 years performing security risk assessments, gap analysis, and enhancing compliance programs for businesses across multiple industries. Brett’s career is marked by a commitment to establishing and optimizing GRC frameworks, fostering a culture of compliance, and driving technological innovation. Connect with Brett on LinkedIn .

Related Articles

The Ultimate Survival Guide for Financial Audits

By Andy Marker | November 21, 2017 (updated July 27, 2021)

• Share on Facebook
• Share on LinkedIn

Link copied

Financial audits are not small affairs. As anyone in business can attest, money and its appropriate use can make or break your business. If you are a publicly traded firm, appropriate financial oversight can keep you out of prison. This is why financial audits are critical — and sometimes scary. This guide is a companion piece to “ Financial Statement Audits: How to Make Your Next Audit Your Best .” It will lead you through the concept of a financial audit by defining terms and the different types of audits (including integrated audits) along the way. Then, you will learn about the purpose of an audit and why it is necessary. Next, we discuss how auditors perform audits and learn about auditors themselves. In addition, you’ll discover how to read and understand an audit report and how to prepare for one while also saving time and money. Plus, find tips from industry experts and a free checklist to help you jumpstart your preparation.

What Is a Financial Audit?

A financial audit is the investigation of your business’ financial statements and accompanying documentation and processes, and is performed by someone who is independent of your organization. These often-annual events probe your company’s financial position: They look at your accounting records, internal control policies, and accounts in accordance with industry-accepted accounting standards. This process can look and feel as if someone is scrutinizing your sensitive files, searching for errors and misstatements. However, financial auditors use this process to assure your stakeholders (and any interested outsiders) of your company’s financial position. They give them reasonable assurance — not absolute assurance — and they give your company’s financial documentation more value. Other reasons to conduct an audit include to verify that you are in compliance with regulatory agencies, and to protect your company from the risk of fraudulent financial practices.

Independent financial auditors are people who are not on the payroll of your company and do not have a stake in your outcome. At the conclusion of an audit, they render their opinion on the integrity of your documentation. Financial auditors can perform an external or an internal audit for you, but they must not have a stake in your company.

While external audits assess financial risks and statements, internal audits go further and consider your business’ growth, impact to the environment, employee culture, and reputation. Internal auditors report to your board and senior management within your governance structure and, instead of just providing reasonable assurance to your stakeholders and outsiders, they offer ways to improve your company overall. Performing regular internal audits also shows the external auditors that your company has a means to improve your internal controls and thereby manage your organization effectively.

There are many different types of checklists available for financial audits. Whether you are an auditor, or you own a company and want to prepare for an audit, you can use a checklist to get ready. With membership to the American Institute of Certified Public Accountants (AICPA) , you’ll receive auditing checklists for everything from basic auditing to assessment of the risk of fraud. The United States Government Accountability Office (US GAO) also puts out checklists for federal auditing. Additionally, there are self-assessment checklists you can review prior to your audit, whether your business is public, private, or nonprofit.

What Is an Integrated Audit?

An integrated audit is one that combines the financial statement audit with an audit of your internal controls. In 2002, the U.S. Congress passed the Sarbanes-Oxley (SOX) Act. This Act required strict reforms by corporations to prevent accounting fraud. The act had substantial impact on the industry: Under it, senior management became responsible for certifying the accuracy of their financial statements as well as for instituting internal controls and reporting on those controls. This crackdown on corporate fraud also led to the creation of the Public Company Accounting Oversight Board (PCAOB), which provides guidance for integrated audits. Separately, the Securities and Exchange Commission (SEC) provides enforcement. The SOX Act also mandated that public companies undergo integrated audits. Furthermore, auditing professionals say that an integrated audit is incomplete unless it also reviews the company’s Information Systems (IS) processes. IS, financial, and operational controls are mutually dependent on each other in order to foster an environment of support and efficacy.

The PCAOB guide on performing integrated audits includes the following requirements:

• Audit Planning: In addition to the requirements laid out in the PCAOB’s Auditing Standard (AS) 2201.09, the auditor must plan a risk assessment. This risk assessment should focus on possible weaknesses in your company’s internal controls that can affect financial reporting.
• Entity-Level Controls: Entity refers to your whole company. Entity-level controls refer to the processes that help ensure that you carry out your company-wide management directives effectively. Your auditor will examine these entity-level controls, and this examination determines the amount of testing they will have to do on other controls. If you have very strong, monitored control activities that your management is unable to override, your auditor may decrease controls testing in other areas.
• Top-Down Approach: Auditors audit in a specific order, going from a review of overall risks to the controls over financial reporting. Then, they go to entity-level controls and on to significant accounts and disclosures. This process is top-down because it begins with the highest-level picture in order to determine the controls to test.
• Controls Testing: During an integrated audit, your auditor tests the design of your controls as well as their operational effectiveness. This testing is where your auditors spend the majority of their time while they are auditing your business.
• Reporting: Your auditor will form an opinion on whether your internal controls over your financial reporting are effective. According to the Auditing Standards requirement, the report wording must be highly specific. These reports must also be uniform, regardless of the individual needs of each audit.

The SOX Act requires integrated audits of larger, publicly held companies. The Act does not require smaller public or private companies to have an integrated audit — in general, these institutions only need audits of their financial statements. A small public company or a private company may want to have an integrated audit performed when they are preparing for sale. The auditor’s verification of a strong system of controls can improve the sales price of the company.

Outside of integrated audits, audit types focus on single processes. We have already discussed information systems auditing; other unique audits include operational and compliance audits. Operational audits focus specifically on the business processes. Some of these processes affect the finances, and some do not. An internal audit should address these operational processes as well as the accounting procedures that affect them and are affected by them. Your auditors should be able to identify implementation issues and recommend remedial actions for improvement. Compliance audits deal specifically with the level of compliance with internal policies or external regulatory requirements.

What Is the Purpose of an Audit?

Your auditor aims to give you an objective appraisal of your company’s financial situation based upon its documentation. An audit also provides proof that your documents accurately represent your situation (your auditor’s final report serves as this proof). Moreover, your auditor is there to improve your processes by providing suggestions and pointing out any inconsistencies.

The Big Four, the largest professional services networks in the world, specialize in auditing globally. Although these are certainly not the only firms that you may retain to perform your audit, they possess longstanding esteem in the finance profession. Together, these four professional service networks currently account for the majority of public-company audits as well as for those of a large number of private firms. The Big Four are KPMG, Deloitte Touche Tohmatsu, PricewaterhouseCoopers, and Ernst & Young. They are networks (and not discrete firms) because of the way they are structured: They are independently owned and operated, but each functions under the umbrella of their respective “parent” firm. Under this parent firm, each of these networks shares branding, name, and quality standards for their services. These services include auditing, assurance, tax law, consultation, actuarial services, legal services, and corporate financial advice.

With documentation dating from 1314, England boasts the earliest recorded financial audit. In the United States, the Industrial Revolution forced the widespread adoption of financial auditing. The railroad industry, in an effort to control costs and operating ratios, became an auditing pioneer. After the 1929 stock market crash, auditing became obligatory for companies that wanted to participate in the stock market. Investors came to rely on the financial reports that auditors produced as a part of an overall audit. In 1934, Congress commissioned the SEC as the regulatory agency for auditing requirements and standards.

Why Is Auditing Necessary?

Financial auditing was not only necessary for the oversight of companies traded on the stock market, but was also used as a mechanism for fraud detection and finance accountability. However, in those early days of the SEC, company managers produced audit reports. Independent auditors did not conduct the audits. Companies implemented significant changes in auditing procedures only after intensely adverse business events occurred. For example, physical inspection of inventory became mandatory only after the treasurer of McKesson & Robbins (a pharmaceutical concern) discovered that the company was a front for an illegal bootlegging operation. This scandal also precipitated another mandate: The SEC now required public companies to appoint external audit committees.

Experts in the financial industry say that the future of auditing will bring even more regulatory control in order to stay consistent with the traditional requirement. Given the last few years of potent technological advancement, especially in the realm of automation and outsourcing, the trend toward more regulatory control is significant. Experts cite the possible need for changes to audit timing and frequency. They also say that auditors may need more education on technology and analytical methods. If this proves to be the case, cross-discipline auditing may become necessary. Sampling may become obsolete as auditors become able and necessary to complete full audits. And, the industry may have to revisit the concepts of materiality and independence. Materiality assigns a cut-off point to transactions it considers insignificant. Independence concerns the question of the auditor’s independence (i.e., whether or not they have a financial interest in the business they are auditing).

You need an audit if you are a publicly held company or see a public offering in your future. You will need auditing documentation for the year that your company has its initial public offering (IPO) as well as for all subsequent years. If you accept funding from the federal or state government, you may need an audit. Some banks will also require an audit if they give you a particularly large loan or if they consider you high risk. Finally, you may want an audit because it can mean the difference between being approved or rejected for a loan and getting a low or high interest rate.

How Is an Audit Done?

You can break down audits into three main phases: prep, fieldwork, and reporting. Each phase can be further broken down as well. For the prep work phase, there are eight main steps:

• Receipt of Assignment: This step tells your auditor if they have to perform an audit of your financial statements or if they must complete a more comprehensive performance audit or compliance audit. They may begin with a very vague assignment, but as auditing experts, they will be able to quickly identify the job’s pertinent objectives.
• Research the Audit Subject: The AICPA puts out Statements on Auditing Standards (SAS). These publications give guidance to external auditors. The U.S. GAO also releases their Yellow Book, which are standards for auditing government agencies. Both types of publications are specific about the questions auditors should ask their subjects prior to conducting the risk assessment. These include understanding such things as the industry, the regulations, the nature of the entity, the entity’s objectives and strategies, the method the entity employs to measure and review financial performance, and the entity’s internal controls. If possible, many auditors stick to the same as last year (SALY) philosophy to save time during this phase. This means that they perform the audit in an identical manner as the previous year. However, many auditors do not agree with this approach because they feel that it’s lazy.
• Determine Audit Criteria: This is the benchmark for the audit. Auditors conduct financial audits and check them against the Generally Accepted Auditing Standards (GAAS), published by the Financial Accounting Standards Board (FASB). For audits that go beyond the finances, the client and auditor must agree on the benchmark prior to the audit.
• Perform the Risk Assessment: There are two parts to a risk assessment: breaking the audit into chunks and assessing the risk of each chunk. The SASs already break up financial statement audits into pieces. For other types of audits, the auditors may need to get creative when breaking apart the risk categories. There is an audit risk calculation that the auditor then applies to each piece: Audit Risk = (Detection Risk) x (Inherent Risk) x (Control Risk). This formula determines the likelihood of inaccurate findings as well as undetected material misstatements. The only portion of this formula that the auditor can control is the detection risk.
• Confirm Audit Objectives: At this point, the auditor has already assessed the risks and they can confirm what the audit objective(s) are. For example, in the case of a financial audit, the auditor can add specific objectives (sub-objectives), such as a review of the cash receipts.
• Choose Audit Method: From the audit objectives, the methods for making conclusive determinations should flow naturally. The auditor will link each objective to a methodology so that there is strong evidence to back up their findings. Examples of methodologies include sampling, observations, interviews, and fluctuation analyses.
• Link the Method to Cost: Once the auditor has decided on the methods, the auditor will budget out the cost so that the business has an idea of the overall cost for the audit.
• Confirm the Audit Plan: Your auditor’s last step prior to their fieldwork is to confirm their plan with your business. Once your business confirms the plan and is comfortable with the number of hours that correlate to the methodology and costs, the on-site process can start.

The second main phase of your audit is the fieldwork. This is when your auditor or audit team is on-site at your office. They start by formalizing the audit program with your workforce, laying out their plan, and being introduced to staff members who will assist them by gathering and explaining documentation and processes. The following are examples of steps that your auditor may perform during your audit (the order depends on your auditor’s plan and necessity):

• Review the information systems
• Look at record-keeping policies
• Review the accounting system
• Review internal controls policies
• Compare the internal records
• Review the tax returns
• Perform tests of controls and the substantive test

Your auditor documents the results of each of these activities in their working papers. After they have completed their onsite reviews and tests, the auditor perform a comprehensive review of the working papers. Now, they can move to the reporting phase of the process. This last phase of reporting is when your auditor gets to write up their findings on your company. They may come back and confer with you or staff members prior to concluding and finalizing their report. This report gives you their conclusion on how your company adheres to accounting standards or the agreed-upon benchmarks.

What Is a Financial Auditor and What Is Their Report?

Equally important in this whole process is your auditor. The AICPA is very specific about the responsibilities and the functions of an independent auditor . Although there is some room for creativity in auditing practice, your auditor has a heavy responsibility not only to perform the audit based on their experience and best judgment, but also to act as a representative of their entire profession. They are required to perform the audit in accordance with standard auditing practices. It is your management’s responsibility to have sound accounting principles and internal controls, and to present them as such. However, if there are issues, it is your auditor’s responsibility to find and report them. Your auditor is bound by a code, and as such, that code may be enforced if they do not perform accordingly.

This can become a sticky problem when you have an auditor who is under pressure from the company that is funding their audit. On the one hand, the company being audited is paying the auditor for their needed service, and the auditor needs to support their own business. On the other hand, the company under audit may exert pressure by not hiring a particular auditor or firm or by withholding auditing fees in the case of an unfavorable outcome. Even subtle disfavor can harm the auditor personally. A scenario such as this can become an ethical dilemma for an auditor because as gatekeepers, they have a substantial responsibility. Experts suggest better incentive systems and policy reform for auditors overall, especially those faced with economic ethical dilemmas. It does save a company money when they retain the same auditing services annually. Although an audit takes a set amount of time, an auditor may become familiar with a company so that they can save time during the overall process.

The independent auditing service requirement, as enforced by the SEC, is that the auditor has no conflict of interest with the companies they audit. Additionally, they must not be in the position where they are auditing their own work, may become employed (separately) by the firm they audit, or where they will become an advocate for the company. They may not provide additional services, such as bookkeeping, financial information system design or implementation, actuarial services, brokering services, legal services, or valuation services. If a company seeks to hire a former employee to perform an audit, that auditor must refrain from doing so for a one-year period following his initial employment with said company. The audit committee must also assess any direct or material relationships the auditor has with the company in order to determine if those relationships conflict with independence.

In order to be an auditor, there are academic, professional, and personal requirements. The minimum educational requirement is a bachelor’s degree, but many employers prefer a master’s degree with a focus on finance or accounting. In order to audit public companies, an auditor must have the Certified Public Accountant’s (CPA) credential. They must stay current with the principles, theory, practice, and laws in accounting. They should also have integrity and tact when dealing with companies and a methodical practice. Many companies list personality traits, such as assertiveness and punctuality, that they want their auditors to possess. Nevertheless, selecting an auditor is ultimately about deciding whether you can entrust someone with the responsibility to perform their job and maintain your confidentiality. You must be able to rely on this person. The job descriptions for auditors are often interchangeable with those for accountants. Still, auditors perform more detailed work when it comes to finding fraud or errors in financial documentation.

In a job description, a financial auditor evaluates companies’ financial statements, documentation, accounting entries, and data. They may gather information from the company’s reporting systems, balance sheets, tax returns, control systems, income documents, invoices, billing procedures, and account balances. Then they conduct a comprehensive review of all this information in a fair, accurate manner to ensure there are no major errors or fraud. They must deal with different levels of management throughout different departments in pursuing data and information. They do this in order to gain an understanding of how the business operates, as well as of the company’s purpose and its reporting systems.

The national average salary for a financial auditor in 2017 was about $60,000. Different locations and firms adjust this figure, however, based on education, experience, expertise, and clientele. There are several types of auditors: These include internal auditors, government auditors, and independent auditors. Internal auditors and government auditors work in house. They can foresee and head off an organization’s major problems early. Internal auditors may not conduct independent audits, but they are valuable because of their capacity to advise on regular activities and systems. Government auditors are specific to federal or state agencies. Federal auditors work for the U.S. GAO and report to Congress.

An audit report is the final document that wraps up the audit. It is your written auditor opinion prepared in the standard format delineated by GAAS. Auditors write reports for users of the company’s financial statements. If your company is public, you include these reports when filing with the SEC.

How to Read and Understand a Financial Audit Report

An audit report gives you an independent opinion on your company’s financial statements, and can help you make better economic decisions. Even though the report’s findings are based on persuasive (rather than conclusive) evidence, they still give you a fair estimate of a company’s financial position. In a financial audit by a CPA, the findings can be one of the following: an unqualified approval, a qualified approval, a disclaimer of opinion, or an adverse finding. The best result is an unqualified approval. The worst result is an adverse finding. Below, you’ll find descriptions of the four types of findings:

• Unqualified Approval: This is essentially a clean bill of health for a company. It means that the auditor detected no internal control breakdowns during the audit.
• Qualified Approval: This finding indicates that your auditor has encountered one of two scenarios: a single deviation from GAAP or scope limitation. The single deviation is one that breaks one of the GAAP rules. An example of a scope limitation is when your auditor cannot perform a test due to a dysfunctional system. Your auditor will explain the reasons for this type of qualification. In the case of a qualified approval, it is up to the reader of the report to decide if the identified problem affects the usefulness of the financial statements.
• Disclaimer of Opinion: This type of audit report occurs when your auditor does not lay down any sort of opinion about the financial position of your company. Your CPA will state that they cannot provide an audit-related opinion or statement because of the limitation of the examinations they conducted.
• Adverse Finding: An auditor issues this opinion when they determine that a company’s financial statements are materially misstated, should not be relied upon, and do not conform to GAAP when considered as a whole. This type of finding is a red flag for investors and can negatively affect business stock prices. The SEC does not allow publicly held businesses to trade their securities when auditors deliver adverse opinions.

Experts in reading audit reports recommend paying special attention to the introductory paragraphs, especially those concerned with management and auditor responsibilities, scope, and opinion. If you read and become familiar with audit reports, you will see that although each company is different, the reports are homogeneous and provide an excellent way to learn about a company.

How to Prepare for a Financial Audit

It is normal to be nervous about an impending company audit. They be expensive and make you unsure about what your auditor will find. However, if you plan ahead of time, you can save money and assure that your auditor’s findings are only helpful.

As you’ve read in earlier sections of this guide, your auditor is looking for inconsistencies that could lead to financial inaccuracies. In their arsenal, your auditor has many different types of analytic procedures, though if they do not understand something, they will investigate and ask you or your staff questions. They will also ask for supporting documents to make sure you have recorded your financial information accurately. They will review your operational procedures and may review your information security to ensure that the data they are seeing is reliable.

To keep hours and costs down, there are steps you can take, including the following:

• Implement Good Practices Year Round: If you put good processes in place, you can save time and money. Reconcile your information on a monthly or quarterly basis so errors do not compound. Regularly document your expenses and revenue during the year, and designate a place to store them so you do not have to struggle to find things.
• Review Your Own Financial Information: Experts recommend reviewing your own financial information. This may be difficult if your company is very large, but if you are a business owner, your financials should make sense to you. If they do not, your auditors may also struggle to understand them, which adds more time to their investigation. Further, if you understand your situation, you are able to explain it to your auditor upfront.
• Get Your Paperwork Together: During the preparation phase of your audit, your auditor will request a list of documents and schedules. You or your accountant should be able to generate or gather this documentation. It is best to turn in this information by the auditor’s deadline, so they do not have to spend extra time and money tracking it down. Prior to sending information to your auditor, ask them what type of file they prefer to work with. Find a free checklist here that can get you started.  

Download Financial Audit Preparation Checklist

Now, our experts weigh in with their opinions on how you can get ready for your audit.

Robert Campbell, Financial Analyst at Withum , says, “I work for the accounting firm of WithumSmith+Brown, PC, and I conduct the initial risk assessment and setup for the audit of some of our clients. My particular expertise is getting into the transaction level of the business to know common practices and good internal controls and judge where problems might be. As for the CFO counterparts of my clients, they need to prepare to walk me through the transactions that occur and give me access to the people who do them, so I can make sure that what management thinks happens actually does. Then, when planning the audit, I will assign the risk of categories of transactions and accounts that I’ll instruct the auditors to either do analytics for or actually review. For the CFO, the fewer questions or concerns I have during the risk assessment, the more limited the scope (and, thus, the cost and time expense) of the audit.”

CPA and realtor Robert Riordan says, “I am a CPA in South Carolina and do a lot financial audits for licenses and banks. I have to follow the guidelines of our state and national organizations. Depending on what the client wants me to look at, preparing an audit requires varying levels of detail. A detailed audit would require me to look at all the accounts in the balance sheet to see if they are proper. This means going to the place of business, looking at the accounts and transactions, and determining what makes the amounts up. The income statement has to look about the same. I may find something interesting when I look at the major accounts or some smaller ones.

“I have to sign my name to the report. If it is an IRS audit, then you have to have everything in order. Most of the time, the experience is not that bad. People that you are working for will help you. When you deliver the report to an entity, they might call you back to clarify something. You can at times get someone difficult, but just deal with it.

“If you need a financial audit, help the person preparing the reports with updated financial information and great supporting information. Be prepared to adjust when the person making the financial statements asks for more information. Do not get upset…unless you are trying to hide something.”

Glossary of Financial Auditing Terms

The following are some terms that you may come across during your audit or while you are prepping for your audit. Understanding these terms can help you on your audit path:

• Budgeted Financial Statements: These documents are usually the summary-level income statements and balance sheets. These statements are different from a budget. A budget is used to estimate and project future revenue and expenses based on the current ones. Financial statements show actual numbers developed using GAAP. Budgets may be internal and developed by best practices.
• Transactions Documents: These documents can be any that are relevant to your accounts or financial information. They can be bills, bank statements, notices, insurance policies, or receipts.
• Revenue and Sales Costs: Sales make up one component of revenue: They are proceeds from your provision of goods and/or services. Revenue is the total amount of money that you take in during a period. Sales costs are the expenses directly related to these goods or services, such as the raw materials or the salaries of the service-providers.
• Expense Approvals: Your company develops a process to reimburse employees for work-related expenses. For example, they could regularly take clients to dinner for discussion of contracts or sales. As representatives of your company who perform work functions, these employees should be reimbursed. You must have a system to review and approve these expenses prior to their payment.
• Trial Balance: In double-entry accounting, this is an internal report that your accountant will develop to ensure there are no mathematical errors. The trial balance represents all the debits and credits to the account.
• Separation of Duties: Also known as segregation of duties, this risk management technique ensures another layer of oversight by separating or segregating the critical functions among more than one person or department.
• Major Contracts: During your audit, you may hear about your major contracts, and there may be a requirement for any major contracts to each have their own accounting system. If a contract is large enough, you may want to manage its financial information separately.
• Bylaws and Meeting Minutes: These records specify the timing, locations, and events of the shareholders’ meetings. It is important to document this information in order to keep track of your business financial oversight and the responsible parties.

Improve Your Financial Audits with a Real-Time Audit Checklist in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

• Accounting Audit Process: A Step-by...

Accounting Audit Process: A Step-by-Step Guide

Table of Content

Key takeaways.

• Learn about the importance of internal and external audits for accounting processes
• Get a ready-to-use checklist for conducting an internal audit
• Know how HighRadius helps accounting teams be audit-ready, always

Introduction

Auditors – external or internal – are the referees of our financial system. They play an essential role in ensuring that an organization adheres to global accounting standards and prevents fraudulent activities. While the accounting process helps present the company’s financial position, audits help ensure the financial reports are accurate and compliant for the company’s clients, customers, shareholders, and other stakeholders.

What is an Accounting Audit & Why is it Important?

An accounting audit is an examination of the organization’s financial information which is conducted by an independent auditor with the aim to ensure that the information is represented fairly and accurately and in accordance with accounting standards.

Accounting audits play an important role in achieving transparency in business operations and increasing investors’ confidence in the business’ growth. 

Here are 10 major goals of an accounting audit:

• To achieve transparency in business operations and drive accountability
• To develop a practice of having an audit trail for each transaction
• To have an independent and fair opinion on how the business works and delivers results
• To ascertain the quality of financial statements
• To deliver 360 feedback on the business process operations
• To attract new and potential investors or stakeholders for the business
• To ensure compliance with tax laws, regulations, and all applicable accounting standards like International Financial Reporting Standards (IFRS) and Generally Accepted Accounting Principles (GAAP)
• To provide assurance to stakeholders that the financial statements are reliable
• To identify areas for improvement in the company’s financial reporting and internal controls
• To detect and prevent fraud and other financial irregularities

Different Types of Accounting Audit

Every organization goes through two kinds of accounting audits – internal audits and external audits.

Step-By-Step Accounting Audit Process

The external accounting audit process differs based on the size of the organization, the complexity of the audit, and any specific requirements or regulations applicable to the industry or jurisdiction. Here are 6 common steps that are followed globally for external audits:

Planning and Goal-Setting

After engaging an external auditor, the organization sits with them to discuss the level of engagement, process, and objectives of the auditing process. They also set a timeline for the audit so that the organization can prepare by conducting an internal audit.

Requesting for financial information

After the audit plan gets a go-ahead, the auditor draws up a list of financial documents that he needs to conduct the audit. The audit may ask for documents like previous audited reports, bank statements, ledgers, receipts, board meeting minutes, organizational charts, etc. These documents help the auditor gain an overview of the organization’s overall business operations.

Performing audit and on-site examination

Once the auditor receives all required documents, he starts executing the planned audit procedures, which may include examining financial records, conducting interviews, testing internal controls, and verifying transactions. The purpose is to gather evidence to support the auditor’s opinion on the financial statements.

He examines data samples in the transaction records for anomalies. This is a test of how well the organization’s internal controls are working.

Analyzing the findings and preparing an audit report

Based on his examination, the auditor drafts a report where he mentions instances of any proof of fraud, financial mismanagement, corrected reports, wrong processes or accounting policies, etc. he found during the audit. If he has any suggestions for improving the internal controls of the organization, he includes them in this report.

7 Step Accounting Audit Checklist

To perform an internal accounting audit, your team can follow these steps and ensure that your organization is ready for an external audit.

• Clearly define the focus of the audit and establish the questions you want the audit to answer
• Put together an audit team with the necessary skills and knowledge to conduct the audit effectively
• Create a list of all the documents, processes, and other variables you’ll need to review
• Collect information via research, employee interviews, and other methods
• Evaluate the organization’s system of internal controls to assess the risk levels of different functional areas
• Analyze the evidence collected during the audit procedures and evaluate its impact on the organization’s operations
• Prepare an audit report that summarizes the findings and conclusions of the audit

How HighRadius Helps You Improve Accounting Audit & Compliance

HighRadius’ AI-powered accounting software helps accounting teams achieve day zero month-end close, up to 90% reconciliation accuracy, and real-time anomaly detection and resolution .

It also enables accountants to show their work by adding attachments that are tagged to the financial close, account reconciliation , and anomaly tasks they are working on.

Task logs create an audit trail that shows all the changes made to each task in chronological order along with details of the user account (accountant) from where the changes were made.

With HighRadius, your accounting team can be audit-ready , anytime and focus on high-priority tasks rather than spending time on preparing for audits.

1. What are the 4 common phases in an accounting audit process?

A typical external or internal audit has four stages – planning, fieldwork, reporting, and follow-up. The accounting audit process is designed to ensure that the financial statements are examined thoroughly and accurately, providing stakeholders with confidence in the reliability of the financial information.

2. What are the 4 C’s of auditing?

The four C’s of internal audit are Compliance, Cybersecurity, Competitiveness, and Culture. Although, it’s important to note that these sets of 4 C’s are not universally defined or standardized.

3. What are the three key areas of auditing?

Financial statements, internal controls, and compliance are three areas of auditing. It’s important to note that the areas of focus in an audit can vary depending on the nature of the audit, industry-specific requirements, and the organization’s objectives.

4. What are basic audit principles?

Confidentiality, integrity, objectivity, independence, and competence are the basic principles that auditors must follow when conducting examinations. These principles help ensure that the audit is conducted efficiently, effectively, and with integrity.

Related Resources

Surcharge Fee: What Is It & How to Implement Them?

Account Receivable Reconciliation (And How Automation Can Improve It)

3 Use Cases of AI in Finance for Mid-Market Companies

Streamline your order-to-cash operations with highradius.

Automate invoicing, collections, deduction, and credit risk management with our AI-powered AR suite and experience enhanced cash flow and lower DSO & bad debt

Please fill in the details below

Get the hottest Accounts Receivable stories

Delivered straight to your inbox.

• Order To Cash
• Collections Management
• Cash Application Management
• Deductions Management
• Credit Management
• Electronic Invoicing
• B2B Payments
• Payment Gateway
• Surcharge Management
• Interchange Fee Optimizer
• Payment Gateway For SAP
• Record To Report
• Financial Close Management
• Account Reconciliation
• Anomaly Management
• Accounts Payable Automation
• Treasury & Risk
• Cash Management
• Cash Forecasting
• Treasury Payments
• Learn & Transform
• Whitepapers
• Courses & Certifications
• Why Choose Us
• Data Sheets
• Case Studies
• Analyst Reports
• Integration Capabilities
• Partner Ecosystem
• Speed to Value
• Company Overview
• Leadership Team
• Upcoming Events
• Schedule a Demo
• Privacy Policy

HighRadius Corporation 2107 CityWest Blvd, Suite 1100, Houston, TX 77042

We have seen financial services costs decline by $2.5M while the volume, quality, and productivity increase.

Colleen Zdrojewski

Trusted By 800+ Global Businesses

DataSnipper Reaches $1B Valuation with $100M Funding

From planning to reporting: exploring the phases of the audit process.

The audit process is a crucial component of any business. It provides assurance that financial statements are accurate and reliable, helping to build trust among stakeholders. In this article, we will take an in-depth look at the different phases of the audit process, from planning to reporting, and explore the key tasks involved in each phase.

Understanding the Audit Process

Before delving into the specific phases of the audit process , it's essential to understand the overall concept of auditing. Auditing is a systematic examination of an organization's financial statements and records, conducted by independent professionals known as auditors. This process involves assessing the fairness and accuracy of financial information, identifying any potential fraud or errors, and ensuring compliance with applicable laws and regulations.

Auditing serves as a critical function in business, providing credibility to financial information and enhancing the accountability of corporate entities. It involves a comprehensive review of financial records, internal controls, and management practices, with the aim of providing an opinion on the accuracy of financial reporting. The audit process follows a systematic approach and is governed by a set of generally accepted auditing standards (GAAS), ensuring consistency and reliability.

When conducting an audit, auditors perform several key procedures to gain a thorough understanding of the organization's financial health. These procedures include analyzing financial statements, testing internal controls, sampling transactions, and verifying the existence and valuation of assets and liabilities. By conducting these procedures, auditors are able to assess the organization's financial position and provide an independent opinion on the fairness of the financial statements.

Importance of Auditing in Business

Auditing plays a vital role in business by providing numerous benefits. Firstly, it enhances the confidence of external stakeholders, such as investors, creditors, and regulators, by providing an independent assessment of financial statements. This, in turn, facilitates investment decisions and promotes market efficiency.

Furthermore, audits help in identifying areas of improvement, enabling organizations to address weaknesses in their financial reporting processes and internal controls. By highlighting areas for improvement, audits contribute to the overall efficiency and effectiveness of an organization's operations.

Audits also serve as a deterrent to fraud and misconduct. The presence of auditors reviewing financial records and internal controls acts as a strong deterrent to fraudulent activities, promoting ethical behavior and protecting the interests of shareholders.

In addition to these benefits, audits also provide valuable feedback to management. Through the audit process, management receives insights into the organization's financial health, internal controls, and compliance with laws and regulations. This feedback helps management make informed decisions and improve the overall governance and risk management of the organization.

The Initial Phase: Audit Planning

The audit process begins with detailed planning. During this phase, auditors gather relevant information, set objectives, and develop an audit strategy to guide their work. It involves a careful assessment of the organization's operations, risks, and controls, ensuring that the audit is conducted efficiently and effectively.

Identifying the Scope of Audit

One of the key tasks in audit planning is to determine the scope of the audit. This involves identifying the specific areas to be audited, such as financial statements, internal controls, or compliance with laws and regulations. The scope is typically based on the auditor's understanding of the organization, its industry, and specific risks and issues that need to be addressed.

Risk Assessment in Audit Planning

Risk assessment is a critical component of audit planning. It involves identifying and evaluating the risks that may impact the organization's financial statements. Auditors use various techniques, such as interviews, inquiries, and analytical procedures, to gain an understanding of the entity's risk profile. This information helps them to plan the audit procedures and allocate resources effectively.

Developing an Audit Strategy

Based on the scope and risk assessment, auditors develop an audit strategy tailored to the organization's specific needs. The strategy outlines the approach to be taken, the audit procedures to be performed, and the resources required. It serves as a roadmap for the audit, ensuring that the work is conducted in a systematic and efficient manner.

The Execution Phase: Conducting the Audit

Once the planning phase is complete, auditors move on to the execution phase, where they gather evidence, test internal controls, and perform substantive procedures to validate the accuracy of the financial statements.

• Check out DataSnipper's Financial Statement Suite for next-gen "tick and tie".

Gathering and Analyzing EvidenceN

The gathering and analysis of evidence are crucial steps in the audit process. Auditors use various techniques, such as examination of documents, observation, and confirmation with third parties, to obtain the necessary evidence to support their conclusions. The evidence is then analyzed to determine whether the financial statements are free from material misstatements.

Testing Internal Controls

A significant aspect of the audit process is testing the effectiveness of internal controls. Internal controls are the policies and procedures established by management to ensure the reliability of financial reporting. Auditors evaluate the design and implementation of these controls to determine their effectiveness in preventing or detecting errors or fraud. This analysis helps auditors assess the level of risk associated with the financial statements and guides the selection of appropriate audit procedures.

• Use DataSnipper to assist in documenting Test of Controls related to the purchases cycle by creating cross references between evidence and your testing workbook.

Audit Sampling Techniques

Due to the volume of transactions and the limited resources available, auditors often use sampling techniques to gather evidence. Sampling involves selecting a representative portion of the population for examination. Various sampling methods, such as statistical sampling or judgmental sampling, can be employed depending on the circumstances. Auditors carefully design their sampling plans to ensure that they obtain reliable and meaningful results.

The Final Phase: Audit Reporting

The last phase of the audit process involves finalizing the audit report and communicating the findings to the organization's management and stakeholders.

Preparing the Audit Report

The audit report is perhaps the most critical deliverable of the audit process. It provides an independent opinion on the fairness and accuracy of the financial statements. The report typically includes an introductory paragraph, a description of the scope and objectives of the audit, a summary of findings, and the auditor's opinion. The format and content of the report are governed by auditing standards and must adhere to certain reporting requirements.

Communicating Audit Findings

Once the audit report is finalized, auditors communicate their findings to the organization's management and relevant stakeholders. The communication may include a discussion of significant issues identified, recommendations for improvement, and any other matters of importance. This step ensures that the impact of the audit is fully understood and that appropriate actions are taken to address any identified deficiencies.

Follow-up and Actions Post-Audit

After the audit is completed, organizations typically take steps to address any deficiencies or issues identified during the audit process. These steps may include implementing new controls, modifying existing processes, or improving reporting practices. The follow-up actions help strengthen the organization's financial reporting and internal control mechanisms, ensuring continuous improvement and accountability.

In conclusion, the audit process is a comprehensive and systematic examination of an organization's financial statements and records. From the initial planning phase to the final reporting phase, auditors follow a structured approach to ensure the accuracy, reliability, and compliance of financial information. Understanding the different phases of the audit process helps organizations and stakeholders appreciate the importance of auditing in building trust, enhancing transparency, and promoting sound business practices.

What are the 4 phases of the audit process?

Planning, execution, reporting, and follow-up. Auditors plan the scope and objectives, collect evidence during execution, summarize findings in a report, and monitor implementation of recommendations in the follow-up phase.

Intelligent Automation Platform

Discover how DataSnipper can dramatically improve your team's audit process

Become a DataSnipper Expert

• Search Search Please fill out this field.
• Corporate Finance

Audit: What It Means in Finance and Accounting, and 3 Main Types

Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.

What Is an Audit?

The term audit usually refers to the financial audit or review of financial statements. A financial audit is an objective examination and evaluation of the financial statements of an organization to make sure that the financial records are a fair and accurate representation of the transactions they claim to represent. The audit can be conducted internally by employees of the organization or externally by an outside certified public accountant (CPA) firm.

Key Takeaways

• There are three main types of audits: external audits, internal audits, and Internal Revenue Service audits.
• External audits are commonly performed by Certified Public Accounting firms and result in an auditor's opinion which is included in the audit report.
• An unqualified, or clean, audit opinion means that the auditor has not identified any material misstatement as a result of his or her review of the financial statements.
• External audits can include a review of both financial statements and a company's internal controls.
• Internal audits serve as a managerial tool to make improvements to processes and internal controls.

Investopedia / Daniel Fishel

Understanding Audits

An audit is the review or inspection of a company or individual's accounts by an independent body. Auditors may be hired internally by the company or work for an external third-party firm. Almost all companies receive a yearly audit of their financial statements. This includes the review of statements like the income statement , balance sheet , and cash flow statement .

Lenders often require the results of an external audit annually as part of their debt covenants. For some companies, audits are a legal requirement due to the compelling incentives to intentionally misstate financial information in an attempt to commit fraud. As a result of the Sarbanes-Oxley Act (SOX) of 2002, publicly traded companies must also receive an evaluation of the effectiveness of their internal controls .

Standards for external audits performed in the United States, called the generally accepted auditing standards (GAAS) , are set out by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) .

Additional rules for the audits of publicly traded companies are made by the Public Company Accounting Oversight Board (PCAOB) , which was established as a result of SOX in 2002. A separate set of international standards, which are called the International Standards on Auditing, was set up by the International Auditing and Assurance Standards Board.

Importance of Audits

Audits are a necessary and important part of the financial world. That's because a company's financial health and well-being can't be upheld without proper accounting. Routine audits ensure that companies are following reporting standards and, more importantly, that they are being truthful and honest about their financial position. Audits are particularly important for shareholders and lenders as well as consumers and suppliers.

The process of auditing also helps companies in other ways, including:

• Finding inefficiencies
• Improving production and operations
• Meeting compliance requirements
• Establishing procedures for monitoring
• Fraud prevention

Types of Audits

Audits can involve financial accounts of companies or individuals. They can be conducted by external or internal auditors, and may also be completed by taxation agencies like the Internal Revenue Service (IRS) .

External Audits

Unqualified audits performed by outside parties can be extremely helpful in removing any bias in reviewing the state of a company's financials. Financial audits seek to identify if there are any material misstatements in the financial statements.

An unqualified, or clean, auditor's opinion provides financial statement users with confidence that the financials are both accurate and complete. External audits, therefore, allow stakeholders to make better, more informed decisions related to the company being audited.

External auditors follow a set of standards that are different from those of the company or organization hiring them to do the work. When audits are performed by third parties, the resulting auditor's opinion expressed on items being audited (a company's financials, internal controls, or a system) can be candid and honest without affecting daily work relationships within the company.

Internal Audits

Internal auditors are employed by the company or organization for whom they are performing an audit, and the resulting audit report is given directly to management and the board of directors.

Consultant auditors, while not employed internally, use the standards of the company they are auditing as opposed to a separate set of standards. Internal auditors are used when an organization doesn’t have the in-house resources to audit certain parts of its own operations.

The results of the internal audit are used to make managerial changes and improvements to internal controls. The purpose of an internal audit is to ensure compliance with laws and regulations and to help maintain accurate and timely financial reporting and data collection.

Ongoing audits also provide benefits to management by identifying flaws in internal control or financial reporting prior to its review by external auditors.

The biggest difference between an internal and external audit is the concept of independence of the external auditor.

Internal Revenue Service (IRS) Audits

The IRS routinely performs audits to verify the accuracy of a taxpayer’s return and specific transactions. When the IRS audits a person or company, it usually carries a negative connotation and is seen as evidence of some type of wrongdoing by the taxpayer . However, being selected for an audit is not necessarily indicative of any wrongdoing.

IRS audit selection is usually made by random statistical formulas that analyze a taxpayer's return and compare it to similar returns. A taxpayer may also be selected for an audit if they have any dealings with another person or company who was found to have tax errors on their audit.

There are three possible IRS audit outcomes available:

• No change to the tax return
• A change that is accepted by the taxpayer
• A change with which the taxpayer disagrees

If the change is accepted, the taxpayer may owe additional taxes or penalties. If the taxpayer disagrees, there is a process to follow that may include mediation or an appeal.

What's the Purpose of an Audit?

Audits are generally meant to ensure that businesses and individuals are being honest and accurate about their financial positions. But, the purpose of an audit depends entirely on the type of review in question.

For instance, corporations are routinely audited to ensure they are compliant and are following accounting standards. Audits also ensure that businesses are representing their financial well-being accurately.

Tax agencies conduct routine audits at random or may do so if someone's tax return is flagged. Things that may trigger an audit include specific tax credits and deductions, or certain types of income.

Are Audits a Bad Thing?

The term audit conjures up negative feelings for a lot of people because they're usually associated with tax agencies that want to review tax returns. People often believe they'll be responsible for a hefty tax bill after an audit.

Being audited isn't necessarily a bad thing. Most agencies just want to ensure that you're following the law and taking tax credits and deductions that you're entitled to claim.

In the corporate world, audits help companies remain compliant by reviewing financial statements to ensure that they accurately represent their financial positions.

How Do I Prepare for an IRS Audit?

Although it may seem daunting, an IRS audit shouldn't worry you. The agency routinely conducts audits for corporations and individuals—some randomly while others are flagged because of certain types of income, credits, and deductions. The best way to prepare for an audit is to keep your tax records, including any receipts and tax documents, in a location that's easily accessible for up to three years.

The Bottom Line

The idea of an audit can make people very nervous. Despite the negative connotation, audits aren't entirely bad. Individuals who are audited by tax agencies are commonly chosen at random. Corporate audits are routinely conducted to make sure financial statements are in line with accounting standards. If you're an investor, you'll know that the companies in which you have an interest are being honest about their financial position.

Securities and Exchange Commission. " SEC Implements Internal Control Provisions of Sarbanes-Oxley Act; Adopts Investment Company R&D Safe Harbor ."

AICPA. " Generally Accepted Auditing Standards ," Page 1599.

Securities and Exchange Commission. " Public Company Accounting Oversight Board (PCAOB) ."

IAASB. " International Auditing and Assurance Standards Board ."

IRS. " IRS Audits ."

IRS. " How long should I keep records? "

• Accounting Explained With Brief History and Modern Job Requirements 1 of 51
• What Is the Accounting Equation, and How Do You Calculate It? 2 of 51
• What Is an Asset? Definition, Types, and Examples 3 of 51
• Liability: Definition, Types, Example, and Assets vs. Liabilities 4 of 51
• Equity Meaning: How It Works and How to Calculate It 5 of 51
• Revenue Definition, Formula, Calculation, and Examples 6 of 51
• Expense: Definition, Types, and How Expenses Are Recorded 7 of 51
• Current Assets vs. Noncurrent Assets: What's the Difference? 8 of 51
• What Is Accounting Theory in Financial Reporting? 9 of 51
• Accounting Principles Explained: How They Work, GAAP, IFRS 10 of 51
• Accounting Standard Definition: How It Works 11 of 51
• Accounting Convention: Definition, Methods, and Applications 12 of 51
• What Are Accounting Policies and How Are They Used? With Examples 13 of 51
• How Are Principles-Based and Rules-Based Accounting Different? 14 of 51
• What Are Accounting Methods? Definition, Types, and Example 15 of 51
• What Is Accrual Accounting, and How Does It Work? 16 of 51
• Cash Accounting Definition, Example & Limitations 17 of 51
• Accrual Accounting vs. Cash Basis Accounting: What's the Difference? 18 of 51
• Financial Accounting Standards Board (FASB): Definition and How It Works 19 of 51
• Generally Accepted Accounting Principles (GAAP): Definition, Standards and Rules 20 of 51
• What Are International Financial Reporting Standards (IFRS)? 21 of 51
• IFRS vs. GAAP: What's the Difference? 22 of 51
• How Does US Accounting Differ From International Accounting? 23 of 51
• Cash Flow Statement: What It Is and Examples 24 of 51
• Breaking Down The Balance Sheet 25 of 51
• Income Statement: How to Read and Use It 26 of 51
• What Does an Accountant Do? 27 of 51
• Financial Accounting Meaning, Principles, and Why It Matters 28 of 51
• How Does Financial Accounting Help Decision-Making? 29 of 51
• Corporate Finance Definition and Activities 30 of 51
• How Financial Accounting Differs From Managerial Accounting 31 of 51
• Cost Accounting: Definition and Types With Examples 32 of 51
• Certified Public Accountant: What the CPA Credential Means 33 of 51
• What Is a Chartered Accountant (CA) and What Do They Do? 34 of 51
• Accountant vs. Financial Planner: What's the Difference? 35 of 51
• Auditor: What It Is, 4 Types, and Qualifications 36 of 51
• Audit: What It Means in Finance and Accounting, and 3 Main Types 37 of 51
• Tax Accounting: Definition, Types, vs. Financial Accounting 38 of 51
• Forensic Accounting: What It Is, How It's Used 39 of 51
• Chart of Accounts (COA) Definition, How It Works, and Example 40 of 51
• What Is a Journal in Accounting, Investing, and Trading? 41 of 51
• Double Entry: What It Means in Accounting and How It's Used 42 of 51
• Debit: Definition and Relationship to Credit 43 of 51
• Credit: What It Is and How It Works 44 of 51
• Closing Entry 45 of 51
• What Is an Invoice? It's Parts and Why They Are Important 46 of 51
• 6 Components of an Accounting Information System (AIS) 47 of 51
• Inventory Accounting: Definition, How It Works, Advantages 48 of 51
• Last In, First Out (LIFO): The Inventory Cost Method Explained 49 of 51
• The FIFO Method: First In, First Out 50 of 51
• Average Cost Method: Definition and Formula with Example 51 of 51

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

Financial Audits: A Quick Guide with Free Templates

Insolvency.

Falling asset prices.

Complete market standstill.

Ring any bells?

You remember, as clearly as I do, the economic disaster of 2008 . A global financial crisis; what could have caused such an economic catastrophe?

One hypothesis: Financial audit failures.

As concluded by the Financial Crises Inquiry Commission (FCIC) , financial audit failures were found to have played a significant part in the financial crash.

Just like the FCIC, we at Process Street understand the importance of standards enforced by financial audit processes.

This article has been structured into two sections. The first section looks at the financial audit. The second section considers the International Standards on Auditing (ISA).

The ISA standards are a specific set of rules that operate globally .

Here’s a more thorough breakdown:

The financial audit: What are financial audits?

The financial audit: what are the international standards on auditing (isa).

• The financial audit: The benefits of International Standards on Auditing (ISA)
• How you can use Process Street to help with your external auditing processes
• ISA audit checklist

In the last section of this article, you will get your hands on our nifty ISA audit checklist for free .

You can use this template to conduct an internal check on your finances audits against the International Standards on Auditing. This checklist will save your organization a heap of time, worry, and money.

A financial audit evaluates an entity’s financial information, to ensure that it abides to specific criteria. The purpose of a financial audit is to provide reasonable assurance that financial statements are accurate, complete and devoid of fraud . Financial audit information is used by investors , regulators, directors, and managers .

You may have noticed in the definition above, I italicized the term reasonable assurance. I did this to make one thing clear: financial audits do not guarantee assurance to set criteria due to the prevalence of human error .

Human error plagues business operations and financial audit processes are not an exception. The key is to get the best assurance level possible, which means to minimize human error. But how would you do this?

Fortunately for you, we at Process Street have an answer: reduce human error by using checklists .

There is a stack of evidence supporting the notion that checklists significantly reduce human error . This hasn’t gone unnoticed.

For example, checklists are used in the medical industry. Checklists  reduce human error in cardiac operating rooms and diagnostic procedures .

The Chernobyl disaster of 1986, the biggest nuclear catastrophe to date, was the result of  six critical human failures . Checklists are now standard . They are used to mitigate human error in nuclear power plants.

The conclusion is clear:  Increase the assurance of your financial statements by reducing human error . Do this by conducting financial audits using a checklist approach.

The financial audit: Internal financial audits and the benefits they bring to your business

There are many different audit types . An internal financial audit is one audit type that is entirely in your hands as a business owner. The internal audit acts as your in-house check. Internal audits continually evaluate your financial processes , documentation , and records.

Utilizing the internal audit can give you peace of mind, as you are reasonably assured your financial business operations are conducted as per strict international standards.

What are these international standards?

Well, standards are the rules. Specifically, these rules have been set and agreed upon by various international organizations and external regulatory bodies. Theses rules provide  reasonable assurance that financial statements are accurate, complete and devoid of fraud.

If you read my previous article covering audit procedures, then you will understand why internal audits are important. Internal audits benefit your business, the benefits of which I have detailed below:

• Internal audit benefit 1: Measure practices and processes against proposed procedures to make corrections
• Internal audit benefit 2: Reduce the risk  of data breaches and other cybersecurity concerns
• Internal audit benefit 3: Protect your internal network
• Internal audit benefit 4: Enable you to stay up to date on governmental regulations to maintain compliance
• Internal audit benefit 5: Monitor mobile technology security and efficiency

For more information on internal audits, see my previous article on  Audit Procedures: A Quick Tour with 19 (Free) Templates .

Remember when we discussed why, in a given audit, only reasonable assurance is attainable due to human error? Discussing how you can remove this human error by utilizing a checklist approach for your financial audits?

Here’s one of our internal audit checklists, namely the financial audit checklist given below.

By using our financial audit checklist, you can be content knowing you are employing a perfect combination for your financial information to be on point.

• Internal audit: ✅
• Checklist format : ✅

Our Financial Audit Checklist has been designed with you in mind.  Conduct your internal financial audit with maximal assurance.

Our financial audit checklist will act as your internal guide.

Let it aid you through the internal financial auditing process for your business. This checklist is free and ready for you to use right away.

Click here to access our financial audit checklist

In the next part of this article, we turn our attention to another audit type, namely, external audits.

The financial audit: External financial audits and the benefits they bring to your business ✒️

External financial audits are those that will provide certification of an organization’s financial statements. Certification is required by potential investors, lenders and all publicly-held businesses. An external financial audit examination will be conducted by an independent accountant .

External financial audits offer several benefits for business owners , as detailed by Chron.com :

• Provides validity:  Objective opinion is provided on the business accounting processes . Insight from professional accountants is provided. This ensures the accuracy and validity of accounting information.
• Discovers errors:  Errors that would otherwise impact financial trends and decision making processes .
• Limits legal and tax issues:  Inaccurate or fraudulent accounting information can be identified. Incorrect accounting information that would otherwise increase the tax liability.
• Educates the business owner:  The importance of business accounting information is communicated , with up-to-date material.

Like internal audits, external audits follow a set of standards. These standards will differ from country to country. In the U.S. Generally Accepted Accounting Principles (GAAP) act as the highest authority on accounting standards.

Looking on a more international scale, there is another set of financial audit guidelines to consider. Due to their broad applicability, this is where we now switch the focus of this article. The standards that I am referring to are the International Standards on Auditing (ISA).

The International Standards on Auditing are internationally set guidelines issued by the International Federation of Accountants (IFAC). These standards act as a professional reference point to assess the financial information of a given entity.

The standards align financial auditing processes around the globe. A distinction must be made between these international standards and local/country-specific standards. Such a distinction begs the question:  why do we need an international set of standards ?

Surely, country-specific standards acting on a smaller scale would suffice?

In short, the answer is no.

You see, international standards for auditing processes bring benefits otherwise missed from more specific, localized auditing standards – keep reading to find out these benefits.

The ISA Audit series is the result of a long and difficult process, as you’ll learn by reading on. But the investment was made, and the end result was a landmark moment in financial auditing procedures. Today, ISA represents the leading international body for financial audit standards.

International standards on auditing timeline (a brief history) ️

Four years later, through hard graft and a great deal of research, the International Standards Committee was established.

It wasn’t until 1980 however, that the International Auditing Guidelines were produced. Another 11 years is added on top of this before the issue of the first International Standards on Auditing (ISA).  This ISA series of reports, devised in 1991 , has remained that standard for financial auditing to this present day.

In the image above, that there is a significant reference to the book International Auditing Standards by Maurice Moonitz .  Moonitz’s book ranks as a pinnacle moment in the history of ISA audits. The publication, grounded in comprehensive research, makes a strong case for the use of international standards.

So what benefits do international standards provide to financial auditing procedures?

The financial audit: The benefits of International Standards on Auditing (ISA) ️

We support continuing work to achieve convergence to a single set of high-quality accounting standards  – The G20 ,  G20 Leaders Declaration

There is near-universal support for international standards on financial auditing processes. The benefits brought by having a main, central body of high-quality global accounting standards are detailed below:

Benefit 1: International Standards on Auditing bring greater transparency

The international comparability and quality of audit information  are enhanced. This means investors, lenders and other market participants can make more informed economic decisions.

Benefit 2: International Standards on Auditing bring greater accountability

Accountability is strengthened. The information gap  between capital providers and those who have entrusted their money is reduced. Information is provided to hold management to account.

Benefit 3: International Standards on Auditing bring greater efficiency

Opportunities and risks are identified on a worldwide scale , improving capital allocation. You can think of the international standards for accounting as a single language. Hence advantages that come with using a single  business language , also apply here. Communication is more effective and easier, this lowers international reporting costs.

Benefit 4 International Standards on Auditing remove cultural influences

Cultural inputs to financial auditing processes are removed for universal appeal. For example, the GAAP standards – as previously mentioned – are dictated by U.S. business firms reflecting the needs of American businesses. Such country-specific influences are removed with international standards.

Benefit 5: International Standards on Auditing eases financial auditing for multinational firms

Many organizations operate on a global scale. This makes it  difficult for financial auditors to assess financial information operating across many countries. Different countries and regions have particular systems in place to be consulted. An international set of auditing standards removes differing systems. One single standard can be used to analyze financial information.

How you can use Process Street to help with external auditing processes

So far, in this article we have covered:

• The financial audit, with a definition of what a financial audit is
• The difference between an internal audit and an external audit, and the benefits the two types of audits can bring to your business
• Focused on the International Standards on Auditing. We have discussed the ISA standards history. We have learned the benefits international standards bring to your business

The aim, supported by many , is to have a universal set of financial auditing standards. The goal of a universal set of standards is to benefit organizations, lenders, and investors across the globe. If you would like to adopt these international auditing standards, then you have come to the right place.

You can use Process Street to help you implement International Standards on Auditing in your business today.

As a top business process management tool, Process Street is superpowered checklists.  Use our checklists to make sure your compliance is in-line with relevant regulatory standards. In this instance, we are referring to the International Standards on Auditing .

How are our checklists superpowered?

Our checklists take the simple tick-box approach that has been spiced up to increase use-value. We have done this by adding the following features:

• Stop tasks to ensure task order
• Dynamic due dates , so no deadline is missed
• Conditional logic , creating a dynamic template that caters to your needs
• Role assignment , to ease task delegation within your team
• Approvals , allowing decision-makers to give the go-ahead (or rejection) on important items. In addition, necessary comments can be provided

This last feature, approvals , is game-changing. If you haven’t used it before, don’t fret. Just check out our Approvals: How to Streamline Decisions-Making in Process Street article. In this article, you will learn exactly what approvals are, why they are incredibly useful, and how to use them.

By using our checklists, you can increase the efficiency , productivity and effectiveness of your financial auditing processes. For those of you that are unfamiliar with Process Street and our offerings, check out our Monthly Webinar: An Introduction to Process Street below, for further insight.

ISA Audit Checklist

Internal audits act as your in-house check. You can use the internal audit to make sure you meet the standards set by an external audit provider. This means you are always prepared for an external audit.

As you know, checklists ensure assurance of your audit procedures to the standards set. You want your internal audit processes to have maximum assurance. Therefore, you need all your internal financial audits to utilize the checklist approach.

Well, with Process Street, you can do just that.

You can refer to the International Standards on Auditing guidelines. You can then transfer these guidelines into a checklist using Process Street.

To exemplify how you can do this, I have recreated the  ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment guidelines  in our ISA audit checklist, embedded below for your consideration.

Click here to access the ISA audit checklist

This template is free and ready for you to use right away. You can transfer any of the ISA audit procedures into an ISA audit checklist, just like the one above, by creating your own template in Process Street.

Refer to our Help article Templates: Basics of creating and using templates . Alternatively, you can watch the below video, for more information on how you can create your own Process Street template for free.

You may have noticed I have been flitting between the two terms, checklists and templates. To iron out any confusion, I recommend that you watch the below video which explains the difference in the context of Process Street .

There are multiple International Standard on Auditing reports in the ISA series. For your reference, I have linked each pdf report below.

You can refer to the information in the International Standard on Auditing reports. Just as we have done for our ISA audit checklist (315), this information can be transferred into a checklist using Process Street.

 International Standard on Auditing: Respective responsibilities

• ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing
• ISA 210 Agreeing the Terms of Audit Engagements
• ISA 220 Quality Control for an Audit of Financial Statements
• ISA 230 Audit Documentation
• ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
• ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements
• ISA 260 Communication with Those Charged with Governance
• ISA 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

 International Standard on Auditing: Audit planning

• ISA 300 Planning an Audit of Financial Statements
• ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment
• ISA 320 Materiality in planning and performing an audit
• ISA 330 The auditor’s responses to assessed risks

 International Standard on Auditing: Internal control

• ISA 402 Audit Considerations Relating to an Entity Using a Service Organization
• ISA 450 Evaluation of Misstatements Identified during the Audit

 International Standard on Auditing: Audit evidence

• ISA 500 Audit Evidence
• ISA 501 Audit Evidence – Additional Considerations for Specific Items
• ISA 505 External Confirmations
• ISA 510 Initial Engagements – Opening Balances
• ISA 520 Analytical Procedures
• ISA 530 Audit Sampling and Other Means of Testing
• ISA 540 Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
• ISA 550 Related Parties
• ISA 560 Subsequent Events
• ISA 570 Going Concern
• ISA 580 Written Representations

 International Standard on Auditing: Using work of other experts

• ISA 600 Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors)
• ISA 610 Using the Work of Internal Auditors
• ISA 620 Using the Work of an Auditor’s Expert

International Standard on Auditing: Audit conclusions and audit report

• ISA 700 Forming an Opinion and Reporting on Financial Statements
• ISA 701 Communicating Key Audit Matters in the Independent Auditor’s Report
• ISA 705 Modifications to the Opinion in the Independent Auditor’s Report
• ISA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report
• ISA 710 Comparative Information – Corresponding Figures and Comparative Financial Statements
• ISA 720 The Auditor’s Responsibilities Relating to Other Information in Documents Containing Audited Financial Statements
• ISA 800 Special Considerations – Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks
• ISA 805 Special Considerations – Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks
• ISA 810 Engagement to Report on Summary Financial Statements

More Process Street resources to help you with your audit checks

For your reference, I have detailed more Process Street resources below, that can help you with your internal audit checks:

• Financial Audit Checklist
• Environmental Accounting Internal Audit
• Environmental Management Self Audit Checklist
• Management Systems Audit Checklist
• ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist
• ISO 9001:2015 Internal Audit Checklist for Quality Management Systems
• PPC Audit Checklist
• Google Analytics Audit
• Technical SEO Audit
• ISO 27001 Information Security Management System (ISO27K ISMS) Audit Checklist
• SQL Server Audit Checklist
• Firewall Audit Checklist
• Network SecurityAudit Checklist
• Occupational Health and Safety (OHS) Audit Checklist
• Diversity Management Monthly Audit
• Hotel Sustainability Audit
• Laboratory Safety Procedure Audit
• Retail Store Audit Checklist

Need further help with your finances? I have detailed our checklists below to help you with your business finances:

• Accounting Onboarding Procedures
• Accounts Payable Process
• Account Receivable Process
• Annual Financial Report Template
• Balance Sheet Preparation Checklist
• Bank Reconciliation Template
• Budget Preparation Checklist
• Budget Process
• Business Tax Preparation Checklist
• Cash Flow Report
• Cash Management Process
• Client Onboarding for Financial Planners
• Creating an Invoice
• Expense Management Process
• Financial Management For New Projects
• Financial Plan Template 
• Financial Planning Process
• How to Start a Corporation Checklist
• Income (Profit and Loss) Statement Process
• Individual Tax Preparation Checklist
• Investor Pitch
• Know Your Customer Checklist
• PCI Compliance Checklist
• Private Equity Due Diligence Checklist
• Procurement Guidelines and Checklist
• Purchase of a Business
• Purchase Order Workflow Template

Use Process Street for your financial audit processes and install International Standards of Auditing

In this article, we have:

• Defined what a financial audit is
• Considered the benefits a financial audit can bring to your business .
• Deliberated the difference between an external and internal audit
• Outlined the benefits external audits bring to your business
• Defined what the International Standards for Auditing (ISA) are and explained why they are needed
• Introduced Process Street’s ISA audit checklist. We have explained how you can use Process Street to implement ISA standards

Whether you refer to country-specific or international financial standards, the aims are similar. These standards are set to provide economic order and control. Failure to abide can have damaging consequences, as exemplified by the 2008 financial crisis.

It is therefore important that you take both time and energy to enforce financial checks within your business. You can do this by conducting an internal audit. Abiding by international standards will help enforce a global common language that standardizes financial information. Having a consistent set of standards for financial audits can bring many benefits to the business world.

How do you conduct your internal financial audit checks? Do you have any questions about financial audits, that I have not covered in this article? Please comment in the section below, who knows, you may even get featured in an upcoming article.

Get our posts & product updates earlier by simply subscribing

Jane Courtnell

Hi there, I am a Junior Content Writer at Process Street. I graduated in Biology, specializing in Environmental Science at Imperial College London. During my degree, I developed an enthusiasm for writing to communicate environmental issues. I continued my studies at Imperial College's Business School, and with this, my writing progressed looking at sustainability in a business sense. When I am not writing I enjoy being in the mountains, running and rock climbing. Follow me at @JaneCourtnell.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Take control of your workflows today

Brought to you by:

The Financial Reporting Process and Annual Report: A Brief Overview

By: Luann J. Lynch, Jack Benazzo

This technical note provides an overview of the financial reporting process. It includes a discussion of key players in the process, financial reporting requirements, the external audit process, and…

• Length: 7 page(s)
• Publication Date: Jan 25, 2024
• Discipline: Accounting
• Product #: UV8895-PDF-ENG

What's included:

• Educator Copy

$4.95 per student

degree granting course

$8.95 per student

non-degree granting course

Get access to this material, plus much more with a free Educator Account:

• Access to world-famous HBS cases
• Up to 60% off materials for your students
• Resources for teaching online
• Tips and reviews from other Educators

Already registered? Sign in

• Student Registration
• Non-Academic Registration
• Included Materials

This technical note provides an overview of the financial reporting process. It includes a discussion of key players in the process, financial reporting requirements, the external audit process, and the annual report.

Jan 25, 2024

Discipline:

Industries:

Financial service sector

Darden School of Business

UV8895-PDF-ENG

We use cookies to understand how you use our site and to improve your experience, including personalizing content. Learn More . By continuing to use our site, you accept our use of cookies and revised Privacy Policy .

U.S. Government Accountability Office

Financial Audit Manual: Volume 3, September 2021 (Updated June 2023)

The Financial Audit Manual (FAM) presents a methodology for performing financial statement audits of federal entities in accordance with professional standards. It is a tool for enhancing accountability over taxpayer-provided resources.

This June 2023 update replaces Financial Audit Manual, Volume 3 (June 2022 version) and contains the Federal Financial Reporting Checklist.

The FAM also consists of:

Volume 1 : the audit methodology

Volume 2 : detailed implementation guidance

The U.S. Government Accountability Office (GAO) and the Council of the Inspectors General on Integrity and Efficiency (CIGIE) maintain the GAO/CIGIE Financial Audit Manual (FAM).

For more information, please visit the main Financial Audit Manual page , or contact Dawn B. Simpson at (202) 512-3406 or [email protected] .

Full Report

Gao contacts.

Dawn B. Simpson Director [email protected] (202) 512-3406

Office of Public Affairs

Chuck Young Managing Director [email protected] (202) 512-4800

• Member Communities
• Learning Dashboard
• Materials Library

Governmental Accounting, Auditing, and Financial Reporting (GAAFR) | 2024 Blue Book

The GAAFR is designed to serve as:

• A comprehensive introduction to public sector accounting and auditing for experienced finance professionals new to state and local government;
• A practical introduction to governmental accounting and auditing for new staff members;
• A practical reference tool for accounting and auditing staff; and
• A practice-oriented textbook for college-level classes and seminars on governmental accounting, auditing, and financial reporting.

This edition has been updated to incorporate all of the guidance of the Governmental Accounting Standards Board (GASB) through GASB Statement No. 101, as well as GFOA’s current best practices on accounting, auditing, and financial reporting. References to the GASB’s Codification of Governmental Accounting and Financial Reporting Standards (Codification) have also been updated.

• LOC no. 2023942632
• ISBN 978-0-89125-028-9
• Editors: Todd Buikema, CPA and Michele Mark Levine
• Publication date:  January 2024

Majority use AI in financial reporting, auditors expected to review use

With the vast majority of executives saying AI is already being used in their financial reporting processes, most expect auditors will provide assurance and attestation over their AI controls.

KPMG survey found that a clear majority, 72%, of companies are piloting or using AI in financial reporting. In three years, this proportion is expected to increase to 99%, practically becoming as standard as spreadsheets. The degree to which companies will use AI remains uncertain, as only 10% say they have widely adopted AI in their financial reporting process.

When it comes to generative AI specifically, 30% of companies surveyed are piloting or using generative AI in financial reporting, 11% are already implementing it, and 2% are widely adopting it. Companies seem to have strong ambitions regarding generative AI in the future, as 57% said they plan to implement the technology for financial reporting, and 75% say they plan to embrace it in general over the next three years. The KPMG report noted a generative AI model can act as a search tool, comparison engine, summarizer and anomaly detector in one. The ability to create new content, analysis and ideas can make it more widely accessible to executives without deep technical skills.

This rise of AI in financial reporting is joined by expectations that auditors will start looking more closely at how companies use it. The KPMG survey found that 64% of companies expect auditors to have a role in evaluating their use of AI in financial reporting, providing assurance and attestation over their AI controls. 

As for what, specifically, these companies want their auditors to do, 64% of respondents expect auditors to have the role of conducting a more detailed review of the control environment in relation to their use of AI in financial reporting. A little over half, 53%, foresee auditors carrying out an AI governance maturity assessment. About a third, 34%, expect to ask auditors to provide third-party attestation over the use of AI technology. However the poll also found a sizable minority, 24%, who expect the auditor's role to remain more or less the same with regard to technology. 

see story ). Part of what enables professionals to move forward, despite lacking authoritative guidance, is there are already several aspects of AI usage that fit within currently existing standards, especially those concerning technology controls that have previously been applied to other areas, such as IT audit. Further, certain audit procedures, like linear regression, are intuitive to understand and apply to at least some aspects of AI.

see story ) found that only a small minority of audit executives report generative AI use in their own department. Only 12% of respondents said they currently use generative AI for audit-specific use cases. However, another 29% of executives have not implemented the technology yet, but intend to do so over the next year, and another 20% plan to adopt it in more than a year. Still, 39% of respondents said they do not use generative AI and have no plans to do so in the future. 

Audit clients have a different impression, according to the KPMG survey. Most companies believe their external auditors will be using generative AI as a common practice within less than two years on average. Leaders expect it to happen even faster — in just 18 months. The vast majority of companies, 82%, believe their auditors are ahead or equal with them in the adoption of AI for financial analysis. Another 85% believe their auditors understand their company's use of AI for financial reporting moderately to very well, with over half saying well or very well. 

In terms of how leaders would like auditors to use AI, the strongest contenders were predictive analysis (leveraging the ability of models to adapt continuously to new data and generate scenarios that show potential outcomes and impacts); improve speed of delivery (identify trends, anomalies and potential risks in real time, improving responsiveness); and document and data gathering (through automated data extraction, document classification and organization, and text analysis and summarization.)

"Businesses are looking to their auditors to lead the AI transformation due to their deep understanding of financial reporting processes and ability to identify areas where AI can add the most value," said Matt Campbell, chief technology officer of KPMG UK's audit practice, in a statement. "By understanding the value that advanced AI can bring to the audit process, we are able to provide more in-depth insights into the financial health of an organization and protect the growing needs of businesses, investors, and audit professionals."

To get this data, KPMG surveyed financial reporting executives and board members at 1,800 companies across six industries, 10 countries and jurisdictions, and varying revenue sizes. Survey respondents included financial reporting executives with decision-making authority and oversight over financial reporting, accounting, analysis, audits and financial information. They came from companies with revenue between $250 million and over $1 billion. The countries surveyed include Australia, Canada, France, Germany, Japan, Ireland, Netherlands, U.K., U.S. and Spain. The poll was conducted between February — March 2024.

The top state in the ranking received a total score for financial literacy of 69.06 out of 100.

This beauty's a steal; what a Lady; medical miscreants; and other highlights of recent tax cases.

The American Institute of CPAs' Auditing Standards Board voted to approve a set of revisions to the rules for attestation engagements to align them with the AICPA's quality management standards.

The Top 10 Firm based in Chicago is adding a Top 75 Firm headquartered in Redwood City, California in July, only a few months after receiving private equity funding.

A KPMG survey found 72% of companies are using AI in their financial reporting process to some extent, and executives expect auditors will start examining controls around the technology.

Proposals to crack down on private placement insurance contracts aren't close to becoming law. Here's how advisors and their clients can use them for the time being.

• Contributors

The 2024 Audit Committee agenda and the questions investors should be asking

Sophie Gauthier-Beaudoin is Head of Investor Engagement and Tim Copnell is Chair of the Audit Committee Institute at KPMG in the UK. This post is based on their KPMG memorandum.

The business and risk environment has changed dramatically over the past year, with greater geopolitical instability, surging inflation, high interest rates, and unprecedented levels of disruption and uncertainty. Audit committees can expect their company’s financial reporting, compliance, risk, and internal control environment to be put to the test by an array of challenges – from global economic volatility and the wars in Ukraine and the Middle East to cybersecurity risks and ransomware attacks and preparations for climate and sustainability reporting requirements, which will require developing related internal controls and disclosure controls and procedures. This is compounded by uncertainty in the UK regulatory landscape and in particular the extent to which internal control frameworks will need to be strengthened, evidenced, and assured as a result of the on-going UK governance and audit reforms.

We often hear that audit committee and investor dialogue is infrequent with over three-quarters of FTSE350 audit committee chairs reporting that they engaged with investors less than once a year [1] . The audit committee’s oversight responsibilities are vital to investors and while the audit committee report is a valuable source of information, we believe direct conversations would be beneficial for both parties.

Drawing on insights from our Board Leadership Centre , interactions with audit committees and business leaders, and the FRC’s Audit committees and assurance: conversation starters we’ve highlighted nine matters we believe audit committees should consider and have on their 2024 agendas along with areas investors may wish to probe.

Financial reporting and related internal control risks

Focusing on the financial reporting, accounting, and disclosure obligations posed by the current geopolitical, macroeconomic, and risk landscape will be a top priority and major undertaking for audit committees in 2024.

Key areas of focus should include:

Forecasting and disclosures

Matters requiring the audit committee’s attention are expected to include:

• disclosures regarding the impact of the wars in Ukraine and the Middle East, government sanctions, supply chain disruptions, heightened cybersecurity risk, climate change, inflation, interest rates, market volatility, and the risk of a global recession;
• preparation of forward-looking cash-flow estimates; impairment of non-financial assets, including goodwill and other intangible assets;
• the impact of events and trends on liquidity; • accounting for financial assets (fair value);
• going concern; and
• use of non-GAAP metrics.

With companies making more tough calls in the current environment, regulators are emphasising the importance of well-reasoned judgments and transparency, including contemporaneous documentation to demonstrate that the company applied a rigorous process. Given the fluid nature of the long-term environment, disclosure of changes in judgments, estimates, and controls may be required more frequently.

Ask for details about the significant issues the audit committee considered in relation to the financial statements, what makes an issue “significant” and how have those significant issues been addressed.

Internal control over financial reporting (ICOFR) and probing control deficiencies

Notwithstanding the changes to the UK Corporate Governance Code and the board declaration on the effectiveness of the material controls at the balance sheet date (see later), the current geopolitical, macroeconomic, and risk environment, as well as changes in the business (such as acquisitions, new lines of business, digital transformations, etc.) internal controls, will continue to put ICOFR to the test.

Ask about the committee’s role with regards to monitoring the effectiveness of internal controls, how the current environment and regulatory mandates (including new climate rules) affect controls and if there have been any significant issues raised by internal or external audits and (if so, how has the committee addressed them).

Importance of a comprehensive risk assessment

The importance of comprehensive risk assessment should not be underestimated. Audit committees help ensure that management and auditors are not too narrowly focused on information and risks that directly impact financial reporting while disregarding broader entity-level issues that may also impact financial reporting and internal controls.

Ask about the committee’s role in the oversight of management’s principal risk disclosures in the annual report and how does the committee take into account other, emerging areas of risk – such as supply chain resilience and geopolitical risks?

Committee bandwidth and skillsets

The audit committee’s role in overseeing management’s preparations for new climate and sustainability reporting requirements further expands the committee’s oversight responsibilities beyond its core oversight responsibilities (financial reporting and related internal controls, and internal and external auditors). This expansion will inevitably put additional pressure on the audit committee’s bandwidth.

Some audit committees may reassess whether they have the time and expertise to oversee the major risks on its plate today. Such a reassessment is sometimes done in connection with an overall reassessment of issues assigned to each board standing committee. For example, cybersecurity, climate, ESG, or ‘mission-critical’ risks such as safety, as well as artificial intelligence (AI), including generative AI, may require more attention at the full-board level – or perhaps the focus of a separate board committee.

Ask about the committee’s workload, the measures taken to ensure that committee members have the skillset to oversee emerging risks and how the committee evaluates its own effectiveness.

Audit and governance reform agenda

The anticipated governance and audit reforms have stalled in late 2023. First, the Government withdrew the draft Regulation that would have required certain companies to prepare an annual resilience statement, disclosures relating to distributable profits and distributions, a material fraud statement, and a triennial audit and assurance policy statement. Then, as the Audit Bill did not feature in the Kings Speech on 7 November, we are unlikely to see any primary legislation to establish the Audit, Reporting and Governance Authority (ARGA) until after the General Election.

Nevertheless, the FRC published the ‘new’ UK Corporate Governance Code in January 2024 and the main substantive revision focuses on internal controls. While the FRC’s approach may depart from the “much more intrusive approach adopted in the US”, this will still be an issue for audit committees to think about and prepare for.

Ask about what actions are being taken to ensure a smooth transition to the code expectations, how will the committee oversee any necessary cultural shift and how will technology be leveraged.

Cybersecurity and data privacy

Cybersecurity risk continues to intensify. The acceleration of AI, the increasing sophistication of attacks, the wars in Ukraine and the Middle East, and ill-defined lines of responsibility – among users, companies, vendors, and government agencies – have elevated cybersecurity risk and its place on board and committee agendas.

The growing sophistication of the cyber threat points to the continued cybersecurity challenge – and the need for management teams and boards to continue to focus on resilience. Breaches and cyber incidents are going to happen, and organisations must be prepared to respond appropriately when they do. In other words, it’s not a matter of if, but when.

Regulators and investors are demanding transparency into how companies are assessing and managing cyber risk and building and maintaining resilience. For example, the SEC now require public companies to disclose material “cybersecurity incidents” within four business days. While data governance overlaps with cybersecurity, it’s broader and includes compliance with industry-specific laws and regulations, as well as privacy laws and regulations that govern how personal data – from customers, employees, or vendors – is processed, stored, collected, and used. Data governance also includes policies and protocols regarding data ethics – in particular, managing the tension between how the company may use customer data in a legally permissible way and customer expectations as to how their data will be used.

Cyber threats should be considered as part of the company’s risk management process, and the audit committee should test whether the company has:

• Identified the critical information assets which it wishes to protect against cyber attack – the crown jewels of the firm – whether financial data, operational data, employee data, customer data or intellectual property.
• Intelligence processes in place to understand the threat to the company’s assets, including their overseas operations.
• A way of identifying and agreeing the level of risk of cyber attack that the company is prepared to tolerate for a given information asset.
• Controls in place to prepare, protect, detect and respond to a cyber attack – including the management of the consequences of a cyber security incident.
• A means of monitoring the effectiveness of their cyber security controls, including where appropriate, independently testing, reviewing and assuring such controls.
• A programme of continuous improvement, or where needed, transformation, to match the changing cyber threat – with appropriate performance indicators. Ask about the role the committee plays in relation to the company’s disclosures about cyber-related risks, do they adequately reflect the company’s preparedness and its understanding of the full threat landscape, company vulnerabilities, mitigating actions and their effectiveness.

New climate, sustainability, and other ESG disclosures – and the quality and reliability of the underlying data

As discussed in On the 2024 board agenda , an important area of board focus and oversight will be management’s efforts to prepare for dramatically increased climate and ESG disclosure requirements in the coming years.

While certain companies have been required to provide climate related financial disclosures in their 2023 Strategic Reports, boards should also be aware of the UK Sustainability Disclosure Standards (UK SDS) that will form the basis of any future requirements in UK legislation for companies to report on governance, strategy, risks and opportunities, and metrics relating to sustainability matters, including risks and opportunities arising from climate change.

The UK SDS will be based on the IFRS Sustainability Disclosure Standards issued by the International Sustainability Standards Board (ISSB), and the UK endorsed standards will divert from the global baseline only if necessary for UK specific matters.

Companies doing business in Europe are also assessing the potential effects of, and preparing to apply, the European Sustainability Reporting Standards (ESRSs) issued under the Corporate Sustainability Reporting Directive (CSRD) in the EU, and IFRS Sustainability Disclosure Standards issued by the ISSB. The standards – which are based in part on the Task Force on Climate-Related Financial Disclosures (TCFD) Framework and the Greenhouse Gas Protocol – are highly prescriptive and expansive. The CSRD also includes a requirement for large non-EU companies that operate in the EU to provide sustainability reporting.

Also, under the SEC’s proposed climate disclosure rule, companies, including foreign registrants, will need to provide an account of their greenhouse gas (GHG) emissions, the environmental risks they face, and the measures they’re taking in response. Crucially, according to the proposed rule, issuers will be subject to mandatory limited assurance initially, with mandatory reasonable assurance being phased in for accelerated and large accelerated filers. In addition, some information will need to be disclosed in the notes to the financial statements.

Companies will need to keep abreast of ongoing developments and determine which standards apply, and the level of interoperability of the applicable standards. For example, there are different materiality thresholds.

The US and ISSB consider financial materiality — in which information is material if investors would consider it important in their decision-making — whereas the UK and EU use the concept of “double materiality”, through the lenses of the financial effect on the company and the impact the company has on the wider community and environment.

A key area of board and audit committee focus will be the state of the company’s preparedness – requiring periodic updates on management’s preparations, including gap analyses, materiality assessments, resources, assurance readiness and any new skills needed to meet regulatory deadlines.

In addition to the compliance challenge, companies must also ensure that disclosures are consistent, and consider the potential for liability posed by detailed disclosures.

This will be a major undertaking, with cross-functional management teams involved and multiple board committees overseeing different aspects of these efforts.

Given the scope of the effort, audit committees may encourage management to prepare now by assessing the path to compliance with applicable reporting standards and requirements – including the plan to develop high quality, reliable climate and sustainability data. Key areas of audit committee focus might include:

Clarifying internal roles and responsibilities in connection with the disclosures in the annual report and accounts, other regulatory reports and those made voluntarily in sustainability reports, websites, etc. including coordination between any cross-functional management ESG team(s) or committee(s).

• Ensuring management have processes in place to review the disclosures, including for consistency with the annual report and accounts. Making sure the teams looking at ESG issues/reporting are properly connected to the core finance function is important.
• Helping to ensure that ESG information being disclosed is subject to the same level of rigor as financial information – meaning disclosure controls and procedures. Given the nature of the climate, sustainability, and ESG reporting requirements and the intense focus on these disclosures generally, companies may consider enhancing management’s disclosure processes to include appropriate climate, sustainability, and other ESG functional leaders, such as the ESG controller (if any), chief sustainability officer, chief human resources officer, chief diversity officer, chief supply chain officer, and chief information security officer.
• Encouraging management to identify any gaps in governance and consider how to gather and maintain quality information. Also, closely monitor UK and global rulemaking activities.
• Understanding whether appropriate systems are in place or are being developed to ensure the quality of data that must be assured by third parties.

Ask about the committee’s role in relation to the reporting of climate-related risks, to what extent is climate change being incorporated into key accounting assumptions (such as impairments, depreciation and asset decommissioning) and is the committee satisfied with the level of assurance in the company’s ESG disclosures.

Audit quality

Audit quality is enhanced by a fully engaged audit committee that sets the tone and clear expectations for the external auditor and monitors auditor performance rigorously through frequent, quality communications and a robust performance assessment.

In setting expectations for 2024, audit committees should discuss with the auditor how the company’s financial reporting and related internal control risks have changed in light of the geopolitical, macroeconomic, regulatory and risk landscape, as well as changes in the business.

Audit committees should set clear expectations for frequent, open, candid communications between the auditor and the audit committee, beyond what’s required. The list of required communications is extensive and includes matters about the auditor’s independence as well as matters related to the planning and results of the audit.

Taking the conversation beyond what’s required can enhance the audit committee’s oversight, particularly regarding the company’s culture, tone at the top, and the quality of talent in the finance organisation.

Audit committees should also probe the audit firm on its quality control systems that are intended to drive sustainable, improved audit quality – including the firm’s implementation and use of new technologies such as AI to drive audit quality.

Committees will also consider the results of recent regulatory inspections and internal inspections and efforts to address deficiencies. Audit quality is a team effort, requiring the commitment and engagement of everyone involved in the process – the auditor, audit committee, internal audit, and management.

Many companies are thinking about how they are perceived by shareholders and other stakeholders. This is empowering some audit committees to extend the independent (external) assurance they receive whether from the external auditor or other third party assurance providers.

Our 2023 FTSE350 Audit Committee Chair Survey revealed that the areas where audit committee chairs are most likely to seek assurance from their external auditor are the Directors’ Remuneration Report, the effectiveness of internal controls over financial reporting (ICOFR), the KPIs associated with the ‘E’ in ESG, and TCFD reports.

Some audit committees may be cognisant of the capacity constraints within the audit profession and may start thinking ahead if an audit tender is due or planned – getting the ‘right’ auditor may be more difficult than expected. With audit tenders typically being carried out two years ahead of the transition date, the time to plan and determine which firms should take part in the tender might need to start much earlier than first thought.

Finally, while the FRC’s 2023 Audit Committees and the External Audit: Minimum Standard is primarily aimed at audit committees within the FTSE350 and largely drawn from existing guidance and best practice, new text has been included to reflect the current focus on diversity in the audit market. Companies that are not within the FTSE 350 might still look to the Standard for examples of good practice.

Ask how the committee measures the effectiveness of the external audit, their role in the planning of the audit, how they challenge the auditor’s findings, how the auditor challenges management, and the factors most important to them in selecting an auditor.

Internal audit focus on key risks

As audit committees wrestle with heavy agendas – and risk management is put to the test – internal audit should be a valuable resource for the audit committee and a crucial voice on risk and control matters. This means focusing not just on financial reporting and compliance risks, but also critical operational and technology risks and related controls, as well as ESG risks.

ESG-related risks are rapidly evolving and include human capital management – from diversity, equity, and inclusion (DEI) to talent, leadership, and corporate culture – as well as climate, cybersecurity, data governance and data privacy, and risks associated with ESG disclosures. Disclosure controls and procedures and internal controls should be a key area of internal audit focus. Audit Committees will be thinking about internal audit’s role in connection with ESG risks and enterprise risk management more generally – which is not to manage risk, but to provide added assurance regarding the adequacy of risk management processes.

They will assess whether the internal audit plan is risk-based and flexible enough to adjust to changing business and risk conditions. The audit committee should work with the head of internal audit and chief risk officer to help identify the risks that pose the greatest threat to the company’s reputation, strategy, and operations, and to help ensure that internal audit is focused on these key risks and related controls.

These may include industry-specific, mission-critical, and regulatory risks, economic and geopolitical risks, the impact of climate change on the business, cybersecurity and data privacy, risks posed by generative AI and digital technologies, talent management and retention, hybrid work and organisational culture, supply chain and thirdparty risks, and the adequacy of business continuity and crisis management plans.

Ask about the committee’s role with regards to monitoring the effectiveness of internal audit, how does the committee ensure that the internal audit plan is aligned to the key risks of the business, if there has been any significant issues raised by internal audit and the committee’s response, how do they ensure the internal audit function have the right skills and resources to succeed.

Leadership and talent in the finance organisation

Finance organisations face a challenging environment today – addressing talent shortages, while at the same time managing digital strategies and transformations and developing robust systems and procedures to collect and maintain high-quality ESG data to meet both investor and other stakeholder demands. Many are contending with difficulties in forecasting and planning for an uncertain environment, and working with the workforce, to ensure they remain motivated and engaged, is becoming harder.

As audit committees monitor and help guide finance’s progress in these areas, we expect two areas of focus:

• Many finance organisations have been assembling or expanding management teams or committees charged with managing a range of ESG activities, including enhancing controls over the ESG information being disclosed in corporate reports. Committees will be considering the finance organisation’s leadership, talent, skill sets, and other resources necessary to address climate and other ESG reporting and to ensure that quality data is being collected and maintained.
• At the same time, the acceleration of digital strategies and transformations, presents important opportunities for finance to add greater value to the business. The finance function is combining strong analytics and strategic capabilities with traditional financial reporting, accounting, and auditing skills.

Ask about the committee’s role is overseeing the finance function’s climate/sustainability/ESG strategy and digital transformation strategy, how the function is attracting, developing and retaining the leadership, talent, skill sets and bench strength to execute those strategies, as well as its existing responsibilities.

Ethics, compliance and culture

The reputational costs of an ethics or compliance failure are higher than ever, particularly given increased fraud risk, pressures on management to meet financial targets, and increased vulnerability to cyberattacks.

Committees will be ensuring management are prepared for the Economic Crime and Corporate Transparency Act 2023 and in particular the new ‘failure to prevent fraud’ corporate criminal offence which will render large companies liable for fraud committed by their associates – including employees, agents, subsidiaries and persons who otherwise perform services for or on behalf of the organisation. Under the new regulations, prosecutors will no longer have to show that the ‘directing mind and will’ of a company were involved in the fraud.

Fundamental to an effective compliance program is the right tone at the top and culture throughout the organisation, including commitment to its stated values, ethics, and legal and regulatory compliance. This is particularly true in a complex business environment, as companies move quickly to innovate and capitalise on opportunities in new markets, leverage new technologies and data, engage with more vendors and third parties across complex supply chains.

Committees should closely monitor the tone at the top and culture throughout the organisation with a sharp focus on behaviours (not just results) and yellow flags. Leadership, communication, understanding, and compassion are essential. Many will consider whether the company’s culture make it safe for people to do the right thing. It is helpful for directors to spend time in the field meeting employees to get a better feel for the culture.

Committees will also focus on the effectiveness of the company’s whistleblower reporting channels (including whether complaints are being submitted) and investigation processes. Some audit committee will see all whistle-blower complaints and others may have a process to filter complaints that are ultimately reported to the audit committee.

Ask how the committee satisfies itself that management has systems in place to detect fraud, to what extent is the committee involved in the oversight of the company’s whistleblowing procedures and how do they ensure these are appropriate?

Oversight of generative AI

As discussed in On the 2024 board agenda , oversight of generative AI will be an oversight priority for almost every board in 2024.

Like ESG, the oversight of generative AI may touch multiple committees and the audit committee may end up overseeing compliance with the patchwork of differing laws and regulations governing generative AI, as well as the development and maintenance of related internal controls and disclosure controls and procedures.

Some audit committees may have broader oversight responsibilities for generative AI, including oversight of various aspects of the company’s governance structure for the development and use of the technology.

Given how fluid the situation is – with generative AI gaining rapid momentum – the allocation of these oversight responsibilities to the audit committee may need to be revisited throughout the year.

Ask about the committee’s role with regards to oversight responsibilities for generative AI, including oversight of various aspects of the company’s governance structure for the development and use of the technology.

1 KPMG 2023 FTSE350 audit committee chairs’ survey (go back)

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Supported By:

Subscribe or Follow

Program on corporate governance advisory board.

• William Ackman
• Peter Atkins
• Kerry E. Berchem
• Richard Brand
• Daniel Burch
• Arthur B. Crozier
• Renata J. Ferrari
• John Finley
• Carolyn Frantz
• Andrew Freedman
• Byron Georgiou
• Joseph Hall
• Jason M. Halper
• David Millstone
• Theodore Mirvis
• Maria Moats
• Erika Moore
• Morton Pierce
• Philip Richter
• Marc Trevino
• Steven J. Williams
• Daniel Wolf

HLS Faculty & Senior Fellows

• Lucian Bebchuk
• Robert Clark
• John Coates
• Stephen M. Davis
• Allen Ferrell
• Jesse Fried
• Oliver Hart
• Howell Jackson
• Kobi Kastiel
• Reinier Kraakman
• Mark Ramseyer
• Robert Sitkoff
• Holger Spamann
• Leo E. Strine, Jr.
• Guhan Subramanian
• Roberto Tallarita

Asking the better questions that unlock new answers to the working world's most complex issues.

Trending topics

AI insights

EY podcasts

EY webcasts

Operations leaders

Technology leaders

Marketing and growth leaders

Cybersecurity and privacy leaders

Risk leaders

EY Center for Board Matters

EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.

Artificial Intelligence (AI)

Strategy, transaction and transformation consulting

Technology transformation

Tax function operations

Climate change and sustainability services

EY Ecosystems

Supply chain and operations

EY Partner Ecosystem

Explore Services

We bring together extraordinary people, like you, to build a better working world.

Experienced professionals

MBA and advanced-degree students

Student and entry level programs

Contract workers

EY-Parthenon careers

Discover how EY insights and services are helping to reframe the future of your industry.

Case studies

Energy and resources

How data analytics can strengthen supply chain performance

13-Jul-2023 Ben Williams

How Takeda harnessed the power of the metaverse for positive human impact

26-Jun-2023 Edwina Fitzmaurice

Banking and Capital Markets

How cutting back infused higher quality in transaction monitoring

11-Jul-2023 Ron V. Giammarco

At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.

EY research: Cybersecurity fears on the rise among US workers, with a vast majority concerned about AI in cybersecurity

06-May-2024 Lizzie McWilliams

EY Announces Entrepreneur Of The Year® 2024 Greater Los Angeles Award Finalists

03-May-2024 Victoria Kasper

EY Announces Entrepreneur Of The Year® 2024 Michigan and Northwest Ohio Award Finalists

01-May-2024 Victoria Kasper

No results have been found

Recent Searches

BEPS 2.0: as policies evolve, engagement is key

It remains to be seen whether the US will align its tax law with the OECD/G20’s global BEPS 2.0 rules. MNEs will feel the impact in 2024. Learn more.

How GenAI strategy can transform innovation

Companies considering or investing in a transformative GenAI strategy should tie generative artificial intelligence use cases to revenue, cost and expense. Learn more

Top five private equity trends for 2024

Read about the five key trends private equity firms will emphasize in 2024 as they create value

Select your location

close expand_more

Technology Risk

EY teams offer audit, attestation, certification and assessment services to help companies identify, understand, assess, manage and mitigate risk arising from the implementation and use of technology.

As confidence and trust in data and technology are becoming a greater societal concern, understanding risk arising from the implementation and use of technology is increasingly important to accelerating business performance and achieving sustainable growth. The ability to understand these risks and bridge the knowledge gap that often exists between business and IT is the core strength of EY teams. Specialized knowledge of IT is integral to the execution of high-quality audits and the need to safeguard internal controls. EY teams also help decision-makers to attain confidence and embed trust through third-party communications on internal control and regulatory compliance to customers (and their external auditors), investors, management, regulators and other stakeholders. 

How EY can help

The execution of high-quality information technology (IT) audit procedures, including understanding the effect of technology at business and IT-process levels, in support of a financial statement audit and an audit of internal control over financial reporting creates the foundation of our commitment to protecting investors and promoting trust in the capital markets.

EY Professionals serve the public interest by executing high-quality audit procedures with independence, integrity, objectivity and professional skepticism. In doing so, they help to support sustainable, long-term value creation.

EY multidisciplinary teams with subject-matter knowledge to address the most complex issues use a proven global audit methodology, our global auditing tools and the latest insights to deliver a consistent level of service worldwide.

EY professionals provide insights, candid observations and permitted services that lead to improved understanding of business risks arising from the use and implementation of technology and informed decision-making.

IT Audit services include:

• Integrated audit
• Financial statement audit
• Statutory audit

Service Organization Control Reporting and Attestation

The Service Organization Control Reporting (SOCR) services enable entities to provide trusted communications focused on internal controls to customers (and their external auditors), investors, management, regulators and other stakeholders. These services efficiently address service organizations’ customer needs for trusted risk-based information.

• SOC 1 helps entities (service organizations) that operate information systems and provide business process services supporting financial reporting, build trust and confidence in their delivery processes and controls through a report they can deliver to their customers and customers’ external auditors.
• SOC 2/3 help entities meet the needs of a broad range of users that require information and assurance about the controls at the entity that affect the security, privacy, confidentiality, availability and processing integrity of entity’s systems.
• SOC for Cyber helps entities meet the needs of a broad range of users that require information and assurance about an entity's enterprise-wide cybersecurity risk management program.
• SOC for Supply Chain helps entities meet the needs of stakeholders that require information and assurance about an entity's system and controls for producing, manufacturing, or distributing goods to better understand the risks in their supply chains.

EY teams also provide   pre-assessment services for a draft subject matter such as a system description prior to the performance of a limited or a reasonable assurance engagement (e.g., SOC report).

Agreed Upon Procedures (AUP) services help entities communicate independent results of controls testing or other procedures agreed upon between the entity and third-party recipients of the report. AUP engagements allow entities to communicate independent factual findings on control testing or other procedures to third-party recipients of the AUP report. EY teams present and report on a set of procedures that entities and the specified third party report users agree to, and the related findings resulting from the procedures.

ISAE 3000 reports on audit-related procedures that the auditor, entity and any appropriate third parties have agreed to (related to nonfinancial information):

• ISAE 3000 control testing – the capability to perform the procedures and control testing, leading to an assurance report (in accordance with the ISAE 3000 standard)
• ISAE 3000 implementation support and training – the capability to provide training on the execution of procedures, leading to an assurance report (in accordance with the ISAE 3000 standard)

ISO Management System Certification, Implementation and Training

The ISO Management System Certification, Implementation and Training services provide implementation and certification of a management system according to ISO standards and other established certification frameworks.

EY CertifyPoint B.V., an EY entity founded in 2002, is an accredited, independent, and impartial certification institute headquartered in the Netherlands. Through EY CertifyPoint, EY teams provide Lead Implementer and Lead Auditor courses, including certification of entity personnel for several ISO standards.

EY teams support entities in meeting their goals by improving the efficiency and effectiveness of their management systems. EY teams keep the business at the center, identifying areas of redundancy, bottlenecks and potential efficiency gains by means of a systematic and independent certification approach against a globally recognized standard.

The following standards are addressed:

• ISO 9001: Quality Management System
• ISO 14001: Environment Management System
• ISO/IEC 20000-1: IT Service Management System
• ISO 22301: Business Continuity Management System
• ISO/IEC 27001: Information Security Management System
• ISO/IEC 27017: Cloud Security Controls
• ISO/IEC 27018: Protection of Personally Identifiable Information in Cloud
• ISO/IEC 27701: Privacy Information Management System
• ISO 37001: Anti Bribery Management System
• ISO/IEC 42001: Artificial Intelligence Management System
• ISO 45001: Occupational Health and Safety Management System
• ISO 50001: Energy Management
• World Lottery Association (WLA) assessments
• CSA STAR certification
• NEN 7510-1: Health Information Security Management System
• Hébergeur de Données de Santé (HDS)
• Multi-Tier Cloud Security (MTCS - Singapore)
• GDPR assessment
• CISPE Code of Conduct accredited monitoring body
• Integrated approach with ISAE3402, SOC and other attestation reports, such as a combination of ISO/IEC 27001:2013 with ISAE3402

System and process assessments

A system and process assessment includes an assessment of internal control as part of an upgrade or an implementation of an ERP (e.g., SAP S/4HANA), an application or a process. These services provide an independent assessment of an entity’s current state or a documented future state internal control to provide leading practice recommendations for management’s consideration.   A system or a process upgrade or an implementation assessment helps the entity to:

• Obtain confidence that internal control considerations are adequately addressed.
• Understand complex business processes.
• Identify new risks and control gaps introduced by changes to process or technology and remediation recommendations based on leading practices.
• Enable the entity to take advantage of new capabilities that allow better leverage of investment in new process or technology, including opportunities for process automation and improvement, and GRC. integration, reporting and continuous control monitoring.

A pre-assessment of a draft subject matter such as a system description prior to the performance of a limited or a reasonable assurance engagement (e.g., SOC report), helps the entity to:

• Understand how to apply the evaluation criteria to the subject matter 
• Understand the disclosure requirements for the subject matter information (e.g., management’s description for a SOC report)
• Understand procedures performed to assess the subject matter information and/or controls

IT Compliance and Regulatory Assurance

IT Compliance and Regulatory Assurance services help entities understand, prepare for, and report to address rapidly evolving laws, regulations and professional standards. These services help an entity more sustainably and efficiently address regulatory and sector-specific (e.g., Government, Healthcare, Financial Services) technology compliance requirements. Examples include helping entities comply with requirements related to:

• AI regulations (e.g., AI Act)
• Cyber security (e.g., Cyber Resilience Act, Cybersecurity Maturity Model Certification, Network and Information Security (NIS2) Directive)
• Data security (e.g., Data Act)
• Digital resilience (e.g., Digital Services Act, Digital Markets Act, Digital Operational Resilience Act)
• Sector-specific requirements (e.g., HITRUST, SWIFT, TISAX)
• Data and IT controls in ESG reporting 

Assurance services

Assurance teams serve the public interest by promoting trust and confidence in business and the capital markets.

James Martin

Track record of leadership and innovation. Thought leader. Health fanatic (usually). Husband. Father.

Driven leader. Champion of quality. Mentor. Husband and father.

Growth-oriented leader. Prioritizes quality and collaboration. Dedicated relationship builder. Mentor. Advocate for diversity. Devoted father and husband.

Sai Adwaith Krishnamurthy

Trusted risk advisor supporting organizations to transform. Passionate about EY people. Proud father of two.

On the agenda (5)

Featured: How will understanding climate risk move you from ambition to action?

Featured: Eight AI-related US policy issues for boards and management to consider

Financial accounting advisory services

Featured: How can CFOs uncover the material among the immaterial

Forensic & Integrity services

• Connect with us
• Our locations
• Do Not Sell or Share My Personal Information
• Legal and privacy
• Accessibility
• Open Facebook profile
• Open X profile
• Open LinkedIn profile
• Open Youtube profile

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

Customer login

Tax Pro login

Understanding IRS Tax Audits and How to Handle Them: IRS Audit Expert Tips and Guidance

9 minute read

Copy Article URL

Understanding the IRS Tax Audit: Navigating the Process and Common IRS Audit Triggers

Antonio Del Cueto, CPA

December 14, 2023

Dealing with an IRS tax audit can be intimidating, but understanding the process and what triggers these audits can significantly ease the anxiety. This article will delve into the intricacies of IRS audits, offering a comprehensive guide to help you understand why audits happen, how they are conducted, and what you can do to prepare. Whether you're a taxpayer facing an audit or just seeking knowledge, this article is essential.

What Is an IRS Tax Audit?

An IRS tax audit is a formal review conducted by the Internal Revenue Service to ensure that tax return information is accurate and complies with tax laws. It's not necessarily an indication of wrongdoing but a process to verify the correctness of tax returns. Audits can range from simple reviews of information to more comprehensive examinations involving detailed records . The goal is to ensure that taxpayers pay the correct amount of tax. Understanding that an audit is part of the IRS's responsibility to enforce tax laws can demystify the process and reduce anxiety for those selected.

Types of IRS Audits: Related IRS Notice Correspondence Audits, Office Audits, and Field Audits

IRS audits are categorized into three main types: correspondence, office, and field audits. Correspondence audits are the most common and are typically conducted through the mail, focusing on minor issues or requests for additional documentation. Office audits are more in-depth, requiring the taxpayer to visit an IRS office to clarify or present documentation. Field audits are the most comprehensive, with IRS agents visiting a taxpayer’s business or home to examine financial records thoroughly. Understanding these types can help taxpayers prepare accordingly.

How Does the IRS Decide Who Gets Audited?

The IRS selects tax returns for audits using various methods. Random selection is one method where a return is chosen purely by chance. More commonly, the IRS uses computer algorithms to identify returns that may have anomalies or discrepancies. Additionally, returns may be selected if they involve transactions with other parties who have been audited, such as business partners or investors. Understanding these methods can provide insight into the audit selection process.

Common Triggers of an IRS Audit

Several factors can trigger an IRS audit. These include inconsistencies in reported income, unusually high deductions or credits compared to income, and missing or incomplete information on the tax return . Engaging in large or unusual transactions, such as large cash deposits or withdrawals, can also draw attention. Knowing these triggers can help taxpayers be more meticulous in their tax preparation and reduce the chances of being audited.

The Common IRS Audit Process: What to Expect

The IRS audit process involves several stages. Initially, the IRS sends a notification letter explaining the reason for the audit. Taxpayers are then required to present specific documents and information. The length and depth of the audit depend on the complexity of the issues involved. After reviewing the provided information, the IRS will decide which could lead to changes in the tax return or no change.

Receiving an IRS Audit Notice: Steps to Take

Upon receiving an audit notice from the IRS, reading and understanding the letter's contents is essential. Identifying what the IRS is questioning or needs more information about is crucial. Gathering relevant financial records and documentation in response to the audit is essential. Seeking advice from a tax professional or attorney can also be beneficial, especially for complex audits.

Preparing for Your Audit: Documentation and Representation

Effective preparation is crucial for navigating an IRS audit successfully. This involves organizing and reviewing all relevant financial records, receipts , and documents supporting your tax return entries. If the audit scope is beyond your understanding, consulting a tax professional or attorney is advisable. These professionals can provide representation and guidance, ensuring that your rights are protected throughout the process.

Navigating the Field Audit: A Closer Look

Field audits are conducted at the taxpayer's business or residence and are generally more extensive than other audits. During a field audit, IRS agents will review a wide range of financial records and may interview the taxpayer and others. It’s important to be cooperative and understand your rights, including the right to representation. The focus of these audits can vary greatly, but they often involve scrutinizing business operations and record-keeping practices.

Audit Findings: From Agreement to Appeal 

After an audit, the IRS will present its findings. If the IRS proposes changes to your tax return, you can agree or disagree with these findings. If you disagree, you can file an appeal with the IRS Office of Appeals, a process that allows for reevaluating the audit findings. Understanding your options for agreement, disagreement, and appeal is crucial for effectively resolving audit findings.

How Can Audits Help Taxpayers and the IRS? 

Audits play a crucial role in the tax system. For taxpayers, audits can highlight areas of misunderstanding or error in tax return preparation, providing an opportunity to correct these issues in the future. For the IRS, audits help maintain fairness in the tax system by ensuring compliance with tax laws. They also help identify areas where tax law may be unclear and need clarification, benefiting all taxpayers through fairer and more efficient tax administration.

Key Takeaways

• Understanding IRS Tax Audits: An IRS tax audit is a formal examination to verify the accuracy of tax returns in accordance with tax laws.
• Types of Audits: Taxpayers may face different types of IRS audits, including mail audits, office audits, and field audits.
• Audit Selection: The IRS selects returns for audits based on various criteria, including data analysis, random selection, and comparison with related tax forms.
• Common Audit Triggers: Discrepancies in reported income, excessive claims for tax credits, and inconsistencies in tax documents can trigger an audit.
• The Audit Process: The IRS audit process involves receiving an audit notice, responding to IRS requests, and undergoing the type of audit conducted, whether it's a desk audit, mail audit, or in-person audit.
• Taxpayer Actions: Upon receiving an audit letter, individuals should review their tax documents and prepare to clarify any items the IRS questions.
• Representation and Rights: Taxpayers can consult with a tax attorney or tax pro and can request a conference with an IRS manager if they disagree with the audit findings.
• Audit Outcomes: Audits can lead to changes in the tax return, which might affect the tax bill, and taxpayers can appeal with the IRS Office of Appeals.
• IRS Audit Considerations: The IRS considers various factors during an audit, including the information on your tax return and any discrepancies that might lead to an audit.
• Audit Consequences and Benefits: While audits can be daunting and lead to fear of an audit, they also help ensure compliance with tax laws and can provide valuable feedback for future tax preparation.
• Related IRS Actions: The IRS may issue related notices and utilize IRS publications, such as IRS Publication 556, to guide taxpayers through the audit process.
• Audits as a Compliance Tool: Audits conducted by the IRS are not necessarily indicative of wrongdoing but are a means to verify information and ensure fairness within the tax system.
• Audit Notification and Procedure: Taxpayers typically receive a letter from the IRS indicating they have been selected for an audit. This letter will outline what the IRS wants to verify, such as specific tax information or items on your return.
• Roles in Audits: An IRS auditor is assigned to conduct the audit, which can vary from a simple mail audit conducted by correspondence to a more complex field audit at your home or business.
• Audit Rates and Trends: Understanding the audit rate, which varies yearly, can provide insight into the IRS's focus areas and help assess the likelihood of being audited.
• Comprehensive Review: In a field audit, an IRS examiner may visit your location to review more extensive financial records and may request additional documentation.
• Audit for Different Tax Aspects: Audits can scrutinize various aspects, such as state tax compliance, individual tax return details, or adherence to specific tax laws.
• IRS Data and Analysis: The IRS uses data analysis to identify returns that might need further review, such as those with significant changes to your tax return or anomalies in reported tax.
• Impact of Tax Credits: Claiming certain tax credits can attract IRS scrutiny, especially if the amounts are substantial or unusual for the taxpayer’s income level.
• Response to Audit Findings: If you disagree with the IRS findings, you can present additional information, appeal within the IRS, or even take your case to tax court.
• IRS Publications as Resources: IRS Publication 556 provides valuable information on the audit process, helping taxpayers understand their rights and responsibilities.
• Psychological Aspect of Audits: The fear of an audit is common among taxpayers, but being well-informed about the process can alleviate anxiety.
• Audit Implications: Being selected for an audit doesn't necessarily mean the IRS thinks there's a mistake; it can also be part of their random selection process.
• Post-Audit Actions: After an audit, taxpayers may need to adjust filed tax returns based on the audit findings, potentially leading to a revised tax bill.
• Consulting Professionals: In complex cases, involving a tax attorney or a tax professional early in the process can be beneficial, especially when dealing with intricate tax laws and regulations.
• Audit as a Verification Tool: An IRS tax audit is an examination to verify the accuracy of information reported to the IRS and compliance with tax laws.
• Understanding IRS Notices: Being familiar with related IRS notices and the reasons for receiving an IRS notice can help respond to them effectively.

  How can Taxfyle help?

Finding an accountant to file your taxes is a big decision . Luckily, you don't have to handle the search on your own. 

At Taxfyle , we connect individuals and small businesses with licensed, experienced CPAs or EAs in the US. We handle the hard part of finding the right tax professional by matching you with a Pro who has the right experience to meet your unique needs and will handle filing taxes for you.

Get started with Taxfyle today , and see how filing taxes can be simplified. 

Legal Disclaimer

Tickmark, Inc. and its affiliates do not provide legal, tax or accounting advice. The information provided on this website does not, and is not intended to, constitute legal, tax or accounting advice or recommendations. All information prepared on this site is for informational purposes only, and should not be relied on for legal, tax or accounting advice. You should consult your own legal, tax or accounting advisors before engaging in any transaction. The content on this website is provided “as is;” no representations are made that the content is error-free.

Was this post helpful?

Did you know business owners can spend over 100 hours filing taxes, it’s time to focus on what matters..

With Taxfyle, the work is done for you. You can connect with a licensed CPA or EA who can file your business tax returns. Get $30 off off today.

Want to put your taxes in an expert’s hands?

Taxes are best done by an expert. Here’s a $30 coupon to access to a licensed CPA or EA who can do all the work for you.

Is this article answering your questions?

Thanks for letting us know.

Whatever your questions are, Taxfyle’s got you covered. If you have any further questions, why not talk to a Pro? Get $30 off today.

Our apologies.

Taxes are incredibly complex, so we may not have been able to answer your question in the article. Fortunately, the Pros do have answers. Get $30 off a tax consultation with a licensed CPA or EA, and we’ll be sure to provide you with a robust, bespoke answer to whatever tax problems you may have.

Do you do your own bookkeeping?

There’s an easier way to do bookkeeping..

Taxfyle connects you to a licensed CPA or EA who can take time-consuming bookkeeping work off your hands. Get $30 off today.

Why not upgrade to a licensed, vetted Professional?

When you use Taxfyle, you’re guaranteed an affordable, licensed Professional. With a more secure, easy-to-use platform and an average Pro experience of 12 years, there’s no beating Taxfyle. Get $30 off today.

Are you filing your own taxes?

Do you know if you’re missing out on ways to reduce your tax liability.

Knowing the right forms and documents to claim each credit and deduction is daunting. Luckily, you can get $30 off your tax job.

Get $30 off your tax filing job today and access an affordable, licensed Tax Professional. With a more secure, easy-to-use platform and an average Pro experience of 12 years, there’s no beating Taxfyle.

How is your work-life balance?

Why not spend some of that free time with taxfyle.

When you’re a Pro, you’re able to pick up tax filing, consultation, and bookkeeping jobs on our platform while maintaining your flexibility.

Why not try something new?

Increase your desired income on your desired schedule by using Taxfyle’s platform to pick up tax filing, consultation, and bookkeeping jobs.

Is your firm falling behind during the busy season?

Need an extra hand.

With Taxfyle, your firm can access licensed CPAs and EAs who can prepare and review tax returns for your clients.

Perhaps it’s time to scale up.

We love to hear from firms that have made the busy season work for them–why not use this opportunity to scale up your business and take on more returns using Taxfyle’s network?

by this author

Share this article

Subscribe to taxfyle.

Sign up to hear Taxfye's latest tips.

By clicking subscribe, I agree to Taxfyle's Terms of Service , Privacy Policy , and am opting in to receive marketing emails.

Get our FREE Tax Guide for Individuals

Looking for something else? Check out our other guides here .

By clicking download, I agree to Taxfyle's Terms of Service , Privacy Policy , and am opting in to receive marketing emails.

File simpler.

File smarter., file with taxfyle..

2899 Grand Avenue, Coconut Grove, FL 33133

Copyright © 2024 Tickmark, Inc.

Hello. It looks like you’re using an ad blocker that may prevent our website from working properly. To receive the best experience possible, please make sure any blockers are switched off and refresh the page.

If you have any questions or need help you can email us

PCAOB Replaces Old Quality Control Rules With a New Standard

The new quality control standard will require audit firms to annually evaluate their QC systems and report the results to the PCAOB.

Jason Bramwell

May. 14, 2024

The Public Company Accounting Oversight Board (PCAOB) has overhauled its decades-old quality control requirements for audit firms by adopting a new standard on May 13 designed to put the onus squarely on auditors and executives.

The new standard, which the board approved by a 4-1 vote on Monday, would require all PCAOB-registered accounting firms to identify their specific risks that would inhibit audit quality—like the use of technology-based auditing tools that could create new risks if they don’t work as intended or are used incorrectly—and design a quality control system that includes policies and procedures to guard against those risks.

The audit regulator’s current quality control standards were developed and issued by the AICPA before the PCAOB was established in 2002. Given the significant changes in the auditing environment since that time, quality control has been a top modernization priority for the PCAOB.

“The auditing environment has changed significantly since that time, including evolving and greater use of technology, and increasing auditor use of outside resources, such as other accounting firms and providers of support services. Firms themselves have also changed significantly, as has the role of firm networks. And advances in internal control, quality management, and enterprise risk management suggest that factors such as active involvement of leadership, focus on risk, clearly defined objectives, objective-oriented processes, monitoring, and remediation of identified issues can contribute to more effective QC,” the PCAOB said in introducing the new standard, QC 1000, A Firm’s System of Quality Control . “These developments have, in part, led to our advisory groups’ general support for strengthening the QC standards, including through risk-based elements and enhanced requirements for firm governance and leadership.”

The PCAOB noted that firm quality control systems often fall short during its inspections of public company audits. For example, PCAOB inspectors observed that approximately 40% of the issuer audits they reviewed in 2022 had one or more deficiencies where the auditor failed to obtain sufficient appropriate audit evidence to support its opinion, an increase of six percentage points over the deficiency rate in 2021 and 11 percentage points over the rate in 2020.

In all those cases, auditors issued audit opinions without completing the audit work that PCAOB standards require for them to obtain reasonable assurance about whether the financial statements were free of material misstatement and/or whether the issuers maintained, in all material respects, effective internal control over financial reporting, the regulator said.

PCAOB officials say improving quality control rules will lead firms to improve their quality control systems, resulting in more consistent compliance with applicable requirements, which ultimately better serves investors.

“When quality control systems operate effectively, quality audits follow, and investors are better protected,” PCAOB Chair Erica Williams said in a statement.

Key provisions of the new standard include:

• The new standard strikes a balance between a risk-based approach to quality control, which the PCAOB said should drive firms to proactively identify and manage the specific risks associated with their practice, and a set of mandates, which should assure that the quality control system is designed, implemented, and operated with an appropriate level of rigor.
• All PCAOB-registered firms would be required to design a quality control system that complies with the new standard. Firms that perform audits of public companies or Securities and Exchange Commission (SEC)-registered brokers and dealers would be required to implement and operate the quality control system they design, monitor the system, and take remedial actions where policies and procedures are not operating effectively—creating a continuous feedback loop for improvement.
• Those firms would be required to annually evaluate their quality control system and report the results of their evaluation to the PCAOB on new Form QC, which would be certified by key firm personnel to reinforce individual accountability.
• Firms that audit more than 100 issuers annually would be required to establish an external oversight function, or EQCF, for the quality control system composed of one or more professionals. The EQCF’s responsibilities should include, at a minimum, evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its quality control system.

“Simply designing elaborate processes on paper won’t be enough,” Williams said. “Firm leadership will have a personal stake in delivering results and additional incentives to fix problems quickly.”

Board member Christina Ho was the only one to vote against the standard, even though she supported a more modernized quality control standard when it was proposed in November 2022 .

“We must do it right and not rush to replace an outdated standard with one harmful to audit quality by increasing burdens without credible benefits that will likely reduce competition,” she said in a statement . “Rather than potentially dismantling the audit profession and simultaneously setting copious standards that ironically make this profession exceptionally unappealing to future accountants and auditors, we as a regulator should thoughtfully balance the scale, using evidence-based quantitative and qualitative analysis to justify the need for our standards. In other words, requirements should promote a commensurate balance between benefits and the associated direct implementation costs to audit firms, that by extension are passed on to issuers and broker-dealers, and then indirectly reduce returns on investments.”

The new standard, pending approval by the SEC, would go into effect on Dec. 15, 2025. 

• Audit Standards

ABOUT CPA PRACTICE ADVISOR

• Cookie Policy
• Terms & Conditions

Magazines & Newsletters

• Magazine Archive
• Newsletters

CPA Practice Advisor is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors.

© 2024 Firmworks, LLC. All rights reserved

US Audit Rules Seen as Aid for Carbon Scrutiny Expected in 2025 (1)

By Amanda Iacone

The US audit regulator is targeting next year to issue a proposal that would modernize attestation rules considered a tool that auditors could use to vet corporate disclosures such as carbon emissions.

The Public Company Accounting Oversight Board laid out the new timeline Tuesday in its updated list of standards slated for revisions. The board’s standard-setting agenda fast-tracks a project that would revise rules for reporting rare circumstances such as qualified opinions or opinions for financial statements that don’t comply with accounting standards.

The board also removed a rule-writing project that would have enabled the PCAOB to more quickly discipline ...

Learn more about Bloomberg Tax or Log In to keep reading:

Learn about bloomberg tax.

From research to software to news, find what you need to stay ahead.

Already a subscriber?

Log in to keep reading or access research tools.

You are using an outdated browser. Please upgrade your browser or activate Google Chrome Frame to improve your experience.

ASIC announces 30 June 2024 focus areas and expanded program to support financial reporting and audit quality

Published 15 May 2024

ASIC today has outlined an expanded program of work to enhance the integrity and quality of financial reporting and auditing in Australia in achieving the broader goal of confident and informed investors.

ASIC’s pro-active financial reporting and audit surveillance program remains a key part of our work. The program covers listed companies, other public interest entities and previously grandfathered large proprietary companies. From 30 June, it will also include superannuation funds.

Today’s announcement includes ASIC’s focus areas for 30 June 2024.

We are also today announcing a new review of auditors’ compliance with ethical and independence standards to support our financial reporting and audit surveillance program and uplift our commitment to improved financial reporting and audit quality.

This includes some preliminary observations about compliance with Auditing Standard ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagement.

ASIC continues to encourage voluntary climate reporting and urge directors and assurance providers to prepare for the proposed introduction of mandatory climate reporting requirements.

Financial reporting and audit surveillance 30 June 2024

Enduring focus areas and particular focus areas.

ASIC has identified enduring focus areas that apply to all reporting periods. In certain reporting periods, these will be supplemented with particular areas of focus as new regulatory requirements or emerging issues arise.

Our enduring areas of focus include asset values, adequacy of provisions, subsequent events and disclosures.

ASIC Commissioner Kate O’Rourke said, ‘The areas announced today will be the focus of our proactive financial reporting and audit surveillance program. They will be informed by key findings in Report 774 ASIC’s first integrated financial reporting and audit surveillance report ( REP 774 ). We expect preparers, directors and auditors to pay particular attention to these focus areas in a collective effort to improve financial reporting and audit quality.’

‘ASIC will continue to focus on the financial reporting elements that require the most judgement and make the most use of estimates,’ Ms O’Rourke said.

ASIC’s focus areas for 30 June 2024 can be found on ASIC’s financial reporting and audit focus areas page.

Surveillance coverage

This is the second year that large proprietary companies, which were previously exempt, are required to lodge audited financial reports with ASIC. Financial reports from these entities are now included in ASIC’s financial reporting and audit surveillance program.

‘Many grandfathered companies exempted from lodging financial reports with ASIC are significant businesses and of interest to many stakeholders. We will now include this cohort in our surveillance program and follow up instances where non-compliance and non-lodgement occurs,’ Ms O’Rourke said.

For the first time, superannuation trustees are required to lodge audited financial reports for most superannuation funds with ASIC. Trustees will need to lodge within three months of the end of the fund’s 2023-24 financial year.

ASIC reminds trustees that these reports must be lodged by the due date and in compliance with the relevant accounting standards. Superannuation funds will be included ASIC’s financial reporting and audit surveillance program.

From 1 July 2023, fund auditors must comply with the audit obligations under Chapter 2M of the Corporations Act 2001 (Corporations Act). More information can be found on ASIC’s Registrable superannuation entity audits page.

Climate-related risks

Directors are encouraged to engage closely with the Australian Government’s proposed mandatory climate reporting reforms, which are proposed to apply to entities that are required to prepare financial reports under Chapter 2M of the Corporations Act.

‘Directors need to be aware of the impending developments in climate-reporting. The first tier of companies is proposed to report for financial years commencing from 1 January 2025. Directors and entities should start preparing and putting into place the necessary governance arrangements. They should consider what capabilities and data requirements may be needed,’ Ms O’Rourke said.

In the meantime, entities with material climate-related risks should look to report voluntarily in line with the recommendations of the Taskforce on Climate-related Financial Disclosures (TCFD) and ensure that any voluntary statements made are not misleading. ASIC is continuing to monitor market practice in relation to voluntary climate-related financial disclosures, which will inform future compliance programs and guidance.

Consolidated entity disclosure statement requirement

A reminder that recent changes to the Corporations Act require all listed and unlisted public companies to include a new “consolidated entity disclosure statement” in their financial reports. These changes are effective for annual reporting periods beginning on or after 1 July 2023 and will apply for the first time at 30 June 2024. The new disclosure statement requires details of all consolidated entities as at the end of the financial year – names, ownership interests, place of incorporation and tax residency.

Review of auditors’ compliance with ethical and independence standards

In addition to continuing our focus on financial reporting and audit, ASIC will review of how auditors are complying with auditor independence requirements in the Corporations Act , and ethical and independence requirements contained in the Australian Auditing Standards.

Audit firms were required to carry out and report an evaluation of their implementation of quality requirements under the ASQM1 framework by 15 December 2023.

‘Our initial observations on the firms’ implementation highlighted several areas for concern which span across risk, governance and compliance practices at audit firms,’ Ms O’Rourke said.

These include:

• significant variability across the board as to how firms chose to implement the framework. We encourage firms to apply quality management requirements firm-wide instead of seeing the framework as a ‘tick-box’ exercise in compliance,
• in some cases, a lack of sophistication and suitability of tools used to manage quality. Better practice would be to establish dedicated quality management tools that align with requirements.
• limited domestic guidance around how to measure and classify the severity of findings and deficiencies, and a lack of objectivity in assessments, and
• examples of firms taking a hurried approach to remediation of findings and deficiencies to achieve a favourable conclusion before the reporting deadline. We urge firms to take the time necessary to roll-out considered and comprehensive action plans that adequately address the root cause and fully rectify the issues at hand.

‘ASIC urges firms to be transparent in reporting to executive management and relevant committees around deficiencies and their associated action plans from a governance and oversight perspective. This includes communicating the original rating of a deficiency in addition to the point-in-time rating to ensure broader design gaps are being identified and systems operate as effectively as possible,’ Ms O’Rourke said.

ASIC is in the process of scoping further work around systems of quality management work and we plan to undertake the review in the 2024-25 financial year.