Audit is an appraisal activity undertaken by an independent practitioner (e.g. an external auditor) to provide assurance to a principal (e.g. shareholders) over a subject matter (e.g. financial statements) which is the primary responsibility of another person (e.g. directors) against a given criteria or framework (e.g. IFRS and GAAP).
Main types of audit engagements and services include:
- External Audit
- Internal Audit
- Forensic Audit
- Public Sector Audit
- Tax Audit
- Information System Audit
- Environmental & Social Audit
- Compliance Audit
- Value For Money Audit
External audit, also known as financial audit and statutory audit, involves the examination of the truth and fairness of the financial statements of an entity by an external auditor who is independent of the organization in accordance with a reporting framework such as the IFRS. Company law in most jurisdictions requires external audit on annual basis for companies above a certain size.
The need for an external audit primarily stems from the separation of ownership and control in large companies in which shareholders nominate directors to run the affairs of the company on their behalf. As the directors report on the financial performance and position of the company, shareholders need assurance over the accuracy of the financial statements before placing any reliance on them. External audit provides reasonable assurance to the owners of the company that the financial statements, as reported by the directors, are free from material misstatements.
External auditors are required to comply with professional auditing standards such as the International Standards on Auditing and ethical guidelines such as those issued by IFAC in order to maintain a level of quality and trust of all stakeholders in the auditing exercise.
Internal audit, also referred as operational audit, is a voluntary appraisal activity undertaken by an organization to provide assurance over the effectiveness of internal controls, risk management and governance to facilitate the achievement of organizational objectives. Internal audit is performed by employees of the organization who report to the audit committee of the board of directors as opposed to external audit which is carried out by professionals independent of the organization and who report to the shareholders via audit report.
Unlike external audit, whose scope is primarily restricted to matters that concern the financial statements, the scope of work of an internal audit is very broad and can encompass any matters which can affect the achievement of organizational objectives. Internal audit is typically centered around certain key activities which include:
- Monitoring the effectiveness of internal controls and proposing improvements
- Investigating instances of fraud and theft
- Monitoring compliance with laws and regulations
- Reviewing and verifying where necessary the financial and operating information
- Evaluating risk management policies and procedures of the company
- Examining the effectiveness, efficiency and economy of operations and processes
Forensic Audit involves the use of auditing and investigative skills to situations that may involve legal implications. Forensic audits may be required in the following instances:
- Fraud investigations involving misappropriation of funds, money laundering, tax evasion and insider trading
- Quantification of loss in case of insurance claims
- Determination of the profit share of business partners in case of a dispute
- Determination of claims of professional negligence relating to the accountancy profession
Findings of a forensic audit could be used in the court of law as expert opinion on financial matters.
State owned companies and institutions are required by law in several jurisdictions to have their affairs examined by a public sector auditor. In many countries, public sector audits are conducted under the supervision of the auditor general which is an institute responsible for strengthening public sector accountability and governance and promoting transparency.
Public sector audit involves the scrutiny of the financial affairs of the state owned enterprises to assess whether they have been operated in way which is in the best interest of the public and whether standard procedures have been followed to comply with the requirements in place to promote transparency and good governance (e.g. public sector procurement rules). Public sector audit therefore goes a step further than the financial audit of private organizations which primarily focuses on the reliability of financial statements.
Audits of public sector companies are becoming increasingly concerned with the efficiency, effectiveness and economy of resources used in state organizations which has given way for the development of value for money audits.
Tax audits are conducted to assess the accuracy of the tax returns filed by a company and are therefore used to determine the amount of any over or under assessment of tax liability towards the tax authorities.
In some jurisdictions, companies above a certain size are required to have tax audits after regular intervals while in other jurisdictions random companies are selected for tax audits through the operation of a balloting system.
Information system audit involves the assessment of the controls relevant to the IT infrastructure within an organization. Information system audits may be performed as part of the internal control assessment during internal or external audit.
Information system audit generally comprises of the evaluation of the following aspects of information system:
- Design and internal controls of the system
- Information security and privacy
- Operational effectiveness and efficiency
- Information processing and data integrity
- System development standards
Environmental & Social
Environmental & Social Audits involve the assessment of environmental and social footprints that an organization leaves as a consequence of its economic activities. The need for environmental auditing is increasing due to higher number of companies providing environment and sustainability reports in their annual report describing the impact of their business activities on the environment and society and the initiatives taken by them to reduce any adverse consequences.
Environmental auditing has provided a means for providing assurance on the accuracy of the statements and claims made in such reports. If for example a company discloses the level of CO2 emissions during a period in its sustainability report, an environment auditor would verify the assertion by gathering relevant audit evidence.
In many countries, companies are required to conduct specific audit engagements other than the statutory audit to comply with the requirements of particular laws and regulations. Examples of such audits include:
- Verification of reserves available for distribution to shareholders before the declaration of interim dividend
- Audit of the statement of assets and liabilities submitted by a company at the time of liquidation
- Performance of cost audit of manufacturing companies to verify the cost of production in order for a regulator to determine the maximum price to be allowed after allowing a reasonable profit margin to companies operating in a sensitive sector (e.g. pharmaceuticals industry)
Value For Money
Value for money audits involves the assessment of the efficiency, effectiveness and economy of an organization’s use of resources.
Value for money audits are increasingly relevant to sectors which do not have profit as their main objective such as the public sector and charities. They are usually performed as part of internal audit or public sector audit.