Auditing

This article explains the process of auditing. The overview provides an introduction to the basic objectives and procedures involved in the auditing process. In addition, this article explains the process that auditors undertake as they plan and perform their audit and then prepare the audit report. This process includes such steps as designing the audit approach, performing tests of controls and transactions, performing analytical procedures and tests of details of balances, completing the audit and issuing an opinion. Explanations of factors affecting the audit process are also provided, such as materiality and risk, professional ethics and legal liability. Finally, examples of the various forms of auditing, including internal financial auditing, government financial auditing and operational auditing, are included to help illustrate the roles that auditing plays in various industries and in differing aspects of the business model.

Heather Newton earned her J.D., Cum Laude, from Georgetown University Law Center, where she served as Articles Editor for The Georgetown Journal of Legal Ethics. She worked as an attorney at a large, international law firm in Washington, DC, before moving to Atlanta, where she is currently an editor for a legal publishing company. Prior to law school, she was a high school English teacher and freelance writer, and her works have appeared in numerous print and online publications.

Keywords Adverse Opinion; Attest Function; Attestation; Audit; Audit Program; Audit Risk; Certified Public Accountant; Client; Common Law; Disclaimer of Opinion; Error; External Auditor; Financial Statement; Internal Auditor; Internal Control Structure; Internal Controls; Materiality; Negligence; Operational Auditing; Operations; Sampling; Sampling Risk; Vouching

Accounting > Auditing

Overview

Our society depends on timely and accurate financial information. Businesses and investors alike need current, reliable information in order to make the decisions that must be made every day. Much of the information that investors, companies and even the government receive and incorporate in their business decisions is provided by third parties. Investors depend on corporate financial statements, lenders depend on consumer applications and the government relies upon tax returns filed by individuals and businesses. However, investors, business leaders and government agents do not have the time or ability to verify all of the information on which they rely. Further, in many cases, the objectives of the information providers are at odds with the objectives of those who use the information. Thus, there is a need for objective third parties who will verify reported information and summarize their findings to the information users. In some industries, these third parties are known as independent auditors and the process they undertake to collect, track and verify information is called an audit. Independent auditors are highly trained professionals who are guided by ethical and legal standards that are designed to safeguard the social need for accurate information and the high regard given the reports they produce.

This article explains the basic concepts and techniques of the auditing profession. It explains the attestation function and the other objectives and procedures of the auditing process. It also provides a description of the internal control evaluations that take place to ensure the accuracy of the information being audited and the reports that are drafted to summarize the audit findings. Also, factors that affect the auditing process are discussed, which include materiality and risk, professional ethics and legal liability. Finally, the various types of auditing are explained, including internal financial auditing, government financial auditing and operational auditing. The following sections describe these concepts in more detail.

Basic Concepts & Techniques of Auditing

Professional auditors serve as objective intermediaries who lend credibility to financial information by reporting whether the information conforms to generally recognized accounting and auditing standards. Auditing consists only of the review of reported information, and thus does not include the actual production of financial reports. That function is performed by a company's accountants and financial analysts, who generally work under the direction of its controller or management team. Auditors collect evidence, which consists of financial statements and the supporting documentation, which they cross-check and verify in order to determine whether the information in the financial statements is reliable. After completing this process, auditors compile a report that summarizes whether the information reported in the company's financial statements is reliable. This report is essentially a professional opinion expressed by the auditing firm as to whether the company's reported financial position, operational capabilities, and any changes in its financial position, have been documented in accordance with generally accepted accounting principles.

This process is critical because reliable and timely information enables capital markets to operate efficiently and allows individuals who depend on reported financial information to make informed decisions on a wide variety of economic issues. The following sections will explain in more detail the objectives and procedures that guide auditors during the auditing process (Whittington & Pany, 2006).

Audit Objectives

Independent auditors are hired and paid by clients. A client is the person, company, board of directors, agency or group that retains the auditor to complete the auditing process, often called an "engagement," and pays the fee for the auditor's services. Audits may be financial, in which the client's financial statements and other economic data are examined, or operational, whereby an auditor examines the efficiency and effectiveness of a client's business operations. In financial audits, the client and the auditee are usually the same. The auditee is the company or entity whose financial statements are being audited. Occasionally, the client and the auditee are different, such as when Corporation A hires and pays the auditors to audit Corporation B in conjunction with a proposed merger or acquisition. In such cases, Corporation A is the client and Corporation B is the auditee (Whittington & Pany, 2006).

Once independent auditors have reviewed the financial information provided by a client, the auditors prepare a report that expresses an opinion as to whether the financial information provided by the client has been compiled and presented in accordance with generally accepted accounting principles. This third-party scrutiny lends a certain amount of credibility to the financial information and is often referred to as an attestation. Thus, to attest to information means to provide assurance as to its reliability. A financial statement audit is, by far, the most common type of attest function that auditors perform. However, professionally licensed auditors, known as certified public accountants ("CPAs"), also attest to the reliability of a wide range of other types of information including financial forecasts, internal control policies and procedures, compliance with laws and regulations and advertising claims. No matter what type of information is being examined, the objectives and techniques of the auditing process remain essentially the same.

The basic objectives for an audit are:

  • To understand the responsibilities for the audit.
  • To divide the financial statements into cycles.
  • To know managements assertions about the accounts.
  • To know the general audit objectives for classes of transactions and accounts.
  • To know specific audit objectives for classes of transactions and accounts.

In order to meet these objectives, auditors gather evidence that enables them to determine the accuracy of management's assertion as to the reliability of the information. A company's financial statements are generally submitted with an assertion by its management that the financial records have been prepared in accordance with generally accepted accounting principles ("GAAP"). After reviewing the financial records, the auditors issue a report summarizing their findings. In order to issue a report, auditors must ensure that the objectives for the audit have been met. Although not an insurer or a guarantor of the fairness or reliability of the information in the financial statements, the auditor has considerable responsibility for notifying users whether the statements are properly stated. If the auditor believes that the statements are not fairly presented or is unable to reach a conclusion because of insufficient evidence, the auditor has the responsibility to convey this by altering the opinion expressed their report.

Audit Procedures

The amount of evidence collected and reviewed by the auditors and the content of the audit report depends on the nature of the engagement. The two most common forms of attestation engagements are examinations, which are referred to as audits when they involve the review of financial statements, and reviews.

An examination or audit provides the highest level of managerial assurance that its financial statements have been prepared following generally accepted accounting principles is reliable. In an audit, the auditor must obtain independent evidence to substantiate the assertions made by the association's employees and management.

In a review, unless deemed necessary, the auditor is not required to obtain any independent corroboration to substantiate the financial statements. A review is designed to lend only a limited, or moderate, amount of assurance about the management's assertions.

Auditors must follow careful procedures in order to preserve the objectivity and dependability of their reports. In a financial statement audit, the auditors begin by creating and drafting an audit plan that will guide every step of the audit process. The audit plan dictates not only the scope of the audit, but also the responsibilities of the auditors and accountants involved in the review of the financial records. Once the audit plan has been finalized, the audit begins. An audit involves searching and verifying the accounting records and examining other evidence supporting those financial statements. Auditors must also gain an understanding of the company's internal controls over errors or other misstatements in its financial records. In addition, auditors inspect documents, view and account for listed assets and make appropriate inquiries within and outside the company in order to satisfactorily perform the audit procedures. Through this process, the auditors gather the evidence necessary to issue an audit report. The evidence gathered by the auditors focuses on whether the financial statements are presented in accordance with GAAP.

In essence, an audit seeks to verity and lend credence to management's assertions that the assets listed in the balance sheet actually exist and remain at the values expressed, that the company has title to the assets and that the valuations assigned to the assets have been established in conformity with GAAP. Likewise, auditors also gather evidence to show that all the liabilities of a company are included on the balance sheet. Alterations or omissions of a company's liabilities could skew the information contained on a balance sheet and in other financial statements, thus misleading users who make investment and other financial decisions based on a company's financial well-being as expressed in its financial statements. Finally, the auditors gather evidence about the company's income statement. The auditors collect and verify evidence demonstrating that reported sales actually occurred, that the goods were indeed shipped to customers, that the recorded costs and expenses are applicable to the current period and that all expenses have been recognized.

Only if sufficient evidence is gathered in support of all of these significant assertions can the auditors issue an audit report. The audit report states that it is the auditors' opinion that the financial statements follow generally accepted accounting principles. If the auditors find information that leads them to conclude that the financial statements do not follow generally accepted accounting principles or are missing essential information, the auditor may issue a qualified or an adverse opinion. A qualified opinion is a statement written upon the front page of an audit that suggests that the information provided by management was limited in scope or the company's financial statements were not maintained in accordance with generally accepted accounting principles. An adverse opinion is the most severe opinion an auditor can issue and it indicates that a company's financial statements were misrepresented, misstated and/or did not accurately reflect its financial performance and health.

The Auditing Process

The auditing process requires careful planning and close attention to detail. The preparations begin even before the actual audit commences. In preparing for a potential audit engagement, auditors first investigate a prospective client in order to obtain an understanding of the client's business operations and to decide whether to accept the engagement. If the engagement is accepted, auditors then work on developing an overall strategy to organize, coordinate and schedule the activities of the audit staff. Even after the audit is underway, the planning process continues throughout the engagement. Whenever a problem is encountered during the course of the audit, the auditors must develop a response to the situation and determine how the problem affects their ability to continue the audit and issue an opinion. The following sections describe the dynamic process of planning and performing an auditing engagement, beginning with the acceptance of a client and proceeding through the design and completion of the audit and issuance of the audit report.

Planning & Designing an Audit Approach

Before accepting any engagement, auditors must first consider the financial strength and credit rating of a prospective client in order to assess the overall risk of association with that business entity. When a potential client is facing financial difficulties, is in need of an inflow of additional capital or is facing government investigation, there is a risk that management will overstate or misstate financial information or operating results in an attempt to deflect the gravity of the company's standing. Auditors must be aware of this incentive and consider carefully whether to proceed with an audit engagement with such a client. If an audit client goes bankrupt or faces further financial turmoil, the auditors can be sued directly or named as defendants in lengthy and costly lawsuits. Thus, some auditors simply avoid accepting engagements that would expose them to the potential for an inflated risk of overstated or misstated financial or operational records or for future litigation. Other auditors may accept riskier engagements but implement greater controls over the scope and level of scrutiny in the document review process.

After the auditors have completed their review of a potential client, they then assess the levels of risks involved with completing the audit and make a final determination whether to accept or refuse the engagement. Even if an auditing or accounting firm decides to perform an audit for a potential client, the auditors may face a competitive bid process whereby the firm will be required to submit a competitive proposal that will include information on the nature of the services it provides, a fee structure, the qualifications of the firm's personnel and other relevant information.

Once the client has hired an auditing firm and the engagement has been accepted, the preparations for the audit escalate as the auditors work to gain a detailed understanding of the client's business and industry and compile and finalize an overall audit strategy. The auditors must obtain a detailed understanding of such factors as the client's organizational structure, accounting policies and procedures, capital structure, product lines and methods of production and distribution. In addition, the auditors generally need to become knowledgeable about current issues that may affect the client's business or industry, such as reigning economic conditions and financial trends, current and proposed governmental regulations that may impact the client and changes in technology or operational processes. Without obtaining this information, the auditor would not be in a position to properly apply the relevant accounting principles or evaluate the soundness of the estimates and assumptions contained in the client's financial statements.

After obtaining a knowledge of the client's business, the auditors design the overall audit strategy for the upcoming engagement. The best audit strategies are formulated to accomplish the most efficient audit, in which the firm completes an adequate audit at the least possible cost. The audit strategy, along with other aspects of the planning process, is documented in the audit working papers, which also include audit plans, time budgets and audit programs. The audit plan is an overview of the engagement, outlining the nature and characteristics of the client's business operations and the overall audit strategy. A time budget consists of time estimates for the work that is required at each step in the audit program. Finally, an audit program is a detailed list of the audit procedures to be performed in the course of the examination. The audit program usually is divided into two major sections. The first section deals with the procedures to assess the effectiveness of the client's internal control structure and the second section deals with the substantive testing of financial statement amounts as well as the adequacy of financial statement disclosures. Together, these planning documents provide evidence of the auditing firm's planning and preparation procedures in the event of subsequent litigation or other investigations and also provide the lead auditor with a means of coordinating, scheduling and supervising the activities of the audit staff members involved in the engagement.

Performing Tests of Controls & Transactions

The soundness of a client's internal controls and the ability of these controls to ensure reliable financial information while safeguarding assets and relevant records is a critical component of the auditing process. Internal controls refer to methods that are put into place by a company to ensure the integrity of financial and accounting information, meet operational and profitability targets and transmit management policies throughout the organization. If a client has solid internal controls, auditors are generally able to collect significantly less evidence for their review than would be required for a client with inadequate internal controls. Thus, before beginning an audit and collecting financial statements and other audit evidence, the auditors must first gain an understanding of the client's internal control procedures. This is done by gathering and reviewing organization charts and procedure manuals, through interviews with client personnel, by completing internal control questionnaires and flowcharts and by observing client activities.

Once the auditors have gained a satisfactory understanding of a client's internal controls, the auditor is able to determine the measures that must be taken to accumulate sufficient audit evidence and to prevent and detect errors and fraud. In order to make this determination, the auditors are required to identify specific control procedures that must be implemented during the audit in order to reduce the likelihood that errors and fraud will occur and not be detected and corrected on a timely basis. This process is called assessing control risk.

When the auditor has reduced assessed control risk based on the identification of controls, the auditor may then reduce the extent to which the accuracy of the financial statement information directly related to those controls must be supported through the accumulation of evidence. However, to justify reducing planned assessed control risk, the auditor must test the effectiveness of the controls. The procedures involved in this type of testing are commonly referred to as tests of controls. For example, if a client's internal controls require that an employee verify and initial all unit selling prices on sales before the invoices are mailed to customers, the auditors might examine a sample of the clerk's initials that he or she was required to put on each duplicate sales invoice after verifying the unit selling price as well as various invoices to ensure that this internal control procedure was routinely followed. Auditors also evaluate the client's recording of transactions by verifying the monetary amounts of transactions. This is called substantive tests of transactions. An example is for the auditor to compare the unit selling price on a duplicate sales invoice with the approved price list as a test of the accuracy objective for sales transactions. Often, auditors perform tests of controls and substantive tests of transactions at the same time.

Performing Analytical Procedures & Tests of Details of Balances

Once the tests of controls and transactions have occurred, auditors then perform analytical procedures and tests of details and balances to further check for the accuracy and reliability of the client's financial and operational records. Analytical procedures use comparisons and relationships to assess whether account balances or other data appear reasonable. These procedures vary depending on the kind of client involved and the amount of financial information under review. These procedures can range from simple basic comparisons of items to complex analytical models of relationships. Key areas that are examined during a financial statement review are previous financial information, expected results, industry information and the interrelation of financial and non-financial data.

Tests of details of balances are specific procedures intended to test for monetary misstatements in the balances in the financial statements. An example related to the accuracy objective for accounts receivable is direct written communication with the client's customers. Tests of details of ending balances are essential to the conduct of the audit because most of the evidence is obtained from a source independent of the client and therefore considered to be of high quality.

There is a close relationship among the general review of the client's circumstances, results of understanding internal control and assessing control risk, analytical procedures and the tests of details of the financial statement account balances. If the auditor has obtained a reasonable level of assurance for any given audit objective through performing tests of controls, substantive tests of transactions and analytical procedures, the tests of details for that objective can be significantly reduced. In most instances, however, some tests of details of significant financial statement account balances are necessary.

Completing the Audit & Issuing an Audit Report

After the auditor has completed all procedures for each audit objective and for each financial statement account, it is necessary to combine the information obtained to reach an overall conclusion as to whether the financial statements are fairly presented. This is a highly subjective process that relies heavily on the auditor's professional judgment. In practice, the auditor continuously combines the information obtained as he or she proceeds through the audit. The final combination is a summation at the completion of the engagement. When the audit is completed, the CPA must issue an audit report to accompany the client's published financial statements. The report must meet well-defined technical requirements that are affected by the scope of the audit and the nature of the findings.

Factors Affecting the Auditing Process

Expressing an independent and expert opinion on the fairness of financial statements is the most frequently performed attestation service rendered by the public accounting profession. The auditor's standard report meets this service by stating that the auditors' examination was performed in conformity with generally accepted auditing standards and by expressing an opinion that the client's financial statements are presented fairly in conformity with generally accepted accounting principles. However, if there are material deficiencies in the client's financial statements or limitations in the auditors' examination, or if there are other unusual conditions about which the readers of the financial statements should be informed, auditors cannot issue the standard report. Instead, they must carefully modify their report to make these problems or conditions known to users of the audited financial statements. Auditors are guided by professional ethics that provide further governance as to the appropriate reporting requirements and auditors face legal liability for the accuracy and veracity of their reports. The following sections explain these factors in more detail.

Materiality & Risk

In planning an audit, the auditors must carefully consider the appropriate levels of materiality and audit risk. Materiality, for planning purposes, is the auditor's preliminary estimate of the smallest amount of misstatement that would probably influence the judgment of a reasonable person relying upon the financial statement. The auditor's responsibility is to determine whether financial statements are materially misstated. If the auditor determines that there is a material misstatement, he or she will bring it to the client's attention so that a correction can be made. If the client refuses to correct the statements, a qualified or adverse opinion must be issued, depending on how material the misstatement is. Auditors must modify their opinions whenever there are material deficiencies in the client's financial statements. However, they may issue an unqualified report if the deficiencies are immaterial.

Another factor that auditors must consider is risk. There is a close relationship between materiality and risk. Auditors must accept some level of risk, or uncertainty, in performing the audit function. The auditor recognizes, for example, that there is uncertainty about the competence of evidence, uncertainty about the effectiveness of a client's internal controls and uncertainty about whether the financial statements are fairly stated when the audit is completed.

An effective auditor recognizes that risks exist and deals with those risks in an appropriate manner. Most risks auditors encounter are difficult to measure and require careful thought to respond to appropriately. There are four primary types of risks that auditors face.

  • First, planned detection risk is a measure of the risk that audit evidence for a segment will fail to detect misstatements exceeding a tolerable amount, should such misstatements exist. Planned detection risk determines the amount of substantive evidence that the auditor plans to accumulate, inversely with the size of planned detection risk. If planned detection risk is reduced, the auditor needs to accumulate more evidence to achieve the reduced planned risk.
  • Another type of risk is inherent risk, or a measure of the auditor's assessment of the likelihood that there are material misstatements in a segment before considering the effectiveness of internal control. Inherent risk is the susceptibility of the financial statements to material misstatement, assuming no internal controls.
  • In addition, control risk is a measure of the perceived level of risk that a material misstatement in the client's unaudited financial statements, or underlying levels of aggregation, will not be detected and corrected by the management's internal control procedures. Control risk also represents the auditor's intention to make the assessment of whether a client's internal controls are effective for preventing or detecting misstatements within the audit plan.
  • Finally, acceptable audit risk is a measure of the potential risk that the financial statements that may be materially misstated after the audit is completed and an unqualified opinion has been issued. When the auditor decides on a lower acceptable audit risk, it means the auditor wants to be more certain that the financial statements are not materially misstated. Complete assurance, or zero risk, of the accuracy of the financial statements is not economically practical and the auditor cannot guarantee the complete absence of material misstatements.

Professional Ethics

A professional is often understood to mean a person whose conduct while engaging in their source of livelihood is exemplary and extends beyond satisfying the person's responsibility to himself or herself and beyond the basic requirements required by society's laws and norms. Auditors, who are often CPAs, have a unique role in their responsibility to the public, to the client and to fellow practitioners in upholding the highest standards of professionalism. The underlying reason for a high level of professional conduct is the need for public confidence in the quality of service by the professional. For the CPA, it is essential that the client and external financial statement users have confidence in the quality of audits and the professional opinions expressed by auditors.

There are several ways in which the CPA profession is guided by high standards of professionalism. For instance, in order to become a CPA, one must sit for the CPA examination, which is a rigorous exam designed to protect the public interest by helping to ensure that only qualified individuals become licensed as CPAs. In addition, peer review and continuing education requirements serve to keep CPAs abreast of changes and developments within their field. Also, the American Institute of Certified Public Accountants ("AICPA") is the national, professional organization for all CPAs. Its mission is to provide members with the resources, information, and leadership that enable them to provide valuable services in the highest professional manner to benefit the public as well as employers and clients. The AICPA maintains a Code of Professional Conduct that provides both general standards of ideal conduct and specific enforceable rules of conduct for CPAs.

There are four parts to the Code of Professional Conduct: Principles, rules of conduct, interpretations of the rules of conduct and ethical rulings.

  • The principles include ideal standards of ethical conduct that are stated as preferred conduct but are not enforceable.
  • The rules of conduct include minimum standards of ethical conduct that are stated as specific rules, and they are enforceable.
  • The interpretations of the rules of conduct are not enforceable, but a practitioner must justify a departure from the interpretations.
  • The ethical rulings are published explanations and answers to questions about the rules of conduct that have been submitted to the AICPA by practitioners and others interested in ethical requirements. They also are not enforceable, but a practitioner must justify a departure from them.

CPAs and other audit professionals have a responsibility to meet the ethical and legal guidelines that govern their profession. In addition to the AICPA's Code of Professional Conduct, auditors also face legal liability stemming from other sources for their conduct in carrying out their professional responsibilities. Under common law, auditors are liable to their clients for failure to exercise due professional care. Accordingly, ordinary negligence, or a violation of a legal duty to exercise a degree of care that an ordinarily prudent person would exercise under similar circumstances, is a sufficient degree of misconduct to hold CPAs liable for damages caused to their clients.

Auditors' liability to third parties under common law varies from state to state. In some states, CPAs are held liable for ordinary negligence only to third-party beneficiaries, or those known users who use the information for a particular purpose. Other third parties must prove gross negligence, or reckless disregard for professional responsibilities, on the part of the auditors. In other states, liability for ordinary negligence to third parties is extended to include any limited class of parties that could be foreseen to rely upon the financial statements, even if the auditor does not know the particular user of the information. In still other states, auditors' liabilities for ordinary negligence is extended even further to include any third party the auditors could reasonably foresee as users of the financial statements.

In addition to common law liability, auditors may also be held liable to third parties under the federal securities laws, which allow class action lawsuits by purchasers or sellers of a company's securities. The Securities Act of 1933, which applies to registrations and prospectuses, is unique in that it imposes civil liability on accountants and others for making misstatements or omissions of material facts in a registration statement or failing to find such misstatements or omissions. The Securities Exchange Act of 1934 also places liability on accountants and others, although third parties must prove the intent to manipulate, deceive or defraud before damages can be recovered. CPAs are also subject to criminal prosecution for violation of various statutes. To protect themselves from liability, auditors must strive to adhere to a high level of professional performance, and may take necessary proactive steps, such as attempting to avoid engagements that have a very high risk of litigation.

Applications

Types of Audits

There are several different types of services provided by auditors. For instance, external auditors, such as CPAs and auditing firms, focus on providing attestation services and audit reports on behalf of their clients. CPA firms also do considerable financial auditing of governmental units. However, internal and government auditors also perform similar financial auditing services on behalf of their respective employers. Finally, operational auditors work to determine the internal controls of an organization and even test those controls for effectiveness. The following sections will describe these responsibilities in more detail.

Internal Financial Auditing

There are many similarities between the responsibilities of internal and external auditors of business entities. For instance, both types of auditors must remain objective in performing their work and reporting their results, and both use materiality and audit risk in deciding the extent of their tests and evaluating results. The primary difference between external and internal auditors is whom each party is responsible to. The external auditor is responsible to financial statement users who rely on the auditor to add credibility to the statements. The internal auditor is responsible to management.

Internal auditors are employed by companies to do both financial and operational auditing. Their role in auditing has increased dramatically in the past two decades, primarily because of the increased size and complexity of many corporations. Because internal auditors spend all of their time with one company, their knowledge about the company's operations and internal controls is much greater than the external auditors' knowledge.

Internal auditing encompasses the examination and evaluation of the adequacy and effectiveness of the organization's system of internal control and the quality of performance in carrying out assigned responsibilities. For instance, internal auditors review the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information. They also review the systems established to ensure compliance with those policies, plans, procedures, laws, regulations and contracts, which could have a significant impact on operations and reports and should determine whether the organization is in compliance. Internal auditors also review an organization's means of safeguarding its assets and, as appropriate, verify the existence of such assets. Finally, internal auditors review operations or programs to review the efficiency with which resources are employed and to ascertain whether results are consistent with the company's established objectives and goals.

Government Financial Auditing

The federal and state governments employ their own auditing staff to perform audits in much the same way as internal auditors. At the federal level, the United States General Accounting Office ("GAO") is the agency that functions as the investigative arm of Congress and is charged with examining matters relating to the receipt and payment of public funds. At the state level, all states have their own audit agencies. In addition, CPA firms do considerable financial auditing of governmental units. For example, some states require the audit of the financial statements of city agencies and departments by CPA firms. In addition to audits of financial statements of government units, government financial auditing includes audits of government contracts and grants, internal control, fraud and other noncompliance with laws and regulations. Thus, government financial auditing is complex in that the auditor must be familiar with both generally accepted auditing standards as well as government audit laws and regulations.

Operational Auditing

Operational auditing differs from financial accounting in that it is focused on the review of organizations for efficiency and effectiveness. Effectiveness is a function of how well an organization's objectives are accomplished, while efficiency examines the resources that are used to achieve those objectives. Another way in which operational auditing differs from financial auditing is that financial audits are oriented to the past, whereas an operational audit concerns operating performance for the future. In addition, for financial auditing, the report typically goes to many users of financial statements, such as stockholders and bankers; whereas operational audit reports are intended primarily for management. Finally, financial auditing reports are carefully worded because of the widespread distribution of the reports and users' reliance on the information they contain. Operational reports have a limited distribution and their content may vary considerably from audit to audit.

Conclusion

Audits are carried out to ensure the validity and reliability of reported information, and to provide an assessment of an organizational system's internal control. A financial accounting audit is an independent assessment of the objectivity with which a company's financial statements are reported by its management. An audit is performed by competent, independent and objective people, auditors or accountants, who issue an independent report on their findings and results. The auditing process involves such actions as planning for all stages of the audit, performing tests of controls and transactions, performing analytical procedures and tests of details of balances and summarizing the results and releasing an audit report. In planning for and performing an audit, auditors must consider such factors as the materiality of any erroneous or omitted information in the audit evidence and the risk that such information will not be identified during the audit or that the financial statements will be altered after the audit. The conduct and work product of auditors is governed by a system of professional ethics and various forms of legal liability. Although traditional audits were primarily thought of as a way to gain information about the finances and financial records of a company or business, auditing now includes other information about the systems, such as information about the operational performance of business entities. Thus, there are now various forms of auditing that CPAs and auditors perform, including internal financial auditing, government financial auditing and operational auditing. Financial accounting provides assurance for management, third parties or external users that a company's financial statements fairly present its financial and operational results, while operational accounting focuses on the effectiveness and efficiency of an organization.

Terms & Concepts

Adverse Opinion: An opinion presented by an auditor that financial statements do not conform with generally accepted accounting principles in terms of fairly representing the operations and finances of the company.

Attest Function: Refers to independent audits of financial statements, and also to review services, associations with forecasts and projections and compilation services where lack of independence is not acknowledged.

Attestation: When auditors serve as objective intermediaries, they lend credibility to financial or other information.

Audit Program: An outline of audit procedures deemed necessary to obtain sufficient, competent evidence from the audit that will serve as the basis for the audit report.

Audit Risk: The likelihood that an audit will fail to sufficient evidence equal to or greater than the tolerable misstatement assigned to the account.

Client: The entity (person, company, board of directors, agency or other group) who hires the auditor and pays for the service.

Common Law: Previous cases and precedents that guide judges' decisions in suits or litigation for damages; monetary or other.

Disclaimer of Opinion: The lowest level of assurance, in which auditors explicitly state that they give no opinion and no assurance, thus taking no responsibility for a report on the fair presentation of financial statements in conformity with generally accepted accounting principles.

Error: A departure from a prescribed internal control activity in a particular case. Also known as a deviation.

External Auditor: Independent CPA who audits financial statements for the purpose of rendering an opinion.

Internal Auditor: A person employed within an organization for the purpose of making recommendations about the economic and efficient use of resources, effective achievement of business objectives and compliance with company policies.

Internal Control Structure: Consists of a management's control environment, risk assessment, control activities, monitoring and communication. Satisfactory control reduces errors and irregularities in the company’s accounts.

Operational Auditing: Observing and reporting on business operations in order to make recommendations regarding adequate economic and efficient use of resources, satisfactory achievement of business objectives and compliance with company policies.

Sampling Risk: The probability that an audit report based on a sample will be different from the report conclusions based on an audit of the entire population.

Vouching: A process in which an auditor reviews sample items from an account by looking backward through the accounting and control system until the source documentation that supports the item is found.

Bibliography

Abbott, L., Parker, S., Peters, G. & Rama, D. (2007). Corporate governance, audit quality, and the Sarbanes-Oxley Act: Evidence from internal audit outsourcing. Accounting Review, 82, 803-835. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=25812997&site=ehost-live

Auditing. (2013). Journal of Accountancy, 216, 11-13. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=92022805&site=ehost-live

Burns, J. (2007). Audit firms, partners face SEC charges for not registering. Wall Street Journal — Eastern Edition, 250, C3. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26713696&site=ehost-live

Chenhall, R. & Euske, K. (2007). The role of management control systems in planned organizational change: An analysis of two organizations. Accounting, Organizations & Society, 32(7/8), 601-637. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26149491&site=ehost-live

Denyer, C. (2007). Ask the auditor: Maintaining acronym awareness with SOX, SAS and HIPAA. Employee Benefit News, 21, 14. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26601063&site=ehost-live

Hoitash, R., Markelevich, A., & Barragato, C. (2007). Auditor fees and audit quality. Managerial Auditing Journal, 22, 761-786. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26412677&site=ehost-live

Lillis, B. & Lane, R. (2007). Auditing the strategic role of operations. International Journal of Management Reviews, 9, 191-210. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26279420&site=ehost-live

Marshall, J. & Heffes, E. (2007). Internal audit becoming standardized globally. Financial Executive, 23, 15. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26472292&site=ehost-live

O'Leary, C., & Stewart, J. (2007). Governance factors affecting internal auditors' ethical decision-making: An exploratory study. Managerial Auditing Journal, 22, 787-808. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26412676&site=ehost-live

Prawitt, D.F., Sharp, N.Y., & Wood, D.A. (2012). Internal audit outsourcing and the risk of misleading or fraudulent financial reporting: Did Sarbanes-Oxley get it wrong?. Contemporary Accounting Research, 29, 1109-1136. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=84385459&site=ehost-live

Shin, I., Lee, M., & Park, W. (2013). Implementation of the continuous auditing system in the ERP-based environment. Managerial Auditing Journal, 28, 592-627. doi:10.1108/MAJ-11-2012-0775Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=90608848&site=ehost-live

Whittington, O. R. & Pany, K. (2006). Principles of Auditing and Other Assurance Services, 15th ed. New York: MaGraw-Hill. Retrieved October 1, 2007 from http://highered.mcgraw-hill.com/sites/0073010847/student_view0/

Ye, M., & Simunic, D.A. (2013). The economics of setting auditing standards. Contemporary Accounting Research, 30, 1191-1215. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=90465460&site=ehost-live

Suggested Reading

Beldona, S. & Francis, V. (2007). Regression analysis for equipment auditing. Managerial Auditing Journal, 22, 809-822. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26412672&site=ehost-live

Burr, B. (2007). Auditors see 64% boost in corporate fees over 5 years. Pensions & Investments, 35, 29. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26572052&site=ehost-live

Snow, A. & Warren Jr., R. (2007). Audit uncertainty, Bayesian updating, and tax evasion. Public Finance Review, 35, 555-571. Retrieved October 1, 2007, from EBSCO Online Database Business Source Premier. http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=26322816&site=ehost-live

Essay by Heather Newton, J.D.