Due to strong incentives (including
taxation,
misselling and other forms of fraud) to misstate financial information, auditing has become a legal requirement for many entities who have the power to exploit financial information for personal gain. Traditionally, audits were mainly associated with gaining information about financial systems and the financial records of a company or a business. Financial audits also assess whether a business or corporation adheres to legal duties as well as other applicable statutory customs and regulations. Financial audits are performed to ascertain the
validity and
reliability of information, as well as to provide an
assessment of a system's
internal control. The third party auditor will express an opinion of the person, organization, or system in question. The opinion given on financial statements will depend on the
audit evidence obtained. A statutory audit is a legally required review of the accuracy of a company's or government's financial statements and records. The purpose of a statutory audit is to determine whether an organization provides a fair and accurate representation of its financial position by examining information such as bank balances, bookkeeping records, and financial transactions. Due to constraints, an audit seeks to provide only
reasonable assurance that the statements are free from
material error. Hence, statistical sampling is often adopted in audits. In the case of
financial audits, a set of
financial statements are said to be true and fair when they are free of material misstatements – a concept influenced by both
quantitative (numerical) and
qualitative factors. Recently, the argument that auditing should go beyond just true and fair is gaining momentum, and the US
Public Company Accounting Oversight Board has come out with a concept release on the same.
Cost accounting is a process for verifying the cost of manufacturing or producing of any article, on the basis of accounts measuring the use of material, labor or other items of cost. The term "
cost audit" refers to a systematic and accurate verification of the cost accounts and records, and checking for adherence to the cost accounting objectives. According to the Institute of Cost and
Management Accountants, a
cost audit is "an examination of cost accounting records and verification of facts to ascertain that the cost of the product has been arrived at, in accordance with principles of cost accounting." In most nations, an audit must adhere to generally accepted standards established by governing bodies. These standards assure third parties or external users that they can rely upon the auditor's opinion on the fairness of financial statements or other subjects on which the auditor expresses an opinion. The audit must therefore be precise and accurate, containing no additional misstatements or errors.
Integrated audits In the US, audits of
publicly traded companies are governed by rules laid down by the
Public Company Accounting Oversight Board (PCAOB), which was established by Section 404 of the
Sarbanes–Oxley Act of 2002. Such an audit is called an integrated audit, where auditors, in addition to an opinion on the financial statements, must also express an opinion on the
effectiveness of a company's
internal control over financial reporting, in accordance with PCAOB Auditing Standard No. 5. There are also new types of integrated auditing becoming available that use unified compliance material (see the unified compliance section in
Regulatory compliance). Due to the increasing number of regulations and need for operational transparency, organizations are adopting
risk-based audits that can cover multiple regulations and standards from a single audit event. This is a very new but necessary approach in some sectors to ensure that all the necessary
governance requirements can be met without duplicating effort from both audit and audit hosting resources.
Assessments The purpose of an assessment is to measure something or calculate a value for it. An auditor's objective is to determine whether financial statements are presented fairly, in all material respects, and are free of material misstatement. Although the process of producing an assessment may involve an audit by an independent professional, its purpose is to provide a measurement rather than to express an opinion about the fairness of statements or quality of performance.
Auditors Auditors of financial statements & non-financial information (including compliances audit) can be classified into various categories: • An
external auditor or
statutory auditor is an independent firm engaged by the client subject to the audit to express an opinion on whether the company's
financial statements are free of material misstatements, whether due to fraud or error. For
publicly traded companies, external auditors may also be required to express an opinion on the effectiveness of
internal controls over
financial reporting. External auditors may also be engaged to perform other agreed-upon procedures, related or unrelated to financial statements. Most importantly, external auditors, though engaged and paid by the company being audited, should be regarded as independent and have the status of a third party. • A
cost auditor or statutory cost auditor is an independent firm engaged by the client subject to the cost audit to express an opinion on whether the company's
cost statements and cost sheet are free of material misstatements, whether due to fraud or error. For
publicly traded companies, external auditors may also be required to express an opinion on the effectiveness of
internal controls over cost reporting. These specialized auditors are called Cost Accountants in India, and globally either Cost and Management Accountants or Certified Management Accountants. • Government auditors review the finances and practices of government bodies. In the United States, these auditors report their finds to Congress, which uses them to create and manage policies and budgets. Government auditors work for the U.S. Government Accountability Office, and most state governments have similar departments to audit state and municipal agencies. • A secretarial
auditor or statutory secretarial auditor is an independent firm engaged by a client subject to an audit of its compliance to secretarial and other applicable laws to express an opinion on whether the company's
secretarial records and
compliance of applicable laws are free of material misstatements, whether due to fraud or error, as these invite heavy fines or penalties. For
bigger public companies, external secretarial auditors may also be required to express an opinion on the effectiveness of
internal controls over the client's compliance system management. In India, these auditors are called company secretaries, and are members of the Institute of Company Secretaries of India, holding a Certificate of Practice. (http://www.icsi.edu/) •
Internal auditors are employed by the organizations they audit. They work for government agencies (federal, state and local); for publicly traded companies; and for non-profit companies across all industries. The internationally recognized standard setting body for the profession is the Institute of Internal Auditors, or IIA (www.theiia.org). The IIA has defined internal auditing as follows: "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes". Thus professional internal auditors provide independent and objective audit and consulting services focused on evaluating whether the board of directors, shareholders, stakeholders, and corporate executives have reasonable assurance that the organization's governance, risk management, and control processes are designed adequately and function effectively. Internal audit professionals (
Certified Internal Auditors - CIAs) are governed by the international professional standards and code of conduct of the Institute of Internal Auditors. While internal auditors are not independent of the companies that employ them, independence and objectivity are a cornerstone of the IIA professional standards, and are discussed at length in the standards and the supporting practice guides and practice advisories. Professional internal auditors are mandated by IIA standards to be independent of the business activities they audit. This independence and objectivity are achieved through the organizational placement and reporting lines of the internal audit department. Internal auditors of publicly traded companies in the United States are required to report functionally to the board of directors directly, or a sub-committee of the board of directors (typically the audit committee), and not to management except for administrative purposes. They follow standards described in the professional literature for the practice of internal auditing (such as Internal Auditor, the journal of the IIA), or other similar and generally recognized frameworks for management control when evaluating an entity's governance and control practices; and apply COSO's "Enterprise Risk Management-Integrated Framework" or other similar and generally recognized frameworks for entity-wide risk management when evaluating an organization's entity-wide risk management practices. Professional internal auditors also use
control self-assessment (CSA) as an effective process for performing their work. • Consultant auditors are external personnel contracted by a client to perform an audit following the client's
auditing standards. This differs from the
external auditor, who follows their own auditing standards. The level of independence is therefore somewhere between the internal auditor and the external auditor. The consultant auditor may work independently, or as part of an audit team that includes internal auditors. Consultant auditors are used when the firm lacks sufficient expertise to audit certain areas, or simply for staff augmentation when staff are not available. The most commonly used external audit standards are the US
GAAS of the
American Institute of Certified Public Accountants and the
International Standards on Auditing (ISA) developed by the
International Auditing and Assurance Standard.
Technological developments Recent advances in artificial intelligence and automation are reshaping audit practice. Audit firms now apply data analytics and machine-learning techniques to analyze entire datasets instead of statistical samples, improving anomaly detection and efficiency. However, these technologies also introduce challenges related to data quality, algorithmic bias, and the need for professional judgment. ==Performance audits==