Audit is an independent inspection of the accounts of an organization. Accounts include all the financial statements maintained by the organization. An audit will give an independent and professional view if the accounts are maintained properly or not. The people qualified to conduct an audit are known as auditors who are generally chartered accountants qualified to review the financial statements. Auditors are required to follow the standards and regulations set by the Board. They prepare an audit report which includes all the necessary details about the organization and presents it to the manager of the company. An auditor who is appointed by the organization itself is known as an internal auditor. Whereas an auditor appointed by the Board of directors or any regulatory authority is known as an external auditor.
Initially, auditors are required to discuss and establish a scope of the work required to be done by them. This is done with the managers of the company who appoints an auditor. The auditor can conduct a detailed review of the history of the organization and also ask a series of questions to the employees or the Board. He can obtain written confirmation of the information. What an auditor cannot do is predict the future or provide a personal opinion on the information available to him. The auditor also cannot take personal interest in the organization. The auditor has to maintain a professional approach, integrity, confidentiality and an impartial view to the work.
The importance of an audit is to provide an opinion on the financial statements of the organization. It consists of providing an independent view if the financial statements are true and accurate. The reason behind this is to detect any errors and prevent the occurrence of frauds. There are various kinds of errors which could occur such as errors of commission, errors of omission and compensating errors. Errors of principle is another form which has a dual effect on the financial statements. To discover such errors, audit is important. And an auditor needs to review and check transactions to be able to provide an audit opinion.
An important aspect of audit is internal control which plays an essential role in an organization. Internal controls make it easier for an auditor to form an opinion about the financial statements. Internal control is the control established in an organization to ensure that a continuous check is maintained over the financial statements. Internal controls are established to ensure that the employees as well as the management maintains the required level of integrity and substance. Internal controls can be established by segregating the duties of different individuals so that no one person is able to complete the task. The employees should be made to take a leave after regular periods of time so that different individuals are capable of completing the tasks and hence no manipulation can be possible. Adequate control over authorization of expenses and budgets should be established. The budgets should be followed and regularly updated in case of any changes. No expenses exceeding a certain amount should be allowed to be paid without an authorization from the responsible person. The internal controls should be clearly established and communicated to everyone in the organization.
An audit committee is also a requirement for effective internal controls. The organization should maintain an audit committee which consists of the auditor and the management. The committee should meet regularly and address issues. Audit committee should be able to resolve issues and enable the management to make decisions on time. It is an effective means to ensure that internal controls are maintained and issues addressed.
Internal controls are important for the standardization of the functions in the business as well as it increases the reliability of the statements. If internal controls are effective, it automatically increases the reliability and efficiency of the statements. Internal controls help in maintenance of inventory and cash flows. Any changes in them can be recorded and required changes can be made. Internal controls are established based on the assumption of honesty. Most internal control procedures are based to avoid any errors which may occur. Though it is difficult to establish controls on any dishonest employees and frauds that may occur. The chances of frauds or errors are reduced to a certain extent due to internal controls. Internal controls standardize the functions and establish reliability. The auditor also needs to carry out less procedures where internal controls are effective. External auditor depends on the work of employees and internal auditor while expressing the opinion on financial statements. An audit of financial statements ensures that the processes are standardized and the reports are reliable. A probable way to reduce and detect fraud and embezzlement is to establish effective internal controls. Communication of internal control standards and good leadership ensure that there is less risk to the organization. Internal controls are an important part of auditing.
Auditing provides important information to the investors. There are many readers of a financial statement and one of them is potential investors. They derive adequate information from the auditors reports which state about the financial viability of the business. The investors study audit reports and generate information about the company along with the financial viability of them. Hence auditing is crucial for a company if it wants to borrow money from the banks or investors. Banks also study the financial statements of an organization before granting short term or long term loans. Hence it is important for organizations to submit audit reports when in requirement of a loan from the banks.
The important steps in conducting an audit are discussed further. Initiating the audit is the first step which consists of the audit agreement between the auditor and the organization. Once the auditor agrees to take up the audit assignment, he can begin his work of gathering the information and questioning the responsible personnel. The second step is preparation of the audit which is an important function. It is also the lengthiest phase of the audit process. The auditor gathers the information from various sources. The information gathering process begins with the history of the organization and with the study of the past audit reports. The fieldwork regarding the business of the organization, the way it functions, details of all the departments and the existence or nonexistence of internal control can be gathered. This phase of audit provides information to the auditor about the risk and control areas in the business. It ensures that the auditor knows which areas are more risky and need more control. It also helps the auditor assign tasks to personnel in the organization and to establish and explain the importance of an audit committee, internal control and an internal auditor.
The next step is conducting the audit. In the process of audit, the auditors can perform substantive testing or compliance testing. Substantive testing is used to substantiate the integrity of the processes and not controls established in an organization. It is used to know if the processes are working as per requirements. In compliance testing the auditor needs to ensure if the controls are working as per requirements. The auditor may not check each and every transaction in the organization. Sampling is a method of auditing which involves collecting a sample of data from all the available data. A sample can be the selected data which is used to check the authenticity and reliability of all the data. Sampling saves time as well as cost to the auditor and ensures that a judgment is derived from the selected sample.
Conducting an audit may take a long time depending on the size of the organization. If it a first time audit, it may take longer because it will be difficult for the auditor to generate all the required information. If the auditor has past records and past information, it will take less time to make a judgment and process information. After the audit is completed, another important step is to prepare an audit report. The report should be prepared in accordance with the guidelines of the Board and all the necessary information should be provided. All the requirements should be adhered to in the audit report. An audit report contains all the necessary information for a reader. From the details about the company to the industry analysis, from competitors to the risk factors and further details about the cash flow statements, income statement and a balance sheet. The auditor provides an opinion on the financial statement and it is a crucial opinion because a lot of information can be derived from the auditor opinion of a financial statement.
An important aspect of auditing is the audit working papers which are maintained and prepared by the auditor. Whatever information that the auditor derives from the organization is maintained in his working papers which are at his discretion. The auditor may provide the papers to the employee or the manager of the organization. The papers are the property of the auditor only. It is at his discretion if he wishes to share them or not. The auditor is also required to conduct an opening and closing meeting after the completion of the audit. This is to discuss the various aspects of the audit. The auditor may ask the organization to provide him with written confirmation from various parties. This could be possible in case of creditors or a bank or debtors. The auditor is free to discuss any matter relevant to his area in the meetings. An auditor discusses his audit opinion which is specified in the audit report. Additional information about a certain matter of dispute can also be asked for in a closing meeting.
An audit report consists of the auditors opinion about the financial statement of the organization. There are basically four types of audit reports which are discussed here. An unqualified opinion consists of the fact that all the financial statements are prepared in accordance with the requirements of the Board, the company is functioning in an appropriate manner, there is adequate disclosure of the necessary accounting policies. It is also known as a clean report, this is the best opinion any company can get. Banks look for an unqualified report when granting a loan and investors also look for an unqualified report when planning to invest in a company.
Then there is a qualified opinion report which is when the financial statements are misstated or when an auditor is unable to form an opinion from the available financial statements. In a case where the financial statements are not maintained in accordance with the requirements but no material misstatements have been discovered, the auditor will issue a qualified audit opinion. It is basically a clean report but includes a paragraph which states that the financial statements are not maintained as per requirements hence an audit opinion could not be formed.
An adverse opinion report is the worst report an organization can receive. It is provided when the financial statements are materially misstated and such misstatements have an effect on the reporting of the company. These are significant misstatements which affect the results of the company. It provides a negative information to the lenders or investors. Hence organizations aim to stay out of an adverse opinion of the auditor and try to steer clear of any doubts or misrepresentation discovered by the auditor. The auditor provides an opportunity to the organization to clarify the issues or to make necessary changes.
The last opinion is a disclaimer of opinion provided by the auditor when he is not independent enough or there has been a conflict of interest and he has not been able to generate adequate information. In case there are scope limitations or the auditor is not provided with all the necessary information and he is not independent enough to generate the information, he has to issue a disclaimer of opinion. This type of opinion is very rare and not generally used by the auditors. Such an audit report provides very less information about the audit and states the reasons for the disclaimer of opinion. The auditor also does not accept any responsibility of the financial statements since the audit was not thoroughly performed. Depending on the auditors opinion of financial statements, the organization and its functioning can be determined.
Auditing through a computer is an emerging method in the industry. There are various software for conducting an audit. Computerized audit has replaced the manual audit and also takes less time as well as less efforts. Computerized audits generate adequate information and produce reports as per standards. An auditor is required to plan the accordance with the audit software. Each item of revenue and expense can be checked through the use of audit software. The disadvantage of a computerized audit is the lack of an audit trail. An audit trail is a series of record maintained during a period of time. In case of a computerized audit, it is difficult to locate an audit trail because no record can be found. It also becomes easier to manipulate the data and delete records from an accounting software. When an auditor is conducting a computerized audit, it should be considered that he is aware of the technical work related to the computer and should also have the knowledge of an accounting software. No auditor can conduct an audit without prior information about the company. Hence he should gather all the required knowledge of the organizations working.
There are various types of audit tools available for a computerized audit. Some of which are discussed below. Snapshots are images which are maintained at the flow of a transaction. The software is built into the system at a point where material processing occurs and the images of the process are taken. These images can be utilized to assess the reliability and completeness of the transaction. In such a system, it is easier to locate the snapshot point, when it will be captured and how the data can be presented in an appropriate manner. Another technique is integrated test facility which involves the creation of a dummy entity in an application system files and the processing of audit test data against the entity as a means of verifying processing authenticity, accuracy and completeness. This input data can be used along with the normal data and the auditor can decide the method to be used to enter the data and hence the effects of the ITF transactions can be removed.
There are more methods like system control audit review file which uses various types of information to collect data. System control audit review file provides application system effort information, policy and procedural variance information, system exceptions which monitor various exceptions occurring in the system. It also generates statistical sample information using analytical tools. Snapshots and extended records along with performance measurement information can be generated using the scarf. It helps in continuous monitoring of the transactions of the system. Auditors can generate reports of the required information and review the files. Continuous auditing helps keep a constant check on the functions of the organization and ensures timely and detailed auditing. It reduces the amount of time and costs incurred in an audit. Software and hardware testing generate required information of the computer system.
Information system audits can be conducted by an auditor. There are various types of information system audits which are discussed here. System and applications audit which is used to verify that systems and applications are efficient appropriate and properly designed. Information processing facility is an audit which is used to verify that the processing facility is controlled to ensure timely, accurate and efficient processing of applications under normal and extreme conditions. Systems development audit is an audit which verifies that the systems under development meet the requirements of the organization and are developed in accordance with the established standards and requirements. Management of IT and enterprise architecture verifies that IT management has developed an organizational structure and procedure to ensure that a controlled and efficient IT environment is existing.
The risks with a computerized audit is the lack of knowledge of the users and auditors. The internal auditor or the system users may not be aware of the technical knowledge required for a computerized audit, another risk is the resistance to change which is found in many organizations. The employees or system users are not ready to change from the manual audit and are not willing to learn the use of a computer. This hampers the efficiency and effectiveness of a computer based audit.
Hence auditing is an essential and an extremely important part of any organization. Profit making or not for profit organization. Audit provides required information for the readers and also ensures that the financial statements are reliable as well as properly maintained. Any cases of fraud or deception can be discovered and avoided. Auditors play a crucial role in any organization. The importance of audit should be understood by all the organizations and it should not be adhered to only to fulfill the requirements of the Board. Instead audit should be accepted as a part of the business and it should be regularly conducted so that adequate information is generated and processed. Any unreliable information or chances of fraud discovered in the process of audit should be reported as a red flag to the organization who will look into the matter and ensure that such acts do not occur. Implementing an internal control system also reduces the chances of fraud to a great extent. An auditor is not a watchdog who looks into each and every action of the organization, instead an auditor is the one who provides detailed information and guides the organization towards the right pa
Works Cited
Audit Trails. n.d. <http://csrc.nist.gov/publications/nistbul/itl97-03.txt>.
Audit Working Papers. 23 Sept 2014. <http://www.accaglobal.com/in/en/student/acca-qual-student-journey/qual-resource/acca-qualification/f8/technical-articles/effective-audit-service.html>.
Cagan, Michele. The Importance of Internal Controls. n.d. <http://www.netplaces.com/accounting/more-ways-accounting-helps-your-business/the-importance-of-internal-controls.htm>.
Fennelly, Carole. IT Security Auditing: Best practices for conducting audits. n.d. <http://searchsecurity.techtarget.com/IT-security-auditing-Best-practices-for-conducting-audits>.
Henderson, K J. What are the 4 types of audit report? n.d. <http://smallbusiness.chron.com/4-types-audit-reports-3794.html>.
Internal Audit Process. n.d. <http://www.uottawa.ca/int-audit/internal-audit-pro.html>.
Objectives of audit and advantages of auditing. n.d. <http://youcanwin.hubpages.com/hub/Objectives-and-advantages-of-Audit>.
Pilot, Jayne. Five steps in conducting audits. n.d. <http://www.complianceonline.com/five-steps-in-conducting-audits-iso-19011-webinar-training-700284-prdw>.
Pwc. What is an audit? n.d. <http://www.pwc.com.au/assurance/financial/statements/audit.htm>.
Shankar, Sheila. The importance of having good internal controls in place for inventory. n.d. <http://smallbusiness.chron.com/importance-having-good-internal-controls-place-inventory-20515.html>.
