An audit is a systematic process of objectively obtaining and evaluating the accounts or financial records of a governmental, business, or other entity. Whereas some businesses rely on audits conducted by employees—these are called internal audits—others utilize external or independent auditors to handle this task (some businesses rely on both types of audits in some combination). "The primary objective of the external audit is to add credibility to the financial statements of management," said Leonard Savoie in What Every Manager Needs to Know About Finance. "The role of the external auditor is to render an independent professional opinion on the fairness of financial statements to the extent that is required by generally accepted auditing standards." External audits are often used by smaller businesses that do not have the resources or inclination to maintain internal audit systems.
The primary goal of internal auditing is to determine the extent to which the organization adheres to managerial policies, procedures, and requirements. The independent or external auditor, on the other hand, is not an employee of the organization. He or she performs an examination with the objective of issuing a report containing an opinion on a client's financial statements. The attest function of external auditing refers to the auditor's expression of an opinion on a company's financial statements. The typical independent audit leads to an attestation regarding the fairness and dependability of the statements. This is communicated to the officials of the audited entity in the form of a written report accompanying the statements (an oral presentation of findings may sometimes be requested as well). During the course of an audit study, the external auditor also becomes well-acquainted with the virtues and flaws of the client's accounting procedures. As a result, the auditor's final report to management often includes recommendations on methodologies of improving internal controls that are in place.
Major types of audits conducted by external auditors include the financial statements audit, the operational audit, and the compliance audit. A financial statement audit (or attest audit) examines financial statements, records, and related operations to ascertain adherence to generally accepted accounting principles. An operational audit examines an organization's activities in order to assess performances and develop recommendations for improvements, or further action. A compliance audit has as its objective the determination of whether an organization is following established procedures or rules. Auditors also perform statutory audits, which are performed to comply with the requirements of a governing body, such as a federal, state, or city government or agency.
The auditing process is based on standards, concepts, procedures, and reporting practices that are primarily imposed by the American Institute of Certified Public Accountants (AICPA). The auditing process relies on evidence, analysis, conventions, and informed professional judgment. General standards are brief statements relating to such matters as training, independence, and professional care. AICPA general standards declare that:
Standards of fieldwork provide basic planning standards to be followed during audits. AICPA standards of field work stipulate that:
Standards of reporting describe auditing standards relating to the audit report and its requirements. AICPA standards of reporting stipulate that the auditor indicate whether the financial statements examined were presented in accordance with generally accepted accounting principles; whether such principles were consistently observed in the current period in relation to the preceding period; and whether informative disclosures to the financial statements were adequate. Finally, the external auditor's report should include 1) an opinion about the financial statements/records that were examined, or 2) a disclaimer of opinion, which typically is included in instances where, for one reason or another, the auditor is unable to render an opinion on the state of the business's records.
The independent auditor generally proceeds with an audit according to a set process with three steps: planning, gathering evidence, and issuing a report.
In planning the audit, the auditor develops an audit program that identifies and schedules audit procedures that are to be performed to obtain the evidence. Audit evidence is proof obtained to support the audit's conclusions. Audit procedures include those activities undertaken by the auditor to obtain the evidence. Evidence-gathering procedures include observation, confirmation, calculations, analysis, inquiry, inspection, and comparison. An audit trail is a chronological record of economic events or transactions that have been experienced by an organization. The audit trail enables an auditor to evaluate the strengths and weaknesses of internal controls, system designs, and company policies and procedures.
THE AUDIT REPORT The independent audit report sets forth the independent auditor's findings about the business's financial statements and their level of conformity with generally accepted accounting principles, applied on a basis consistent with that of the preceding year (or in conformity with some other comprehensive basis of accounting that is appropriate for the organization). A fair presentation of financial statements is generally understood by accountants to refer to whether the accounting principles used in the statements have general acceptability; the accounting principles are appropriate in the circumstances; the financial statements are prepared so they can be used, understood, and interpreted; the information presented in the financial statements is classified and summarized in a reasonable manner; and the financial statements reflect the underlying events and transactions in a way that presents an accurate portrait of financial operations and cash flows within reasonable and practical limits.
The auditor's unqualified report contains three paragraphs. The introductory paragraph identifies the financial statements audited, states that management is responsible for those statements, and asserts that the auditor is responsible for expressing an opinion on them. The scope paragraph describes what the auditor has done and specifically states that the auditor has examined the financial statements in accordance with generally accepted auditing standards and has performed appropriate tests. The opinion paragraph expresses the auditor's opinion (or formally announces his or her lack of opinion and why) on whether the statements are in accordance with generally accepted accounting principles.
Various audit opinions are defined by the AICPA's Auditing Standards Board as follows:
The fair presentation of financial statements does not mean that the statements are fraud-proof. The independent auditor has the responsibility to search for errors or irregularities within the recognized limitations of the auditing process. Investors should examine the auditor's report for citations of problems such as debt-agreement violations or unresolved lawsuits. "Going-concern" references can suggest that the company may not be able to survive as a functioning operation. If an "except for" statement appears in the report, the investor should understand that there are certain problems or departures from generally accepted accounting principles in the statements, and that these problems may cast into question whether the statements fairly depict the company's financial situation. These statements typically require the company to resolve the problem or somehow make the accounting treatment acceptable.
Detection of potentially fraudulent financial recordkeeping and reporting is one of the central charges of the external auditor. According to Fraudulent Financial Reporting, 1987-1997, a study published by the Committee of Sponsoring Organizations of the Treadway Commission, most companies charged with financial fraud by the Securities and Exchange Commission (SEC) posted far less than $100 million in assets and revenues in the year preceding the fraud. Not surprisingly, fraud cropped up most often in companies in the grips of financial stress, and it was perpetrated most often by top-level executives or managers. According to the study, more than 50 percent of fraudulent acts uncovered by the SEC involved overstatements of revenue by recording revenues prematurely or fictitiously. As the study's authors, Mark Beasley, Joseph Carcello, and Dana Hermanson, noted in Strategic Finance, fraudulent techniques in this area included false sales, recording revenues before all terms were satisfied, recording conditional sales, improper cutoffs of transactions at period end, improper use of percentage of completion, unauthorized shipments, and recording of consignment sales as completed sales. In addition, many firms overstated asset values such as inventory, accounts receivable, property, equipment, investments, and patent accounts. Other types of fraud detailed in the study included misappropriation of assets (12 percent of charged companies) and understatement of liabilities and expenses (18 percent).
Accidental misstatements are inevitably detected in audits. But these errors should not be confused with fraudulent activity. "Errors …can occur at any time, in any place with unpredictable financial statement effects," wrote Alan Reinstein and Gregory Coursen in National Public Accountant. "A strong internal control structure can reduce the risk of material errors by placing in operation policies and procedures designed to prevent errors from occurring or to detect and correct errors that do occur. Fraud, on the other hand, is intentional. Both employee fraud (defalcations and theft) and management fraud (fraudulent financial reporting) are usually accomplished by circumventing internal controls. Thus, strong internal controls are often inadequate to detect material fraud. Accordingly, auditors should increase their ability to recognize when conditions indicate potentially higher risks of employee or management fraud."
In order to minimize a company's exposure to employee or management fraud, business owners should be aware of these conditions as well. In cases of employee fraud, W. Steven Albrecht, Edwin Williams, and Timothy Williams noted the following primary factors in play:
Fraud committed at the management/ownership level, meanwhile, typically involves efforts to improve personal fortunes (financially and/or professionally) by presenting a false picture of a firm's true status. Management fraud, observed Reinstein and Coursen, generally proceeds from the following incentives:
Given these various risk factors—all of which may be detected as part of the external audit process—business owners and managers are urged to establish firm and effective internal controls on financial reporting and to objectively examine the prevailing company culture. "We can't overstate the importance of the 'tone at the top,"' stated Beasley, Carcello, and Hermanson. "If you're a controller or other manager responsible for designing and monitoring internal performance benchmarking measures, you should evaluate how much pressure those measures place on senior executives and other employees to meet or exceed company performance targets for compensation and other rewards, such as promotions." In addition, companies should review whether external pressures (from lenders, customers, institutional investors, or analysts) might be creating an environment conducive to fraudulent financial reporting.
Experts urge business owners to establish proactive working relationships with external auditors. In order to accomplish this, companies should make sure that they:
"Some question whether auditors can take on more of a consulting role and still maintain the independence required to effectively perform their auditing responsibilities," wrote Karen Kroll in Industry Week. She notes that some observers question whether audit firms that fulfill consulting roles might compromise their auditing functions if they become financially dependent on certain clients. Another concern, Kroll notes is that "when auditors also act as consultants, the risk exists that they could end up reviewing a system or process they helped to implement." But other analysts contend that auditing firms are instituting operational practices to ensure that their auditing function remains uncompromised.
Albrecht, W. Steven, Edwin A. Williams, and Timothy L. Williams. "Reducing the Cost of Fraud." Internal Auditor. February 1994.
Beasley, Mark S., Joseph V. Carcello, Dana R. Hermanson. "Just Say No." Strategic Finance . May 1999.
Davidson, Jeffrey P., and Charles W. Dean. Cash Traps: Small Business Secrets for Reducing Costs and Improving Cash Flow. John Wiley, 1992.
Delaney, P.R. CPA Examination Review: Auditing . John Wiley, 1994.
Fraudulent Financial Reporting, 1987-1997: An Analysis of U.S. Public Companies. COSO, 1999.
Kroll, Karen M. "Auditors: No Longer Shooting the Wounded?" Industry Week. April 20, 1998.
Reinstein, Alan, and Gregory A. Coursen. "Considering the Risk of Fraud: Understanding the Auditor's New Requirements." National Public Accountant. March-April 1999.
Savoie, Leonard M. "The External Audit." In What Every Manager Needs to Know About Finance. Hubert D. Vos, ed. New York: AMACOM, 1986.
Zeune, Gary D. "Auditors Will be Required to Detect Fraud." Business Credit. September 1996.