An audit is a systematic process of objectively obtaining and evaluating the accounts or financial records of a governmental, business, or other entity. Whereas some businesses rely on audits conducted by employees—these are called internal audits—others utilize external or independent auditors to handle this task (some businesses rely on both types of audits in some combination).
External auditors are authorized by law to examine and publicly issue an opinion on the reliability of corporate financial reports. Dennis Applegate describes the history of the external audits in an article appearing in the magazine Internal Auditor as follows. "The U.S. Congress shaped the external auditing profession and created its primary audit objective with the passage of the Securities Act of 1933 and the Securities Exchange Act of 1934. This combined legislation requires independent financial audits of all firms whose capital stock is bought and sold in open markets. Its purpose, in part, is to ensure that the financial status and operating performance of publicly traded companies are fairly presented and disclosed." Firms not obliged by law to perform external audits often contract for such accounting services nonetheless. Smaller businesses, for example, that do not have the resources or inclination to maintain internal audit systems will often have external audits done on a regular basis as a sort of safeguard against errors or fraud.
The primary goal of external auditing is to determine the extent to which the organization adheres to managerial policies, procedures, and requirements. The independent or external auditor is not an employee of the organization. He or she performs an examination with the objective of issuing a report containing an opinion on a client's financial statements. The attest function of external auditing refers to the auditor's expression of an opinion on a company's financial statements. The typical independent audit leads to an attestation regarding the fairness and dependability of the statements. This is communicated to the officials of the audited entity in the form of a written report accompanying the statements (an oral presentation of findings may sometimes be requested as well). During the course of an audit study, the external auditor also becomes well-acquainted with the virtues and flaws of the client's accounting procedures. As a result, the auditor's final report to management often includes recommendations on methodologies of improving internal controls that are in place.
Major types of audits conducted by external auditors include the financial statements audit, the operational audit, and the compliance audit. A financial statement audit (or attest audit) examines financial statements, records, and related operations to ascertain adherence to generally accepted accounting principles. An operational audit examines an organization's activities in order to assess performances and develop recommendations for improvements, or further action. Auditors perform statutory audits which are performed to comply with the requirements of a governing body, such as a federal, state, or city government or agency. A compliance audit has as its objective the determination of whether an organization is following established procedures or rules.
The rules that must be followed by publicly traded companies changed in 2002 with the passage of the Sarbanes-Oxley Act. This act came about in the wake of the 2001 bankruptcy filing by Enron, and subsequent revelations about fraudulent accounting practices within the company. Enron was only the first in a string of high-profile bankruptcies. Serious allegations of accounting fraud followed and extended beyond the bankrupt firms to their accounting firms. The legislature acted quickly to fortify financial reporting requirements and stem the decline in confidence that resulted from the wave of bankruptcies.
The Sarbanes-Oxley Act is a wide-reaching and complex law that imposes heavy reporting requirements on all publicly traded companies. Meeting the requirements of this law has increased the workload of auditing firms. In particular, Section 404 of the Sarbanes-Oxley Act requires that a company's annual report include an official write-up by management about the effectiveness of the company's internal controls. The section also requires that outside auditors attest to management's report on internal controls. An external audit is required in order to attest to the management report.
The auditing process is based on standards, concepts, procedures, and reporting practices that are primarily imposed by the American Institute of Certified Public Accountants (AICPA). The auditing process relies on evidence, analysis, conventions, and informed professional judgment. General standards are brief statements relating to such matters as training, independence, and professional care. AICPA general standards declare that:
Standards of fieldwork provide basic planning standards to be followed during audits. The AICPA's standards for fieldwork stipulate that:
Standards of reporting describe auditing standards relating to the audit report and its requirements. AICPA standards of reporting stipulate that the auditor indicate whether the financial statements examined were presented in accordance with generally accepted accounting principles; whether such principles were consistently observed in the current period in relation to the preceding period; and whether informative disclosures to the financial statements were adequate. Finally, the external auditor's report should include 1) an opinion about the financial statements/records that were examined, or 2) a disclaimer of opinion, which typically is included in instances where, for one reason or another, the auditor is unable to render an opinion on the state of the business's records.
The independent auditor generally proceeds with an audit according to a set process with three steps: planning, gathering evidence, and issuing a report.
In planning the audit, the auditor develops an audit program that identifies and schedules audit procedures that are to be performed to obtain the evidence. Audit evidence is proof obtained to support the audit's conclusions. Audit procedures include those activities undertaken by the auditor to obtain the evidence. Evidence-gathering procedures include observation, confirmation, calculations, analysis, inquiry, inspection, and comparison. An audit trail is a chronological record of economic events or transactions that have been experienced by an organization. The audit trail enables an auditor to evaluate the strengths and weaknesses of internal controls, system designs, and company policies and procedures.
The independent audit report sets forth the independent auditor's findings about the business's financial statements and their level of conformity with generally accepted accounting principles. A check is made to verify that representations over a period of years are consistent. A fair presentation of financial statements is generally understood by accountants to refer to whether the accounting principles used in the statements have general acceptability. This includes such things as 1) the accounting principles are appropriate in the circumstances; 2) the financial statements are prepared so they can be used, understood, and interpreted; 3) the information presented in the financial statements is classified and summarized in a reasonable manner; and 4) the financial statements reflect the underlying events and transactions in a way that presents an accurate portrait of financial operations and cash flows within reasonable and practical limits.
The auditor's unqualified report contains three paragraphs. The introductory paragraph identifies the financial statements audited, states that management is responsible for those statements, and asserts that the auditor is responsible for expressing an opinion on them. The scope paragraph describes what the auditor has done and specifically states that the auditor has examined the financial statements in accordance with generally accepted auditing standards and has performed appropriate tests. The opinion paragraph expresses the auditor's opinion (or formally announces his or her lack of opinion and why) on whether the statements are in accordance with generally accepted accounting principles.
Various audit opinions are defined by the AICPA's Auditing Standards Board as follows:
The fair presentation of financial statements does not mean that the statements are fraud-proof. The independent auditor has the responsibility to search for errors or irregularities within the recognized limitations of the auditing process. Investors should examine the auditor's report for citations of problems such as debt-agreement violations or unresolved lawsuits. "Going-concern" references can suggest that the company may not be able to survive as a functioning operation. If an "except for" statement appears in the report, the investor should understand that there are certain problems or departures from generally accepted accounting principles in the statements, and that these problems may call into question whether the statements fairly depict the company's financial situation. These statements typically require the company to resolve the problem or somehow make the accounting treatment acceptable.
Detection of potentially fraudulent financial record keeping and reporting is one of the central charges of the external auditor. According to Fraudulent Financial Reporting, 1987—1997, a study published by the Committee of Sponsoring Organizations of the Treadway Commission, most companies charged with financial fraud by the Securities and Exchange Commission (SEC) posted far less than $100 million in assets and revenues in the year preceding the fraud. Not surprisingly, fraud cropped up most often in companies in the grips of financial stress, and it was perpetrated most often by top-level executives or managers. According to the study, more than 50 percent of fraudulent acts uncovered by the SEC involved overstatements of revenue by recording revenues prematurely or fictitiously.
As the study's authors, Mark Beasley, Joseph Carcello, and Dana Hermanson, noted in Strategic Finance, fraudulent techniques in this area included false sales, recording revenues before all terms were satisfied, recording conditional sales, improper cutoffs of transactions at period end, improper use of percentage of completion, unauthorized shipments, and recording of consignment sales as completed sales. In addition, many firms overstated asset values such as inventory, accounts receivable, property, equipment, investments, and patent accounts. Other types of fraud detailed in the study included misappropriation of assets (12 percent of charged companies) and understatement of liabilities and expenses (18 percent).
Accidental misstatements are almost always detected in audits. But these errors should not be confused with fraudulent activity. Errors can occur at any time, in any place with unpredictable financial statement effects. Fraud, on the other hand, is intentional and is often more difficult to detect than are errors. Part of the job of an external auditor is to recognize when conditions indicate potentially higher risks of employee or management fraud and then increase the scrutiny of all records accordingly.
Experts urge business owners to establish proactive working relationships with external auditors. In order to accomplish this, companies should make sure that they:
The 1980s and 90s saw an increase in the types of service offered by accounting firms. The situation became so prevalent that, according to an article on the subject in Internal Auditor, 307 of the Standard & Poor's 500 companies paid their audit firms, on average, almost three times as much in fees for non-auditing services as for auditing itself. Many analysts believe that it was the resulting conflict of interest that was at least partially responsible for the rash of bankruptcies of large corporations which occurred in the early 2000s. How important accounting firm collaboration was in the accounting fraud of the early 2000s has yet to be fully determined. However, passage of the Sarbanes-Oxley Act in 2002 put into place increased restrictions on the consulting services that an accounting firm can offer the clients for which it performs audits.
Beasley, Mark S., Joseph V. Carcello, and Dana R. Hermanson. "Just Say No." Strategic Finance. May 1999.
Hake, Eric R. "Financial Illusion: Accounting for Profits in an Enron World." Journal of Economic Issues. September 2005.
Pearlman, Laura. "They Can Have the Leftovers." Corporate Counsel. July 2001.
Pilla, Daniel J. The IRS Problem Solver. HarperCollins, 2004.
Reed, A. "Companies Pay More for Nonaudit Services." Internal Auditor. June 2001.
Reinstein, Alan, and Gregory A. Coursen. "Considering the Risk of Fraud: Understanding the Auditor's New Requirements." National Public Accountant. March-April 1999.
Yee, Ho Siew, "Accounting Fraud Cases Up Globally." Business Times. 14 December 2005.