TYPES OF AUDITS AND AUDITORS (STUDY OBJECTIVE 2)
An audit is a type of assurance service that involves accumulating and analyzing support for information provided by others. The main purpose of the audit is to assure users of financial information about the accuracy and completeness of the information. To carry out an audit, accountants collect and evaluate proof of procedures, transactions, and/or account balances and compare the information with established criteria. The three primary types of audits include compliance audits, operational audits, and financial statement audits. Although all audits involve an investigation of supporting information, each type of audit has a different purpose. Compliance audits determine whether the company has complied with regulations and policies established by contractual agreements, governmental agencies, company management, or other high authority. Operational audits assess operating policies and procedures for efficiency and effectiveness. Financial statement audits determine whether the company has prepared and presented its financial statements fairly, and in accordance with established financial accounting criteria.
Audits are typically conducted by accountants who have knowledge of the established criteria. For example, financial statement audits are performed by certified public accountants (CPAs) who have extensive knowledge of generally accepted accounting principles (GAAP) in the United States and/or International Financial Reporting Standards (IFRS). There are different types of audit specialization that exist in business practice today, including internal auditors, IT auditors, government auditors, and CPA firms. An internal auditor is an employee of the company that he or she audits. Most large companies have a staff of internal auditors who perform compliance, operational, and financial audit functions at the request of management. Some internal auditors achieve special certification as certified internal auditors (CIAs). IT auditors specialize in information systems assurance, control, and security, and they may work for CPA firms, government agencies, or with the internal audit group for any type of business organization. Some IT auditors achieve special certification as certified information systems auditors (CISAs). Government auditors conduct audits of government agencies or income tax returns. CPA firms represent the interests of the public by performing independent audits of many types of business organizations.
Each type of auditor may perform any of the three types of audits described earlier. However, only CPA firms can conduct financial statement audits of companies whose stock is sold in public markets such as the New York Stock Exchange. An important requirement for CPA firms is that they must be neutral with regard to the company being audited. This requirement of neutrality allows the CPA firm to provide a completely unbiased opinion on the information it audits, and it is the foundation of an external audit performed by CPAs. An external audit is performed by independent auditors who are objective and neutral with respect to the company and information being audited. To keep their neutrality, CPA firms and their individual CPAs are generally prohibited from having financial connections with client companies and from having personal ties to those working for client companies. A CPA's objectivity could be impaired by having financial and personal relationships with a client company or with anyone having the ability to influence the client's decisions and financial reporting activities.
THE REAL WORLD
Top management at Ford Motor Co. is proud of the fact that Ford was the only U.S. auto manufacturer to make it through the darkest days of the economic recession (between 2008–2010) without government assistance. This is due, in part, to Ford's long history of focusing on financial processes and controls, and its ability to alter its processes under pressures of elevated risks or new compliance requirements. A key element in this process is a rotational succession and development plan in use for staffing Ford's internal audit team. Under this model, the internal audit department is comprised of experienced professionals on rotation from the company's finance and IT functions, who serve the internal audit department for two to three years before returning to a previous or different functional area. This allows Ford's personnel to gain broad corporate exposure and to develop strong risk, control, and compliance skills to take with them to the various areas where they will work after their internal audit stint. This also helps to promote the importance of the internal audit function throughout the organization. By carefully planning the succession so that no new auditors will audit their prior functions for at least 12 months, Ford's plan ensures that its internal auditors maintain a high level of objectivity.
The Ford example illustrates the importance of an objective and diligent internal audit practice and its strong link to the finance and technology functions.
Any audit may be affected by the amount and type of computerization used by the company. All types of auditors should have knowledge concerning technology-based systems so that they can properly audit IT systems. The remainder of this chapter will concentrate on financial statement audits conducted by CPA firms, as this is the most common type of audit service used in the modern business world. However, many of the topics applicable to financial statement audits conducted by CPA firms are also applicable to other types of audits performed by other types of auditors. The company's internal auditors may also assist in the performance of a financial statement audit, but only an independent CPA may issue an opinion on the overall fair presentation of the financial statements.
Performing financial statement audits is a main service of CPA firms, and they devote a large portion of time to these audits. Because many companies that are audited now use sophisticated IT accounting systems to prepare financial statements, it is increasingly important for auditors to enhance the quality of their services in auditing those systems. IT auditing is a part of the financial statement audit that evaluates a company's computerized accounting information systems. Since the IT processes are typically a major factor in the financial statement audit, an auditor must gain a sufficient understanding of the characteristics of a company's IT system. Although auditors do not need to be experts on the intricacies of computer systems, they do need to understand the impact of IT on the company's accounting systems and internal controls.
As mentioned previously, a financial statement audit is conducted in order to express an opinion on the fair presentation of financial statements. This is the primary goal of a financial statement audit, and this goal is not affected by the presence or absence of IT accounting systems. However, the use of computers may significantly change the way a company processes and communicates information, and it may affect the underlying internal controls. Therefore, the IT environment plays a key role in how auditors conduct their work in the following areas:
- Consideration of risk
- Audit procedures used to obtain knowledge of the accounting and internal control systems
- Design and performance of audit tests