An audit is a systematic process of objectively obtaining and evaluating the accounts or financial records of a governmental, business, or other entity. Whereas some businesses rely on audits conducted by employees—these are called internal audits—others utilize external or independent auditors to handle this task (some businesses rely on both types of audits in some combination). "The primary objective of the external audit is to add credibility to the financial statements of management," said Leonard Savoie in What Every Manager Needs to Know About Finance. "The role of the external auditor is to render an independent professional opinion on the fairness of financial statements to the extent that is required by generally accepted auditing standards." External audits are often used by smaller businesses that do not have the resources or inclination to maintain internal audit systems.
The primary goal of internal auditing is to determine the extent to which the organization adheres to managerial policies, procedures, and requirements. The independent or external auditor, on the other hand, is not an employee of the organization. He or she performs an examination with the objective of issuing a report containing an opinion on a client's financial statements. The attest function of external auditing refers to the auditor's expression of an opinion on a company's financial statements. The typical independent audit leads to an attestation regarding the fairness and dependability of the statements. This is communicated to the officials of the audited entity in the form of a written report accompanying the statements (an oral presentation of findings may sometimes be requested as well). During the course of an audit study, the external auditor also becomes well-acquainted with the virtues and flaws of the client's accounting procedures. As a result, the auditor's final report to management often includes recommendations on methodologies of improving internal controls that are in place.
Major types of audits conducted by external auditors include the financial statements audit, the operational audit, and the compliance audit. A financial statement audit (or attest audit) examines financial statements, records, and related operations to ascertain adherence to generally accepted accounting principles. An operational audit examines an organization's activities in order to assess performances and develop recommendations for improvements, or further action. A compliance audit has as its objective the determination of whether an organization is following established procedures or rules. Auditors also perform statutory audits, which are performed to comply with the requirements of a governing body, such as a federal, state, or city government or agency.
INDEPENDENT AUDITING STANDARDS
The auditing process is based on standards, concepts, procedures, and reporting practices that are primarily imposed by the American Institute of Certified Public Accountants (AICPA). The auditing process relies on evidence, analysis, conventions, and informed professional judgment. General standards are brief statements relating to such matters as training, independence, and professional care. AICPA general standards declare that:
* External audits should be performed by a person or persons having adequate technical training and proficiency as an auditor.
* The auditor or auditors maintain complete independence in all matters relating to the assignment.
* The independent auditor or auditors should make sure that all aspects of the examination and the preparation of the audit report are carried out with a high standard of professionalism.
Standards of fieldwork provide basic planning standards to be followed during audits. AICPA standards of field work stipulate that:
* The work is to be adequately planned and assistants, if any, are to be properly supervised.
* Independent auditors will carry out proper study and evaluation of the existing internal controls to determine their reliability and suitability for conducting all necessary auditing procedures.
* External auditors will make certain that they are able to review all relevant evidential materials, whether obtained through inspection, observation, inquiries, or confirmation, so that they can form an informed and reasonable opinion regarding the quality of the financial statements under examination.
Standards of reporting describe auditing standards relating to the audit report and its requirements. AICPA standards of reporting stipulate that the auditor indicate whether the financial statements examined were presented in accordance with generally accepted accounting principles; whether such principles were consistently observed in the current period in relation to the preceding period; and whether informative disclosures to the financial statements were adequate. Finally, the external auditor's report should include 1) an opinion about the financial statements/records that were examined, or 2) a disclaimer of opinion, which typically is included in instances where, for one reason or another, the auditor is unable to render an opinion on the state of the business's records.
THE EXTERNAL AUDITING PROCESS
The independent auditor generally proceeds with an audit according to a set process with three steps: planning, gathering evidence, and issuing a report.
In planning the audit, the auditor develops an audit program that identifies and schedules audit procedures that are to be performed to obtain the evidence. Audit evidence is proof obtained to support the audit's conclusions. Audit procedures include those activities undertaken by the auditor to obtain the evidence. Evidence-gathering procedures include observation, confirmation, calculations, analysis, inquiry, inspection, and comparison. An audit trail is a chronological record of economic events or transactions that have been experienced by an organization. The audit trail enables an auditor to evaluate the strengths and weaknesses of internal controls, system designs, and company policies and procedures.
THE AUDIT REPORT The independent audit report sets forth the independent auditor's findings about the business's financial statements and their level of conformity with generally accepted accounting principles, applied on a basis consistent with that of the preceding year (or in conformity with some other comprehensive basis of accounting that is appropriate for the organization). A fair presentation of financial statements is generally understood by accountants to refer to whether the accounting principles used in the statements have general acceptability; the accounting principles are appropriate in the circumstances; the financial statements are prepared so they can be used, understood, and interpreted; the information presented in the financial statements is classified and summarized in a reasonable manner; and the financial statements reflect the underlying events and transactions in a way that presents an accurate portrait of financial operations and cash flows within reasonable and practical limits.
The auditor's unqualified report contains three paragraphs. The introductory paragraph identifies the financial statements audited, states that management is responsible for those statements, and asserts that the auditor is responsible for expressing an opinion on them. The scope paragraph describes what the auditor has done and specifically states that the auditor has examined the financial statements in accordance with generally accepted auditing standards and has performed appropriate tests. The opinion paragraph expresses the auditor's opinion (or formally announces his or her lack of opinion and why) on whether the statements are in accordance with generally accepted accounting principles.
Various audit opinions are defined by the AICPA's Auditing Standards Board as follows:
* Unqualified opinion—This opinion means that all materials were made available, found to be in order, and met all auditing This is the most favorable opinion that can be rendered by an external auditor about a company's operations and records.
* Explanatory language added—Circumstances may require that the auditor add an explanatory paragraph (or other explanatory language) to his or her report.
* Qualified opinion—This type of opinion is used for instances in which most of the company's financial materials were in order, with the exception of a certain account or transaction.
* Adverse opinion—An adverse opinion states that the financial statements do not accurately or complete represent the company's financial position, results of operations, or cash flows in conformity with generally accepted accounting principles. Such an opinion is obviously not good news for the business being audited.
* Disclaimer of opinion—A disclaimer of opinion states that the auditor does not express an opinion on the financial statements, generally because he or she feels that the company did not present sufficient information. Again, this opinion casts an unfavorable light on the business being audited.
The fair presentation of financial statements does not mean that the statements are fraud-proof. The independent auditor has the responsibility to search for errors or irregularities within the recognized limitations of the auditing process. Investors should examine the auditor's report for citations of problems such as debt-agreement violations or unresolved lawsuits. "Going-concern" references can suggest that the company may not be able to survive as a functioning operation. If an "except for" statement appears in the report, the investor should understand that there are certain problems or departures from generally accepted accounting principles in the statements, and that these problems may cast into question whether the statements fairly depict the company's financial situation. These statements typically require the company to resolve the problem or somehow make the accounting treatment acceptable.
Detection of potentially fraudulent financial recordkeeping and reporting is one of the central charges of the external auditor. According to Fraudulent Financial Reporting, 1987-1997, a study published by the Committee of Sponsoring Organizations of the Treadway Commission, most companies charged with financial fraud by the Securities and Exchange Commission (SEC) posted far less than $100 million in assets and revenues in the year preceding the fraud. Not surprisingly, fraud cropped up most often in companies in the grips of financial stress, and it was perpetrated most often by top-level executives or managers. According to the study, more than 50 percent of fraudulent acts uncovered by the SEC involved overstatements of revenue by recording revenues prematurely or fictitiously. As the study's authors, Mark Beasley, Joseph Carcello, and Dana Hermanson, noted in Strategic Finance, fraudulent techniques in this area included false sales, recording revenues before all terms were satisfied, recording conditional sales, improper cutoffs of transactions at period end, improper use of percentage of completion, unauthorized shipments, and recording of consignment sales as completed sales. In addition, many firms overstated asset values such as inventory, accounts receivable, property, equipment, investments, and patent accounts. Other types of fraud detailed in the study included misappropriation of assets (12 percent of charged companies) and understatement of liabilities and expenses (18 percent).
Accidental misstatements are inevitably detected in audits. But these errors should not be confused with fraudulent activity. "Errors …can occur at any time, in any place with unpredictable financial statement effects," wrote Alan Reinstein and Gregory Coursen in National Public Accountant. "A strong internal control structure can reduce the risk of material errors by placing in operation policies and procedures designed to prevent errors from occurring or to detect and correct errors that do occur. Fraud, on the other hand, is intentional. Both employee fraud (defalcations and theft) and management fraud (fraudulent financial reporting) are usually accomplished by circumventing internal controls. Thus, strong internal controls are often inadequate to detect material fraud. Accordingly, auditors should increase their ability to recognize when conditions indicate potentially higher risks of employee or management fraud."
In order to minimize a company's exposure to employee or management fraud, business owners should be aware of these conditions as well. In cases of employee fraud, W. Steven Albrecht, Edwin Williams, and Timothy Williams noted the following primary factors in play:
* Personal financial straits
* Perceived opportunity to commit a fraudulent act for financial gain without being detected
* Ability to rationalize behavior by pointing to perceived pay inequities, unfulfilled expectations of promotion, etc.
Fraud committed at the management/ownership level, meanwhile, typically involves efforts to improve personal fortunes (financially and/or professionally) by presenting a false picture of a firm's true status. Management fraud, observed Reinstein and Coursen, generally proceeds from the following incentives:
* To affect stock price
* To meet expectations of investors
* To avoid violation of restrictive debt covenants
* To meet budget pressures
* To influence creditors to loosen up funds for borrowing
* To receive additional performance-based compensation incentives, such as stock options or bonuses for meeting or exceeding company goals.
* To escape punishment for poor performance
Given these various risk factors—all of which may be detected as part of the external audit process—business owners and managers are urged to establish firm and effective internal controls on financial reporting and to objectively examine the prevailing company culture. "We can't overstate the importance of the 'tone at the top,"' stated Beasley, Carcello, and Hermanson. "If you're a controller or other manager responsible for designing and monitoring internal performance benchmarking measures, you should evaluate how much pressure those measures place on senior executives and other employees to meet or exceed company performance targets for compensation and other rewards, such as promotions." In addition, companies should review whether external pressures (from lenders, customers, institutional investors, or analysts) might be creating an environment conducive to fraudulent financial reporting.
WORKING WITH EXTERNAL AUDITORS
Experts urge business owners to establish proactive working relationships with external auditors. In order to accomplish this, companies should make sure that they:
* Select an auditing firm with expertise in their industry and a proven track record.
* Establish and maintain efficient recordkeeping systems to ease the task of the auditor.
* Make sure that owners, executives, and managers know the basics of financial reporting requirements.
* Establish effective lines of communication and work processes between external auditors and internal auditors (if any).
* Recognize the value that external auditors can have as an objective reviewer of existing and proposed operational processes. "Managers tend to dismiss auditors as bean counters," Paul Danos, dean of Dartmouth's business school, told Business Week. "However, auditors have seen many businesses and know how they survive, grow, and prosper."
* Focus on high-risk areas of operations, such as inventory levels
* Focus on periods of change and expansion, such as transitions to public ownership or expansion into new markets.
* Build an effective audit committee that can provide cogent financial and operational analysis based on audit results. "Aggressively seek its advice, viewing it as an asset rather than a liability," counseled Beasley, Carcello, and Hermanson. "Enlist the committee's help when you review financial reporting related matters, and provide relevant and reliable data for it to review. The audit committee's effectiveness is restricted by the quality and extent of information it receives. It needs access to reliable financial and nonfinancial information, industry, and other benchmarking data and other comparative information that's prepared on a consistent basis."
"Some question whether auditors can take on more of a consulting role and still maintain the independence required to effectively perform their auditing responsibilities," wrote Karen Kroll in Industry Week. She notes that some observers question whether audit firms that fulfill consulting roles might compromise their auditing functions if they become financially dependent on certain clients. Another concern, Kroll notes is that "when auditors also act as consultants, the risk exists that they could end up reviewing a system or process they helped to implement." But other analysts contend that auditing firms are instituting operational practices to ensure that their auditing function remains uncompromised.