This Audits Essay example is published for educational and informational purposes only. If you need a custom essay or research paper on this topic, please use our writing services. EssayEmpire.com offers reliable custom essay writing services that can help you to receive high grades and impress your professors with the quality of each essay or research paper you hand in.
An audit is a review by an independent, outside entity of the records and operations of an organization or individual. An audit is conducted according to standard procedures to ensure that it is independent and impartial, and not affected by biases or ulterior motives on the part of the entity performing the audit. Auditing has two main goals. The first goal is to make sure that the methods the organization or individual follows to conduct its business are appropriate given the sphere of activity. For example, a pharmacy should be able to demonstrate to an auditor that it is operated according to the proper procedures of a pharmacy, or an individual whose tax returns are being audited by the Internal Revenue Service (IRS) should be able to show that the applicable tax regulations have been followed. The second goal is to verify that the entity’s record keeping accurately reflects the manner in which business is being conducted. For example, it is possible that a business is operated in accordance with all pertinent requirements, but its records could still be rife with errors; a properly conducted audit would reveal such problems. These two auditing goals are typically referred to as validity (procedural correctness) and reliability (accuracy in record keeping).
In its most common usage, an audit is a review of the financial records of an institution or individual by an outside party. An entity almost always has an interest in making its own financial health appear as robust as possible because this benefits its reputation, allows it to have easier access to credit, and builds consumer confidence. However, the temptation to emphasize the positive aspects of one’s own financial position can result in a kind of tunnel vision, in which risks are not fully appreciated. For this reason, it is customary to have an outside auditor, such as an accounting firm, review financial statements to make sure that they accurately and fairly represent the real position of the business or individual. The auditor typically uses the information from the audit to compile a report, sometimes called an opinion, describing the financial position of the entity being audited. The largest auditing firms include the so-called Big 4 of PricewaterhouseCoopers, Ernst & Young, Deloitte & Touche, and KPMG. Prior to the Enron scandal of the early 2000s, the firm Arthur Andersen made this list the Big 5. Enron used a variety of misleading accounting practices to hide its billions of dollars debt from failed initiatives and pressured its auditor, Arthur Andersen, to go along with the cover-up. When the scheme eventually came to light in 2001, Enron’s became the largest bankruptcy filing in U.S. history, and Arthur Andersen’s reputation suffered so severely that it ultimately ceased operations.
The goal of an audit is not to catch each and every error that is present in the records and processes of the audit’s subject. Even if this were the goal, errors would inevitably be missed because of the vast complexity of some organizations, the extensive records they must keep, and the large amount of information in need of review. Instead, auditing uses as its standard of quality the goal of only detecting material error (as opposed to inconsequential errors that do not substantially affect the overall accuracy of the audit subject’s representations of itself). The audit seeks to provide a reasonable amount of assurance that the audit subject’s records and processes do not contain material errors, with the reasonableness standard being an estimation of what an ordinary person would consider to be an acceptable degree of thoroughness.
In the United States, there are a set of standards to be followed during the auditing process for any company that is publicly traded. These standards were created by legislation in 2002 known as the Sarbanes-Oxley Act, named after the legislators who sponsored its passage. This act created a body called the Public Company Accounting Oversight Board. This board requires what is known as an integrated audit; an integrated audit is one in which auditors do not limit themselves to reviewing the company’s financial statements. The auditors also must submit an opinion that speaks to the internal controls in place at the company being audited. Specifically, the auditors must indicate whether the subject of the audit has controls in place that will allow the company to have adequate control over its financial reporting.
Types Of Auditors
There are several types of auditors. The first are called external auditors (sometimes referred to as statutory auditors). External auditors work for a company other than the company being audited. External auditors are required to review a company’s financial statements, and after doing so, they issue an opinion indicating whether any material misstatements were found in the statements. The second type of auditor is called a cost auditor, or a statutory cost auditor. Cost auditors review the company’s cost sheet and cost statements for signs of material misstatements and then issue an opinion to present their findings. In both types of audits, if material misstatements are found, they may be the result of simple error or of deliberate fraud.
While these two types of auditors describe most of those in the field of external auditing, there is another category of auditors: internal auditors. These auditors work for the company they are charged with auditing, hence they are “internal” to the company. Internal auditors are not objective in the same sense as external auditors (who have no potential conflict of interest with the subject of the audit because they work for an independent company), but internal auditors do have their own set of professional standards, which require them to be from outside the part of the company that they are assigned to audit and to operate independently and without regard for the preferences of the functional areas whose financial statements they are asked to review. The standards that generally apply to internal auditors are produced by the Institute of Internal Auditors. In most cases, especially in publicly traded companies, internal auditors report to the Board of Directors or a subcommittee thereof rather than to the company’s management or executives.
Another type of auditor whose services may be retained is the consultant auditor. The consultant auditor combines the characteristics of both external auditors and internal auditors. Similar to an external auditor, a consultant auditor is not an employee of the company being audited. However, a consultant auditor is one who is hired by the company being audited, so for the duration of the consultancy, there can be the appearance of a conflict of interest similar to that found with an internal auditor. Like internal auditors, however, consultant auditors have professional standards that require them to perform their analyses and issue their reports without regard to the preferences of the company they are auditing.
It is important to note that the different types of auditors may use different auditing standards in their evaluations. External auditors use their own standards as they audit a company, while internal auditors and consultant auditors will use the standards designated by the company being audited. The most common reason for a company to contract a consultant auditor is that it is not large enough to employ its own internal audit staff.
Types Of Audits
The auditor’s work is not uniform or monolithic but has variations and different areas of emphasis depending on the nature of the company being reviewed and the type of operations it performs. One example is the operations audit. While traditional notions of auditing focus on identifying accounting errors or fraud, operations audits are designed to look for ways to increase the efficiency of company operations. Instead of finding problems, operations audits look for elements that can be improved. The emphasis of an operations audit is on efficiency, effectiveness, and economy. In other words, the operations audit seeks to determine whether the company is doing the right things to further its mission and, if so, if it is doing them in the right way or if there might be a more cost-effective way of performing the functions. A type of audit related to the operations audit is the performance audit, which compares the mission of the organization being audited with the organization’s actual performance to determine the degree to which there is alignment between the goals and reality.
Most of the audits that have been discussed pertain to identifying irregularities related to financial performance, but there are other types of audits that assess compliance with nonfinancial standards. These are often referred to as quality audits, since they have the objective of comparing the organization’s performance against a set of standards particular to its field of endeavor. For example, if a company’s business were the manufacture of automobile tires, a quality audit would examine how closely the tires being produced at the company conform to the accepted standards for tire quality. Many companies have departments devoted to quality assurance, which perform a function similar to a quality audit and are in many respects equivalent to an internal quality auditor at the company. For companies that have such departments, a quality audit may be conducted periodically as a means of ensuring that the company’s quality assurance staff is performing its duties in an effective manner.
A very different type of audit is one that may be found primarily in companies specializing in online services, computer security, and similar areas. This type of audit is known as a security audit, and its purpose is to make sure that the security measures in place at the company to protect the digital assets of the firm are adequate to prevent intrusion and theft by cyber criminals. It is not uncommon for company secrets to be in high demand by competitors, whether the target is a new design for an automobile or the secret recipe for a popular type of food. Even customer data have become a target in recent years, with hackers attempting to steal sensitive personal information from companies’ customer databases in order to use it to perpetrate identity theft. With these risks at play in the marketplace, companies must put in place strong security measures to make it impossible for unauthorized users to access sensitive parts of the company network. Once such security is in place, the company must have a method for making sure that it is functioning properly. This is why companies hire computer security experts to perform security audits.
The security audit has much in common with the traditional audit. It must first verify that the necessary security measures have been identified and acquired. Once this has been done, the security audit must also make sure that each security measure, from strong password requirements to high-level encryption of databases, has been correctly installed and configured. To do otherwise would be equivalent to purchasing a state-of-the-art burglar alarm for one’s home and then forgetting to turn it on at night. Some security audits even go so far as to employ what is known as a penetration tester—a specialized type of auditor whose job is to (with the permission of the company) attempt to overcome the security measures protecting the company’s data in the same way that an actual computer criminal would. The theory behind this intense form of security audit is that simply verifying that appropriate software has been selected and installed is not enough—the most effective test of computer security is to try to break through it.
Related in spirit to the security audit is another category of auditing practices: risk-based audits. Unlike most other types of audits, risk-based audits tend to be conducted internally with a company’s own personnel and resources. Risk-based audits are part of a company’s risk management strategies, which in turn help protect the company from unreasonable exposure to liability as it pursues its profit-seeking initiatives. For example, a company considering the development of a new drug to treat asthma might face the risk of lawsuits if the drug is inadequately tested and winds up causing negative health effects in those who use it. To mitigate this risk, the company would turn to its risk management department for guidance, and its staff would then analyze the initiative by enumerating the potential risks, assessing the probability of each risk actually occurring, and predicting what the impact would be if each risk occurred. The risk management department would be able to provide this if it had, as part of its ongoing practice, the conducting of risk-based audits, to make sure that the department is adequately resourced and organized to be able to meet its required functions. In the majority of companies with risk management departments, risk-based auditing is an internal function that does not require the assistance of consultant auditors or external auditors.
For most people in the United States, the word audit immediately conjures up the specter of one of the most dreaded experiences an adult may face: a financial audit by the IRS, an agency of the federal government. Individuals and businesses in the United States are required to pay a variety of taxes on the income they receive to fund the operations of the U.S. government and provide services such as military defense and emergency response. Because not every person or company operates under the same circumstances or with the same resources, the government allows deductions from the standard tax rate for a variety of situations and activities; many deductions are intended to incentivize specific types of behavior, such as having children or purchasing a home. Because it would be difficult for most people to set aside enough money each year to be sure that they would be able to pay their taxes, a withholding system is used for personal income; fixed amounts of money are withheld by employers from each paycheck an employee receives, and when taxes are due, the total amount that has been withheld for a person is compared with the amount that person actually owes, given the activities over the course of the year. If too much money has been withheld, the person will be owed a refund—a welcome event.
If too little money has been withheld, however, the person will owe taxes in the amount of the difference between the amount withheld and the amount owed for the year.
Because people are responsible for calculating their own tax burdens and submitting this information to the government, there is a built-in incentive for taxpayers to understate their income or overstate their expenses, or even to include in their calculations fraudulent expenses that did not occur. The IRS thus closely scrutinizes the tax returns it receives to determine if there is evidence suggesting that the tax burden has been misrepresented, whether through error or malfeasance. Sophisticated computer systems use complex algorithms to gauge the likelihood that each tax return merits closer review. Those returns that indicate the need for such a review are flagged for an audit. The IRS usually selects returns for audit only if there is a high likelihood that additional tax is owed. During an audit, the IRS representative will require documentation for each of the deductions that have been claimed, meaning that the taxpayer must provide receipts and similar paperwork as verification. Even when such documentation is provided to the agent’s satisfaction, the agent will also verify that the calculations of the tax burden have been made in the appropriate fashion; this hearkens back to the traditional emphasis of auditing for both validity and reliability. When facing an audit by the IRS, most people retain the services of a certified public accountant or an attorney, because of the complexity of the tax code and the potential for serious consequences if the audit uncovers intentional wrongdoing. Penalties from the IRS can include fines, payment with interest, and even criminal prosecution.
- Braiotta, Louis. The Audit Committee Handbook. New York: John Wiley & Sons, 2004.
- Champlain, Jack J. Auditing Information Systems. Hoboken, NJ: John Wiley & Sons, 2003.
- Duska, Ronald , Brenda S. Duska, and Julie Ragatz. Accounting Ethics. Chichester, UK: Wiley-Blackwell, 2011.
- Fridson, Martin S. and Fernando Alvarez. Financial Statement Analysis: A Practitioner’s Guide. Hoboken, NJ: John Wiley & Sons, 2011.
- Moeller, Robert Sarbanes-Oxley and the New Internal Auditing Rules. Hoboken, NJ: John Wiley & Sons, 2004.
- O’Regan, David. International Auditing: Practical Resource Hoboken, NJ: John Wiley & Sons, 2003.
- Pickett, K. H. S. Auditing the Risk Management Process. Hoboken, NJ: John Wiley & Sons, 2005.