Sunday, February 17, 2013

General Definition and Types of Auditing


Definition of Audit
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, internal auditing, and government auditing, but similar concepts also exist in project management, quality management, water management, and energy conservation.

Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented. An audit must adhere to generally accepted accounting standards (GAAS) established by governing bodies. These standards assure third parties or external users that they can rely upon the auditor's opinion on the fairness of financial statements, or other subjects on which the auditor expresses an opinion.

According to ISO 19011 2011 there are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.

Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They're also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren't auditing their own work.

Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization.
Third party audits are external audits as well. However, they’re performed by independent organizations such as registrars (certification bodies) or regulators.

ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the
same time, it's called a combined audit; and when two or more auditing organizations cooperate to audit a single auditee organization it's called a joint audit.


ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.

The Audit Process
In general, a typical audit includes the following sequential steps: 
  • Scheduling an opening conference to discuss the audit objectives, timing, and report format and distribution.
  • Assessing the soundness of the internal controls or business systems and operations.
  • Testing the internal controls to ensure proper operation.
  • Discussing with management all preliminary observations.
  • Discussing with management the draft audit report and their responses, if available, prior to release of the final audit report.
  • Following up on critical issues raised in audit reports to determine if they have been successfully resolved.
Audit Program
An audit  program is a set of polices and procedures that dictate how an evaluation of a business is done. This generally involves specific instructions as to what, and how much, evidence must be collected and evaluated, as well as who will collect and analyze the data and when this should be done. These types of programs are used to check up on things like a business' performance, finances, economy, and efficiency, and are generally tailored to a specific business or purpose.

Audit programs are important because they standardize the data collection and evaluation process. By setting out a specific list of steps to be followed and data to be collected, the program ensures that auditors collect all the information they need in an efficient manner while under appropriate supervision. Keeping the process standardized also means that all the data collected can be used to make useful comparisons between businesses, departments, and previous years' inspections, since the same set of data is collected each time. Additionally, having a program like this in place makes sure that any problems are discovered promptly and reported to the correct person.

Generally, there are many types of audits conducted by auditor. but broadly there are 3 main elements contained in every audit which differentiate each type of audit, namely, purpose, target, and scope. Here are some explanations of types of audits which generally conducted.

Audit based on field :

Financial statements Audit
Financial statement audit, relating to the activities of obtaining and evaluating evidence about the entity reports in order to be able to give an opinion whether the reports had been presented fairly according to the established criteria and the generally accepted accounting principle (GAAP).

Financial audits are generally performed by the company or independent public accountant who must follow accounting principles generally accepted. Many companies hire internal auditors to focus on the implementation and supervision of the company's operations to ensure compliance with organizational policies.

Performance Audit
Performance audit refers to an examination of a program, function, operation or the management systems and procedures of a governmental or non-profit entity to assess whether the entity is achieving economy, efficiency and effectiveness in the employment of available resources. The examination is objectively and systematicly done, generally using structured and professionally adopted methodologies.


In most countries, performance audits of governmental activities are carried out by the external audit bodies at federal or state level. Many of these audit bodies have established guides for conducting performance audits which explain how performance audits are planned, conducted and its results reported. Performance audits may also be conducted by Internal Auditors who are employees of the entity being audited. However, some national governments require agencies, departments and branches to periodically retain outside auditors to conduct them.

The scope of performance audits may include the detection of fraud, waste and abuse, although often these are not included in the scope. Prior to engaging in a performance audit, the auditor must have a scope and plan defined which will be used to guide the audit process.

Performance auditing differs from performance measurement, the latter being the responsibility of management of the entity. In addition, performance measurement may include a broad variety of activities that do not meet the rigour of an independent external assessment.

Management Audit
Audit management is often interpreted as the operational audit. Simple understanding of the management audit is an investigation of the organization in all aspects of management from the highest down to audit and report on the effectiveness or efficiency in terms of profitability and business activities. While simple understanding of operational audit is a systematic description of the company's activities in relation to the purpose to see, identify opportunities for improvement, or develop recommendations for improvement. Obviously both the same sense as the examination done during management operations management.

Here are some definitions according to Holmes and Overmyer (1975): "The management audit means the examination and evaluation of all information gathering functions and all phases of management functions and activities, in order to ascertain if operating are conducted in a effective and efficient manner."

Meanwhile, the American Institute of Certified Public Accountant / AICPA:

"Management audit is a systematic review of an organization's activities or of a stipulated segment of them, in relation to specified objectives for the purpose of:
• assesing performance
• identifying opportunities for improvement
• developing Recommendations for improvement
or further action "

From the definition collected above, it acquired some characteristics of management checks are:
1. Provide information on the effectiveness, efficiency and economizing operations to management.
2. Assessment of effectiveness, efficiency and economizing based on certain standards.
3. Audit directed to some or all of the operational structure of the organization.
4. These audits can be performed by accountants and non-accountants.
5. Audit results in the form of management improvement recommendations for management.

Need for Audit Management. The firm should be aware of signals that indicate the need for a management audit. Here are some of the signal:
1. Continuous decline in corporate profits and significant. Audit management tries to find the causes and solutions such as the cost is too high or the price that must be improved.
2. Turnover of Human Resources (HR) is high. This indicates inefficiency in the management of human resources, perhaps in terms of compensation or employment situation.
3. Sense of high and urgent needs of management to obtain assurance on the effectiveness, efficiency and economizing the management company including the accuracy of reports received.
4. Performance or the performance of some or all departments under the standard. The standard in question can be company regulations, company standards, industry practices and standards (ISO 9000), the principles of organization and management, as well as the principles of sound practice.
5. Acquicition Audit will admit that when acquicitioning another firm
6. Other special operational problems difficult to solve by management.

Operational Audit
An operational audit is a formal evaluation of the internal systems and procedures a company uses to produce goods or services. Made of at least four major steps, it tests how efficient and effective production operations are, which ultimately boosts revenue and profits. It also can reveal ethical issues in the business. External or internal accountants may perform the review, based on the needs of the business. This process has some disadvantages, such as potentially high cost, but it also offers advantages, such as new perspectives and increased risk awareness.

Operational audit is necessary nowadays, In general, the tools and processes a business uses to get a product or service to the public have to work as intended and be efficient. When they aren't, the company usually can't make as much money and can't be as competitive. Businesses, therefore, use these types of audits to streamline what they're doing, with the ultimate goals being to decrease waste and boost revenue and profits.

Similar to other reviews, looking at how the company is functioning overall can uncover ethical problems, such as employees using company property for personal reasons. The results of the audit let managers identify who is involved in dishonest practices, which often leads to greater accountability on the job. Companies' disciplinary and general policies often connect closely to the review for this reason.

Can be stated that the operational audit has characteristics among others the following:
· Be constructive and not criticize
· Prioritizing finding fault with the auditee
· Provide early warning, do not be late
· Objective and realistic
· gradual
· Latest data, ongoing activities
· Understand the efforts of management (management oriented)
· Provide advice and not follow up on

If the operational audit going well and audit recommendations implemented by the auditee management, the benefits expected to be obtained from operational audits include:
· The costs of activities will be smaller or economically
· The work (productivity) will increase
· Plans, policies and other handling can be improved
· Become a healthier working atmosphere

Compliance Audit
Compliance audit, relating to the activities of obtaining and examining evidence to determine whether financial or operating activities of an entity are in accordance with the terms, specific rules, agreements, policies and applicable laws.

Compliance audit work to determine the extent of regulation, policy, law, treaty, or regulation obeyed by the entity being audited. For example, examination of individual and corporate tax returns by the tax office for compliance with the tax laws.

Testing compliance, auditors perform compliance testing that confirms the existence, effectiveness, and sustainability of the reliable operation of internal control by the organization. Compliance testing requires an understanding of the controls that will be tested, if control will be tested are the components of enterprise information systems, the auditor should consider the technology to be used by information systems. This requires an understanding of the techniques commonly used system to document information systems.


Audit Based on Audit Party
External Auditing
External auditing is an audit conducted by public auditor hired by auditee. Staff accountants from public accounting firms who usually conduct operational audits. These professionals are not otherwise associated with the businesses they audit, so they can provide a fairly objective opinion. Stakeholders often prefer ushoing their services to internal auditors to get information because of this lack of bias, but hiring an outsider usually is more expensive.

Internal Auditing
Internal auditing is an audit conducted by internal auditor of auditee itself. In some cases, it is a better option to have someone from within the company go through the review process. Companies usually turn to internal audits when executives want a more continuous picture of what's going on in the business, sometimes going through several audits each year to stay innovative and keep revenue high. Although many employees are able to be honest and objective in an operational audit, some are not. Relying on an employee to perform the job carries the risk that the ending figures or analysis won't be entirely accurate, because an individual sometimes gets a bonus or pay increase based on how good the results are.

Internal Audit as medium to improve the effectiveness and efficiency of an organization by providing insight and recommendations based on analysis and conjecture sourced from the data and business processes. internal auditors are known as employees formed to conduct internal audits.

While the IIA'S Board of Director noted internal audit definition as follows:
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization Accomplish its objectives by bringing a systematic, diciplined approach to improve the effectivenenss of risk management, control's governance processes ". (1999, Vol. LVI: II pp 11; 40-41)


No comments:

Post a Comment