An external audit process ensures that a company's internal controls, processes, guidelines and policies are adequate, effective and in compliance with governmental requirements, industry standards and company policies. This type of audit also ensures that reporting mechanisms prevent errors in financial statements. Audit report users include investors, company management, regulators and business partners—such as lenders, suppliers and creditors.
An external audit report provides "full assurance" to investors and financial market participants that a company's accounting records are "fair," complete and in adherence with generally accepted accounting principles, industry standards and regulatory requirements. "Full assurance" means investors are confident that external auditors reviewed a company's processes or controls in detail, and that audit results are correct. "Fair" means objective or accurate in audit parlance. Complete financial statements include a balance sheet, a statement of profit and loss, a statement of cash flows and a statement of owners' capital.
An external audit process typically runs throughout the year but external auditors start testing financial statements once a company closes its accounting records and prepares financial statements. An external auditor may partner with internal audit staff to review areas or segments with significant internal problems and may plan the audit in accordance with such a review. An external auditor also may communicate during the year with departmental heads of areas under review to discuss audit planning, resource allocation and testing schedules.
An external audit process is important for three user groups—company management, regulators and investors. Top management and the audit committee of a company review an audit report to learn about operating breakdowns and segments showing higher risks of loss. Regulators detect business trends and corporate practices in audit reports and ensure that such practices comply with applicable laws. Investors read audit opinions to gauge a company's economic standing and management's short-term initiatives or long-term strategies.
A financial statement audit is the primary type of audit that regulators require from a company, but there are other types of audits and reviews that an external auditor may perform. A financial statement audit ensures that accounting records are correct and complete. An operational audit helps a company detect errors or breakdowns in internal controls, procedures or mechanisms. A compliance audit helps senior management evaluate how employees abide by regulations in performing tasks. An information systems audit ensures that controls around software and technology infrastructure are functional and adequate.
An external auditor typically must be a certified public accountant (CPA) to perform a financial statement audit in accordance with Public Company Accounting Oversight Board (PCAOB) rules. However, an external auditor performing an operational, an information technology or a compliance audit does not need certification.