An audit is an objective analysis and examination of some aspect of a company’s operations to confirm the extent to which the organization is in compliance with expected standards. Audits can have different purposes. A financial audit looks at a company’s financial records to make sure they’re correct. A compliance audit is designed to ensure the company is complying with applicable regulations or laws. In most cases, an audit consists of several steps or phases that are designed to ensure the most accurate, objective and reliable results. The process for a specific audit will depend on what type of audit is being performed, as well as what set of standards govern the auditor’s work.
Audits begin with the issuance of some kind of notification to the company or organization being audited. The notification letter generally will specify the purpose of the audit, when it will be conducted and the date and time of an initial meeting the auditors would like to schedule with the company’s leaders.
The notification will also list what documents the auditor wants to examine. For a corporation, this can include articles of incorporation, the recorded minutes of any board meetings, an organizational chart, correspondence, sales records and more.
After the notification is sent, the auditor will take some time to plan the audit. This is done before meeting with the organizational leadership in order to craft the appropriate strategy for that meeting and the fieldwork that follows. Auditors also need to identify the key areas of inquiry and concern and the specific information they wish to examine in order to analyze those areas. This also gives the company time to gather the requested documents.
The planning stage usually leads to an initial meeting between the senior management of the company and the auditors. Administrative staff may also be present. The purpose of the meeting is to give the auditors an opportunity to explain the process, as well as to give the organization a chance to express any practical, strategic or scheduling concerns they may have.
Fieldwork is the first active auditing stage. A more detailed schedule is usually drawn up so that the auditor’s presence isn’t too disruptive to business. Interviews with key employees may take place to investigate business procedures and practices. Auditors may also perform sample document checks, to make sure the company’s document creation and retention practices are sound.
The fieldwork may be conducted by a few auditors or a larger team, depending on the size and scope of the audit.
While the fieldwork is carried out by the auditing team on-site at the company’s premises, the team should be in regular contact with the corporate auditor in order to clarify procedures and ensure proper access to needed documents.
When the auditing team completes the fieldwork and document review, the auditors prepare a draft audit report. This document details the purpose of the audit, the procedures the auditors used, the documents reviewed and the audit’s findings. It will also likely include a preliminary list of unresolved issues. The draft report is circulated among the team for review and suggested revisions.
After the auditing team makes the last revisions to the audit report, the final document is given to management for its review and response. The audit document usually asks management to respond to each of the audit’s findings and conclusions by stating whether it agrees or disagrees with the problems cited, the plan to correct any observed problems or deficiencies and the expected date by which all issues will have been addressed.
Following the management response, which may be formally attached to the final audit report, a formal exit meeting may be scheduled with the company being audited to close any existing loose ends or answer questions, discuss the management response and address the scope of the audit.
The finalized audit report is distributed to all necessary stakeholders, including inside and outside the area audited, if applicable.
Finally, the audited company implements the changes recommended in the audit report, then the auditors review and test how well those changes solve the identified problems or issues. The feedback between the company and the auditors continues until all issues are resolved and the next audit cycle begins.