Types of Audit
Types of Audit
Types of Audit
The external audit is referring to the audit firms that offer certain auditing
services including Assurance Service, Consultant Service, Tax Consultant
Service, Legal Service, Financial Advisory, and Risk Management Advisory.
The best example of external auditing services is the services that providing
by these big four audit firm including KPMG, PWC, EY and Deloitte.
External auditors are normally referring to audit staffs who are working in audit
firms. The positions are ranking from audit associate, senior auditors to audit
partners as well as managing partners.
These kinds of firms are sometimes called CPA firms as they required by law
to hold a CPA qualification/certificate in order to be able to run an audit firm
and issue the audit reports.
This type of audit required to maintain the professional code of ethics and
strictly follow International Standards on Auditing and/or local standards as
required by local law.
The firms are working independently from auditing clients that they are
auditing and if the conflict of interest has occurred, proper procedures are
needed to take action to minimize the conflicts.
The firm should consider withdrawing from the audit engagement if the
impairment could not minimize to the acceptable level.
Some external audit firms are also offering internal audit services. The popular
services that offer by external audit firms are an audit of financial statements,
tax consultant, and advisory services.
#2: Internal Audit
Internal Auditing is an independence and objectivity consulting service that is
designed to add value to the business and improve the entity’s operation.
It provides a systematic and disciplined approach to evaluating and assessing
the entity’s risk management, internal control, and corporate governance.
Scope of internal audit is generally determined by the audit committee, the
board of directors or directors that have equivalence authorization. And if
there is no audit committee and board of directors, internal audit normally
reports to the owner of the entity.
Internal audit activities are normally covered internal control reviewing,
operational reviewing, fraud investigation, compliant reviewing, and other
special tasks assigned from the audit committee or BOD.
#3: Forensic Audit
The forensic audit is normally performed by a forensic accountant who has the
skill in both accounting and investigation.
Forensic Accounting is the type of engagement that undertaking the financial
investigation in response to a particular subject matter, where the findings of
the investigation normally are used as evidence in court or conflict resolution
among the shareholders.
The investigation is covering numbers of areas include fraud investigation,
crime investigation, insurance claims as well as a dispute among
shareholders.
A forensic audit is also needed to have a proper plan, procedure, and report
like other audit engagement.
Forensic audit also needs to follow ethical guideline like an audit of financial
statements. This kind of engagement is not so popular as an audit of financial
statements or statutory auditing.
#4: Statutory Audit
Statutory audit is referring to an audit of financial statements for the specific
type of entities required by law or local authority.
For example, all banking sectors required their financial statements to be
audited by qualified audit firms authorized by their central bank.
The statutory audit might be the difference from financial statements auditing
as the financial audit is referring to the audit of all types of entity’s financial
statements including both meet or not meet the government’s requirement.
However, statutory audit refers to only auditing of the entity’s financial
statements that required by local law.
The statutory audit is normally performed by external audit firms and the audit
report will be issued by the auditor and submit to the government body by the
entity.
The best example of the firms that offering statutory auditing is KPMG, PWC,
EY, …. etc.
The common criteria set by law that required entities to have their financial
statements by qualified audit firms are the amount of annual turnover, the
value of assets, and the number of staff the entity employed.
Some countries may require companies in specific industries like banks,
minerals, and others based on their decision to have those company’s
financial statements audited.
Companies listed on the stock exchange are generally required and enforce
by stock exchange authority to have qualified audit form audited their financial
statements.
#5: Financial Audit
Financial audit refers to the audit of the entity’s financial statements by an
independence auditor where audit opinion will be provided on those financial
statements after auditing works are done.
Financial audit normal perform by an external audit firm that holds a CPA and
it is normally performed annually and at the end of the accounting period. This
type of audit is also known as financial statements auditing.
But, sometimes as required by management, bank, security exchange,
regulation, or else, the financial audit is also performing on a quarterly as well.
Most of the entity prepares its financial statements based on IFRS, and some
entity’s financial statements are prepared based on local GAAP.
For example, the entity register in the US, their financial statements are
prepared based on US GAAP. If the financial statements are prepared based
on IFRS, the financial audit needs to be audit against IFRS.
However, if the financial statements are prepared based on local GAAP, then
the audit needs to be performed against those local GAAP.
The audit standards that use by the auditor to conduct financial audit need to
adopt international standards and requirement of local law.
Some country requires an audit firm to follow its audit standards while some
other countries have adopted the international standards and transform it to
be local.
#6: Tax Audit
Tax audit is a type of audit that performing by the government’s tax
department or tax authority.
A tax audit could be performed as the result of in-compliant found by a
government agency or the schedule set by the government tax department.
An entity needs not to invite or engage with the tax authority to come to
perform a tax audit. They will come by themselves. Entity just needs to file its
tax obligation properly and timely based on the tax law of the country.
To minimize the penalty as the result of the tax audit, the entity is
recommended to follow all the requirements set by tax law and for those areas
that they are not sure, the entity should engagement with tax consulting firm
for advising. As said above, the big four firms are also offering such a service.
#7: Information System Audit or Information
Technology Audit (IT Audit)
An information system audit is sometimes called an IT audit. This type of audit
assesses and checks the reliability of the security system, information security
structure, and integrity of the system so that the output that the system
produces is reliable.
Sometimes, financial auditing also requires to has IT auditing as now
technology is increasing and most of the client’s financial reports are recording
by complex accounting software.
The audit approach also changed due to the changing of management’s
approach in recording and reporting their entity’s financial information.
Normally, before relying on information systems (software) that use for
producing financial statements, auditors required to have IT, audit teams, to
test and review that information system first.
Especially, when an entity uses an ERP system where the operational
reportings are also integrated with the accounting system. For example,
banking system normally links between operational reporting with the
accounting system.
IT audit is also offered and requests separately from the financial audit.
As you can know, most of the big firms have this kind of service. They do not
only provide IT audit but also offering consultant on the information system
areas.
#8: Compliance Audit
A compliance audit is a type of audit that checks against internal policies and
procedures of the entity as well as law and regulation where the entity
operating in. Law and regulation here is referring to the government’s law
where the business is operating.
For example, in the banking sector, there are many kinds of regulation
required bankers to follow and comply with.
Most of the central banks required commercial banks to set up the complaint
review (assessment) or compliance audit to make sure that they are
complying with those laws and regulations set.
The entity may also assign its internal audit function to review whether the
entity’s internal policies and procedures are complying and effectively follow.
A compliance audit is part of the system that use by the entity’s management
to enforce the effectiveness of the implementation of the government’s law
and regulation, and the entity’s internal policies and procedures.
#9: Value For Money Audit
Value for money audit refers to audit activities that perform in assessing and
evaluating three main difference factors: Economy, Efficiency, and
Effectiveness.
Economy, auditor assess and evaluate whether the resources that entity
purchases are at the low cost with acceptable quality where efficiency audit,
auditor check whether resources that entity use have better conversion ratio.
Effectiveness, by the way, look at the big picture of objective whether the
entity using the resources meet it objective or not.
The auditor might review the entity’s purchasing system to assess and
evaluate whether it is helping the entity to purchase materials or services at
the low costs or not.
Value for money audit is really important for the entity since it helps the entity
not only to improve resource efficiency usage but also making sure that the
entity obtains good quality material at the low costs.
#10: Review Financial Statements
Review financial statements is a type of negative engagement where auditors
are engaged to review the financial statements of the entity.
At the end of the review, the audit is not going to express whether financial
statements are the true and fair view and free from material.
But, the auditor will issue the opinion to say that there is nothing come to their
attention that financial statements are not prepared true and fair view and free
from material.
This kind of service is normally required when an entity borrows money from
the bank. And the banks, as part of their policy require the entity to provide
financial statements reviewed by the external auditor.
Or sometimes it is requested by management to have their financial
statements before asking for the auditor to audit the financial statements. Or
sometimes it is required by management for their internal use.
#11: Agreed Upon Procedures (AUP)
The agreed-upon procedure is the type of negative engagement where
auditors perform their review on the procedures that agreed with the client.
This type of engagement is called limited assurance.
Even though the procedures are set by the client, but auditors will also need to
make sure that the firm has enough resources to perform the job and fee are
not low-balling.
Auditors will also need to make sure that there is no conflict of interest
between the audit team and the client management team.
If the auditor found that there is a conflict of interest, the safe guide needs to
check and introduce to reduce the conflict.
Once auditors complete their review or perform all the procedures required by
management, the auditor will issue the report call factual finding report by list
down all the findings they found during the audit.
#12: Integrated Audit
Integrate audit is happen when there are two different areas of audit
requirements. For example, there is a financial audit along with a social audit
or there are some areas need to be confirmed with the financial audit.
For example, the NGO requires their financial statements to be audited along
with technical areas that those NGO spending the money for.
For example, NGO are working on public health and most of the money spend
are related to public health.
Besides the expenses reports that present the expenses that NGO paid for
and need to be audited by the financial auditor, there is the number of
technical reports like health reports which need to be verified by technical
auditors that have experienced in assessing health report.
This is called an integrated audit. The integrated audit also happens when the
entity operates in many different countries and the financial statements are an
audit by different audit firms.
#13: Special Audit
A special audit is a type of audit assignment that normally done by the internal
auditor.
This has happened when there is the problem/case occurred in the
organization like fraud, business case or other special cases.
For example, there is fraud occurred in the payroll department and this
concern raised to the audit committee or board of director or sometimes there
is the request from the CEO to have a special audit on these areas.
The special audit is a bit different from the forensic audit as a special audit
done by the internal staff of the entity.
Once the auditor completes the audit, then the report is prepared by the audit
team and then submit to audit committee or board of directors. It is sometimes
also reported to the CEO of the entity.
#14: Operational audit
Operational audit is the type of audit service that the review is mainly focused
on the key processes, procedures, system, as well as internal control which
the main objective is to improve productivity, as well as efficiency and
effectiveness of the operation.
Operation audit has also targeted the leak of key control and processes that
cause waste of resources and then recommend for improvement.
Operational audit is the part of the internal audit and their main aim is to add
value to the business their professional services.
Systematic and highly discipline is also the part that helps to make sure the
operational audit adds value to the organization.