Auditing: to conduct an official financial inspection of (a company or its accounts).

 In public administration audit refers to either of two very common activities.

– The official examination of a financial report submitted by an individual or
organization to determine whether it accurately represents expenditures,
deductions, or other allowances determined by laws or regulations; Or.
– The final phase of the government budgetary process, which reviews the
operations of an agency, especially its financial transactions, to determine
whether the agency has spent its money in accordance with the law, in the
most efficient manner, and with desired results.
03008208779
However, broadly audits are divided into two main groups..

 Internal
 Statutory/external

Internal auditors are appointed by the management of

the organization, whereas statuary auditors are
appointed by different authorities like shareholders, etc.
Internal audit focuses on the financial and operating
matters. Statutory auditor is also known as external
auditor. Internal audit report findings are only submitted
to the management of the organization, whereas
statutory audit report is shared with the shareholders.

Audits can be broadly classified into these types –

Financial Audit – It deals with the assessment and verification of the financial
statements of an organization. The aim of this auditing is to ensure that the financial
documents are not mishandled and are fair. They must also comply with the accounting
principles stablished by that particular organization. It primarily deals with Balance
Sheet and Profit and Loss Accounts.
Financial audit evaluates the revenues and expenses. It checks that the reporting or the
financial documents are in accord with the concerned law, policies and procedures.
 Operational Audit – This type of audit is
performed to verify that the resources are being use up in the organization in the best
possible manner to fulfill the aim of the organization. These are also sometimes known
as performance audits. This type of audit takes ingredients from financial as well as
compliance audit. In addition it also aims to identify the operations which have chances
for further improvement. It is done in order to improve operational efficiently. It verifies
that the activities being performed in the company are in the way of meeting predefined
management objectives.

Information System Audit /technology

audit/computer audit– This audit focuses on the organization Information system and
its related operations. This is generally done with other types of audits like financial, etc.
It evaluated and examines the data from IT systems and evaluates their reliability,
especially the ones effecting the financial statements of the organization.
It is known by various names like Information System Audit, technology audit, computer
audit, etc. IT looks into the technical operation, data center operation and other
application controls.

Compliance Audit – This audit focuses on reviving the level

of compliant (obey rules) with policies framed by the organization or external regulatory
requirements. It basically verifies the compliance of rules including legislation (law),
regulations, contractual and regulatory requirements. It tries to determine that whether
there is any violation of concerned laws and regulations that are effecting the
organization. Procedures and rules established by the company plays a significant role
in maintaining the smooth functioning of the system, and therefore this audit plays an
important rule to find out whether these rules are implemented properly or not.

Integrated Audit – Integrated auditing combines

many component primarily financial and operations, also including the aspact of
information technology. It focuses on the broader spectrum and therefore is termed as
the integrated audit as it is jointly planned by the audit team of financial, operational and
IT field. It also looks into the quality and other compliance concerns.
This type of audit is important as it is able to provide a complete picture of concerned
risks. It may also be used for determine opportunities to increase the flow of information
in IT and process groups. This holistic approach of audit is beneficial for increasing the
usage of automated controls.

Forensic Audit
Forensic audit normally perform by forensic accountant who have the
skill in both accounting and investigation. Forensic Accounting is the
type of engagement that undertaking the Financial Investigation in
response to a particular subject matter, where the findings of the
investigation may be used as evidence in court. The investigation is
cover certain areas include fraud, crime, insurance claims as well as
dispute among shareholders.
Tax audit --Tax audit is type of audit that perform by government tax
department or tax authority. Tax audit could be performed as the result
of in-compliant found by government or the schedule set by government
tax department. Entity need not to invite or engage with tax authority to
come and check. They will come by themselves.
Value For Money
Value for money audits involves the assessment of the efficiency, effectiveness and economy of an
organization's use of resources.
Value for money audits are increasingly relevant to sectors which do not have profit as their main objective
such as the public sector and charities. They are usually performed as part of internal audit or public sector
audit.
It is important to mention that main types of audits like financial statements audit,
operational audit and the compliance audit are generally conducted by the external
auditors

Purposes of audits
An auditor may specialize in types of audits based on the audit purpose, such as to verify
compliance, conformance, or performance. Some audits have special administrative purposes such
as auditing documents, risk, or performance or following up on completed corrective actions.

Certification

Companies in certain high-risk categories—such as toys, pressure vessels, elevators, gas

appliances, and electrical and medical devices—wanting to do business in Europe must comply
with Conformité Europeënne Mark (CE Mark) requirements. One way for organizations to comply is
to have their management system certified by a third-party audit organization to management
system requirement criteria (such as ISO 9001).

Customers may suggest or require that their suppliers conform to ISO 9001, ISO 14001, or safety
criteria, and federal regulations and requirements may also apply. A third-party audit normally results
in the issuance of a certificate stating that the auditee organization management system complies
with the requirements of a pertinent standard or regulation.

Third-party audits for system certification should be performed by organizations that have been
evaluated and accredited by an established accreditation board, such as the ANSI-ASQ National
Accreditation Board (ANAB).

Performance versus compliance/conformance audits

Various authors use the following terms to describe an audit purpose beyond compliance and
conformance: value-added assessments, management audits, added value auditing, and continual
improvement assessment. The purpose of these audits goes beyond traditional compliance and
conformance audits. The audit purpose relates to organization performance. Audits that determine
compliance and conformance are not focused on good or poor performance. Yet performance is an
important concern for most organizations.

A key difference between compliance/conformance audits and audits designed to promote

improvement is the collection of audit evidence related to organization performance versus evidence
to verify conformance or compliance to a standard or procedure. An organization may conform to its
procedures for taking orders, but if every order is subsequently changed two or three times,
management may have cause for concern and want to rectify the inefficiency.

Follow-up audit

A product, process, or system audit may have findings that require correction and corrective action.
Since most corrective actions cannot be performed at the time of the audit, the audit program
manager may require a follow-up audit to verify that corrections were made and corrective actions
 were taken. Due to the high cost of a single-purpose follow-up audit, it is normally combined with the
next scheduled audit of the area. However, this decision should be based on the importance and risk
of the finding.

An organization may also conduct follow-up audits to verify preventive actions were taken as a result
of performance issues that may be reported as opportunities for improvement. Other times
organizations may forward identified performance issues to management for follow-up.

4 Phases of an audit
1. Audit preparation – Audit preparation consists of everything that is done in advance by interested
parties, such as the auditor, the lead auditor, the client, and the audit program manager, to ensure
that the audit complies with the client’s objective. The preparation stage of an audit begins with the
decision to conduct the audit. Preparation ends when the audit itself begins.
2. Audit performance – The performance phase of an audit is often called the fieldwork. It is the data-
gathering portion of the audit and covers the time period from arrival at the audit location up to the
exit meeting. It consists of activities including on-site audit management, meeting with the auditee,
understanding the process and system controls and verifying that these controls work,
communicating among team members, and communicating with the auditee.
3. Audit reporting – The purpose of the audit report is to communicate the results of the investigation.
The report should provide correct and clear data that will be effective as a management aid in
addressing important organizational issues. The audit process may end when the report is issued by
the lead auditor or after follow-up actions are completed.
4. Audit follow-up and closure – According to ISO 19011, clause 6.6, “The audit is completed when
all the planned audit activities have been carried out, or otherwise agreed with the audit client.”
Clause 6.7 of ISO 19011 continues by stating that verification of follow-up actions may be part of a
subsequent audit.

Note: Requests for correcting nonconformities or findings are very common. Corrective action is
action taken to eliminate the causes of an existing nonconformity, defect, or other undesirable
situation in order to prevent recurrence (reactive). Corrective action is about eliminating the causes
of problems and not just following a series of problem-solving steps. Preventive action is action
taken to eliminate the causes of a potential nonconformity, defect, or other undesirable situation in
order to prevent occurrence (proactive).

The International Professional Practices Framework (IPPF) is the conceptual framework

that organizes authoritative guidance promulgated (NAFAZ) by The IIA (Institute of
Internal Auditors Business). A trustworthy, global, guidance-setting body, The IIA
provides internal audit professionals worldwide with authoritative guidance organized
in the IPPF as mandatory guidance and recommended guidance.
Mission of Internal Audit

The Mission of Internal Audit articulates what internal audit aspires to accomplish within an organization. Its place in
the new IPPF is deliberate, demonstrating how practitioners should leverage the entire framework to facilitate their
ability to achieve the Mission:
To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.