y y y y y y

The Audit Process In general, a typical audit includes the following sequential steps: Scheduling an opening conference to discuss the audit objectives, timing, and report format and distribution. Assessing the soundness of the internal controls or business systems and operations. Testing the internal controls to ensure proper operation. Discussing with management all preliminary observations. Discussing with management the draft audit report and their responses, if available, prior to release of the final audit report. Following up on critical issues raised in audit reports to determine if they have been successfully resolved. Internal Controls Educational Seminar Any department or organization that would like a session on Internal Controls in the University Environment should contact the Director of Internal Auditing Services at Ext. 5-4818 to schedule it. The seminars are typically 1-2 hours in length and include a 20-minute video on internal controls at colleges and universities. The presentation includes time for questions and answers and can be tailored to address a department's specific needs or requests. Audits Types of Audits and Reviews: 1. Financial Audits or Reviews 2. Operational Audits 3. Department Reviews 4. Information Systems Audits 5. Integrated Audits 6. Investigative Audits or Reviews 7. Follow-up Audits Financial Audit A historically oriented, independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data. CSULB's external auditors, KPMG, perform this type of review. CSULB's Director of Financial Reporting coordinates the work of these auditors on our campus. Operational Audit A future-oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational

objectives. Internal controls and efficiencies may be evaluated during this type of review. Department Review A current period analysis of administrative functions, to evaluate the adequacy of controls, safeguarding of assets, efficient use of resources, compliance with related laws, regulations and University policy and integrity of financial information. Information Systems (IS) Audit There are three basic kinds of IS Audits that may be performed: 1. General Controls Review A review of the controls which govern the development, operation, maintenance, and security of application systems in a particular environment. This type of audit might involve reviewing a data center, an operating system, a security software tool, or processes and procedures (such as the procedure for controlling production program changes), etc. 2. Application Controls Review A review of controls for a specific application system. This would involve an examination of the controls over the input, processing, and output of system data. Data communications issues, program and data security, system change control, and data quality issues are also considered. 3. System Development Review A review of the development of a new application system. This involves an evaluation of the development process as well as the product. Consideration is also given to the general controls over a new application, particularly if a new operating environment or technical platform will be used. Integrated Audit This is a combination of an operational audit, department review, and IS audit application controls review. This type of review allows for a very comprehensive examination of a functional operation within the University. Investigative Audit This is an audit that takes place as a result of a report of unusual or suspicious activity on the part of an individual or a department. It is usually focused on specific aspects of the work of a department or individual. All members of the campus community are invited to report suspicions of improper activity to the Director of Internal Auditing Services on a confidential basis. Her direct number is 562-985-4818. Follow-up Audit

efficiency and effectiveness. When these follow-up audits are done on external auditors' reports. the extent to which resources have been managed with due regard to economy and efficiency. Operational auditing is based on two principles: Public business should be conducted in a way that makes the best possible use of public funds. Due to the complexity and required skill sets to perform some of these reviews. and practices including those intended to control and safeguard assets and ensure due regard to economy. Project management reviews. before and after implementation. Operational auditing fulfills the demand for performance and accountability information that is not being provided by information on financial performance and on compliance with authorities. Financial Audit Examines how government looks after its accounts and at the records of financial transactions. operations or activities of an entity have been effective. It is management s job to establish the proper control environment and system control activities that are aligned with the organization s compliance obligations. They are designed to evaluate corrective action that has been taken on the audit issues reported in the original report. to ensure controls are in place to mitigate project risks or to identify the strengths and improvements required for future projects. Government Audit Services may work with specialized contractors to ensure high quality analysis and recommendations are provided to management. procedures and practices that ensure management objectives are achieved and risk mitigation strategies are carried out. assessing the reliability of a department s financial control systems. and checking how financial information is reported for decision-making.These are audits conducted approximately six months after an internal or external audit report has been issued. regulations and the control operations according to policy. efficiently and effectively managed. and the extent to which programs. The scope of the audit may include comparing the results of operations with planned results. the results of the follow-up may be reported to those external auditors. functions or activities achieving desired results? Are there appropriate indicators and measures to assess performance? Are there better ways to achieve the organization s objectives at lower cost? Are there ways to improve the quality of service without increasing cost? . Compliance Audit Looks at whether or not an organization is adhering to specific laws. and that access to government systems are secure and adequately protected. to ensure they are secure and meet the organization s needs. People who conduct public business should be accountable for the prudent and effective management of the resources entrusted to them. Internal auditors supplement these audit tests by further analysis and discussions with management. Performance Audit Asks if an entity achieving its goals and at what cost. In financial audits. standards or contracts. Performance audits usually address the following questions: Are programs. and/or Specific technology and security reviews to ensure that the technologies are appropriate. Planning decisions on the scope of a financial audit mainly involve the intended degree of audit assurance and the extent of audit work required to provide it. This type of audit examines and reports on matters related to any or all of the following: the adequacy of the management systems. policy and procedures. before or after systems implementation. These control activities usually include the policies. internal auditors test whether financial transactions support the amounts and disclosures recorded in the government s accounting system. controls. Operational Audits Looks at whether or not public funds and resources have been economically. directives. This type of audit is also meant to detect breaches in security and to recommend any indicated changes in systems of control. directives. Information Management and Technology (IT) Audit May include the following: Reviews of existing or new information systems.

Since individual users cannot verify information contained in financial statements. Handled by a trained accountant. and extend credit.. To assess a company's position accurately. GAO auditing largely has the same focus as internal auditing: examining financial records. governmental. independent auditors or certified public accountants). which could bring about a conflict of interest. The GAO serves as the accounting and auditing branch of Congress. While auditing focuses largely on financial information. policies. Consequently.Does the program. users of financial statements demand the services of independent auditors to verify the accuracy of company information and lend credibility to the financial information. and so forth. General Accounting Office (GAO). assessing compliance with laws and regulations. Therefore. Generally. lend money. Moreover. meaning that the audit determines whether companies have followed the financial reporting standards given by various sanctioning boards such as the Financial Accounting Standards Board. records. which resemble the GAO. who provide internal auditing services similar to those described above. and evaluating the achievement of objectives. Companies usually have their own accountants and managers prepare their financial information. and records and to review and assess a company's performance given its plans. value. Investors and lenders are the primary users of financial statements and they rely on financial statements to make decisions such as whether to buy stocks or bonds. the process also may involve examination of nonfinancial documents that reveal information about a business's conduct. and external (i. debt. Hence. reviewing efficiency of operations. These governmental accountants perform accounting and auditing tasks for the entire federal government. the Auditing Standards Board in 1997 issued its statement "Consideration of Fraud in a Financial Statement Audit. TYPES OF AUDITS Major types of audits conducted by external auditors include the financial statements audit." which requires greater effort on the part of external auditors to ensure that financial statements are free from fraud and misstatements.e. and assess the attainment of company goals. the independent auditor is not an employee of the organization being audited or an employee of the government. the criteria for judging an auditor's financial statements are generally accepted accounting principles. internal auditors review financial records and accounting systems. TYPES OF AUDITORS There are three types of auditors: internal. federal and state departments and agencies often have their own internal auditors. and can help companies assess their performance and their compliance with applicable regulations. function or activity comply with applicable laws and regulations? The American Accounting Association defines auditing as a systematic process of objectively obtaining and evaluating the accounts or financial records of a governmental. an audit and the auditor's report provide additional assurance to users of financial statements that the information presented in financial statements is accurate. In addition. profits. procedures. This is communicated to the officials of the audited entity in the form of a written report accompanying the statements. most states have their own accounting and auditing agencies. they are similar to external auditors. The attest function of external auditing refers to the auditor's expression of an opinion on a company's financial statements. He or she performs an examination with the objective of issuing a report containing an opinion on a client's financial statements. Governmental auditors include accountants employed by the U. the operational audit. An operational audit examines an organization's activities in order to assess . auditing by external accountants reduces the number of mistakes in financial statements and prevents companies from issuing fraudulent statements. Because the GAO and its state counterparts are separate agencies from the departments and agencies they audit. which is called attestation. investors and lenders need credible financial information on a company's sales. A financial statement audit (or attest audit) examines financial statements. In contrast. business. evaluate the efficiency of company operations. The primary purposes of internal auditing are to review and assess a company's policies. or other entity based on established criteria. The typical independent audit leads to an attestation regarding the fairness and dependability of the statements. Internal auditors are employees of the organization whose activities are being examined and evaluated during an independent audit. By conducting audits. and procedures. and related operations to ascertain adherence to generally accepted accounting principles.S. and the compliance audit. assess compliance with company policies. external auditors make financial statements consistent and meaningful. In addition.

The report shall state whether such principles have been consistently observed in the current period in relation to the preceding period. attainment of business goals. taken as a whole. Nevertheless. such as a federal. The report shall contain either an expression of opinion regarding the financial statements. Sufficient competent evidential matter is to be obtained through inspection. AICPA standards of reporting are: The report shall state whether the financial statements are presented in accordance with generally accepted accounting principles. General standards are brief statements relating to such matters as training. except that it is not intended for external use. an operational audit involves reviewing an organization's activities to evaluate performance. Internal auditors also perform financial statement audits. an independence in mental attitude is to be maintained by the auditor or auditors. While these standards and procedures constitute the foundation of auditing for all three types of auditors. Because of the potential for conflicts of interest. When an overall opinion cannot be expressed. conventions. and informed professional judgment. Due professional care is to be exercised in the performance of the examination and the preparation of the report. In planning the audit. There is to be a proper study and evaluation of the existing internal control as a basis for reliance thereon and for the determination of the resultant extent to which auditing procedures are to be restricted. and compliance audits. A compliance audit has as its objective the determination of whether an organization is following established procedures or rules. and professional care. internal auditors perform financial statement audits for internal use only. such as whether company property and debt actually exist or whether company transactions actually took place. Internal auditors also perform compliance audits to ensure conformity with company policies as well as with applicable government laws and regulations.performances and develop recommendations for improved use of business resources. they nevertheless strive for independence insofar as possible. Standards of reporting outline the required auditing standards relating to the audit report and its contents. analysis. the reasons therefore should be stated. which are performed to comply with the requirements of a governing body. AICPA general standards are: The examination is to be performed by a person or persons having adequate technical training and proficiency as an auditor. although their audits have a different scope and their reports a different purpose. operational audits (which are also referred to as performance auditing and management auditing). or an assertion to the effect that an opinion cannot be expressed. primarily imposed by the American Institute of Certified Public Accountants (AICPA). concepts. and issuing a report. the auditor develops an audit program that identifies and schedules audit procedures that are to be performed to obtain the evidence. In addition. or city government or agency. inquiries. if any. THE AUDITING PROCESS Auditors generally conduct audits following four general steps: planning. and the degree of responsibility he or she is taking. procedures. much of the work internal auditors do is similar to the work external auditors do. and confirmation to afford a reasonable basis for an opinion regarding the financial statements under examination. evaluating evidence. if any. AICPA standards of field work are: The work is to be adequately planned and assistants. Standards of fieldwork provide basic planning standards to be followed during audits. the auditor usually formulates a hypothesis about company financial . the report should contain a clear-cut indication of the character of the auditor's examination. Informative disclosures to the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report. AUDITING STANDARDS The auditing process is based on standards. independence. In all cases where an auditor's name is associated with financial statements. Even though internal auditors are employees of the companies they audit. The auditing process relies on evidence. other organizations such as the Institute of Internal Auditors and the General Accounting Office impose their own standards and procedures. and reporting practices. Auditors also perform statutory audits. gathering evidence. are to be properly supervised. state. In all matters relating to the assignment. The auditor must be aware of potential problems involved in the auditing process. respectively. In addition. and efficient use of resources. which apply to internal auditing and governmental auditing. observation.

understood. The financial statements reflect the underlying events and transactions in a way that presents the financial position. and cash flows within reasonable and practical limits. The accounting principles are appropriate in the circumstances. The independent auditor has the responsibility to search for errors or irregularities within the recognized limitations of the auditing process. the financial position. inspection. An auditor is subject to risks that material errors or irregularities." Audit evidence is proof obtained to support these hypotheses and ultimately the audit's conclusions. results of operations. The audit trail enables an auditor to evaluate the strengths and weaknesses of internal controls. analysis. such as "Company financial reports are accurate" or "Company financial reports are inaccurate. Finally. results of operations. The fair presentation of financial statements does not mean that the statements are fraud-proof. or cash flows of the business in conformity with generally accepted accounting principles. Investors should examine the auditor's report for citations of problems such as debt-agreement violations or unresolved lawsuits. The introductory paragraph identifies the financial statements audited. which involves making a decision about company records and claims and whether the actual evidence supports company records and claims. and applied on a basis consistent with that of the preceding year (or in conformity with some other comprehensive basis of accounting that is appropriate for the entity). The scope paragraph describes what the auditor has done and specifically states that the auditor has examined the financial statements in accordance with generally accepted auditing standards and has performed appropriate tests. An audit trail is a chronological record of economic events or transactions that have been experienced by an organization. The auditor's opinion indicates whether the financial statements are fairly presented in conformity with generally accepted accounting principles. and cash flows of the business in conformity with generally accepted accounting principles. results of operations. in all material respects. calculations. A fair presentation of financial statements is generally understood by accountants to refer to whether: The accounting principles used in the statements have general acceptability. the auditor must collect the evidence necessary to support the audit's conclusions. states that management is responsible for those statements. the financial position. in all material respects. system designs. The auditor must evaluate the initial hypothesis based on the evidence and accept or reject the hypothesis as a result. Disclaimer of opinion: A disclaimer of opinion states that the auditor does not express an opinion on the financial statements. After the planning is completed. Qualified opinion: A qualified opinion states that. if they exist. Adverse opinion: An adverse opinion states that the financial statements do not represent fairly the financial position. and asserts that the auditor is responsible for expressing an opinion on them. Various audit opinions are defined by the AICPA's Auditing Standards Board as follows: Unqualified opinion: An unqualified opinion states that the financial statements present fairly. The auditor's unqualified report contains three paragraphs. Evidence-gathering procedures include observation. and cash flows of the business in conformity with generally accepted accounting principles. and interpreted. will not be detected. and company policies and procedures. AUDIT REPORTS The independent audit report sets forth the independent auditor's opinion regarding the financial statements. and comparison. results of operations. confirmation. the auditor prepares a report based on the findings of the other steps. The opinion paragraph expresses the auditor's opinion on whether the statements are in accordance with generally accepted accounting principles. inquiry. The information presented in the financial statements is classified and summarized in a reasonable manner.information at this step. If an "except for" statement appears in the report the investor should understand that there are certain problems or . The financial statements are prepared so they can be used. the financial statements present fairly. except for the effects of the matter(s) to which the qualification relates. Explanatory language added to the auditor's standard report: Circumstances may require that the auditor add an explanatory paragraph (or other explanatory language) to the report." Going concern" ' references can suggest that the company may not be able to survive as a functioning operation.

. Both internal and governmental reports strive to communicate information clearly and concisely.departures from generally accepted accounting principles in the statements that question whether the statements present fairly the company's financial statements and that will require the company to resolve the problem or somehow make the accounting treatment acceptable. whereas internal reports tend to vary greatly because of the plethora of interests and purposes companies may have for auditing. internal and governmental auditors prepare a variety of reports that serve a variety of purposes. Government reports tend to emphasize the efficient use of resources by the government departments being audited. depending on the auditing assignment and goals. In contrast to the standardized report of external auditors. LEGAL RESPONSIBILITIES The legal responsibilities of the auditor are determined primarily by the following: Specific contractual obligations undertaken. Rules and regulations of voluntary professional organizations. Statutes and common law governing the conduct and responsibilities of public accountants.

Sign up to vote on this title
UsefulNot useful