The Purpose of an Audit

A financial statement audit is an independent examination of a company's financial statements to provide an opinion on whether those statements present fairly, in all material respects, the financial position and results of operations in accordance with applicable accounting standards. The operative phrase is "independent examination" — the auditor must be free from relationships that would bias their judgment, and the examination must follow professional standards that ensure rigor and consistency.

Audits exist because financial statement users — investors, creditors, regulators — cannot easily verify the information companies report about themselves. Without independent audits, the financial information that capital markets depend on would be far less trustworthy, and the cost of capital would be significantly higher as investors demanded larger risk premiums for uncertainty. Audits are, in an economic sense, the trust infrastructure of the financial system.

Who Performs Audits

Financial statement audits of public companies are performed by registered public accounting firms, regulated by the Public Company Accounting Oversight Board (PCAOB) under the authority granted by the Sarbanes-Oxley Act of 2002. The largest audit firms — Deloitte, PwC, EY, and KPMG (the Big Four) — audit most large public companies. Regional and national firms audit smaller public and private companies.

Private companies may have audits for various reasons — lender requirements, investor due diligence, regulatory requirements, or preparation for a future public offering. Government entities and not-for-profit organisations have their own audit requirements under Government Auditing Standards (the Yellow Book) and OMB requirements for federally funded organisations.

The Audit Process: Four Phases

Phase 1: Planning — Before any fieldwork begins, the audit team performs planning procedures. This includes obtaining an understanding of the client's business and industry, identifying the key accounting estimates and significant accounts, performing preliminary analytical procedures to identify potential risk areas, and developing the overall audit strategy and detailed audit plan. The audit risk model — assessing inherent risk and control risk to determine the required detection risk — is applied during planning to guide where audit effort should be directed.

Phase 2: Risk Assessment and Internal Control Testing — Auditors must understand the client's internal controls well enough to assess control risk. For public company audits, this includes testing whether controls are designed and operating effectively. If controls are strong and operating effectively, the auditor can rely on them and reduce the extent of substantive testing. If controls are weak or the auditor chooses not to rely on them, more extensive substantive procedures are required.

Phase 3: Substantive Testing — Substantive procedures include two types: analytical procedures (comparing account balances and ratios to expected amounts and investigating significant deviations) and tests of details (testing individual transactions, balances, and disclosures). The specific procedures depend on the assessed risks. High-risk accounts receive more intensive testing, larger sample sizes, and procedures performed at or near year-end rather than at interim periods.

Phase 4: Completion and Reporting — Near the end of fieldwork, the auditor performs overall review procedures, evaluates any identified misstatements for materiality and disclosure requirements, obtains management representations, and forms the audit opinion. The audit report communicates the opinion to financial statement users.

Audit Evidence: What Auditors Look At

Audit evidence includes all information the auditor uses in arriving at the conclusions that support the audit opinion. This ranges from externally obtained documents (bank statements, customer confirmations, legal letters) to internally generated documents examined by the auditor (invoices, contracts, board minutes) to auditor-performed procedures (recalculations, physical observations, inquiries of management).

The reliability of evidence depends on its source and nature. Evidence obtained from independent external parties is more reliable than evidence from the client. Auditor-developed evidence (recalculations, physical counts) is more reliable than client-provided representations. Written evidence is more reliable than oral evidence. The auditor must obtain sufficient appropriate evidence — enough of it, and of the right quality — to support the opinion.

Audit Opinions

The standard audit report contains an unmodified (clean) opinion when the auditor concludes the financial statements are presented fairly in all material respects. Modified opinions arise when there is a material misstatement (qualified or adverse opinion) or when the auditor could not obtain sufficient evidence (qualified or disclaimer of opinion). The type of modification depends on whether the issue is material but isolated (qualified) or pervasive (adverse or disclaimer).

For students considering audit careers: Entry-level audit positions at public accounting firms provide exposure to dozens of industries and clients within the first few years. The skills developed — analytical thinking, professional scepticism, understanding of business processes and controls — are highly transferable to corporate accounting, internal audit, and finance roles. Many CFOs and senior finance executives began their careers in public accounting audit.

Practice auditing and AUD exam questions

PrepQBank covers the audit risk model, audit evidence, internal controls, and every AUD topic with adaptive practice questions and detailed explanations.

Start practising →