Financial or system audits follow four phases: planning and risk assessment, testing of internal controls, substantive procedures, and finalization. Audits are conducted by internal or external firms, with planning and risk assessment conducted before the fiscal year ends. Testing internal controls is crucial, while substantive procedures gather physical evidence of transactions. Finalization involves creating a report for management, with various formats used depending on the audience.
Four different audit phases were followed in each financial or system audit: planning and risk assessment, testing of internal controls, substantive procedures and finalization. The purpose of these audit passes is to provide a standard process used in each audit. In most organizations, an audit is conducted by the internal audit department or an external accounting or auditing firm.
The planning and risk assessment audit phases are typically conducted before the end of the fiscal year and are used to gather information. The auditor takes the time to learn about the industry, regulations, accounting policies and information systems. During this stage, many reviewers work from a remote location, as most of this information is available from independent sources.
To plan the audit effectively, the overall scope must be assessed and documented. A standard financial audit is limited in scope to transactions that occurred in the current period and is often completed at the summary level. The number of transactions and dollar values are used to determine the upper and lower limits that will be used to set the watch values. The industry, the strength of internal controls, and any issues raised by management determine the risk assessment for the audit.
One of the most important of all audit steps is the process of testing internal controls. These processes and procedures are used to ensure they have been properly approved before payment is made or transactions are entered into the system. The primary method of internal control testing is to randomly select transactions and check source documentation. If a random selection of a representative sample finds that controls were weak or missing, the sample size should be increased.
The substantive procedures are the actual process of gathering physical evidence of transactions and verifying that the value posted to a specific account is supported by actual documents. This aspect of the audit is time consuming and very detailed work. The account selected for this type of review varies, but is typically one that tracks a range of activity with high and low dollar value.
The last stage of the audit is finalization. This is the creation of a report for management that summarizes all the procedures used to conduct the audit, the outcome of the various processes and supporting documentation. Audit reports have a variety of formats or layouts used, depending on the audience. For example, most banks require audited balance sheets when applying for a commercial loan. They often have a preferred format, making comparison and review an easier process.
Protect your devices with Threat Protection by NordVPN