Audit methodology assesses a company’s financial and business risk through internal and external audits. It typically consists of four parts: a preliminary risk assessment, planning, testing, and an exit meeting. The testing phase is the basis of the process, and the exit meeting allows for review and discussion of any violations or failures discovered.
Audit methodology is a particular set of processes or procedures used to assess a company’s financial and business risk. Internal and external audits can be used to review specific information relating to a company’s different operations. Audits generally verify financial information for accuracy and validity. Some audits focus on non-financial aspects, however. For example, corporate risk audits verify department compliance with standard operating procedures. Variations found during the audit can significantly affect the company’s ability to stay in business. Audit methodologies typically consist of four parts, including a preliminary risk assessment, a planning phase, a testing phase, and an exit meeting.
A preliminary risk assessment normally begins with an interview with the company’s management. This meeting usually determines the depth and breadth of the audit methodology as the company’s management will typically disclose the highest risk areas of their business. After the meeting, auditors typically fill out their notes and draft a formal agreement outlining the scope of the audit. Changes to audit methodology may require a separate addendum to the original written agreement. Once the preliminary risk assessment phase is complete, auditors typically begin the planning phase.
The planning phase of the audit methodology introduces the auditors in each business area that will be audited. Walkthroughs are often used during this stage of an audit to familiarize auditors with the company’s employees and their specific responsibilities. Additional weaknesses discovered by the auditors can be added to the original audit scope agreement. Corporate management usually introduces reviewers to department heads, allowing reviewers to freely conduct interviews without undue influence. This protects the integrity of the audit methodology. The testing phase normally begins after the reviewers have finished evaluating the review plan.
The testing phase is the basis of the audit methodology process. Auditors actively review financial information or business processes to determine any violations of Generally Accepted Accounting Principles (GAAP) or internal operating standards. A sample is usually taken from large groups of information and independently tested by reviewers. If too many failures occur in the first test sample, the audit methodology may require auditors to verify an additional set of information or simply write off the initial sample as a failure or a violation of company standards. Once the testing phase is complete, reviewers typically have an exit meeting with company management.
The exit meeting represents the final phase of the audit methodology. This meeting allows auditors and company management to review the audit results and discuss any violations or failures discovered during the testing phase. Formal audit opinions are typically presented within a week of the audit exit meeting. Companies may also choose to dispute the audit findings at the exit meeting if the violations are minor or insignificant relative to the company’s aggregate operations. Audit methodologies may require companies to conduct a second audit if too many violations were found during the first audit.
Protect your devices with Threat Protection by NordVPN