What is Auditing?
Financial auditing is the process of examining an organization’s (or individual’s) financial records to determine if they are accurate and in accordance with any applicable rules (including accepted accounting standards), regulations, and laws.
External auditors come in from outside the organization to examine accounting and financial records and provide an independent opinion on these records. Law requires that all public companies have their financial statements externally audited.
Internal auditors work for the organization as internal employees to examine records and help improve internal processes such as operations, internal controls, risk management, and governance.
The Public Company Accounting Oversight Board (PCAOB) maintains external auditing standards for public companies (issuers) registered with the Securities and Exchange Commission (SEC).
As of 2012, PCAOB has 15 permanent standards approved by the SEC and a number of interim standards that reflect generally accepted auditing standards, as described in standards issued by the Auditing Standards Board (ASB), which is part of the American Institute of CPAs (AICPA).
The ASB also issues Statements on Auditing Standards (SASs) that apply to preparing and releasing audit reports for nonissuers (companies not required to register with the SEC). AICPA members who audit a nonissuer are required by the AICPA Code of Professional Conduct to comply with these standards. As of 2012, there are more than 60 active standards.
For internal auditing, the Institute of Internal Auditors provides a conceptual framework called the International Professional Practices Framework (IPPF) that provides guidance for internal audits. Some of the guidance is mandatory, while others are considered strongly recommended, but not required by law.
Audit planning includes deciding on the overall audit strategy and developing an audit plan.
Auditing Standard No. 9 from the PCAOB describes an external auditor’s responsibility and the requirements for planning an audit. According to standard No. 9, an audit plan is expected to describe the planned nature, extent, and timing of the procedures for risk assessment and the tests to be done on the controls and substantive procedures, along with a description of other audit procedures planned to ensure the audit meets PCAOB standards.
For internal auditing, the Institute of Internal Auditors provides guidance for audit planning. Planning starts with determining the scope and objectives of the audit.
Internal auditors need to understand the business, operations, and unique characteristics of the department/unit being audited and to develop an audit plan that defines the procedures needed to do an efficient and effective audit.