What are the different types of audits?
- Internal audits
- External audits
- Financial statement audits
- Performance audits
- Operational audits
- Employee benefit plan audits
- Single audits
- Compliance audits
- Information system audits
- Payroll audits
- Forensic audits
Click any of the items listed above to jump to that section.
What is an audit?
An audit is a form of investigation. Auditors may be hired to examine financial statements, management accounts and reports, accounting records, operational reports, revenue reports, and expense reports. In many types of audits, a certified public accountant (CPA) is engaged to obtain “reasonable assurance” that the records are presented fairly and accurately and comply with certain standards.
The audit team reports their findings to shareholders and other internal stakeholders of the company in the form of an audit report. Sometimes, audit reports are submitted to external stakeholders, such as banks, creditors, the public, or the government.
A common misconception is that audits are bad – it’s not true. The process can be time-consuming, but businesses can benefit from audits! They can use audit findings to improve finances and internal controls, expose fraud risks, and help stakeholders make more informed decisions.
In this post, we outline 11 different types of audits, who conducts them, and share some common, real-world examples.
Different types of audits
1. Internal Audits
Internal audits assess internal controls, processes, legal compliance, and the protection of assets. The internal audit process can be a helpful tool for businesses to evaluate risk and identify actionable ways to improve performance.
Internal audits are performed by individuals within the organization. While these individuals aren’t independent of the organization, they should be independent of the activities they’re auditing.
Reports are sent to management, the board of directors, or the organization’s audit committee. An internal audit can be beneficial to your business operations, but it doesn’t replace an audit performed in accordance with generally accepted auditing standards (GAAS).
If your business undergoes an external and internal audit, the external audit team will communicate with your internal audit team throughout the auditing process. Internal audit committees should be prepared to share information gathered from their audit procedures with the external auditors.
2. External Audits
A third party – such as an independent CPA firm – conducts external audits. Once the audit is complete, a report is distributed to shareholders and stakeholders outside of the organization. While external audits may vary in what they audit (financial statements, usage of federal funds, etc.), the main benefit is the independence and objectivity of the audit team. This gives shareholders and external stakeholders more confidence in the audit process and report.
Example: A manufacturer of car parts is a publicly-traded company. Publicly traded companies and corporations that sell their shares to the public are required to have an external auditor audit their financial statements.
Next, learn about specific types of audits that can be performed internally, externally, or both.
3. Financial Statement Audits
Financial statement audits involve independent auditors who will report on whether a company’s financial statements align with the applicable financial reporting standards. Auditors are required to accomplish three things:
- Identify and assess risks of material misstatement, whether due to fraud or error
- Obtain sufficient audit evidence about whether material misstatements exist
- Form an opinion on the financial statements or determine that an opinion can’t be formed
According to the AICPA, these audits are “typically appropriate and often required when seeking high levels of financing or outside investors, or when selling a business.” The report can help other businesses, investors, stakeholders, etc., make informed decisions about the company.
Example: If a small business holds a loan or line of credit with a bank, the bank may require the business to undergo a financial statement audit.
4. Performance Audits
Performance audits cover a wide variety of assessments. An entity may request or require a performance audit to evaluate any of the following objectives:
- Program effectiveness and results
- Internal controls
- Compliance with certain requirements
- Prospective analysis
These objectives aren’t mutually exclusive. If an auditor is evaluating program effectiveness, he may need to audit internal controls too. Performance audits are beneficial because they can help management and those charged with governance and oversight improve program performance and operations, reduce costs, facilitate decision-making, and contribute to public accountability.
Performance audits are typically associated with government agencies because they receive federal funding and need to show they use the funds appropriately. But non-governmental performance audits are common too!
Auditors must follow generally accepted government accounting standards (GAGAS) – aka Yellow Book – when conducting government performance audits. According to the AICPA, performance audits conducted under GAGAS can provide the highest levels of assurance, as the auditor determines the scope based on these requirements.
Examples of performance audits include:
- Ensuring government services and benefits are delivered to citizens based on eligibility
- Providing conclusions on current and projected trends and the potential impact on the business
- Analyzing the cost-effectiveness of a program or activity based on benefits provided and results achieved
5. Operational Audits
Operational audits review an organization’s activities in relation to specific objectives. An auditor will analyze processes, procedures, and systems; and evaluate operational effectiveness, efficiency, and productivity. Benefits of an operational audit include finding opportunities for improvement and developing recommendations.
Many companies conduct operational audits internally. However, companies may hire an external specialist. Organizations can benefit from working with a CPA, as they have expert knowledge, training, and experience in performing audits. Some accounting firms also have management advisory service (MAS) specialists or Certified Management Accountants (CMA) that can offer their expertise.
Example: A business may have an auditor review its human resources department. The auditor will investigate department procedures and how efficiently it uses resources. The final report should include a full department review and identify opportunities for improvement.
6. Employee Benefit Plan Audits
An employee benefit plan (EBP) audit analyzes and evaluates your benefit plan’s financial statements. This type of audit can highlight opportunities for improvement within plan operations, efficiencies, controls, and how well the plan complies with select regulations. Independent public accountants are the only professionals qualified to perform employee benefit plan audits.
Example: If your company offers a benefit plan (including 401(k), 403(b), and employee stock ownership plans), a defined benefit pension plan, or a health plan to more than 100 eligible participants, you may need an audit.
To learn which plans are subject to audit requirements, click here.
7. Single Audits
Single audits are report cards. They inform federal agencies if there are problems with how grantees use federal funds. Single audits are highly complex as auditors must perform the audit in accordance with GAAS and GAGAS. Plus, the auditor must review the entire entity’s compliance and internal controls, not just a specific division or program.
A single audit is required when a non-federal entity spends $750,000 or more of federal awards (either direct or indirect awards) in their fiscal year (Single Audit Fundamental Series Part 1: What is a Single Audit? page 17).
Non-federal entities include states and local governments, nonprofit organizations, indigenous American tribes, and institutions of higher education. If an entity is a recipient or subrecipient of grants, contracts, loans, endowments, insurance, etc., it may be required to have a single audit performed annually.
8. Compliance Audits
A compliance audit is when an entity is audited to determine if it complies with a government’s rules, standards, and requirements. A government sets the requirements and hires an auditor to evaluate the entity’s compliance with them.
This type of audit determines whether the entity is complying with local laws, regulations, rules, and provisions of contracts or grant agreements. According to the AICPA, compliance audits are typically performed in conjunction with a financial audit (Compliance Audits, page 2,463).
Example: A compliance audit can determine if a mill is following the Environmental Protection Agency (EPA) guidelines for waste disposal. The EPA would send their internal auditor or hire an audit firm to assess the business and report their findings.
9. Information System Audits
Information system audits evaluate the management controls within a company’s information technology (IT) infrastructure. An audit will determine if the systems are safeguarding assets, maintaining data integrity, and operating effectively. Businesses can benefit from this type of audit because it can help identify opportunities and risks, align assessment and strategy, and improve business procedures. Businesses can choose to have these audits conducted independently or during a financial statement or internal audit.
Certified Information Systems Auditors (CISA) are qualified to conduct this type of audit. Audit activities include interviews with business users and staff, documentation analysis, and software controls checks.
IT systems are complex. Most information system audits are customized to fit the needs of the organization. Audits may focus on IT processes, specific areas of the business, or data privacy.
10. Payroll Audits
Payroll audits review payroll processes and reports. An audit can help identify errors, improve compliance, and protect the business from fraud. An internal auditor or a third-party auditor – like a CPA – can perform payroll audits.
The auditor will review your company’s payroll records and determine if they’re accurate, timely, and complete. If they find errors, the auditor will look to identify gaps in procedures that led to or could lead to inaccuracies. Discovering any vulnerabilities will allow you to make corrections and maintain or improve compliance.
For most companies, annual or semiannual payroll audits are recommended. Regular payroll audits can help your company maintain compliance and strengthen your financial controls.
11. Forensic Audits
A forensic audit examines a company’s financial records to identify illegal finance activity. The auditor – a forensic accountant – will look for evidence that may be used in court or for conflict resolution among shareholders.
Your organization may need a forensic audit if individuals suspect fraud, theft, or inaccuracies (both positive and negative) in account balances.
Example: Company A enters into a contract with Company B. However, Company B isn’t authorized to do business because its license is suspended due to irregular tax payments. Company A’s CFO knew about this but moved forward with the deal because the CFO received direct compensation from Company B. Forensic audits can detect this type of fraud and provide evidence if fraud does occur.
Have questions about audits that could benefit your business? Let’s talk!