Internal Audit 101: This series explores the foundations of internal audit by industry, including basic definitions and concepts relative to auditors in specific sectors.
What is a Financial Audit?
A financial audit typically refers to the annual audit of an organization’s financial statements to ensure that its records are a fair and accurate representation of the organization’s financial transactions. The audited financial statements that are reviewed yearly include the income statement, balance sheet, and cash flow statement. A financial audit can also include an audit over the organization’s internal control over financial reporting, which is commonly integrated with an audit of financial statements.
Both internal auditors and external auditors can conduct financial audits. The biggest difference between external and internal audits is the objectivity and independence of the external audit firm’s opinion on the financial statements and internal controls audited.
History of Financial Audit
Most companies receive a yearly audit of their financial statements to satisfy debt covenants to lenders. For publicly traded companies, financial audits are a legal requirement under the Sarbanes-Oxley Act (SOX) of 2002. In addition to requiring an audit of the company’s financial statements, SOX also requires public companies to receive an audit of management’s assessment of the effectiveness of the company’s internal control over financial reporting. SOX established the Public Company Accounting Oversight Board (PCAOB) that oversees rules and standards for such audits. SOX audit programs can vary in maturity and status based on when the organization has gone public and whether or not the organization has undergone any updates to their SOX program since it was initially required in the early 2000s. Organizations that are planning for an initial public offering (IPO) will usually perform audit readiness activities in order to ensure that they can meet SOX compliance once required.
Types of Financial Audits
External Financial Audit
External financial audits are usually conducted by employees of an independent certified public accountant (CPA) firm and include an audit of both financial statements and internal controls over financial reporting. External audits seek to identify if there are any material misstatements in the financial statements, as well as evaluate the effectiveness of internal controls over financial reporting. An external auditor’s findings result in an auditor’s opinion that is included in the financial audit report. This opinion is a crucial accompaniment to the financial statements in helping analysts and investors gain comfort in an organization’s financial condition and performance as stated by management.
Internal Financial Audit
Internal financial audits are conducted by employees of the organization known as internal auditors in order to provide management with an assessment over the effectiveness of financial reporting processes and internal controls over financial reporting. Internal audit teams may complement the work of external auditors based on a pre-agreed plan and meetings. Internal audits help an organization improve its processes and internal controls by performing projects and controls assessments in order to identify any areas of improvement or deficiencies in the controls and reporting process, giving the organization the opportunity to remediate those issues prior to them becoming a material error (under generally accepted auditing standards, misstatements and omissions are considered material if they could “influence the judgment made by a reasonable user based on the financial statements.”) The results of an internal audit, along with the internal audit team’s recommendations for improvement, are recorded in a financial audit report that is provided to the organization’s management and board of directors.
Financial Audit Procedures
Substantive procedures are the procedures performed to support financial audits. A substantive procedure may be a process, step, or test that creates conclusive evidence regarding the completeness, existence, disclosure, rights, or valuation (the five audit assertions) of the financial statements. To qualify as a substantive procedure, enough documentation must be collected so that another qualified auditor could conduct the same procedure on the same documents and come to the same conclusion.
Financial audit procedures are built around the five audit assertions at the account or asset level. Planning for a financial audit involves performing scoping and risk assessments prior to the audit project in order to understand areas that are material to the organization as well as evaluate areas of significant risk. External auditors will usually determine their level of reliance on the work of the internal audit function in obtaining audit evidence ahead of the audit. External auditors will evaluate the extent of their reliance against requirements set forth by the American Institute of Certified Public Accountants (AICPA).
Financial Statement Review: Checklist
While there is variance across industries, the generic worksteps of a typical financial statement review would include:
- Audit Planning: Risk Assessment and Scoping
- For financial scoping, a determination of materiality in light of the financial review process is required. Any accounts identified over that benchmark individually would be considered. Additionally, the remaining accounts should be assessed in the aggregate to determine appropriateness of coverage. Teams should confirm that the remaining balance of accounts not tested is below the materiality threshold determined by the team.
- Reconciliation: Compare the subledger balances received to the general ledger balance.
- Subledger analysis: Analyze all of the detailed transactions from the subledger, and ensure that the sum of all transactions agrees to the reconciliation. The subledger should be at the lowest level of detail.
- Sampling of transactions: Select a sample of transactions, typically using statistical analysis, to obtain comprehensive evidence over the execution of the transaction. Samples should involve one transaction - if more than one transaction rolls up into the sample, consider whether you’ve selected a sample of a sample.
- Within the sampling of transactions, consider the coverage obtained from controls in place and the potential reduction of testing procedures based on control activities that are performed.
- Performance of account-specific procedures: Such as comparing transactions to the source invoice and confirming the completeness, accuracy, and validity of the transaction.
- Issue Management and Followup
- Errors identified should be analyzed and extrapolated to determine the impact to the organization.
- Remediation plans should be developed to remediate the current issue and to prevent it from happening again in the future.
- Prepare for the Formal External Audit
- Hold conversations with the External Audit team to discuss findings, and be prepared to share documentation of testing procedures performed.
- Leverage Technology to Streamline the Process
Some of these steps can be reduced if control coverage is identified to be sufficient; for example, for a fully automated transaction type.
Optimizing Financial Audits Using Technology
Performing a financial audit without technology can lead to breakdowns over version control, team communication, and comparisons to prior year. For organizations performing financial audits not related to SOX, leveraging internal audit management software can help streamline the entire financial audit process and create automated workflows to promote efficiency and effectiveness throughout the end-to-end audit lifecycle. SOX compliant organizations can easily link between controls testing and financial audit testing to identify efficiencies.
Research performed over the last decade by global consulting firm Protiviti consistently reveals rising key control counts, increased hours spent on compliance, increasing internal and external costs, and the continued inefficiency of manual processes specific to SOX. Organizations that have successfully implemented audit management software report time savings of 33% to 50% on administrative audit work performed during testing and documentation, time savings that can ultimately convert into more value-add projects for the business.
This ongoing research points to one conclusion: the time has never been better to embrace SOX and audit automation software. First-rate audit management software can not only help strengthen internal controls, but also seamlessly link together controls and substantive testing, which can reduce the amount of financial audit testing that auditors need to perform to accomplish audit goals.
To learn how AuditBoard can help you streamline your financial audits and SOX audits, fill out the form below.
Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.