What is a Financial Statement Audit?
Sep 29, 2021 | By Michael Whitmire
Working with the former accountants now working at FloQast, we decided to take a look at some of the pillars of the accounting professions.
In this post, we’ll take a look at what is auditing in accounting, best practices for audit accounting, and how to prepare for a quiet, simple annual audit.
What is a financial audit?
Many people outside of financial services think of getting an audit in the same category as getting a root canal: A painful, invasive, lengthy, and expensive process. And scary too: If the auditors uncover issues, you could go to jail. But an audit doesn’t have to be an awful experience and has a potential upside when your auditor shares insights on ways to improve your business.
What is the main purpose of a financial audit?
What does audit mean? An audit is defined as an official inspection of the records of an organization, generally performed by someone who is independent of that organization. The main purpose of a financial statement audit is an objective appraisal of an organization’s financial position. Audited financial statements provide reasonable assurance that interested parties can rely on them to make decisions about a company — whether to invest funds, lend money, extend credit, or otherwise do business with that company.
Auditors don’t provide an absolute guarantee that every number is 100% accurate. Rather, they provide reasonable assurance that the financials are free of material misstatements and that they present fairly the financial position of the company in all material respects.
Auditors work within an acceptable margin of error, known as materiality. The magnitude of materiality depends on the size of the organization and its revenues and expenses. For a very small company, an error of a few hundred dollars might be significant, but for a company the size of Amazon or Walmart, a material mistake might be measured in the hundreds of thousands of dollars.
In a financial statement audit, the auditors look through the financial information for your company. They scrutinize accounting policies and a company’s internal controls. They make sure that all the elements of a set of financial statements — the balance sheet, income statement, statement of cash flows, and the footnotes and disclosures — are all correctly classified, complete, and accurate within materiality.
Financial auditing has these four main objectives:
- To evaluate whether the financial statements are materially correct, complete, and reported in accordance with generally accepted accounting principles (GAAP)
- To assess the possibility of fraud at the organization
- To gauge whether the organization will remain a viable business, also known as a going concern
- To identify ways that a company can improve its business
All of these objectives are opportunities for an organization to make their business better, which makes a financial audit a whole lot less scary, seen from that point of view.
What are the different types of audits?
When most people hear the word audit, they think of an audit of financial statements or maybe an IRS audit. But while those are the most common, those are only two kinds of audits. Here are some of the other kinds of audits:
Compliance audit: This is an audit to ensure compliance with laws or regulations. Financial audits and IRS audits are both types of compliance audits. Other governmental agencies may require audits to determine that the beneficiaries of government programs have fulfilled their obligations.
Internal audit: These types of audits are performed by a group within an organization to evaluate that organization’s compliance with laws, internal controls, and accounting processes with an aim of improving performance.
Tax audit: Federal, state, or local tax authorities perform these to ensure that an individual or a business is paying the correct amount of tax.
Information systems audit: This is an examination of an organization’s information systems to ensure information is properly and accurately processed and to ensure that a company’s data is accessed only by the appropriate people.
Forensic audit: This type of audit produces evidence that can be used in a court of law or in a judicial proceeding. These are generally ordered when there is evidence of theft, fraud, or other financial misdeeds.
Operational audit: This is an examination of a company’s goals, processes, and operations with the aim of improving operations.
Two threads running through these different kinds of audits are safeguarding the public interest and helping businesses improve their operations. If you’re already acting with integrity, and with the intention of doing things the right way, you have nothing to fear from being audited.
What does it mean to be audited?
An audit doesn’t automatically mean you’re under suspicion of wrongdoing. It doesn’t mean you did something that triggered an audit. With any kind of audit, there’s an opportunity for you to learn more about rules or regulations that you may be subject to.
Why does a business need an audit?
Small companies usually need their first audit when their bank requires one as a condition for borrowing money. Suppliers or vendors may also require audited financials. Companies that are considering going public will need an audit if they want to attract investors. If you want to sell your business, getting an audit may help you get a higher valuation because the financials and accounting system will be seen as more reliable.
Publicly traded companies are subject to additional reporting and disclosure requirements from the U.S. Securities and Exchange Commission (SEC). They are required to have an annual audit, and they have to include their audited financials and the audit report in the annual report they file with the SEC. Since Sarbanes-Oxley was enacted in 2002, public companies are also required to have an annual audit of their internal controls.
Who can perform an audit?
Here in the U.S., by law, only Certified Public Accountants (CPAs) can perform an audit. They must be independent of the organization, which means they can’t have any financial, employment, or ownership interest in that organization. Independent auditors can give clients advice on ways to improve their processes or business, but they can’t be the ones implementing that advice. That would mean they would be auditing their own work, a big no-no. Auditors are also required to adhere to generally accepted auditing standards, a separate set of standards created by the American Institute of Certified Public Accountants.
While auditors are hired and paid by the company they are auditing — which is itself a conflict of interest — they serve the public interest. If this is a public company, they serve the investors and help to ensure the integrity of our markets.
What are generally accepted accounting principles?
Besides making sure an organization has correctly recorded the cash transactions flowing in and out of a company’s books, auditors also verify that the company is adhering to the relevant accounting standards. In the U.S., that means following generally accepted accounting principles, or GAAP. Outside of the U.S., many countries follow International Financial Reporting Standards (IFRS). Since 2002, there has been a long-standing effort to bring convergence to GAAP and IFRS, but that hasn’t quite happened yet.
The goal of standardized accounting principles is to make it easier to compare financials between companies and across industries. It improves transparency in financial reporting. When everyone is working from the same set of rules, investors, and stakeholders have an easier time understanding a company’s financial statements and making decisions based on them.
These principles give guidance on the accounting treatment of various types of transactions and on how different elements of financial statements should be presented. For example, a recent FASB standard on revenue recognition, ASC 606, replaced a set of industry-specific rules with a standard set of rules that apply to all companies.
What is the process of an audit?
An audit begins when an organization signs an engagement letter from their audit firm. Engagement letters are like contracts: They spell out what each party has agreed to, and may also include fee arrangements.
The first stage of an audit begins with planning. The auditors research the company and make sure they understand any rules, regulations, or areas of particular risk that apply to the particular industry. They also perform various analytical procedures to identify areas with additional risk and obvious anomalies in the numbers. They also develop a timeline in concert with the client for getting the work done.
Risk assessment is a big part of the planning stage. Auditors want to avoid reaching the wrong conclusion about a company’s financial position, and they don’t want to miss a material misstatement. Risk assessment also helps the auditors determine the appropriate methodology for a particular audit.
The next stage is field work, which may last anywhere from one day to several months, depending on the complexity of the organization. The audit firm sends a team that will spend time onsite at the organization. While onsite, the audit team will verify that bank reconciliations have been performed and that they tie to the company’s general ledger. They may examine the documentation for a sample of transactions to ensure they have been recorded correctly and accurately. They obtain evidence from third parties, such as banks, vendors, legal counsel, and other parties that the company has financial relationships with to ensure that the company has correctly recorded its rights and obligations. They verify that account balances are correctly stated.
Loan documents, customer contracts, and accounting policy manuals may also be examined. Auditors will also review footnotes and disclosures to ensure that the information is correct and in compliance with accounting standards. They may perform analytical procedures to verify that the relationships between different items in the financials make sense. They will also check that calculations for accruals and other GAAP adjustments have been performed correctly.
While onsite, they will also talk to the company’s controller, CFO, and other accounting personnel and to other company employees to understand how the accounting is done and how the business operates. If the company has an audit committee, the auditors will also have frequent discussions with the members. All the while, the team will be listening, observing, and evaluating whether everything they see in the books reflects reality.
Even before the COVID-19 pandemic and ensuing lockdown, many audit firms had been using technology to perform some or all of their audit procedures remotely. Audit firms are even using technology that employs artificial intelligence to identify transactions that need closer scrutiny.
After field work is complete, the team will return to the office for the wrap-up stage. The workpapers will be given a final detailed review. Any lingering queries or outstanding issues that couldn’t be completed during fieldwork will be addressed. The auditors will perform overall analysis and assessment to determine the appropriate opinion.
The last stage of an audit is delivery of a set of audited financial statements which includes an auditor’s report. The key element of the report is the auditor’s opinion. Four types of audit opinions are possible:
- Unqualified opinion: This is also called a “clean report” and means that the auditors are satisfied with the company’s accounting and operations, and didn’t find any material problems.
- Qualified opinion: This type of report indicated that the auditors found problems in some type of transaction or area, and aren’t confident that the accounting is correct for that specific area. The problematic area and the issues are identified in the report.
- Disclaimer of opinion: In this situation, the auditors were unable to obtain enough evidence to determine whether the financials are presented fairly or not. This may happen if management isn’t cooperative in providing access to the information the auditors request, or because explanations auditors received from management didn’t make sense.
- Adverse opinion: this kind of opinion means the auditors saw evidence of material misstatements or fraud or possibly both. This kind of opinion is a big red flag to investors and stakeholders.
The auditors will also generally schedule an exit conference with management and the audit committee, if a company has one. At this meeting, they will discuss the report and any findings or problems that they found. This is also an opportunity for management to gather insights from the audit team about ways they can improve their business.
Tech makes audits flow smoother
A generation ago, audits were done with paper and pencil. While some auditors today are still reproducing in electronic format what they used to do with paper, there are a growing number of forward-thinking audit firms that leverage technology to make audits more efficient and insightful.
And if you were paying attention to what I said about auditors asking for documentation, just think how much easier an audit would be if they had an easy way to access that, and so they wouldn’t be constantly bugging your accounting team to dig up invoices and contracts.
With FloQast Close, you’re always audit-ready. All your reconciliations tie out, and all your workpapers are complete and right there. By granting your auditors restricted access to FloQast, they can find everything they need, saving precious time and aggravation. That means a more productive and higher quality audit, lower audit fees, and a better relationship with your auditor. And all of that makes an audit less like a root canal and more like a business tune-up.