Audit & Assurance
An audit is a systematic review and assessment of information or documents.
There are a few different types of audit but, in the specific context of professional services, an audit is usually financial. It is intended to provide reasonable assurance, but not absolute assurance, that the financial statements give a true and fair view in accordance with the financial reporting framework.
Not all companies are required by law to have audits. Many companies who do not require audits by law opt to have their financial information assured independently, usually by accountancy firms.
Assurance is a professional service with the aim of improving the quality and transparency of information, to reduce the chance of problems occurring from incorrect information. An audit is a type of assurance service.
Assurance services can be regulatory or compliance-based. They work to ensure that a company or organisation is following guidelines, rules and policy, and provide both internal and external confidence for financial statements.
Who Is Obliged to Have an Audit?
HMRC states that a company must have an audit if at any time during the financial year it has been:
- A public company (unless dormant)
- A subsidiary company (unless it qualifies for an exception)
- An authorised insurance company or carrying out insurance market activity
- Involved in banking or issuing e-money
- A Markets in Financial Instruments Directive (MiFID) investment firm, or an Undertakings for Collective Investment in Transferable Securities (UCITS) management company
- A corporate body with its traded on a regulated market in a European state
Exemptions apply – for financial years that begin on or after 1 January 2016 – if the company meets at least two of the following criteria:
- An annual turnover of no more than £10.2 million
- Assets worth no more than £5.1 million
- 50 or fewer employees on average
Other criteria will apply to previous financial years.
What Types of Audit Are Available?
In addition to financial audits, there are also operational audits and compliance audits.
- Financial Audit – The most commonly conducted type of audit, a financial audit is an official retrospective inspection of an organisation’s financial accounts, typically by an independent body. It will offer an opinion on whether the accounts have been properly prepared and whether they show a true and fair view of the company or organisation’s financial position.
- Compliance Audit – A compliance audit is to ensure that the business or organisation is acting in compliance with regulatory or internal standards, and is commonly carried out in regulated industries.
- Operational Audit – This is a detailed analysis of procedure, planning, processes, goals and results of the operations of a business, with recommendations for improvement.
All audits can either be internal or external:
Internal Audit – A company often wishes to maintain a high standard of control inside the organisation and wants to reduce the amount of work done by external auditors.
An internal audit is often an operational audit. An internal audit could also be a financial or compliance audit carried out in preparation for an external audit.
External Audit – An external audit is when an independent firm comes into a business and performs audit work on behalf of the company or its shareholders. Firms such as PricewaterhouseCoopers (PwC), Deloitte, KPMG and Ernst & Young (EY) are examples of external auditors.
External auditors usually carry out financial audits or compliance audits.
How Is an Audit Conducted?
An audit is usually carried out by a registered auditor and must comply with certain standards.
In preparation for a financial audit, the company or organisation’s financial report is prepared in accordance with the appropriate legal and financial requirements. The report is then approved internally.
The auditors will need an overview and understanding of the company and the company’s activities and to consider outside factors which may have affected any business during the reporting period.
The auditors will identify, consider and assess any risks relating to the financial performance or position, and any internal controls the organisation has deemed appropriate to mitigate those risks.
The auditor will then consider what has been done to ensure the financial report is accurate and examine supporting evidence based on the risks and controls identified.
Each individual line in a set of published accounts needs to be tested. Auditors do not test every transaction that led to that figure. Rather they perform two kinds of testing:
Substantive Testing. Here an auditor will select a sample of transactions that go to produce a certain figure. For example, if an auditor is testing the sales figure, they might select a number of sales and ask to see evidence of these sales. This might be copies of cheques, purchase orders or correspondence/contracts with customers. Auditors will test enough of these until they feel comfortable that the sales figure is correct.
Control Testing. A process in a company which is designed to reduce the risk of error or fraud. A good example is the requirement for two signatories on payments, one person fills in the cheque and the second person signs it.
In companies where good controls exist, auditors can test the control rather than a sample of transactions. If they are satisfied that the control works effectively they will be comfortable with the final figure. For example, if customers purchase through a website then the sales figure may be generated by a computer and the auditors may be comfortable with this.
At the end of the audit, an audit opinion is produced in a standard report included with the financial statements. The auditor will also communicate any internal weaknesses to the company or organisation’s management.
Common Misunderstandings About Auditors
Auditors do not:
- Actively search for fraud, although they do keep a lookout for it.
- Check every transaction; just the ones that are 'material'.
- Work for the client company. Auditors work on behalf of the company's shareholders. Shareholders decide who will be the auditor of the company.
- Be omnipresent. The auditors are considering only specific information from a specific timeframe. The auditors are not present at the organisation at all times.
- Predict the future. The auditors are not able to provide assurance that the organisation will continue to be successful in business, as they are looking at information from a specific timeframe. They are unable to judge what may happen in the future.
Criticism and Reform
Following recent notable corporate scandals including the collapse of Patisserie Valerie in 2019, Carillion in 2018, Lehman Brothers in 2008 and Enron in 2001, the role of auditors has been widely criticised, especially in relation to their failure to uncover financial issues and fraud.
- The Financial Reporting Council (FRC) looked into KPMG's audits of Carillion from 2014 to 2017.
- Ernst and Young, the auditors of Lehman Brothers from 2001 to 2008, faced close scrutiny.
- The auditing part of Arthur Andersen, auditors to Enron, split and went out of business in 2002 after being convicted of criminal charges.
The auditing system as a whole has been criticised as too cosy, with auditors facing accusations of charging inflated costs without drawing attention to systemic failings.
Following the collapse of Enron, the auditing profession in the UK and USA lobbied for legal reforms to limit their liability. In the UK, law firms and accountancy firms were able to form limited liability partnerships from July 2000.
The conclusion reached by the Commons’ business committee is that the only way to solve the issues faced by the audit industry, which include conflicts of interest, weak audit quality and regulatory capture, is to break up the four largest firms.
Other suggestions for reform include:
- The split of auditing and advisory arms into legally separate businesses with distinct management, accounts and remuneration plans.
- Requiring the appointment of two sets of auditors.
- Replacing the current Financial Reporting Council with a more powerful and independent watchdog.