Business Audits – a Guide for Your Business
- 11 Jan 2021
- 8 minutes read
An audit is a popularly known term in every size of business. There are many types of audit, for example, internal, external, operational, public, environmental. This guide will help you understand what various kinds of audits, does your organisation require one and, how to prepare for it.
What is an Audit?
In general terms, auditing is an on-site verification activity, such as inspection or examination, of a process or quality system, to ensure compliance with the requirements.
An audit can apply to an entire organization or might be specific to a function, process, or production step. Some audits have particular administrative purposes, such as auditing documents, risk, or performance, or following up on completed corrective actions while others are more general in nature.
Type of Business Audits
There are nine common types of business audits.
1. Internal audit
What is an internal audit?
In simple words, the internal audit function is responsible for monitoring the effectiveness and efficiency of the internal controls and related processes that have been established by the management.
Who does internal Auditor report to?
As the name suggests, internal auditors are employees of the business. Head of internal audit (also known as Chief Internal Auditor- CIA) usually reports to the audit committee. For administrative purposes, the CIA reports to the CEO of an organisation.
Frequency of internal audit?
An internal audit can be conducted on a daily, weekly, monthly or annual basis depending upon the circumstances and schedule fits a business’ needs best.
Conducting regular internal auditing can identify gaps in compliance with organisational policies and procedures.
Why have an internal audit function?
The genuine question is, why have an internal audit function in the first place? It is because the overall responsibility of managing an effective internal control system lies with the management.
For this, management often needs a system to assess the effectiveness and operational performance of such internal controls.
What are the internal controls?
In simple words, Internal Control is a system designed, introduced and maintained by the company’s management, to achieve the business objective, while complying with the policies and laws, safeguarding the assets, maintaining efficiency and effectiveness in regular operations and reliability of financial statements.
There are three primary types of internal controls, preventive, detective, and corrective.
Benefits of an effective internal audit function
- The pursuit of business objectives
To attain and pursue your business's various corporate objectives, having an effective audit system is essential.
There are various forms of internal control a business processes needs, such as to facilitate supervision and monitoring, measure ongoing performance, maintain adequate business records, detect and prevent irregular transactions, and promote operational productivity.
- Protect assets and reduce fraud possibility
An internal audit by default is a preventive control. It serves as an essential tool for your business in fraud prevention.
Systematic analysis and maintaining rigorous systems of internal controls can prevent and detect numerous forms of frauds and other irregularities.
- Ensure compliance with laws and regulations
Businesses in specific industries are regulated by multiple regulators and simultaneously must comply with many regulations—for example; banks require compliance with the the Financial Conduct Authority (FCA), Bank of England and European Central Bank (ECB) laws and regulations.
An effective internal audit function will ensure businesses’ compliance with the applicable laws and regulations.
Types of internal audit
Internal audit can be done at an organisational, departmental or functional level.
A departmental and functional audit can have as many types as there are departments or functions. However, the following are the popular ones.
- Information system audit
Information system audit contains the assessment of controls related to IT infrastructure within an organisation.
This audit performed as part of the internal control assessment during an internal or external audit.
Information system audit comprises of information system aspects like design and internal control of the IT system, privacy – information security, standards of system development.
- Environmental & social audits
Environmental & social audit is an evaluation of how well organisations or companies are performing to contribute to safeguarding the environment and society.
Due to the higher number of companies providing environmental and sustainability reports in their annual reports, the need for environmental auditing is increasing.
- Operational audit
The operational audit assesses the overall reliability and effectiveness of internal controls.
2. External audit
What is an external audit?
External audit is an examination of the financial statements of an organisation to express an audit opinion whether financial statements present a true and fair view of the state of affairs of a business. It is also known as a statutory audit. It is the most popular type of audit.
Who appoints the external auditors?
Usually, statutory auditors are appointed by the shareholders in the company’s Annual General Meeting.
What happens after an external audit?
After an external audit, auditors issue a report addressed to the shareholders, known as Auditor’s report.
In such a report, auditors express an audit opinion about whether the company’s financial statements are free from material misstatements. Routinely, in a separate report, auditors also highlight the control weaknesses and other issues of less significance to the audit committee.
Are external auditors responsible for detecting and preventing fraud?
No, External auditors are not responsible for preventing or detecting fraud.
Frequency of external audit?
Usually, such an audit is conducted once a year to comply with the statutory requirements.
Who performs an external audit?
Independent auditors or an auditing firm performs the audit.
Does your company need an external audit?
For a financial year, a company's annual accounts must be audited unless the company is exempt from audit,
- By meeting the specific financial threshold
- As a subsidiary company with EEA parent who guarantees the subsidiary and makes this guarantee and their own consolidated financial statements available on the public record of UK
- As a nonprofit making company subject to a public sector audit.
A company must qualify as small or have qualified as small in the previous year for audit exemption.
The financial criteria for assessing if a company is small are that two of the following conditions must be met:
- Turnover of the group must be less than £10.2 million;
- Gross assets of the group must be less than £5.1 million;
- Employees of the group must be less than 50.
- If the company is part of a group, then the group as a whole must meet the above criteria.
- Additionally, the company must not be ineligible for any part of the year.
- The company must not be part of a group that does not qualify as it includes ineligible companies under the previous point.
Even if a company is exempt due to the above, an audit may be required if members with 10% of a class of shares request an audit.
3. Tax audit
Tax audit is a general investigation in order to verify that the information entered your business’ tax return is accurate and correct.
Tax audits can be triggered by unusual or unordinary deductions and forms of income listed on your tax return.
Tax audits can include VAT audit and corporation tax audit.
4. Forensic audit
Forensic audit contains investigation and auditing.
Forensic audits are made for several reasons including corruption, asset misappropriation, money laundering and financial statement fraud.
A forensic auditor is required to have special training in forensic audit and technicalities of accounting issues.
5. Public sector audit
State-owned companies and businesses are required to have their financial affairs examined by a public sector auditor.
Public sector audit contains a critical examination of the financial aspects of state-owned enterprises.
Public sector audits primarily focuses on the reliability of financial statements.
6. Compliance audit
A compliance audit is a specific audit other than a statutory audit conducted to comply with the laws and regulations.
- Verification of available reserves
- Audit of the statements of assets and liabilities
- Performance of cost audit of manufacturing companies
7. Value for money audit
Value for money audits includes the assessment of the efficiency and effectiveness of an organisation’s use of resources.
This audit is relevant to industries like public sectors and charities which don’t have profit as their primary objective.
This audit is a part of the internal or public sector audit.
How to prepare for your first audit?
Talk to your employees
One key factor in ensuring a successful audit is preparing your employees and setting the right tone.
The word “audit” can cause worry and concern if your employees don’t understand the context and reasons behind the audit.
When the auditors visit your offices, they will talk to employees at every level in your company, and it's essential to make sure they are comfortable.
Empower your employees to answer questions, or defer to you or others in your organisation when it's appropriate.
Assign roles and point people for the various audit areas.
Communicate this internally and also to the auditors, and they will know the right person to go to when questions arise.
Stress the importance of being open and honest with the auditors.
Establishing an environment that treats the auditors as partners will help ensure they are as effective as possible.
Draft your process and control documents
If you don’t already have detailed process and control documents, draft them ahead of the audit.
Auditors are required to document their understanding of your internal control environment, and no one knows your internal control environment better than you and your employees.
By documenting your processes and controls, you can ensure the auditors hit the ground running and understand all the strengths of your controls.
At a minimum, consider compiling the following process and control documents:
- Cash in-flows
- Cash out-flows
- Controls over financial reporting and month/year-end close
- Information technology general controls
Consider if you have any internal documents that you can leverage to turn into the process and control documents.
Check all the records
The auditors will be requesting a significant number of documents supporting transactions and business activities.
Making sure you have a complete set of records upfront will save you the headache of having to recreate them during the audit process.
- Ensure you have support for transactions (invoices, purchase orders, cash payments/receipts).
- Gather all contracts, lease agreements and organisational documents.
- Review your notes and records and make sure you've documented any unusual items or transactions, huge ones.
- Reconcile your books and check that your subsidiary ledgers agree to your general ledger.
- When you're providing schedules to the auditors, make sure they agree to the general ledger. You don't want the auditors spending their time (or your money) reconciling reports that you can reconcile more easily.
Prepare for a cost-effective audit
Several things can be done to ensure that an audit runs as efficiently as possible.
Firstly, make sure that all accounting staff is available during the time that the auditors are on-site with you.
Secondly, below is a summary of some of the primary documents to be prepared in advance of the audit. If the records are all readily available, disruption to your staff members during the audit will be minimised:
- All primary accounting records
- Diagram showing the structure & ownership of the company/ group of companies
- Year-end bank reconciliation & statements available for the entire period for all bank accounts
- Breakdown of all balance sheet amounts with invoices to evidence items such as fixed asset additions, prepayments & accruals
- Aged debtors’ and creditors’ listing
- Wages records and P11D returns
- Stock reports
- All hire purchase and leasing agreements
- VAT returns and workings
Copies of all meeting minutes held during the year and details of any changes in share ownership.
How long does it take to complete an audit?
The time to start and complete an audit is depended on the size of the company and the company's internal bookkeeping.
Usually from beginning to end audits are typically scheduled for three months – four weeks of planning, four weeks of fieldwork and four weeks of compiling the audit reports.
How Experlu help you in an audit?
An audit plays a crucial role in any size of business. Finding the right Auditor as per your business’s specific needs can be challenging.
But it’s easy with Experlu. Experlu has a vast network of auditors to help your business in any industry and any size.
You need to tell Experlu your specific needs, your budget, timeline. You can pick one Expert Auditor from the three auditors matched with your requirements. All this is free.
An audit process is overwhelming and confusing to the owners of any business, but it helps to provide risk management and safeguard against fraud and financial abuse.
A right professional can advise you on ways to organise audit operations and follow up with you and your management team to ensure that recommendations are being implemented correctly.
So, it is always advisable to find the right professional to help in perform your audits.
- Business Audits