DataSnipper Reaches $1B Valuation with $100M Funding

From planning to reporting: exploring the phases of the audit process.

audit assignment execution process

The audit process is a crucial component of any business. It provides assurance that financial statements are accurate and reliable, helping to build trust among stakeholders. In this article, we will take an in-depth look at the different phases of the audit process, from planning to reporting, and explore the key tasks involved in each phase.

Understanding the Audit Process

Before delving into the specific phases of the audit process , it's essential to understand the overall concept of auditing. Auditing is a systematic examination of an organization's financial statements and records, conducted by independent professionals known as auditors. This process involves assessing the fairness and accuracy of financial information, identifying any potential fraud or errors, and ensuring compliance with applicable laws and regulations.

Auditing serves as a critical function in business, providing credibility to financial information and enhancing the accountability of corporate entities. It involves a comprehensive review of financial records, internal controls, and management practices, with the aim of providing an opinion on the accuracy of financial reporting. The audit process follows a systematic approach and is governed by a set of generally accepted auditing standards (GAAS), ensuring consistency and reliability.

When conducting an audit, auditors perform several key procedures to gain a thorough understanding of the organization's financial health. These procedures include analyzing financial statements, testing internal controls, sampling transactions, and verifying the existence and valuation of assets and liabilities. By conducting these procedures, auditors are able to assess the organization's financial position and provide an independent opinion on the fairness of the financial statements.

Importance of Auditing in Business

Auditing plays a vital role in business by providing numerous benefits. Firstly, it enhances the confidence of external stakeholders, such as investors, creditors, and regulators, by providing an independent assessment of financial statements. This, in turn, facilitates investment decisions and promotes market efficiency.

Furthermore, audits help in identifying areas of improvement, enabling organizations to address weaknesses in their financial reporting processes and internal controls. By highlighting areas for improvement, audits contribute to the overall efficiency and effectiveness of an organization's operations.

Audits also serve as a deterrent to fraud and misconduct. The presence of auditors reviewing financial records and internal controls acts as a strong deterrent to fraudulent activities, promoting ethical behavior and protecting the interests of shareholders.

In addition to these benefits, audits also provide valuable feedback to management. Through the audit process, management receives insights into the organization's financial health, internal controls, and compliance with laws and regulations. This feedback helps management make informed decisions and improve the overall governance and risk management of the organization.

The Initial Phase: Audit Planning

The audit process begins with detailed planning. During this phase, auditors gather relevant information, set objectives, and develop an audit strategy to guide their work. It involves a careful assessment of the organization's operations, risks, and controls, ensuring that the audit is conducted efficiently and effectively.

Identifying the Scope of Audit

One of the key tasks in audit planning is to determine the scope of the audit. This involves identifying the specific areas to be audited, such as financial statements, internal controls, or compliance with laws and regulations. The scope is typically based on the auditor's understanding of the organization, its industry, and specific risks and issues that need to be addressed.

Risk Assessment in Audit Planning

Risk assessment is a critical component of audit planning. It involves identifying and evaluating the risks that may impact the organization's financial statements. Auditors use various techniques, such as interviews, inquiries, and analytical procedures, to gain an understanding of the entity's risk profile. This information helps them to plan the audit procedures and allocate resources effectively.

Developing an Audit Strategy

Based on the scope and risk assessment, auditors develop an audit strategy tailored to the organization's specific needs. The strategy outlines the approach to be taken, the audit procedures to be performed, and the resources required. It serves as a roadmap for the audit, ensuring that the work is conducted in a systematic and efficient manner.

The Execution Phase: Conducting the Audit

Once the planning phase is complete, auditors move on to the execution phase, where they gather evidence, test internal controls, and perform substantive procedures to validate the accuracy of the financial statements.

  • Check out DataSnipper's Financial Statement Suite for next-gen "tick and tie".

Gathering and Analyzing EvidenceN

The gathering and analysis of evidence are crucial steps in the audit process. Auditors use various techniques, such as examination of documents, observation, and confirmation with third parties, to obtain the necessary evidence to support their conclusions. The evidence is then analyzed to determine whether the financial statements are free from material misstatements.

Testing Internal Controls

A significant aspect of the audit process is testing the effectiveness of internal controls. Internal controls are the policies and procedures established by management to ensure the reliability of financial reporting. Auditors evaluate the design and implementation of these controls to determine their effectiveness in preventing or detecting errors or fraud. This analysis helps auditors assess the level of risk associated with the financial statements and guides the selection of appropriate audit procedures.

  • Use DataSnipper to assist in documenting Test of Controls related to the purchases cycle by creating cross references between evidence and your testing workbook.

Audit Sampling Techniques

Due to the volume of transactions and the limited resources available, auditors often use sampling techniques to gather evidence. Sampling involves selecting a representative portion of the population for examination. Various sampling methods, such as statistical sampling or judgmental sampling, can be employed depending on the circumstances. Auditors carefully design their sampling plans to ensure that they obtain reliable and meaningful results.

The Final Phase: Audit Reporting

The last phase of the audit process involves finalizing the audit report and communicating the findings to the organization's management and stakeholders.

Preparing the Audit Report

The audit report is perhaps the most critical deliverable of the audit process. It provides an independent opinion on the fairness and accuracy of the financial statements. The report typically includes an introductory paragraph, a description of the scope and objectives of the audit, a summary of findings, and the auditor's opinion. The format and content of the report are governed by auditing standards and must adhere to certain reporting requirements.

Communicating Audit Findings

Once the audit report is finalized, auditors communicate their findings to the organization's management and relevant stakeholders. The communication may include a discussion of significant issues identified, recommendations for improvement, and any other matters of importance. This step ensures that the impact of the audit is fully understood and that appropriate actions are taken to address any identified deficiencies.

Follow-up and Actions Post-Audit

After the audit is completed, organizations typically take steps to address any deficiencies or issues identified during the audit process. These steps may include implementing new controls, modifying existing processes, or improving reporting practices. The follow-up actions help strengthen the organization's financial reporting and internal control mechanisms, ensuring continuous improvement and accountability.

In conclusion, the audit process is a comprehensive and systematic examination of an organization's financial statements and records. From the initial planning phase to the final reporting phase, auditors follow a structured approach to ensure the accuracy, reliability, and compliance of financial information. Understanding the different phases of the audit process helps organizations and stakeholders appreciate the importance of auditing in building trust, enhancing transparency, and promoting sound business practices.

What are the 4 phases of the audit process?

Planning, execution, reporting, and follow-up. Auditors plan the scope and objectives, collect evidence during execution, summarize findings in a report, and monitor implementation of recommendations in the follow-up phase.

Intelligent Automation Platform

Discover how DataSnipper can dramatically improve your team's audit process

Become a DataSnipper Expert

audit assignment execution process

Step-by-Step Internal Audit Checklist

Vice Vicente

Vice Vicente

March 21, 2023

Step-by-Step Internal Audit Checklist

What can internal auditors do to prepare a more comprehensive scope for their internal audit projects? And where can internal auditors find the subject matter expertise needed to create an audit program “from scratch”? AuditBoard’s “ Planning an Audit: A How-To Guide ” details how to build an effective internal audit plan from the ground up through best practices, resources, and insights rather than relying on templated audit programs.

One of the guide’s highlights is a comprehensive checklist of audit steps and considerations to keep in mind as you plan any audit project. Use the checklist below to start planning an audit, and download our full “ Planning an Audit: A How-To Guide ” for tips to help you create a flexible, risk-based audit program.

What is an Internal Audit?

An internal audit is a fundamentally independent function that evaluates an organization’s operations, internal controls, and risk management processes to improve the organization’s effectiveness and efficiency. Internal auditors will conduct interviews, inspect evidence, test controls, and read policies to understand the environment and validate that controls and processes are working — and working well.

The Difference Between Internal and External Audits

The essential difference between internal audits and compliance audits , sometimes called external audits, is who performs the audit. Internal audits, as the name indicates, are performed by internal auditors who are employed by the business. Compliance audits are conducted by independent, third-party, or external auditors, often certified in the audit that is being performed.

The Benefits of an Effective Internal Audit

Internal audits provide many benefits to an organization, giving management and leadership another lens to look at the organization. A Quality Management System (QMS) is a structured framework of policies, processes, and procedures used to plan and implement an organization’s key business areas. The internal audit’s role in the context of a Quality Management System focuses on evaluating the effectiveness of the organization’s QMS, ensuring adherence with requirement standards like ISO 9001, and identifying areas for improvement to enhance overall quality and efficiency.

While external regulatory compliance audits are essential, they often have a specific scope and aim— PCI DSS , for example, zooms in on credit cardholder data. Internal audits have the benefit of a looser scope, allowing an organization to focus on priority areas or areas that may not be examined in a formal compliance audit.

Internal audits give advantages to organizations pursuing external audits and preparing stakeholders and process owners for future audits. Findings from internal audits can be addressed quickly; observations can give management greater insight into the business, people, technology, and processes. Impetus from internal audit reports can encourage optimization, saving the organization in costs and ultimately improving customer satisfaction.

So, how can an organization plan for a successful internal audit ? Read on for our checklist!

Internal Audit Checklist

The steps to preparing for an internal audit are 1) initial audit planning, 2) involve risk and process subject matter experts, 3) frameworks for internal audit processes, 4) initial document request list, 5) preparing for a planning meeting with business stakeholders, 6) preparing the audit program, and 7) audit program and planning review.

1. Initial Audit Planning

All internal audit projects should begin with the team clearly understanding why a given project is part of the internal audit program. The following questions should be answered and approved before fieldwork begins:

  • Why was the audit project approved to be on the internal audit plan?
  • How does the process support the organization in achieving its goals and objectives?
  • What enterprise risk(s) does the audit address?
  • What is the overall audit schedule, and how does this project fit into the plan?
  • Was this process audited in the past, and if so, what were the results of the previous audit(s)?
  • Were audit findings or nonconformities investigated and remediated according to the action plan?
  • Have significant changes occurred in the process recently or since the previous audit?
  • What is the project’s scope, and what specific requirements need to be met for a successful outcome?

Additionally, participants in the project should review the audit report and audit results to refresh their understanding of the environment, scope, and project parameters. The team may also want to review any standards, frameworks, and regulatory requirements relevant to the project or program. Reporting on internal audit objectives should be delivered to top management periodically — quarterly or biannually is common depending on the size and complexity of the business.

2024 Focus on the Future Report

2. Involve Risk and Process Subject Matter Experts

Performing an audit based on internal company information is helpful for assessing the operating effectiveness of the process’s controls. However, for internal audits to keep pace with the business’s changing landscape, and to ensure key processes and controls are also designed correctly, seeking out external expertise is increasingly becoming a best practice, even when a formal external audit is not required.

Organizations can employ Subject Matter Experts (SMEs) from the Big 4 (Deloitte, EY, PwC, and KPMG) and other consulting providers to supplement risk management and internal audit programs. These consultants can provide additional guidance, insight, and clarity on specific regulatory requirements, information security, and business processes. When contracting with consultants, be sure to disclose any other consulting relationships you may have with that firm or company, as there may be independence considerations that the consulting firm has to take into account.

In terms of fostering talent, skills, and development, internal audit professionals should stay abreast of current trends, topics, and themes in their industry. The following resources can help audit professionals understand the present landscape and augment their knowledge:

  • Recent articles from , , or other leading business periodicals
  • Newsletters and updates from the AICPA , ISACA , ISO , NIST , and other similar organizations
  • Relevant blog posts from Deloitte Insights ,  EY Insights , The Protiviti View , RSM’s Blog , or The IIA’s blogs

Image: The Institute of Internal Audit (IIA) Competency Framework for Internal Audit Professionals

audit assignment execution process

Source: The IIA Competency Framework for Internal Audit Professionals

These resources can be leveraged to identify relevant risks, inform internal audit procedures,  and encourage continuous improvement in your internal audit program. Having the right people and talent in place to perform the necessary audit activities is critical to your program’s success, and pulling in additional resources during an audit can be challenging. By lining up your SMEs ahead of time, you can smooth out your audit workflow and reduce friction.

3. Frameworks for Internal Audit: The International Professional Practices Framework (IPPF)

Collating guidance from the Institute of Internal Auditors (IIA), the International Professional Practices Framework (IPPF) contains both mandatory and best practice recommendations. The IPPF aims to support the overall mission, “To enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.” The core elements of the IPPF are the: Core Principles for the Professional Practice of Internal Auditing , Definition of Internal Auditing , Code of Ethics, and International Standards for the Professional Practice of Internal Auditing .

In addition to the IIA, organizations like ISACA  can also provide guidance around internal audit processes.

4. Frameworks for Internal Audit Processes: COSO ICIF

Although a risk-based approach to internal auditing can and should result in a bespoke internal audit program for each organization, taking advantage of existing frameworks like the Committee of Sponsoring Organizations of the Treadway Commission’s ( COSO ) 2013 Internal Control — Integrated Framework to inform your program can be a win for your internal audit team and avoid reinventing the wheel. Before applying a specific framework, the internal audit team and leadership should evaluate itssuitability as they map to the business.

While used extensively for Sarbanes-Oxley (SOX) statutory compliance purposes, internal auditors can also leverage COSO’s 2013 Internal Control — Integrated Framework (ICIF) to create a more comprehensive audit program.  COSO’s ICIF focuses on fraud, internal controls, and financial reportin g , while covering subjects like the overall Control Environment of the organization, Information, and Communication, and Risk Management. Since COSO’s ICIF was designed to address SOX, which is a U.S. statute, publicly traded companies based in the US may benefit the most from employing this framework as part of their internal audit program.

  • Review COSO’s 2013 Internal Control components, principles, and points of focus here .

5. Initial Document Request List

The Document Request List or Evidence Request List, often abbreviated to “Request List” or “RL” is one of the central documents of any audit. The Request List is an evolving list of requests which may cover everything from interview scheduling, evidence requests, policy and procedures, reports, supporting documentation, diagrams, and more with the purpose of providing auditors with the information and documents they need to complete the audit program for the designated projects or processes.

Requesting and obtaining documentation on how processes work is an obvious next step in preparing for an audit. These requests should be delivered to stakeholders as soon as possible in the audit planning process to give stakeholders (with day jobs!) time to provide the right evidence. As requests come in, the internal audit team should review documented information for any follow-ups, and periodically update the request list as items get closed out. The following requests should be made to gain an understanding of processes, relevant applications, and key reports:

  • All policies, procedure documents, workflow diagrams, and organization charts
  • Key reports used to manage the effectiveness, efficiency, and process success
  • Access to critical applications used in the process; read-only if possible
  • Description and listing of master data for the processes being audited, including all data fields and attributes

From the listings received of master data, auditors can then make detailed sampling selections to test that processes and controls are being performed effectively, as designed, every time.

6. Preparing for a Planning Meeting With Business Stakeholders

Before meeting with business stakeholders, the internal audit committee should hold a meeting to confirm a high-level understanding of the objectives of the audit plan and program(s), key processes and departments, and the fundamental roadmap for the audit.

Then, after aligning some ducks internally, the audit team should also schedule and conduct a planning meeting with business stakeholders for the scoped processes. This keeps everyone on the same page, and gives business personnel the time and opportunity to coordinate audit efforts with their business units. The following steps should be performed to prepare for a planning meeting with business stakeholders:

  • Outline key process steps by narrative, flowchart, or both, highlighting information inflows, outflows, and internal control components.
  • Validate draft narratives and flowcharts with subject matter experts and stakeholders (if possible).
  • Develop an agenda or questionnaire for all meetings internally or with business stakeholders.

Preparing the questionnaire after the initial research sets a positive tone for the audit , demonstrating that the internal audit is informed and prepared. Planning, preparedness, and cooperation are critical to achieving audit objectives and gaining deeper insights.

7. Preparing the Audit Program

Once the internal audit team has completed initial planning, consulted with SMEs, and researched the applicable frameworks, they will be  prepared to create an audit program . Audit teams can leverage past audit programs to better design present and future procedures. An audit program should detail the following information:

Summary and Purpose of the Audit Program

Since internal audit reports are usually designed for the consumption of leadership and management, providing an executive summary of the audit program and outcomes gives the audience a snapshot of the audit and results.

Process Objectives and Owners

Documenting the process objectives and tying each process to owners when completing the audit program designates accountability.

Process Risks

Along with the process objectives and owners, the risks associated with the process should also be noted.

Controls Mitigating Process Risks

Once details about the process, including risks, are documented, the audit team should identify and map the mitigating controls to the risks they address. Compensating controls can also be noted here.

Control Attributes

Control attributes are the components and characteristics of the control activity that are critical to the effective execution of that control. Asking the following questions and documenting the results are a good starting point — though some controls may have unique or uncommon attributes as well.

  • Is the control preventive or detective? If the control is detective, are there corrective actions required as part of completing the control?
  • How frequently does the control occur (e.g. many times a day, daily, weekly, monthly, quarterly, annually, etc.)?
  • What type of risk does the control mitigate (fraud, operational, security, etc.)?
  • Is the control manually performed, performed by an application, or a combination?
  • How likely will the risk be realized (e.g. Highly Likely, Likely, Unlikely)?
  • How impactful would the risk be if it were realized (e.g. High Impact, Medium Impact, Low Impact)?
  • What evidence does the audit team need to complete audit testing procedures?

Testing Procedures and Methods for Controls to be Tested During the Audit

There are four ways to test controls as part of an audit. These methods must often be combined to fully and completely test a control. These four methods are as follows:

  • Inquiry, or asking how the control is performed
  • Observation, or viewing the control be performed, typically in real-time
  • Inspection, or reviewing documentation evidencing the control was performed
  • Re-performance, or independently performing the control to validate outcomes

A comprehensive audit program contains sensitive information about the business. Access to the full audit program(s) should be restricted to appropriate personnel and shared only when approved.

8. Audit Program and Planning Review

Audit programs, especially those for processes that have never been audited before, should have multiple levels of review and buy-in before being finalized and allowing fieldwork to begin. The following individuals should review and approve the initial audit program and internal audit planning procedures before the start of fieldwork:

  • Internal Audit Manager or Senior Manager
  • Chief Audit Executive
  • Subject Matter Expert(s)
  • Management’s Main Point of Contact for the Audit (i.e. Audit Customer)

Internal auditors who take a risk-based approach, create and document audit programs from scratch — and do not rely on template audit programs — will be more capable and equipped to perform audits over areas not routinely audited. When internal audit teams can spend more of their time and resources aligned to their organization’s key objectives,  internal auditor job satisfaction increases as they take on more interesting projects and have an effect on the organization. The Audit Committee and C-suite may become more engaged with internal audit ‘s work in strategic areas. Perhaps most importantly, recommendations made by internal audit will have a more dramatic impact to enable positive change in their organizations.

Complete the form to get your free copy of  Planning an Audit From Scratch: A How-To Guide .

Planning an Audit From Scratch: A How-To Guide

Vice Vicente started their career at EY and has spent the past 10 years in the IT compliance, risk management, and cybersecurity space. Vice has served, audited, or consulted for over 120 clients, implementing security and compliance programs and technologies, performing engagements around SOX 404, SOC 1, SOC 2, PCI DSS, and HIPAA, and guiding companies through security and compliance readiness. Connect with Vice on LinkedIn .

Related Articles

audit assignment execution process

Kezia Farnham Image

Audit planning: Why is it important and what are the best practices for success?

Team using audit planning strategies

Audit planning is the essential first step in the audit process, the foundation of a successful audit. Plan effectively, and your entire audit workflow will be made smoother and swifter. Get the process right, and your fieldwork, analytics, issue management and reporting will be more robust, comprehensive and accurate. Planning enables you to identify the key risks and controls your audit should cover, ensuring nothing is missed. The benefits cannot be underestimated. “Fail to plan and plan to fail” is a well-known maxim: but what should the audit planning process be? What does best practice look like? There are numerous factors to consider when planning an audit; here, we look at what they are, examine the benefits of the audit planning phase, and explore what audit planning software  should deliver to help.

What Is Audit Planning?

Internal audits and control are vital, but they can be costly and complex without the proper structure. Whether you are auditing for your internal control purposes or complying with external regulations like Sarbanes-Oxley , effective audit planning enables you to bring order to the process and focus on the right risks to drive strategic insight. Audit planning should be your first step when starting an audit. Done effectively, it will drive efficiency across your entire audit workflow; it should encompass the audit’s scope, nature, and timing. Planning your audit ensures that all areas of the process are covered and given appropriate attention. It can also help you identify any potential problems or obstacles with the auditing process, map out activity so that it is carried out in a timely way, and manage your audit workflow for maximum efficiency.

Why Is It Important?

Businesses today face numerous and evolving risks. Effective audit planning ensures that you measure the right risks — and as a result, derive the strategic insights you need to manage and mitigate the threats your business faces. In a world of ever-increasing governance, risk and compliance obligations, your audit process cannot be a tick-box exercise. It’s a real-world measurement of your ability to manage your business processes and policies and the controls you put in place to measure them. Your audit process needs to deliver value to your board and top executives; effective audit planning will allow you to achieve this.

Benefits of Audit Planning

Taking the necessary steps will:

  • Identify priority areas to ensure you focus where it matters.
  • Make audit workflows and processes more efficient.
  • Help you to identify — and engage at an early stage — key process owners, and your “first line of defense” reduces costs by minimizing duplicate work.
  • Identify where manual and repetitive internal controls work can be automated, increasing robustness and assurance.
  • Enable you to pinpoint and capture the metrics you need to measure and manage enterprise risk across your organization.
  • Drive optimum scheduling and project management.
  • Audit planning helps you approach the audit process. You may be transitioning from paper-based, spreadsheet-led auditing processes to a more integrated, risk-driven approach. You may already use technology solutions to support your audits.

Whatever your approach, planning minimizes wasted time and duplication and brings crucial focus to the audit process.

What Is Best Practice in Audit Planning?

So you’ve identified audit planning as the holy grail for a successful audit. What happens next? — you may be wondering how to do it, what the essential steps are and whether you can draw on a best practice example to help you.

5 Best Practice Steps

  • Assemble your team. Who needs to be involved in the audit planning phase? Ensure you include the right people — those with a comprehensive understanding of the audit and control process and the right skillsets and experience.
  • Assess the risks you face. What is the scope of your audit? Your planning needs to capture all the areas that need to be audited to ensure a comprehensive approach. What are your high-priority risks, either because they’re particularly material or more frequently occurring? Review previous years’ audits and identify any new risks that have arisen since the last one.
  • Decide on your audit approach. This will be determined by how you manage audits (using software or manual processes, or a combination of both), how you categorize the risks identified in step 2, and the resources at your disposal.
  • Brief your audit team — ensure they are clear on their roles, your process, timescales and next steps.
  • Create a risk-based audit plan for your entire audit universe, including an activity schedule, to ensure a smooth and comprehensive audit process.

Best Practice and Audit Planning Tools

Best practice audit planning will cover the steps above, giving you complete oversight of your risk landscape and the controls that your organization uses to manage its risks. Many businesses are turning to audit planning tools and audit management software to manage this planning process and the broader audit. Employing software can bring structure and rigor to the audit, including your audit planning process; good audit workflow software supports planning, scheduling and project management, and document management — capturing a library of past audits and templates that minimize rework and maximize consistency. The latest audit software can be used offline or via apps, enabling you to conduct planning and fieldwork on-site. Harness technology to send requests and reminders to members of the audit team, and speed reviews and sign-offs. From planning through to the entire audit, the innovation and technology characterized by Diligent’s audit solutions are making the modern audit process quicker, simpler and more reliable. You can keep up to date with all the latest innovations in audit planning, audit processes and audit technologies — as well as other governance, risk and compliance hot topics, in Diligent’s GRC Newsletter . You can sign up for the newsletter here .

Solutions Solutions

  • Board Management
  • Enterprise Risk Management
  • Audit Management
  • Market Intelligence

Resources Resources

  • Research & Reports

Company Company

Your data matters.

A black background with a plane flying in the sky.

  • Latest Posts

Alex Hartley

  • Choosing the Right Auditor for Innovate UK Grants - 15/01/2024
  • The Importance of Audits for Innovate UK grants - 11/01/2024
  • The Audit Requirements For Non-profit Organisations - 10/11/2023

The Audit Process from Start to Finish: A Step-By-Step Overview

A person using a calculator

Introduction: The Importance of Audits

The audit process is essential for ensuring financial integrity and compliance within an organisation. Whether it is an internal audit conducted by management or an external audit carried out by a qualified auditor , a comprehensive audit is the only way to properly investigate a company’s financial transactions and internal controls. This article provides a step-by-step guide to the audit process, covering everything from planning to execution and reporting.

Initial Planning: Laying the Groundwork for a Successful Audit

Objective and scope of the audit.

Before an auditor can begin the process, they must define the audit’s objectives and scope. This involves identifying what areas of the business will be covered, such as specific departments or financial statements. The audit plan is then drafted to outline the workflow and time frame for the audit. This plan serves as a checklist for the audit team throughout the process.

Internal Audit vs. External Audit

An internal audit generally focuses on evaluating the system of internal controls and processes. In contrast, an external audit aims to provide an independent overview of the company’s financial statements. Regardless of the type of audit, the planning process is critical for a thorough audit.

Stakeholder Involvement

Stakeholders, including senior management and key administrative staff, are usually consulted during the planning phase. Their input can provide valuable insights into areas of concern that the audit may focus on.

Audit Team Selection

Choosing an appropriate audit team is important for the audit process. The team should consist of auditors who possess the right qualifications , experience and have a keen eye for detail. 

Preparedness and Documentation

Before diving into the audit, the audit team needs to gather all necessary information and documents to understand the organisation’s business processes and system of internal controls. This could include financial documents like bank statements, ledgers, and organisational charts.

Fieldwork and Testing: The Heart of the Audit Process

Conducting fieldwork.

Once the audit plan has been drafted and stakeholders consulted, the next step in the audit process involves fieldwork. This is where auditors scrutinise financial transactions, assess internal controls, and collect evidence to meet the audit objectives. Fieldwork is a critical phase, as the data gathered here will directly influence the audit findings and the final audit report.

Audit Procedures and Testing

During fieldwork, various audit procedures evaluate the organisation’s internal controls and ensure adherence to accounting standards. Testing procedures might include sampling transactions to verify accuracy or examining policies and procedures to check for compliance. These methods are essential for a successful audit and help identify improvement areas.

Using an Audit Checklist

An audit checklist is a valuable tool to ensure that no crucial elements are overlooked. It outlines what areas are to be covered and what information is needed, streamlining the audit process. The checklist is part of the audit plan and is regularly updated to reflect the progress of the audit.

Best Practices and Compliance

Fieldwork isn’t just about finding faults or gaps; it is also an opportunity to identify best practices within the organisation. Auditors will look for adequate internal controls and procedures that can serve as benchmarks for other areas of the business.

Technology in Audit

Advanced software solutions are often used to facilitate the audit process. These tools can automate various audit procedures, making collecting and analysing data more manageable. They also help generate an audit checklist that can be customised to suit the unique needs of each audit.

The Jack Ross Team has been an absolute delight. Professional, nice and fast during the Audit procedure. Thank you Jack Ross Team.

Sofia Carlini

Very good service from the Jack Ross Team. They gave us good advice and completed a very efficient audit. They have a friendly and competent team. I would surely recommend them.

Katrien Vanassche

Brilliant service from the Jack Ross team in setting up several companies in very quick time, along with providing associated accountancy advice. Can recommend wholeheartedly as a leading accountancy practice with a can-do attitude.

Dan Gazzard

First class service for many years from a first class team. Highly recommended. Prompt, commercially aware, personable.

Daniel Connolly

Been using Jack Ross for a number of years. Good clear advice and nice people to do business with.

Marc Hourigan

Jack Ross is based in Manchester and provides tax planning and Xero accounts. They are a long-standing and well-regarded firm with an excellent reputation. They provide their clients with exceptional service and a wealth of advice. I have no hesitation in using their professional services.

aj shelton

Jack Ross has been my accountants since I set up my business in 2016. From the outset I was helped with advice, support and encouragement. I cannot commend them highly enough. Always on hand to answer any question and responsive to any changes in the economy which might concern their clients. I don’t have to worry about the financial side of my business as all of that is taken care of and dealt with by Umar and the brilliant team. If you are looking for a top class accountancy firm which maintains the personal touch they are for you!

Karen Openshaw

I would recommend this account, knowledgable and helpful

syra bano

I can confidently recommend Jack Ross Accountants. They are continually improving their service, greatly benefiting our company as well as me personally. The team at Jack Ross have helped suggest and set up innovative accounting software, adding training and support. This alone has been a massive step towards having more control and understanding of our company finances.


We have enjoyed a solid and constructive relationship with JackRoss and Can highly recommend them for accountancy services.

Cliff Lansley

We have been working with Jack Ross for over two years and the service has been fantastic. They have a great and knowledgable team who have taken good care of us and our accounts.

Harry Lansley

Meeting to review annual accounts and discuss future plans. Very productive as they definitely talk my language - on reflection probably the best such meeting in recent years. Many thanks Umar and Jamie

Moray Newberry

Jack Ross has serviced my Personal Tax requirements for the last 5 years. During some complicated challenges their advice was excellent and the customer service second to none and left me with no doubt all was in hand.

Paul Medcalfe

Following a recommendation, I have used Jack Ross for all my accounting needs (including payroll) since the inception of my business over 12 years ago. The relationship has been completely hassle free and I greatly value their service, which goes well beyond preparation of accounts. Their tax planning advice has been really helpful and I have always felt that they have ‘got my back’. Can’t recommend them enough.


We have finally found the Accountancy firm that we have been looking for! We switched over to Jack Ross towards the end of last year and from the very first contact to the recent submission of our end of year accounts the service provided has been fantastic and has easily exceeded our expectations. Thank you!

oliver kirk

Excellent service; very helpful people and work done much quicker than I expected.

Paul Clark

I have used Jack Ross as my accountants for a number of years. Their service is professional and accurate. They deal with queries promptly and I can always get hold of the person I need to speak to. Their digital product has made a big difference to the efficiency of my business. I would not hesitate to recommend them.


Jack Ross have been my family and business accountants and financial advisors for over 50 years. The delivery of services is second to none and i would recommend them to anyone. We have also built up great friendships over the years, above and beyond that of a normal business relationship which i value greatly.

Rob Cowan

We have been looked after by jack Ross for a number of years. They have given us fantastic tax advise and helped our company grow from strength to strength. A & f

Fee Munshi

Excellent advice and an understandable explanation of a very complex area of tax and corporate law which other (so called) advisors managed to totally confuse me. Thank you.

Jonathan Foxcroft

I have had a relationship with Jack Ross for several years and continue to be impressed by the proactive support and diligent advice received across the breadth of the firm. Excellent at signposting.

Holly Jones

Jack Ross have acted for our law company for over 5 years and have been professional, prompt, and knowledgable in all aspects of our dealing with them.

Felix Mulderrig

Evaluation and Reporting: Concluding the Audit Process

Audit findings and evaluation.

Upon completing the fieldwork and testing, the audit team evaluates their findings. This evaluation is critical for forming the audit opinions that will be included in the final audit report. The findings may reveal areas of concern or highlight effective internal controls, which could serve as best practices.

Drafting the Audit Report

Based on the audit findings, a draft audit report is prepared. This report detailing the results of the audit includes an executive summary, a breakdown of the audit procedures conducted, and the auditor’s opinions on the financial statements or internal controls. The draft is typically reviewed by senior management and the audit committee before being finalised.

Stakeholder Review

Before the audit report is finalised, stakeholders can respond to the audit findings. This step allows senior management and key administrative staff to address any areas of concern or clarify misunderstandings. Recommendations are discussed, and corrective action plans may be developed.

Final Audit Report

The final audit report is prepared once the draft has been reviewed and all parties have had the opportunity to respond. This report is a comprehensive document that summarises the audit findings and provides recommendations for improvement. The final report is then presented to the relevant stakeholders, including senior management and, in the case of an external audit, to external stakeholders.

Communication and Follow-Up

Effective communication is essential throughout the audit, especially during the reporting phase. Any corrective action plans that were developed are communicated to the appropriate parties for implementation. The audit may also suggest areas for improvement to be addressed in a subsequent audit.

Transparency and Accountability

The audit process aims to bring about transparency and accountability within an organisation. Whether internal or external, the final audit report is a vital tool for organisational improvement and stakeholder confidence.

Legal and Statutory Requirements

For external audits, the final report must meet legal and statutory requirements. It offers an independent opinion on the financial statements, which is crucial for investor confidence and regulatory compliance.

Post-Audit Activities and Key Takeaways: The Final Steps in the Audit Process

Implementing corrective actions.

Once the final audit report is distributed, the next step involves implementing any corrective actions recommended. These actions aim to address the areas of concern identified during the audit and improve the organisation’s processes and controls.

Monitoring and Follow-Up

Post-audit, there is often a follow-up to assess the effectiveness of the corrective actions. This could be part of a subsequent audit or a separate review process. Monitoring ensures that the organisation makes the necessary changes and measures the audit’s success.

Learning from Previous Audits

Audits are not just a one-off activity but a continual process of improvement. Organisations can learn much from previous audits, including audit planning and execution, to streamline future audits. By doing so, they can make their internal and external audits more effective over time.

Archiving Audit Documents

All documents and information gathered during the audit process should be archived for future reference. This includes the final audit report, the audit checklist, fieldwork data, and any correspondence related to the audit. Proper archiving is essential for legal reasons and future audits.

Informing Stakeholders and the Public

In the case of an external audit, the final report is often made public to fulfil transparency requirements. This serves to build stakeholder trust and meet regulatory obligations. The results are typically shared with senior management and other key administrative staff for internal audits to inform future business decisions.

At its core, a well-executed audit begins with thorough planning; a detailed audit plan is instrumental for its success. The process objectively assesses an organisation’s financial health and internal controls, offering avenues for continuous improvement. It ensures transparency and compliance with legal and regulatory frameworks, bolstering stakeholder confidence. Ultimately, a successful audit fortifies an organisation, positively impacting its reputation and long-term sustainability.

Eager to ensure your organisation’s financial integrity with our expert audit services? Complete the contact form below, and a Jack Ross Audit team member will get in touch to discuss your specific auditing requirements.

A smiling woman sitting at a table with a laptop.

Seeking comprehensive audit services you can rely on?

At Jack Ross Audit, we pride ourselves on delivering exceptional service through certified accountants ready to guide you. Schedule your free consultation today to explore how we can assist you in achieving financial stability and compliance. Simply fill out the form below, and we'll be in touch to discuss your specific needs.

Act now and ensure your business is audit-ready!

Yes. Financial audits should be conducted regularly to scrutinise the accuracy and reliability of financial statements effectively. This will help identify any potential areas of risk or fraud within a company.

Audits should be performed periodically or at least once per year, depending on the size and complexity of the company being examined. Organisations need to stay up to date with their audits so they can identify any potential issues within their organisation.

External auditing involves the independent examination of financial statements by accountants or other independent professionals authorised by law. The objective is to assure that these statements present fairly, in all material respects, the financial position and results of operations of the business entity at the end of each accounting period.

Client Testimonials

Explore the success stories of audit clients we’ve helped achieve great things..

audit assignment execution process

Are you seeking comprehensive audit services you can rely on?

Get a personal consultation.

Jack Ross Chartered Accountants, Barnfield House, The Approach, Manchester, M3 7BX

Monday-Friday 8:30 am - 5 pm

Latest News

The importance of regular audits for businesses.

Explore a step-by-step guide to the audit process, covering planning,...

Choosing the Right Auditor for Innovate UK Grants

The importance of audits for innovate uk grants, understanding innovate uk grants.

Two charity workers prepare donations

The Audit Requirements For Non-profit Organisations

Learn about the critical audit requirements for non-profit organisations to...

Businesspeople work through documentation

Enhancing Financial Transparency: The Role of Auditors

Explore the critical role of auditors in ensuring financial transparency...

  • Accounting Audit Process: A Step-by...

Accounting Audit Process: A Step-by-Step Guide


Table of Content

Key takeaways.

  • Learn about the importance of internal and external audits for accounting processes
  • Get a ready-to-use checklist for conducting an internal audit
  • Know how HighRadius helps accounting teams be audit-ready, always



Auditors – external or internal – are the referees of our financial system. They play an essential role in ensuring that an organization adheres to global accounting standards and prevents fraudulent activities. While the accounting process helps present the company’s financial position, audits help ensure the financial reports are accurate and compliant for the company’s clients, customers, shareholders, and other stakeholders.

What is an Accounting Audit & Why is it Important?

An accounting audit is an examination of the organization’s financial information which is conducted by an independent auditor with the aim to ensure that the information is represented fairly and accurately and in accordance with accounting standards.

Accounting audits play an important role in achieving transparency in business operations and increasing investors’ confidence in the business’ growth. 


Here are 10 major goals of an accounting audit:

  • To achieve transparency in business operations and drive accountability
  • To develop a practice of having an audit trail for each transaction
  • To have an independent and fair opinion on how the business works and delivers results
  • To ascertain the quality of financial statements
  • To deliver 360 feedback on the business process operations
  • To attract new and potential investors or stakeholders for the business
  • To ensure compliance with tax laws, regulations, and all applicable accounting standards like International Financial Reporting Standards (IFRS) and Generally Accepted Accounting Principles (GAAP)
  • To provide assurance to stakeholders that the financial statements are reliable
  • To identify areas for improvement in the company’s financial reporting and internal controls
  • To detect and prevent fraud and other financial irregularities

Different Types of Accounting Audit

Every organization goes through two kinds of accounting audits – internal audits and external audits.

Step-By-Step Accounting Audit Process

The external accounting audit process differs based on the size of the organization, the complexity of the audit, and any specific requirements or regulations applicable to the industry or jurisdiction. Here are 6 common steps that are followed globally for external audits:

Planning and Goal-Setting

After engaging an external auditor, the organization sits with them to discuss the level of engagement, process, and objectives of the auditing process. They also set a timeline for the audit so that the organization can prepare by conducting an internal audit.

Requesting for financial information

After the audit plan gets a go-ahead, the auditor draws up a list of financial documents that he needs to conduct the audit. The audit may ask for documents like previous audited reports, bank statements, ledgers, receipts, board meeting minutes, organizational charts, etc. These documents help the auditor gain an overview of the organization’s overall business operations.

Performing audit and on-site examination

Once the auditor receives all required documents, he starts executing the planned audit procedures, which may include examining financial records, conducting interviews, testing internal controls, and verifying transactions. The purpose is to gather evidence to support the auditor’s opinion on the financial statements.

He examines data samples in the transaction records for anomalies. This is a test of how well the organization’s internal controls are working.

Analyzing the findings and preparing an audit report

Based on his examination, the auditor drafts a report where he mentions instances of any proof of fraud, financial mismanagement, corrected reports, wrong processes or accounting policies, etc. he found during the audit. If he has any suggestions for improving the internal controls of the organization, he includes them in this report.

7 Step Accounting Audit Checklist

To perform an internal accounting audit, your team can follow these steps and ensure that your organization is ready for an external audit.

  • Clearly define the focus of the audit and establish the questions you want the audit to answer
  • Put together an audit team with the necessary skills and knowledge to conduct the audit effectively
  • Create a list of all the documents, processes, and other variables you’ll need to review
  • Collect information via research, employee interviews, and other methods
  • Evaluate the organization’s system of internal controls to assess the risk levels of different functional areas
  • Analyze the evidence collected during the audit procedures and evaluate its impact on the organization’s operations
  • Prepare an audit report that summarizes the findings and conclusions of the audit

How HighRadius Helps You Improve Accounting Audit & Compliance

HighRadius’ AI-powered accounting software helps accounting teams achieve day zero month-end close, up to 90% reconciliation accuracy, and real-time anomaly detection and resolution .

It also enables accountants to show their work by adding attachments that are tagged to the financial close, account reconciliation , and anomaly tasks they are working on.

Task logs create an audit trail that shows all the changes made to each task in chronological order along with details of the user account (accountant) from where the changes were made.

With HighRadius, your accounting team can be audit-ready , anytime and focus on high-priority tasks rather than spending time on preparing for audits.


1. What are the 4 common phases in an accounting audit process?

A typical external or internal audit has four stages – planning, fieldwork, reporting, and follow-up. The accounting audit process is designed to ensure that the financial statements are examined thoroughly and accurately, providing stakeholders with confidence in the reliability of the financial information.

2. What are the 4 C’s of auditing?

The four C’s of internal audit are Compliance, Cybersecurity, Competitiveness, and Culture. Although, it’s important to note that these sets of 4 C’s are not universally defined or standardized.

3. What are the three key areas of auditing?

Financial statements, internal controls, and compliance are three areas of auditing. It’s important to note that the areas of focus in an audit can vary depending on the nature of the audit, industry-specific requirements, and the organization’s objectives.

4. What are basic audit principles?

Confidentiality, integrity, objectivity, independence, and competence are the basic principles that auditors must follow when conducting examinations. These principles help ensure that the audit is conducted efficiently, effectively, and with integrity.

Related Resources

What Is Account Reconciliation and Why Is It Crucial?

Simplify Cash Reconciliation: The Future of Finance with HighRadius and Sage Integration

Simplify Cash Reconciliation: The Future of Finance with HighRadius and Sage Integration

Tackling eInvoicing and Payment Reconciliation Scenarios in Microsoft Business Central 365

Tackling eInvoicing and Payment Reconciliation Scenarios in Microsoft Business Central 365

Streamline your order-to-cash operations with highradius.

Automate invoicing, collections, deduction, and credit risk management with our AI-powered AR suite and experience enhanced cash flow and lower DSO & bad debt

Please fill in the details below


Get the hottest Accounts Receivable stories

Delivered straight to your inbox.

  • Order To Cash
  • Collections Management
  • Cash Application Management
  • Deductions Management
  • Credit Management
  • Electronic Invoicing
  • B2B Payments
  • Payment Gateway
  • Surcharge Management
  • Interchange Fee Optimizer
  • Payment Gateway For SAP
  • Record To Report
  • Financial Close Management
  • Account Reconciliation
  • Anomaly Management
  • Accounts Payable Automation
  • Treasury & Risk
  • Cash Management
  • Cash Forecasting
  • Treasury Payments
  • Learn & Transform
  • Whitepapers
  • Courses & Certifications
  • Why Choose Us
  • Data Sheets
  • Case Studies
  • Analyst Reports
  • Integration Capabilities
  • Partner Ecosystem
  • Speed to Value
  • Company Overview
  • Leadership Team
  • Upcoming Events
  • Schedule a Demo
  • Privacy Policy

HighRadius Corporation 2107 CityWest Blvd, Suite 1100, Houston, TX 77042

We have seen financial services costs decline by $2.5M while the volume, quality, and productivity increase.

Colleen Zdrojewski

Colleen Zdrojewski

Trusted By 800+ Global Businesses



Simple and Easy

Audit Process


Audit process usually starts from the appointment of auditors until the issuance of the audit report as shown in the audit process flowchart. As auditors, we usually need to follow many audit steps before we can issue the audit report .

However, those audit steps can be categorized into the main stages of audit, including the planning stage, audit evidence-gathering stage, and completion stage which is the final stage of audit where we can issue the report.

Audit Process Flowchart

Below is the audit process flowchart that shows an overview of auditing and the main stages of audit.

audit process flowchart

Summary of Audit Process

To make it easy we can make a summary which follows the audit process flowchart above as in the table below:

For the report of internal control weaknesses which shows in the audit process flowchart, we do not include in this summary of audit process. This is due to this type of report is not the audit report and it’s not the main objective of our audit.

Though, we will issue this report when we found that internal controls are ineffective to prevent or detect material misstatement, either during the risk assessment or after the test of controls. This way, it can add more value to the client as they can make more improvements in the internal control to prevent or detect the risk of error or fraud.

This type of report describes the client’s internal control deficiencies and provide recommendations for the client to implement.

Related posts:

  • Audit Risk Assessment
  • Substantive Audit Procedures
  • 3 Types of Audit Risk
  • Financial Statement Audit

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our  privacy policy  to learn more.


The importance of audit planning

  • Firm Practice Management
  • Strategic Planning
  • Audit & Assurance

What is the purpose of audit planning if the audit may not ultimately follow the carefully thought out plan? As may be inferred from Dwight D. Eisenhower's words—"Plans are worthless, but planning is everything"—the value of audit planning is not derived solely from the resulting audit plan. Often overlooked, the real benefit of audit planning is gained from the process itself. In painstakingly documenting endless client details, auditors achieve more than just compliance with professional standards—they also develop more efficient engagements and help reduce professional liability risk.

Consider the importance of planning in this claim scenario:

The senior on a CPA firm's largest audit engagement received a request from the client's CFO for a copy of "any communications the firm has sent relating to internal - control - related matters identified during the current - and prior - year audits and copies of internal control documentation completed by the firm." Operating under the assumption that the client was finally going to address its many pesky control deficiencies, the senior happily sent an email with the requested documents.

A short time later the firm received notification of a lawsuit from the client. The complaint asserted that the audit firm had failed to detect an embezzlement scheme perpetrated by the accounts payable clerk. It further indicated that the firm's failure to detect a breakdown in internal controls allowed for the payment of fictitious vendor invoices.

The firm's legal counsel hired an expert to review each year's engagement workpapers. One hopeful yet disturbing issue arose: The firm had informed the client of a significant deficiency in internal controls in its prior - year management letter. Had the deficiency been corrected, the embezzlement scheme likely would have been discovered. The disturbing point—the significant deficiency was not mentioned in current - year engagement planning documentation, neither in risk assessment nor in the design of planned audit procedures. It appeared as though the prior - year documentation had simply been copied to the current - year file with updated completion dates. No additional audit procedures addressed the issue, and the scheme continued for an additional six months beyond issuance of the current - year audit report.

As exemplified above, use of the "same as last year" (SALY) mentality can be a major pitfall in audit planning. SALY disregards the advantages of the planning thought process, focusing instead on getting the job done quickly. Many planning pitfalls, including relying too heavily on checklists or compartmentalizing each step of the audit, result from trying to save time in the present without consideration of the rest of the engagement. Conversely, an engagement that is effectively planned could eliminate over - or under - testing , lead to more relevant documentation, and help reduce the likelihood of audit failure or a potential professional liability claim, saving time in the long run.


Audit planning is not a simple process. It involves consideration of client industry and regulatory factors, client operations and administration, availability and assignment of firm resources, engagement timing, and much more. Fortunately, the hard work of proper planning may not only enable more efficient audit execution, but it also provides auditors with important risk management techniques. Complying with all applicable professional standards when delivering services helps reduce professional liability risk. Consider the professional liability lessons that can be gleaned from these particular sections of the AICPA Statements on Auditing Standards:

  • Timing ( AU - C §§ 300.02 and 300.A2): Planning can easily be misconstrued as a discrete phase of an audit, taking place only when scheduled. Instead, it should be viewed as a continuous process that begins upon completion of the prior audit and ends with completion of the current engagement. The information learned during planning should be applied throughout the engagement to achieve appropriate conclusions. In our scenario, planning for the current engagement should have started with the control deficiency identified in the prior audit and addressed the issue throughout the audit process.
  • Risk assessment ( AU - C §315): Gaining an understanding of the client and its environment presents an opportunity for the auditor to view the client's business and the engagement from a perspective other than the debits and credits underlying the financial statements. A holistic view of the various industry, regulatory, internal, and external factors may allow for linkages that might otherwise be lost in the minutiae of performing the engagement. Identifying areas of greatest risk early in an audit can allow for additional testing or analysis, reducing the likelihood of error that may result in a professional liability claim. As exemplified in the claim scenario, accounts affected by the internal control deficiency should have been deemed high - risk , and testing should have been tailored to address the concern.
  • Team composition ( AU - C §300.05): Assignment of the engagement team and scheduling of resources may seem like simple logistical issues. Nevertheless, the level of experience on the team, use of experts, and scheduling of who will review and when are all variables that can significantly alter the engagement approach and affect its success. Assigning complex or difficult areas of an audit to the appropriate level of expertise, depth of experience, or extent of review is an important step in reducing the likelihood of an error.

Further, the resources should not be limited solely to the engagement team. Colleagues, peers, professional associations, technical standards, prior - year audits, and other engagements can all provide valuable insight. Utilizing all resources available to the engagement team may develop a more informed audit approach. For example, in the scenario above, the current - year testing of accounts affected by the significant deficiency could have been assigned to a more experienced team member or subjected to additional review.


In addition to the professional liability risk management considerations that can be gleaned from the professional standards, two additional suggestions should be kept in mind.

  • Invest the time: Proper planning is an investment in time that is intended to pay dividends in later phases of the engagement. Identifying a potential issue or complex audit area at the start of the planning process could save time later in the audit. That additional effort, while it may seem difficult in the moment, could save time as deadlines approach. Errors are more likely to occur when timing is compressed, causing work to be rushed. If planning can alleviate even a portion of the demand for time during the busiest periods of the year, exponential gains in efficiency and reduction of professional liability risk can be realized.
  • Be flexible: Planning is a guide for work to be performed, not a step - by - step instruction manual. Flexibility creates a positive tone that can be established in planning and carried through to issuance. The audit plan and strategy developed at the start of the engagement should be updated and adjusted based upon information gathered throughout the engagement. Maintain a focus on achieving the correct end result, rather than simply finishing the audit. Flexibility also allows the audit plan to be quickly modified when unexpected risks arise, thus reducing professional liability exposure that would exist if adjustments were not made.

Daniel Gartland is a risk control consultant at CNA.

Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit .

This article provides information, rather than advice or opinion. It is accurate to the best of the author's knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.

Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.

Where to find May’s flipbook issue

audit assignment execution process

The Journal of Accountancy is now completely digital. 


Manage the talent, hand off the HR headaches

Recruiting. Onboarding. Payroll administration. Compliance. Benefits management. These are just a few of the HR functions accounting firms must provide to stay competitive in the talent game.


2023 tax software survey

CPAs assess how their return preparation products performed.


KnowledgeLeader Blog

The best way to formulate and execute audit procedures.

SLO Focus_jpg

Once a company forms an internal audit function, completes the risk assessment process and develops an internal audit plan that is responsive to the risk assessment , it can initiate individual internal audit assignments.

A framework for initiating and executing internal audit projects should include the following actions:

  • Confirm the audit assignment (e.g., timing, purpose, scope) with the area or process to be audited (in some cases, it may be appropriate to not announce the audit, but to perform the work on a surprise or unannounced basis).
  • Assess the risks of the specific area to be reviewed.
  • Develop a written work program.
  • Agree on scope, locations, sample sizes and period under review.
  • Develop a report format that will be effective.
  • Request and receive certain advance information from the area to be reviewed.
  • Access operating information, performance measures, etc., on the area to be reviewed.
  • Review any prior audits of this area by internal audit or other parties, such as regulators, external auditors and consultants.
  • Hold joint planning discussions with management and the process owners of the area to be reviewed.
  • Consider whether self-assessment activities would be helpful.
  • Gather outside information on best practices.
  • Identify the internal audit resources to be assigned to the audit and ensure that they have an appropriate level of experience and competency.
  • Determine if outside resources or guest auditors should be utilized, including information technology resources.
  • Consider formal entrance and closing conferences.
  • Execute actual internal audit work, including an evaluation of the process and control design as well as testing methods to determine control operating effectiveness such as inquiry, observation, examination and reperformance. Discuss and clear items noted and potential findings with management and process owners. For consulting engagements, perform agreed-upon work steps to meet the objectives of the assignment.
  • An executive summary of major issues and findings
  • Background, objectives and scope
  • Audit findings, including management’s action plan for addressing these findings
  • Other analysis and information, including appendices

The format of internal audit reports varies by company. What is most important is to create an approach that is effective at communicating key issues and achieving positive change and resolution to the issues reported. For example, some companies might find that single-page reports are effective. Others may find that management should respond separately and apart from the audit report itself.

In addition, the circulation of a draft report for discussion is often an appropriate and effective way to refine work and ensure the accuracy of all information in the report.

  • Develop an effective method for tracking and following up on the audit findings and agreed-upon actions by management. This may include recording all findings in a database, scheduling follow-up audits or conference calls, or requesting status from the auditee. It may even include having management of the audited area report to senior management and the audit committee. Internal audit should also determine the extent to which the resolution of audit findings should be validated independently.

There is no one-size-fits-all approach to the execution and completion of internal audit work. Internal audit leadership, management and the audit committee should work together to create an approach that is most effective for their respective organizations. The IIA can also provide guidance and a framework to follow.

You can read more on this topic in Protiviti’s Guide to Internal Audit and explore these tools on KnowledgeLeader:

Internal Audit Risk Assessment Questionnaire

Internal Audit Risk Assessment Audit Committee Report

Internal Audit Re-Engineering Questionnaire

Topics: Internal Audit , Risk Assessment , Self-Assessment

Add a Comment:

About KnowledgeLeader

KnowledgeLeader,  provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

Tour the Site

Recent Posts

Posts by topic.

  • Internal Audit (36)
  • Performance Management/Measurement (35)
  • Risk Assessment (31)
  • Accounting/Finance (19)
  • Enterprise Risk Management (18)
  • Audit Committee & Board (17)
  • Strategic Risk (16)
  • IT Audit (14)
  • IT Strategy (11)
  • Audit Planning (10)
  • IT Infrastructure (10)
  • Governance, Risk & Compliance (9)
  • IT Risk (9)
  • Cash & Treasury (8)
  • Digital Transformation (8)
  • IT Controls (8)
  • Business Continuity Management (7)
  • Financial Reporting (7)
  • Internal Controls (7)
  • Supply Chain (7)
  • Change Management (6)
  • Compliance (6)
  • Data Analytics (6)
  • IT Governance (6)
  • Laws & Regulations (6)
  • Self-Assessment (6)
  • Accounts Payable & Purchasing (5)
  • Human Resources (5)
  • Investments & Foreign Exchange (5)
  • Project Management (5)
  • Vendor Management (5)
  • Budgeting (4)
  • Entity-Level Control (4)
  • Inventory & Materials Management (4)
  • Audit Reporting (3)
  • Close the Books (3)
  • Cloud Computing (3)
  • Communications Industry (3)
  • Corporate Governance (3)
  • Cybersecurity (3)
  • Disaster Recovery (3)
  • Financial Services Industry (3)
  • IT Security (3)
  • Mergers and Acquisitions (3)
  • Process-Level Control (3)
  • Quality Assessment Review (3)
  • Training & Development (3)
  • Continuous Auditing (2)
  • Credit & Collections (2)
  • Culture (2)
  • Customer Satisfaction (2)
  • Data Security (2)
  • Document Retention (2)
  • Energy & Utilities Industry (2)
  • Robotic Process Automation (2)
  • Sarbanes-Oxley Act (2)
  • Segregation of Duties (2)
  • Accounts Receivable (1)
  • Agile Auditing (1)
  • Artificial Intelligence (1)
  • Audit Testing (1)
  • Cost Management (1)
  • Cross Border & Non-US Issues (1)
  • Expense Reporting (1)
  • Fixed Assets (1)
  • Foreign Corrupt Practices Act (1)
  • Initial Public Offering (1)
  • Intellectual Property (1)
  • Internal Audit Administration (1)
  • Investigations/Forensics (1)
  • Knowledge Management (1)
  • Machine Learning (1)
  • Outsourcing/Co-sourcing/Shared Services (1)
  • Privacy (1)
  • Reporting/Disclosure (1)
  • Sales Process & Marketing (1)
  • Section 302 - Executive Certs. (1)

KL LinkedIn Page

© 2023 Protiviti Inc. An EOE M/F/D/V.

  • Accounts Payable Software
  • Accounts Receivable Software
  • Travel & Expense Management
  • Payment Automation
  • Cash Flow Management
  • Account Payable
  • Account Receivable
  • Travel & Expense
  • Finance News
  • Press Release
  • Get Started

audit assignment execution process

A Step-By-Step Guide to the Accounting Audit Process for the Accounting Department


In the world of finance, where accuracy is key and transparency is vital, the accounting audit process serves as the protector. For the accounting department, this isn’t just a routine check but a careful exploration into the details of financial stories. Think of it like a well-organized team effort, each part working together to make sure financial statements make sense. 

In this guide, we will break down the steps the accounting team takes to smoothly navigate the audit process. From planning to the final report, this guide is a roadmap, showing how the accounting department turns numbers into a trustworthy story about a company’s financial well-being. 

Understanding Accounting Audit

An accounting audit is a systematic examination and verification of a company’s financial records, transactions, and processes by an independent, qualified auditor. The primary objective is to ensure the accuracy, completeness, and fairness of a company’s financial statements. This process assures stakeholders, including investors, creditors, and regulatory bodies, that the financial information presented by the company is reliable and in compliance with accounting standards and regulations.

In other words, an accounting audit is a review of a company’s financial information carried out by an independent auditor . The goal is to confirm that the information is presented fairly, accurately, and in line with established accounting standards.

The Fundamental Objectives of an Accounting Audit

The fundamental objectives of an accounting audit go beyond scrutiny; they pave the way for a robust, accountable, and continually improving business environment. The importance of an accounting audit lies in its role as a safeguard for financial integrity and transparency within organizations. Key objectives include:

Financial Accuracy

Auditors scrutinize financial records to verify that they accurately represent the company’s financial position. This ensures that decision-makers can rely on the financial statements when making strategic and investment decisions.

An audit ensures that a company adheres to relevant accounting standards such as GAAP and IFRS , and regulatory requirements. Compliance is crucial for maintaining the company’s reputation, avoiding legal issues, and demonstrating ethical business practices.

Fraud Detection

Auditors assess internal controls and transactional activities to detect any signs of fraud or misappropriation of assets. Identifying financial risks early on helps prevent mismanagement and enhances the overall integrity of the reporting process.

Investor Confidence

The audit process provides an independent assessment of a company’s financial health. This, in turn, enhances investor confidence and trust in the organization. Investors are more likely to commit capital to a company with audited financial statements.

Stakeholder Assurance

Audited financial statements offer assurance to various stakeholders, including creditors, suppliers, and employees. This assurance is essential for fostering positive relationships and maintaining a healthy business ecosystem.

An accounting audit is a critical process that acts as a cornerstone for financial credibility and trust. By validating the accuracy and reliability of financial information, audits contribute to the overall stability and sustainability of businesses in the global marketplace.

Types of Accounting Audits

When it comes to ensuring financial integrity and accuracy, organizations typically undergo two main types of accounting audits: internal audits and external audits. These audits play distinct roles, each contributing to the overall financial health and transparency of a company.

Internal Audits

Internal audits are conducted by an organization’s internal audit team or department. These audits focus on evaluating and improving internal processes, risk management, and the effectiveness of internal controls. The primary objectives of internal audits include identifying areas of operational inefficiency, assessing compliance with internal policies and procedures, and providing recommendations for enhancing the organization’s overall performance.

Key Features of Internal Audits

  • Conducted by internal auditors employed by the organization.
  • Emphasizes evaluating and improving internal processes and controls.
  • Aims to enhance operational efficiency and ensure compliance with internal policies.
  • Provides valuable insights to management for informed decision-making.

External Audits

External audits are conducted by independent, external audit firms. These audits focus on assuring external stakeholders, such as investors, regulators, and creditors, regarding the accuracy and reliability of a company’s financial statements. The external audit process involves an unbiased examination of the financial records, transactions, and supporting documentation to express an opinion on whether the financial statements present a true and fair view.

Key Features of External Audits

  • Conducted by external auditors, often certified public accounting (CPA) firms .
  • Aim to assure external stakeholders about the accuracy of financial statements .
  • Involves an independent examination of financial records and transactions.
  • Results in the issuance of an audit report expressing an opinion on the financial statements.

Steps to Consider in the Accounting Audit Function

Accounting Audit Process

Step 1: Preparing for the Audit

The first step in the accounting audit process is preparation. This involves gathering all relevant financial documents, such as balance sheets, income statements, cash flow statements, and supporting documentation. It’s crucial to organize these documents systematically, making it easier for auditors to review and analyze the financial data.

Additionally, during this phase, companies should ensure compliance with accounting standards and regulations. Any discrepancies or potential issues should be addressed proactively to avoid complications during the audit.

Step 2: Selecting an Audit Firm

Choosing the right audit firm is a critical decision in the audit process. Organizations should consider factors such as the firm’s reputation, experience in the industry, and expertise in relevant accounting standards. The selected audit firm will play a significant role in determining the audit’s effectiveness and reliability.

Step 3: Preliminary Meeting

Before the actual audit begins, a preliminary meeting between the audit team and the company’s management is essential. This meeting serves as an opportunity to discuss the scope of the audit, expectations, timelines, and any specific areas of focus. Establishing open communication channels at this stage fosters a collaborative environment throughout the audit process.

Step 4: Risk Assessment

The audit team conducts a comprehensive risk assessment to identify potential areas of material misstatement. This involves evaluating internal controls, understanding the business environment, and assessing the risk of fraud. By identifying risks early in the process, auditors can tailor their procedures to address specific concerns and ensure a thorough examination of high-risk areas.

Step 5: Performing Audit Procedures

With the risk assessment complete, auditors move on to the heart of the audit – performing substantive procedures. This involves detailed testing of transactions, account balances, and other financial elements. Auditors use a combination of analytical procedures, substantive testing, and sampling techniques to verify the accuracy and completeness of financial information.

During this phase, auditors may also interact with company personnel to gain a deeper understanding of internal processes and controls. Effective communication between auditors and company representatives is crucial for a smooth and efficient audit.

Step 6: Documentation

Accurate and comprehensive documentation is a cornerstone of the audit process. Auditors meticulously record their findings, procedures performed, and evidence obtained. This documentation serves multiple purposes, including providing a trail of the audit process, facilitating peer reviews, and serving as a reference for future audits.

Step 7: Drafting the Audit Report

Once all audit procedures are complete, the audit team compiles their findings into a comprehensive audit report. This report typically includes an opinion on the fairness of the financial statements, observations on internal controls, and any other relevant information. The audit report is a crucial document, as it provides stakeholders with an independent assessment of the company’s financial health.

Step 8: Management Review

Before finalizing the audit report, there is often a management review phase. During this step, the audit team discusses their findings and observations with key members of the company’s management. This allows for any misunderstandings to be clarified, and it provides an opportunity for management to address concerns raised by the auditors.

Step 9: Finalizing the Audit Report

After addressing any outstanding issues and obtaining management’s responses, the audit team finalizes the audit report. The report is then presented to the company’s board of directors, shareholders, and other stakeholders. The audit report is a key tool for transparency, helping stakeholders make informed decisions about the company.

A Way Forward

The Peakflo Account Reconciliation solution is designed to streamline the month-end close process for accounting teams, providing a seamless experience. One standout feature is its capability to offer enhanced visibility over the audit trail, offering a comprehensive record of all modifications made to each task. This includes detailed information about the user account, specifically the accountant responsible for the changes.

The audit trail function not only ensures transparency but also positions accounting teams to be audit-ready at any given time. The detailed documentation of every alteration made during the reconciliation process allows for a quick and efficient response to audit requests, eliminating the need for extensive preparation of audit documents. By leveraging the Peakflo solution, accounting teams can redirect their focus from labor-intensive audit preparations to high-priority tasks. 

A typical internal or external audit involves four key phases – planning, fieldwork, reporting, and follow-up. The purpose of the accounting audit process is to carefully review and verify financial statements, assuring stakeholders about the accuracy of the financial information.

Auditing primarily focuses on three key areas: financial statements, internal controls, and compliance. The specific areas of emphasis can vary based on the type of audit, industry requirements, and the organization’s goals.

Auditors adhere to basic principles during examinations, including Confidentiality, Integrity, Objectivity, Independence, and Competence. These principles ensure that audits are conducted thoroughly, effectively, and with a commitment to honesty.

Slide 16_9 - 35 (1)

What is the Role of Technology in Accounting?

What is a general ledger(gl) – a complete guide, what is integrated payables & why it’s important for your business, latest post, tesco accounting scandal: overstating profits by £326 million, barclays capital lost millions due to an excel error, ditching legacy systems: the key to a sustainable finance landscape, split payment: streamlining transactions for marketplaces, future-proofing b2b payments: the payment automation handbook.

  • Accounts Payable
  • Accounts Receivable
  • Travel and Expense Management
  • B2B Payment Software
  • Invoice Management
  • Procurement Software
  • Product Tour
  • Saving Calculator

© 2023 by Peakflo. All rights reserved.


What Are the Audit Processes? 7 Key Processes You Should Know


The auditing process involves the actions and procedures used to control organizational activities. The set procedures are used in testing and proving that corporate operations are conducted effectively (Kinghabaeva & Savicheva, 2021).

They ensure that organizations follow due control mechanisms. However, the audit process helps business organizations to detect opportunities and areas of improvement.

Contrary to what most people think, the audit process involves monitoring and investigating the security and efficiency of the operations of the organization (McCracken & Schmidt, 2018).

It is a procedure that business organizations should use more often because it is effective. The audit process helps in finding organizational bottlenecks and wastes.

As a result, it helps in improving the productivity of the organization.

Usually, the audit process focuses on finding business vulnerabilities and risks to find solutions (McCracken & Schmidt, 2018). This paper provides a quick guide to the audit process that business organizations should use to improve their effectiveness and productivity.

The discussion also focuses more on the critical audit processes.

audit assignment execution process

Audit processes

1) selection phase:.

In the auditing process, the selection phase involves establishing the organization’s priority areas that need to e audited. Choosing the items to audit should be integrated as part of the organization’s internal audit.

It should also be integrated into the risk management program and annual plan for the organization.

In most organizations, the internal departments also integrate and coordinate with organizational compliance plans and activities (Vaicekauskas, 2019).

When choosing the priority areas of audit managers in collaboration with internal auditors, they should identify critical business processes that need to be audited. To do this, they should break down and rate risk areas within their company.

Secondly, they should also try to understand the availability of continuous data for auditing the identified issues (Vaicekauskas, 2019).

Managers should evaluate the cost and benefits of implementing an audit process for the identified risk areas. When performing the actions identified above, auditors should consider the organization’s audit procedures’ main objectives.

2) Planning Phase:

During audit planning, the internal auditors gather relevant information and initiate contact with the client. The planning phase also involves monitoring audit rules and determining the rules to guide the auditor to carry out an audit activity (McCracken & Schmidt, 2018).

Auditors organize a meeting with their clients to identify potential risks and determine the scope of auditing activities. Monitoring audit and audit rules should always take into consideration of legal and environmental frameworks.

3) Execution phase:

The execution process involved the fieldwork that an audit staff should execute after planning an audit. In this case, the client is informed of the entire auditing process through regular meetings.

Both auditors and clients discuss audit observations, potential audit findings, and recommendations (Vaicekauskas, 2019).

Besides, the execution phase involves determining the frequency of the audit process. Auditors need to think about several factors, including the natural rhythm of the audit process, and processes used in operating the business. However, they should also consider other trained personnel involved auditing process.

4) Organize Audit Parameters:

Auditors should configure rules governing each identified area of an audit before a continuous audit procedure is implemented. Every parameter’s frequency may need to be changed after the first setup based on the change from the audited activity (McCracken & Schmidt, 2018).

Therefore, the initial parameters, rules, and frequency of the audit process need to be changed. They should be defined before the auditor begins the audit process. However, the auditors need to reconfigure the initial parameters and rules based on the activity’s monitoring results.

5) Following Up:

A follow-up parameter is an audit process that relates to the treatment of identified alarms and business errors. The organization needs to determine the parties receiving the alarm, for example, internal auditors, line managers, or both (McCracken & Schmidt, 2018).

In most cases, the notice is sent to the process managers or the managers’ immediate supervisor. When follow-up activity is completed, it should be addressed, especially during the continuous audit process.

The entity should perform follow-up procedures, including reconciling the alarm before the follow-up process (McCracken & Schmidt, 2018). Negotiating the notice involves looking at alternative data sources before performing and establishing auditing guidelines.

6) Reporting Phase:

Reporting is an audit process that involves a summary of the audit findings. It provides conclusions and recommendations for each audit (Kinghabaeva & Savicheva, 2021).

However, the audit findings are communicated to the client through an audit report called a draft report. Reporting phase offers the client a chance to respond to the report of an auditor by submitting an action plan within a time frame (Kinghabaeva & Savicheva, 2021).

The client’s responses are usually included in the final audit report. The auditor should submit these responses to the appropriate management level of the organization.

7) Communicating Results:

The final item in the audit process involves the communication of auditing results to the client. When communicating the clients’ audit findings, it is essential to keep the exchange of results as independent as possible (Kinghabaeva & Savicheva, 2021).

Auditors should ensure that their reports are consistent with the findings of an audit. It is essential to follow the audit process carefully before communicating an exchange with the client.

Besides, organizations must consider implementing follow-up and communication procedures to avoid the risk of collusion.

The audit process involves a careful analysis of organizational activities by a qualified auditor. It helps auditors to draw conclusions and opinions regarding different aspects of the line items of financial statements.

The conclusions drawn by the auditors should be independent and factual. This means that the auditor should carry a free-form bias audit of the organizational activities. The audit opinions and conclusions should be based on facts but not assumptions.

A set of conclusions drawn from facts helps the auditor form an accurate and fair view of its activities. However, the summary of the most critical issues and recommendations on the audit process should be considered in drawing audit conclusions.

This involves describing the most significant problems of the audit and the issues of the audit report itself.

Related Posts

16 types of audit you should know – explained, what is auditing – overview, types, opinions, processes, and more, what are audit opinions 4 types of audit opinions explained with example, auditing a class: what it is and how it works, why audit is important what are they.

audit assignment execution process

The global body for professional accountants

  • Search jobs
  • Find an accountant
  • Technical activities
  • Help & support

Can't find your location/region listed? Please visit our global website instead

  • Middle East
  • Cayman Islands
  • Trinidad & Tobago
  • Virgin Islands (British)
  • United Kingdom
  • Czech Republic
  • United Arab Emirates
  • Saudi Arabia
  • State of Palestine
  • Syrian Arab Republic
  • South Africa
  • Africa (other)
  • Hong Kong SAR of China
  • New Zealand
  • Our qualifications
  • Getting started
  • Your career
  • Apply to become an ACCA student
  • Why choose to study ACCA?
  • ACCA accountancy qualifications
  • Getting started with ACCA
  • ACCA Learning
  • Register your interest in ACCA
  • Learn why you should hire ACCA members
  • Why train your staff with ACCA?
  • Recruit finance staff
  • Train and develop finance talent
  • Approved Employer programme
  • Employer support
  • Resources to help your organisation stay one step ahead
  • Support for Approved Learning Partners
  • Becoming an ACCA Approved Learning Partner
  • Tutor support
  • Computer-Based Exam (CBE) centres
  • Content providers
  • Registered Learning Partner
  • Exemption accreditation
  • University partnerships
  • Find tuition
  • Virtual classroom support for learning partners
  • Find CPD resources
  • Your membership
  • Member networks
  • AB magazine
  • Sectors and industries
  • Regulation and standards
  • Advocacy and mentoring
  • Council, elections and AGM
  • Tuition and study options
  • Study support resources
  • Practical experience
  • Our ethics modules
  • Student Accountant
  • Regulation and standards for students
  • Your 2024 subscription
  • Completing your EPSM
  • Completing your PER
  • Apply for membership
  • Skills webinars
  • Finding a great supervisor
  • Choosing the right objectives for you
  • Regularly recording your PER
  • The next phase of your journey
  • Your future once qualified
  • Mentoring and networks
  • Advance e-magazine
  • Affiliate video support
  • An introduction to professional insights
  • Meet the team
  • Global economics
  • Professional accountants - the future
  • Supporting the global profession
  • Download the insights app

Can't find your location listed? Please visit our global website instead

  • Internal audit
  • Learn about internal audit
  • Back to Learn about internal audit
  • A brief guide to internal auditing
  • A brief guide to assignment planning
  • A brief guide to assessing risks and controls
  • A brief guide to assignment quality
  • A brief guide to assignment reporting

A brief guide to follow up

  • A brief guide to relationship management
  • A brief guide to audit governance
  • A brief guide to standards and responsibility
  • A brief guide to strategic audit planning and resourcing
  • A brief guide to working with other providers
  • A brief guide to audit committees
  • Guidance for Heads of Internal Audit
  • Guidance for Audit Committee Chairs on working with the Head of Internal Audit
  • Introduction
  • Standard 1100 Independence and objectivity
  • Standard 2200 Engagement planning
  • Standard 2300 Performing the engagement
  • Standard 2400 Communicating results
  • Standard 2050 Coordination and reliance
  • Financial Reporting Council (FRC) International Standards on Auditing (UK)
  • Benefits of coordination
  • Facilitating coordination
  • Guidance on auditing planning for Internal Audit

You should follow up the actions agreed by management to ensure both that they’re implemented correctly in the timescale agreed, and that the actions undertaken have effectively mitigated the risk identified.

The work of internal audit fails to improve the internal control, risk and governance arrangements if areas it identifies for improvement are not carried through by management.

Audit committee and senior management require assurance that the agreed actions within internal audit reports have been implemented correctly in the timescales originally offered by management, and that controls are managing risk more effectively.

To inform this process and provide the necessary assurance, internal audit should undertake follow up work. The approach and frequency to this will vary by organisation and the internal audit team should agree a follow up protocol with management.

This protocol should consider:

  • if you will use report recommendations or management actions or both
  • how you should deal with partial implementation or work in progress
  • the escalation process for actions not cleared by the agreed date
  • whether you will follow up all recommendations or only those of a particular category or a percentage of actions
  • how to report actions that have been completed, but where internal audit still needs to confirm this by undertaking testing over a period of time
  • who in internal audit can clear the action and whether quality review is needed

Approaches to follow up

There are three main approaches to follow up and clearing actions: 

  • issue by issue as the due date arrives and internal audit is notified of completion
  • by undertaking a follow up audit based upon internal audit’s record of recommendations 
  • by providing assurance over management’s own tracking and reporting of progress to the audit committee

The first approach is timelier and aids continuous reporting to the audit committee but presents a challenge in terms of managing defined internal audit resources and making these available as and when completion is notified.

The second is the more traditional approach and tends to be performed at agreed frequencies. This aids resource planning but is resource intensive and provides a less timely picture of implementation.

The third and preferred option reflects and reinforces the fact that the agreed actions are indeed for management to implement. It puts the monitoring and reporting of progress in management’s court and makes the most efficient use of defined internal audit resources.  

The role of internal audit becomes one of assurance over the accuracy and completeness of reporting by management to the audit committee. It is undertaken at agreed frequencies with internal audit providing opinion to the audit committee over the reliance which may be placed upon management’s reporting. 

If positive assurance cannot be provided to the audit committee then it is likely that internal audit will need to revert to one of the other approaches and work with management to improve their monitoring in the interim until such time as management’s own systems are robust. 

To ensure the action is implemented correctly, internal audit cannot rely on management informing it that this is the case. Internal audit must obtain suitable evidence to confirm this and, where relevant, undertake testing to ensure it is operating effectively.

It is critical not just to ensure the action is complete, but that it has effectively mitigated risk to an acceptable level. The quality and effectiveness of the action must be reviewed.

Progress reporting

Reporting of progress on outstanding actions is vital to both the audit committee and senior management. This should be both statistical and highlight areas of specific concern and trends.

It should include:

  • actions implemented
  • missed dates and revised dates (particularly if repeatedly revised)
  • actions followed up and cleared by internal audit
  • statistical analysis of status to enable monitoring and achievement of any targets

Who owns this progress reporting will depend upon the approach to follow up adopted above.

IIA IPPF Standard 2500 - monitoring

IIA IPPF Standard 2600 - acceptance of risk

Related links

  • IIA website
  • ACCA Careers
  • ACCA Career Navigator
  • ACCA-X online courses

Useful links

  • Make a payment
  • ACCA Rulebook
  • Work for us
  • Supporting Ukraine

Using this site

  • Accessibility
  • Legal & copyright
  • Advertising

Send us a message

Planned system updates

View our maintenance windows

  • LinkedIn Group

Internal Audit 360

The independent knowledge source for internal auditors

Internal Audit 360

Ten Factors to Consider when Setting the Scope of an Internal Audit

Internal audit scope

A mong the most difficult factors to consider before and during an internal audit is its scope, or the boundaries and objectives of the audit. Set too wide and internal auditors can feel like they are trying to boil the ocean. Set too narrow and it may seem like the audit findings wont amount to more than a drop in the bucket.

Defining the scope during the audit planning process and getting all stakeholders agree to it is an important step to any internal audit and can make or break the engagement. Done right, it can provide a roadmap for internal auditors to follow. Done poorly and it could send auditors on a wild goose chase that ends up leaving everyone frustrated.

Wolters Kluwer TeamMate Banner May 2024

Here we’ll look at ten factors to consider when setting the scope of an internal audit.

1 Know the Organization

Before setting the scope , it is imperative to have a deep understanding of the organization’s structure, operations, and strategic objectives. This involves studying the company’s mission, vision, and values, as well as its organizational charts and key stakeholders. Understanding the business environment will help auditors identify the areas that require the most scrutiny.

2 Define Audit Objectives

No project should ever start without first identifying its goals, and internal audit engagements are no exception. The audit objectives serve as the foundation for setting the scope. They should be specific, measurable, achievable, relevant, and time-bound (sometimes referred to with the acronym: SMART). These objectives must align with the organization’s strategic goals and address the areas of greatest risk or concern. For example, objectives could include assessing compliance with industry regulations, evaluating financial controls, or reviewing operational efficiency.

3 Identifying Risks and Priorities

Risk assessment is a crucial step in determining the scope of an internal audit. This involves identifying potential risks that could impact the organization’s ability to achieve its objectives. Risks may be financial, operational, compliance-related, or related to the organization’s reputation. Prioritize these risks based on their potential impact and likelihood of occurrence.

4 Establishing Boundaries

Clearly defining the boundaries of the audit is essential to prevent scope creep, which occurs when the audit extends beyond its initial objectives. Determine which areas and processes will be included in the audit and which will be excluded. This may involve specifying particular processes, departments, functions, or locations that are within the scope.

It’s important to also remember that the boundaries don’t have to remain fixed during the entirety of an audit. The scope can change during an audit if the initial inquiries and field work point auditors in a new direction. But expanding the scope should be a decision that is not taken lightly. It should be well considered, discussed, and agreed upon by stakeholders before the scope is changed.

5 Considering Legal and Regulatory Requirements

Compliance with legal and regulatory requirements is a fundamental aspect of any internal audit. Auditors must be familiar with industry-specific regulations, as well as broader legal frameworks such as Sarbanes-Oxley Act (SOX) or General Data Protection Regulation (GDPR). Ensure that the audit scope encompasses all relevant compliance areas and regulations.

6 Engaging Stakeholders

Engaging with key stakeholders is crucial for gaining their input and ensuring that their concerns are addressed in the audit scope. This may involve discussions with senior management, department heads, and other relevant parties. Their insights can provide valuable perspectives on areas of concern and risk.

7 Industry Standards and Best Practices

Leverage industry-specific standards and best practices when defining the audit scope. These benchmarks provide a framework for evaluating processes and controls. For instance, in the financial sector, auditors may refer to International Financial Reporting Standards (IFRS) or Generally Accepted Accounting Principles (GAAP).

We do not have to reinvent the wheel with every audit. Just about every internal audit has been done before and there is a wide range of literature and documentation about the standards and best practices when conducting particular audits, especially in financial and IT areas. Don’t neglect to consult them. Smart internal audit teams also know when they don’t have the expertise to conduct certain audits and will seek outside help or “guest auditor” arrangements.

8 Assessing Resource Availability

Internal audit leaders would likely have much different audit plans if they had unlimited resources. Since that is never the case, they must be realistic and consider the best way to leverage the resources they do have. Consider the availability of resources, including time, budget, and skilled personnel, when setting the scope. Ensure that the scope is realistic and achievable within the allocated resources. If additional resources are needed, this should be communicated and addressed early in the planning process.

9 Documenting the Scope Statement

A well-documented scope statement is crucial for ensuring clarity and alignment among all stakeholders. The scope statement should outline the audit objectives, areas included and excluded, key risks, and any specific legal or regulatory requirements. It should also specify the timeline for the audit.


The proposed audit scope should undergo a thorough review process involving relevant stakeholders. Feedback should be incorporated, and any necessary adjustments should be made. Once consensus is reached, the final scope should be formally approved by senior management.

Setting the scope in an internal audit engagement is a critical step in ensuring that the audit process is focused, efficient, and aligned with the organization’s objectives. By understanding the organization, defining clear objectives, assessing risks, and engaging stakeholders, auditors can establish a comprehensive scope that provides meaningful insights and value to the organization. Following these steps will contribute to the success of the internal audit process and ultimately enhance the organization’s overall performance and compliance.

Internal audit end slug

Joseph McCafferty is editor & publisher of Internal Audit 360°

One Reply to “Ten Factors to Consider when Setting the Scope of an Internal Audit”

The Article typifies what we have been emphasizing while setting out to conduct any Internal Audit Assignment. Unless the Auditor knows and defines what he wants to Audit , the Auditee will ben left flustered.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Process Street

Compliance Audit Preparation and Execution

Role assignments.

audit assignment execution process

Select one of your colleagues from each of the members fields below to dynamically assign them to the tasks in this workflow run.

Hi there workflow builder!

We've automatically created dynamic role assignments for you in this workflow. Each time you run your workflow you can select someone in your team from the dropdown to be assigned to the tasks.

Pro tip: Tasks can be assigned in bulk. Hold your cmd/ctrl key and click shift or cmd/ctrl on the task list to select the tasks you'd like to assign.

*Delete this widget after digesting this information, as this content will appear on your workflow run*

Identify Scope of Compliance Audit

Identify the scope of the compliance audit to determine which areas of the organization need to be assessed. Consider the specific regulations and laws that apply to your industry. This task helps set the stage for the entire compliance audit process and ensures all relevant areas are included.

Collect Necessary Documents

Collect all necessary documents required for the compliance audit. These documents may include policies, procedures, employee records, training materials, and any other relevant documents. Ensure all documents are up to date and easily accessible to streamline the audit process.

Organize Compliance Information

Organize all compliance information to be easily referenced and analyzed during the audit. This includes creating a centralized repository for documents, organizing them in a logical structure, and implementing version control to track updates and revisions.

  • 1 Create centralized repository
  • 2 Establish folder structure
  • 3 Implement version control
  • 4 Document control procedures
  • 5 Train employees on document management

Review Regulations and Laws

Review applicable regulations and laws to ensure a comprehensive understanding of the compliance requirements. Identify any regulatory changes or updates that may affect the audit process. Stay informed about compliance standards to effectively assess the organization's compliance status.

  • 1 ISO 27001
  • 5 Sarbanes-Oxley Act

Approval: Review and Verify Document Accuracy

  • Collect Necessary Documents Will be submitted
  • Organize Compliance Information Will be submitted
  • Review Regulations and Laws Will be submitted

Schedule Audit Activities

Develop a schedule for all audit activities to ensure a smooth and efficient process. Consider the availability of key personnel, the time required for each task, and any deadlines or milestones. Clearly communicate the schedule to all relevant stakeholders to minimize disruptions and ensure their cooperation.

Conduct Preliminary Audit Analysis

Perform a preliminary analysis of the audited areas to identify potential compliance issues or risks. This analysis helps in designing an effective audit plan and allocating resources appropriately. Identify any gaps between current practices and required compliance standards to address them during the audit.

Perform Compliance Audit

Conduct the compliance audit, following the established audit plan and procedures. This task involves evaluating processes, controls, and documentation to assess compliance with applicable regulations and laws. Gather evidence, interview employees, and observe operations to ensure accurate and thorough assessment.

  • 1 Review policies and procedures
  • 2 Interview key personnel
  • 3 Inspect physical facilities
  • 4 Examine records and documentation
  • 5 Analyze data and reports

Document and Communicate Findings

Document all audit findings, including observations, discrepancies, and potential non-compliance issues. Use clear and concise language to effectively communicate the findings to stakeholders. Provide recommendations for improvement and suggest corrective actions to address any identified compliance gaps.

Formulate Corrective Actions

Formulate corrective actions to address identified compliance issues and improve overall compliance. Consider the root causes of non-compliance and develop action plans to mitigate risks and prevent future incidents. Assign responsibilities, set deadlines, and clearly define the expected outcomes of each corrective action.

  • 1 Update policies and procedures
  • 2 Provide additional training
  • 3 Implement new controls
  • 4 Conduct employee awareness campaigns
  • 5 Enhance monitoring and reporting mechanisms

Approval: Corrective Actions

  • Document and Communicate Findings Will be submitted
  • Formulate Corrective Actions Will be submitted

Implement Corrective Actions

Implement the formulated corrective actions to address the identified compliance issues. This task involves executing the action plans, monitoring progress, and ensuring timely completion. Provide necessary resources and support to individuals responsible for implementing the corrective actions.

  • 1 Train employees
  • 2 Update documentation
  • 3 Configure software systems
  • 4 Establish monitoring procedures
  • 5 Communicate changes to stakeholders

Follow-up on Compliance Issues

Monitor and follow up on the effectiveness of implemented corrective actions to ensure ongoing compliance. Track progress, measure outcomes, and verify that the desired results are achieved. Conduct periodic reviews and assessments to detect and address any recurring compliance issues.

  • 1 Review updated policies and procedures
  • 2 Evaluate employee training effectiveness
  • 3 Test control implementation
  • 4 Analyze monitoring reports
  • 5 Conduct employee surveys

Review Compliance Audit Results

Review the results of the compliance audit to evaluate the overall compliance status. Analyze the findings, corrective action implementations, and follow-up results. Assess the effectiveness of the audit process and identify any areas for improvement to enhance future compliance audits.

Finalize Audit Report

Compile all audit findings, observations, corrective actions, and follow-up results into a comprehensive and well-organized report. Summarize the key findings, provide detailed explanations, and include supporting evidence. Submit the finalized audit report to relevant stakeholders for review and action.

Take control of your workflows today.

More templates like this.

audit assignment execution process


  1. Audit Process

    audit assignment execution process

  2. 11+ Audit Process Flowchart

    audit assignment execution process

  3. Audit Process Flowchart. Audit Flowchart

    audit assignment execution process

  4. 5 Stages Of Audit Process

    audit assignment execution process

  5. PPT

    audit assignment execution process

  6. A Study On Internal Audit Procedures Presentation

    audit assignment execution process


  1. Audit Assignment ACT4323 S62869

  2. DSARI Energy Audit

  3. WVU Football Ed Vesterinen Press Conference


  5. Energy Conservation and Audit Assignment

  6. Brand Audit Assignment (Sonal Singh


  1. From Planning to Reporting: Exploring the Phases of the Audit Process

    The Execution Phase: Conducting the Audit. Once the planning phase is complete, auditors move on to the execution phase, where they gather evidence, test internal controls, and perform substantive procedures to validate the accuracy of the financial statements. Check out DataSnipper's Financial Statement Suite for next-gen "tick and tie".

  2. Step-by-Step Internal Audit Checklist

    The steps to preparing for an internal audit are 1) initial audit planning, 2) involve risk and process subject matter experts, 3) frameworks for internal audit processes, 4) initial document request list, 5) preparing for a planning meeting with business stakeholders, 6) preparing the audit program, and 7) audit program and planning review. 1.

  3. PDF Planning an Audit

    Planning an Audit 277 AU-CSection300 Planning an Audit Source:SASNo.122;SASNo.128;SASNo.134. Effective for audits of financial statements for periods ending on or afterDecember15,2012,unlessotherwiseindicated. Introduction Scope of This Section.01 Thissectionaddressestheauditor'sresponsibilitytoplananauditof

  4. A brief guide to assignment planning

    Effective assignment planning considers everything from the assessment of risk, work required, resources available and deadlines, to effective team and stakeholder engagement. The key output of the planning stage is a terms of reference document clearly stating the scope, audit objectives/risks, resources, timing and ideally any prior ...

  5. Audit planning: Why is it important and what are the best practices for

    Create a risk-based audit plan for your entire audit universe, including an activity schedule, to ensure a smooth and comprehensive audit process. Best Practice and Audit Planning Tools. Best practice audit planning will cover the steps above, giving you complete oversight of your risk landscape and the controls that your organization uses to ...

  6. The Audit Process From Start to finish: A Step-by Step Overview

    This article provides a step-by-step guide to the audit process, covering everything from planning to execution and reporting. Initial Planning: Laying the Groundwork for a Successful Audit. Objective and Scope of the Audit. Before an auditor can begin the process, they must define the audit's objectives and scope.

  7. Accounting Audit Process: A Step-by-Step Guide (+Checklist)

    A typical external or internal audit has four stages - planning, fieldwork, reporting, and follow-up. The accounting audit process is designed to ensure that the financial statements are examined thoroughly and accurately, providing stakeholders with confidence in the reliability of the financial information. 2.

  8. Audit Process

    Summary of Audit Process. To make it easy we can make a summary which follows the audit process flowchart above as in the table below: Summary of Audit Process. 1. Appointment. This is the first step in the audit process flowchart above where we, as auditors, are appointed to perform the audit work on the client's financial statements. 2.

  9. The importance of audit planning

    AUDIT PLANNING STANDARDS AND RISK MANAGEMENT. Audit planning is not a simple process. It involves consideration of client industry and regulatory factors, client operations and administration, availability and assignment of firm resources, engagement timing, and much more. Fortunately, the hard work of proper planning may not only enable more ...

  10. PDF International Standard on Auditing 300 Planning an Audit of ...

    Scope of this ISA. 1. This International Standard on Auditing (ISA) deals with the auditor's responsibility to plan an audit of financial statements. This ISA is written in the context of recurring audits. Additional considerations in an initial audit engagement are separately identified.

  11. The Best Way to Formulate and Execute Audit Procedures

    A framework for initiating and executing internal audit projects should include the following actions: Confirm the audit assignment (e.g., timing, purpose, scope) with the area or process to be audited (in some cases, it may be appropriate to not announce the audit, but to perform the work on a surprise or unannounced basis).

  12. The audit planning process

    The planning process. Planning consists of a number of elements. However, they could be summarised as: Preliminary engagement activities: evaluating compliance with ethical requirements; and. establishing the terms of the engagement. Planning activities: developing the audit strategy; and. developing an audit plan.

  13. Audit Process: 5 Expert Steps for You to Get Your Audit Right

    An audit process is a series of steps, taken to analyze particular business operations. ... Audit process: Step 3, the execution phase. Fieldwork is executed by the internal audit staff. Fieldwork could include interviews with relevant employees from the auditee. Regular status meetings are performed. ... Role assignments, to ease task ...

  14. A Step-By-Step Guide to the Accounting Audit Process

    Step 5: Performing Audit Procedures. Step 6: Documentation. Step 7: Drafting the Audit Report. Step 8: Management Review. Step 9: Finalizing the Audit Report. A Way Forward. FAQs. In the world of finance, where accuracy is key and transparency is vital, the accounting audit process serves as the protector.

  15. PDF 16 Steps for Conducting an Audit By Leita Hart-Fanta, CPA

    Here are the steps to conducting an audit: receive vague audit assignment. gather information about audit subject. determine audit criteria. perform a risk assessment. refine audit objective and sub-objectives. choose methodologies. budget each methodology. formalize the audit plan.

  16. The 10 Steps in Planning an Audit

    The steps in planning an audit include (Planning Procedures):. 1. Basic discussions with the client about the nature of the engagement and the client's business and industry are performed first, and the auditor meets the key employees, or new employees of a continuing client.The overall audit strategy or the timing of the audit may be discussed, but don't discuss specific audit procedures.

  17. What Are the Audit Processes? 7 Key Processes You Should Know

    1) Selection Phase: In the auditing process, the selection phase involves establishing the organization's priority areas that need to e audited. Choosing the items to audit should be integrated as part of the organization's internal audit. It should also be integrated into the risk management program and annual plan for the organization.

  18. Audit Procedures: A Quick Tour with 19 (Free) Templates

    #4 Auditing process: Analysis. Stage 4 takes all fieldwork information and compares this information against set standards. Compliance is tested using policies and procedures. Internal controls are evaluated to make sure they are adequate. #5 Auditing process: Exercise professional judgment. Conclusions are made and a report draft is begun.

  19. A brief guide to follow up

    There are three main approaches to follow up and clearing actions: issue by issue as the due date arrives and internal audit is notified of completion. by undertaking a follow up audit based upon internal audit's record of recommendations. by providing assurance over management's own tracking and reporting of progress to the audit committee.

  20. The Audit Process

    These are commonly referred to as ICQs. An ICQ is a tool used by auditors to document a process or function, including the basics of the process such as who, what, when, why, where and how. These often help us identify potential segregation of duties issues for the process being audited.

  21. Effective Workflow For Your Audit Management Process

    External and internal audits generate better insight into your data security, yet most employees flee from the process. Audits are cumbersome, time-consuming, and often feel peripheral to most people's daily workload. Yet, several benefits of internal auditing make it a critical component of the long-term sustainability of your organization. However, mastering an efficient workflow for your ...

  22. Ten Factors to Consider when Setting the Scope of an Internal Audit

    Here we'll look at ten factors to consider when setting the scope of an internal audit. 1 Know the Organization. Before setting the scope, it is imperative to have a deep understanding of the organization's structure, operations, and strategic objectives.This involves studying the company's mission, vision, and values, as well as its organizational charts and key stakeholders.

  23. Compliance Audit Preparation and Execution

    Identify the scope of the compliance audit to determine which areas of the organization need to be assessed. Consider the specific regulations and laws that apply to your industry. This task helps set the stage for the entire compliance audit process and ensures all relevant areas are included.