by Frank Stover, CPA/CFF/CGMA, CFE
Audit Manager at Atchley & Associates, LLP
noun: audit; plural noun: audits
Audit: an official inspection of an individual’s or organization’s accounts, typically by an independent body.
Verb: conduct an official financial examination of (an individual’s or organization’s accounts). “companies must have their accounts audited”
Origin: late Middle English: from Latin auditus ‘hearing,’ from audire ‘hear,’ in medieval Latin auditus (compoti ) ‘audit (of an account),’ an audit originally being presented orally.
There are different types of audits: external, single-audit, governmental, compliance, internal, and regulatory to name a few.
Description of more common audits:
1. Third Party Verification – An independent or external audit is carried out by a neutral third party, such as a professional accounting firm which is licensed to perform audits. The financial records of an entity including ledgers, bank statements, payroll, tax information, internal financial reports, official published reports, accounts payable, and accounts receivable, will be examined, among other documents. Further, minutes of meetings of directors, committees, and commissioners’ court, inquiry of attorneys, public databases and internet searches are some of the other techniques used to gather entity information. Standards under which audits are conducted are established by various professional bodies and governmental agencies, such as: the AICPA, SEC, GASB, FASB, OMB, and State Public Accountancy Boards.
2. A Single Audit is an engagement to perform simultaneously three (3) examinations. They are (1) an examination of the financial statements, (2) an examination of internal controls over financial reporting and compliance, and (3) an examination of an entity’s compliance with requirements that could have a direct and material effect on each major program (in accordance with OMB Circular A-133). The Single Audit is conducted under standards and guidelines issued by the Office of Management and Budget (OMB) generally using Circular A-133, the Governmental Accounting Standards Board, the Financial Accounting Standards Board, and depending on the source of funds perhaps the State of Texas Single Audit Circular.
A Federal or State Single Audit is required if you expended (not received) $750,000 of grant funds. A distinction should be made that not all Federal or State funds may be grants, should you have a contract for service these monies are not subject to the Single Audit requirement. If you are unsure, contact your designated grant(s) administrator(s).
The threshold of expenditures requirement is $750,000 for fiscal years beginning on or after January 1, 2015, for fiscal years beginning before that date the threshold requirement for expenditures is $500,000.
3. A compliance audit is a comprehensive review of an organization’s adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit.
What, precisely, is examined in a compliance audit will vary depending upon whether an organization is a governmental, public or private entity, what kind of data it handles and if it transmits or stores sensitive financial data. For instance, SOX requirements mean that any electronic communication must be backed up and secured with reasonable disaster recovery infrastructure. Entities, such as healthcare providers that store or transmit e-health records, like personal health information, are subject to HIPAA requirements. Financial services companies that transmit credit card data are subject to PCI DSS requirements. In each case, the organization must be able to demonstrate compliance by producing an audit trail, often generated by data from event log management software.
4. Internal Audit as defined by the Institute of Internal Auditors (IIA), “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal Auditors’ roles include monitoring, assessing, and analyzing organizational risk and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are mitigated and that the organization’s corporate governance is strong and effective. And, when there is room for improvement, internal auditors make recommendations for enhancing processes, policies, and procedures.”
Part II. All the Do’s and Don’ts for Auditors [coming soon]