Hubbry Logo
AuditAuditMain
Open search
Audit
Community hub
Audit
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Audit
Audit
Audit
View on Wikipedia
from Wikipedia
Part of a series on
Accounting
Early 19th-century German ledger
Major types
Key concepts
Selected accounts
Accounting standards
Financial statements
Bookkeeping
Auditing
People and organizations
Development
Misconduct
Some typical stages in the audit process

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon."[1] Auditing also attempts to ensure that the books of accounts are properly maintained by such entities as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.[2]

Audits provide third-party assurance to various stakeholders that the subject matter is free from material misstatement.[3] The term is most frequently applied to audits of the financial information relating to a legal person. Other commonly audited areas include: secretarial and compliance, internal controls, quality management, project management, water management, and energy conservation. As a result of an audit, stakeholders may evaluate and improve the effectiveness of risk management, control, and governance over the subject matter.

In recent years auditing has expanded to encompass many areas of public and corporate life. Professor Michael Power refers to this extension of auditing practices as the "Audit Society".[4]

Etymology

[edit]

The word "audit" derives from the Latin word audire which means "to hear".[5]

History

[edit]

Auditing has been a safeguard measure since ancient times.[6] During medieval times, when manual bookkeeping was prevalent, auditors in Britain used to hear the accounts read out for them and checked that the organization's personnel were not negligent or fraudulent.[7] In 1951, Moyer identified that the most important duty of the auditor was to detect fraud.[8] Chatfield documented that early United States auditing was viewed mainly as verification of bookkeeping detail.[9]

The Central Auditing Commission of the Communist Party of the Soviet Union (Russian: Центральная ревизионная комиссия КПСС) operated from 1921 to 1990.

Information technology audit

[edit]
Main article: Information technology audit
See also: Software audit review

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

Accounting

[edit]
See also: Financial audit and Internal control

Due to strong incentives (including taxation, misselling and other forms of fraud) to misstate financial information, auditing has become a legal requirement for many entities who have the power to exploit financial information for personal gain. Traditionally, audits were mainly associated with gaining information about financial systems and the financial records of a company or a business. Financial audits also assess whether a business or corporation adheres to legal duties as well as other applicable statutory customs and regulations.[10][11]

Financial audits are performed to ascertain the validity and reliability of information, as well as to provide an assessment of a system's internal control. The third party auditor will express an opinion of the person, organization, or system in question. The opinion given on financial statements will depend on the audit evidence obtained.

A statutory audit is a legally required review of the accuracy of a company's or government's financial statements and records. The purpose of a statutory audit is to determine whether an organization provides a fair and accurate representation of its financial position by examining information such as bank balances, bookkeeping records, and financial transactions.

Due to constraints, an audit seeks to provide only reasonable assurance that the statements are free from material error. Hence, statistical sampling is often adopted in audits. In the case of financial audits, a set of financial statements are said to be true and fair when they are free of material misstatements – a concept influenced by both quantitative (numerical) and qualitative factors. Recently, the argument that auditing should go beyond just true and fair is gaining momentum,[12] and the US Public Company Accounting Oversight Board has come out with a concept release on the same.[13]

Cost accounting is a process for verifying the cost of manufacturing or producing of any article, on the basis of accounts measuring the use of material, labor or other items of cost. The term "cost audit" refers to a systematic and accurate verification of the cost accounts and records, and checking for adherence to the cost accounting objectives. According to the Institute of Cost and Management Accountants, a cost audit is "an examination of cost accounting records and verification of facts to ascertain that the cost of the product has been arrived at, in accordance with principles of cost accounting."[citation needed]

In most nations, an audit must adhere to generally accepted standards established by governing bodies. These standards assure third parties or external users that they can rely upon the auditor's opinion on the fairness of financial statements or other subjects on which the auditor expresses an opinion. The audit must therefore be precise and accurate, containing no additional misstatements or errors.[citation needed]

Integrated audits

[edit]

In the US, audits of publicly traded companies are governed by rules laid down by the Public Company Accounting Oversight Board (PCAOB), which was established by Section 404 of the Sarbanes–Oxley Act of 2002. Such an audit is called an integrated audit, where auditors, in addition to an opinion on the financial statements, must also express an opinion on the effectiveness of a company's internal control over financial reporting, in accordance with PCAOB Auditing Standard No. 5.[14]

There are also new types of integrated auditing becoming available that use unified compliance material (see the unified compliance section in Regulatory compliance). Due to the increasing number of regulations and need for operational transparency, organizations are adopting risk-based audits that can cover multiple regulations and standards from a single audit event.[citation needed] This is a very new but necessary approach in some sectors to ensure that all the necessary governance requirements can be met without duplicating effort from both audit and audit hosting resources.[citation needed]

Assessments

[edit]

The purpose of an assessment is to measure something or calculate a value for it. An auditor's objective is to determine whether financial statements are presented fairly, in all material respects, and are free of material misstatement. Although the process of producing an assessment may involve an audit by an independent professional, its purpose is to provide a measurement rather than to express an opinion about the fairness of statements or quality of performance.[15]

Auditors

[edit]

Auditors of financial statements & non-financial information (including compliances audit) can be classified into various categories:

  • An external auditor or statutory auditor is an independent firm engaged by the client subject to the audit to express an opinion on whether the company's financial statements are free of material misstatements, whether due to fraud or error. For publicly traded companies, external auditors may also be required to express an opinion on the effectiveness of internal controls over financial reporting. External auditors may also be engaged to perform other agreed-upon procedures, related or unrelated to financial statements. Most importantly, external auditors, though engaged and paid by the company being audited, should be regarded as independent and have the status of a third party.[citation needed]
  • A cost auditor or statutory cost auditor is an independent firm engaged by the client subject to the cost audit to express an opinion on whether the company's cost statements and cost sheet are free of material misstatements, whether due to fraud or error. For publicly traded companies, external auditors may also be required to express an opinion on the effectiveness of internal controls over cost reporting. These specialized auditors are called Cost Accountants in India, and globally either Cost and Management Accountants or Certified Management Accountants.
  • Government auditors review the finances and practices of government bodies. In the United States, these auditors report their finds to Congress, which uses them to create and manage policies and budgets. Government auditors work for the U.S. Government Accountability Office, and most state governments have similar departments to audit state and municipal agencies.
  • A secretarial auditor or statutory secretarial auditor is an independent firm engaged by a client subject to an audit of its compliance to secretarial and other applicable laws to express an opinion on whether the company's secretarial records and compliance of applicable laws are free of material misstatements, whether due to fraud or error, as these invite heavy fines or penalties. For bigger public companies, external secretarial auditors may also be required to express an opinion on the effectiveness of internal controls over the client's compliance system management. In India, these auditors are called company secretaries, and are members of the Institute of Company Secretaries of India, holding a Certificate of Practice. (http://www.icsi.edu/)
  • Internal auditors are employed by the organizations they audit. They work for government agencies (federal, state and local); for publicly traded companies; and for non-profit companies across all industries. The internationally recognized standard setting body for the profession is the Institute of Internal Auditors, or IIA (www.theiia.org). The IIA has defined internal auditing as follows: "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes".[16] Thus professional internal auditors provide independent and objective audit and consulting services focused on evaluating whether the board of directors, shareholders, stakeholders, and corporate executives have reasonable assurance that the organization's governance, risk management, and control processes are designed adequately and function effectively. Internal audit professionals (Certified Internal Auditors - CIAs) are governed by the international professional standards and code of conduct of the Institute of Internal Auditors.[17] While internal auditors are not independent of the companies that employ them, independence and objectivity are a cornerstone of the IIA professional standards, and are discussed at length in the standards and the supporting practice guides and practice advisories. Professional internal auditors are mandated by IIA standards to be independent of the business activities they audit. This independence and objectivity are achieved through the organizational placement and reporting lines of the internal audit department. Internal auditors of publicly traded companies in the United States are required to report functionally to the board of directors directly, or a sub-committee of the board of directors (typically the audit committee), and not to management except for administrative purposes. They follow standards described in the professional literature for the practice of internal auditing (such as Internal Auditor, the journal of the IIA),[18] or other similar and generally recognized frameworks for management control when evaluating an entity's governance and control practices; and apply COSO's "Enterprise Risk Management-Integrated Framework" or other similar and generally recognized frameworks for entity-wide risk management when evaluating an organization's entity-wide risk management practices. Professional internal auditors also use control self-assessment (CSA) as an effective process for performing their work.
  • Consultant auditors are external personnel contracted by a client to perform an audit following the client's auditing standards. This differs from the external auditor, who follows their own auditing standards. The level of independence is therefore somewhere between the internal auditor and the external auditor. The consultant auditor may work independently, or as part of an audit team that includes internal auditors. Consultant auditors are used when the firm lacks sufficient expertise to audit certain areas, or simply for staff augmentation when staff are not available.

The most commonly used external audit standards are the US GAAS of the American Institute of Certified Public Accountants and the International Standards on Auditing (ISA) developed by the International Auditing and Assurance Standard.

Technological developments

[edit]

Recent advances in artificial intelligence and automation are reshaping audit practice. Audit firms now apply data analytics and machine-learning techniques to analyze entire datasets instead of statistical samples, improving anomaly detection and efficiency. However, these technologies also introduce challenges related to data quality, algorithmic bias, and the need for professional judgment.[19][20]

Performance audits

[edit]

A performance audit is an independent examination of a program, function, operation or the management systems and procedures of a governmental or non-profit entity to assess whether the entity is achieving economy, efficiency and effectiveness in the employment of available resources. Safety, security, information systems performance, and environmental concerns are increasingly the subject of audits.[21] There are now audit professionals who specialize in security audits and information systems audits. With nonprofit organizations and government agencies, there has been an increasing need for performance audits, examining their success in satisfying mission objectives.[citation needed]

Quality audits

[edit]
Main article: Quality audit

Quality audits are performed to verify conformance to standards through reviewing objective evidence. A system of quality audits may verify the effectiveness of a quality management system. This is part of certifications such as ISO 9001. Quality audits are essential to verify the existence of objective evidence showing conformance to required processes, to assess how successfully processes have been implemented, and to judge the effectiveness of achieving any defined target levels. Quality audits are also necessary to provide evidence concerning reduction and elimination of problem areas, and they are a hands-on management tool for achieving continual improvement in an organization.

To benefit the organization, quality auditing should not only report non-conformance and corrective actions but also highlight areas of good practice and provide evidence of conformance. In this way, other departments may share information and amend their working practices as a result, also enhancing continual improvement.

Project audit

[edit]

A project audit provides an opportunity to uncover issues, concerns and challenges encountered during the project lifecycle.[22] Conducted midway through the project, a project audit provides the project manager, project sponsor and project team an interim view of what has gone well, as well as what needs to be improved to successfully complete the project. If done at the close of a project, the audit can be used to develop success criteria for future projects by providing a forensic review. This review identifies which elements of the project were successfully managed and which ones presented challenges. As a result, the review will help the organization identify what it needs to do to avoid repeating the same mistakes on future projects.

Projects can undergo two types of project audits:[21]

  • Regular Health Check Audits: The aim of a regular health check audit is to understand the current state of a project in order to increase project success.
  • Regulatory Audits: The aim of a regulatory audit is to verify that a project is compliant with regulations and standards. The best practices of NEMEA Compliance Centre state that the regulatory audit must be accurate, objective, and independent while providing oversight and assurance to the organization.

Other forms of project audits:

Formal: Applies when the project is in trouble, and the sponsor agrees that the audit is needed, sensitivities are high, and conclusions must be proved via sustainable evidence.

Informal: Applies when a new project manager is provided, there is no indication the project is in trouble and there is a need to report whether the project is proceeding as planned. Informal audits can apply the same criteria as formal audits, but it is not necessary for the report to be so formal or in-depth.[23]

Energy audits

[edit]
Main article: Energy audit

An energy audit is an inspection, survey and analysis of energy flows for energy conservation in a building, process or system to reduce the amount of energy input into the system without negatively affecting the output.

Operations audit

[edit]
Further information: Operational audit

An operations audit is an examination of the operations of the client's business. In this audit, the auditor thoroughly examines the efficiency, effectiveness and economy of the operations with which the management of the client is achieving its objectives. The operational audit goes beyond internal controls issues since management does not achieve its objectives merely by compliance to a satisfactory system of internal controls. Operational audits cover any matters which may be commercially unsound. The objective of operational audit is to examine three E's, namely:[citation needed] Effectiveness – doing the right things with the least wastage of resources, Efficiency – performing work in the least possible time, and Economy – balance between benefits and costs to run the operation.[citation needed]

A control self-assessment is a commonly used tool for completing an operations audit.[24]

Forensic audits

[edit]

Also referred to as forensic accountancy, forensic accountant or forensic accounting, a forensic audit is an investigative audit in which accountants specialized in both accounting and investigation seek to uncover frauds, missing money and negligence.[citation needed]

See also

[edit]

References

[edit]

Further reading

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Audit

View on Grokipedia
from Grokipedia
An audit is an independent examination of an entity's and related disclosures, conducted by qualified professionals to express an opinion on whether those statements are presented fairly, in all material respects, in accordance with specified financial reporting frameworks such as generally accepted principles (). This process provides reasonable assurance that financial information is free from material misstatement due to error or , serving as a cornerstone for confidence, , and economic stability. Auditing traces its roots to ancient civilizations, where rulers in and employed scribes to verify tax and resource records, but modern financial auditing emerged in the amid the and the rise of joint-stock companies requiring verifiable accounts for shareholders. Key developments include the establishment of professional bodies like the American Institute of Certified Public Accountants (AICPA) in 1887 and the issuance of standardized procedures, evolving to address complex global markets through frameworks like the (ISAs). Beyond financial audits, which focus on historical statements, audits encompass internal audits for operational efficiency, compliance audits to verify adherence to laws and regulations, and specialized variants like information systems audits assessing IT controls. These practices mitigate risks but have encountered significant controversies, notably audit failures in high-profile corporate collapses such as Enron (2001) and WorldCom (2002), where auditors overlooked systemic fraud, eroding public trust and catalyzing reforms like the Sarbanes-Oxley Act to enhance auditor independence and internal controls. Such events underscore auditing's limitations as a detection tool, emphasizing its reliance on evidence gathering rather than exhaustive verification, amid ongoing debates over auditor liability and the adequacy of professional skepticism in countering management incentives for misrepresentation.

Etymology and Fundamentals

Etymology

The term audit derives from the Latin verb audīre, meaning "to hear," with the noun form stemming from audītus, the past participle denoting "a hearing" or "a ." This origin reflects the auditory character of early financial oversight, where auditors—often royal or ecclesiastical officials—listened to verbal recitations of accounts by stewards or taxpayers, rather than reviewing written records, a practice prevalent in ancient , medieval , and feudal systems. The word entered around the early 15th century, initially as a noun for the "official examination of accounts" conducted through such oral hearings, before expanding to encompass written and broader verification processes by the . In contexts like auditing a course without credit, the term retains this "hearing" , implying passive attendance and listening akin to an observer's in early audits. Over time, semantic shifts aligned audit with evidentiary , but its etymological core persists in , distinguishing it from purely visual or documentary terms like "" or "."

Definition and Core Principles

An audit is an independent, objective examination of an entity's , records, and related operations to verify their accuracy, completeness, and compliance with applicable financial reporting frameworks, such as Generally Accepted Accounting Principles (GAAP) or (IFRS). The primary objective is to enable the auditor to express an opinion on whether the financial statements present fairly, in all material respects, the financial position, performance, and cash flows of the entity for the period under review. This process provides reasonable assurance—defined as a high but not absolute level of confidence—that the statements are free from material misstatement due to error or , distinguishing audits from absolute guarantees or mere compilations. External audits, typically required for public companies or under regulatory mandates, differ from internal audits by emphasizing third-party verification for stakeholders like investors and regulators. Core principles guiding audits derive from international and national standards, including those from the International Auditing and Assurance Standards Board (IAASB) and the Public Company Accounting Oversight Board (PCAOB). Independence is foundational, mandating that auditors avoid any financial, familial, or business ties that could compromise impartiality, with safeguards like rotation of audit firms for public entities to mitigate familiarity threats. Professional skepticism requires auditors to maintain a questioning mindset, challenging assumptions and seeking contradictory evidence rather than accepting management representations at face value, particularly in high-risk areas like revenue recognition or related-party transactions. These principles ensure audits prioritize causal factors in misstatements, such as internal control weaknesses or intentional manipulation, over superficial compliance. Audits also adhere to ethical fundamentals outlined in the International Ethics Standards Board for Accountants (IESBA) Code: (honesty in all professional acts), objectivity (unbiased judgment free from conflicts), professional competence and due care (applying knowledge, skill, and thoroughness updated with current standards), (protecting information obtained unless legally required to disclose), and professional behavior (complying with laws and avoiding actions discrediting the profession). Operationally, materiality focuses efforts on matters that could reasonably influence economic decisions of users, while sufficient appropriate audit evidence—gathered through inspection, observation, inquiries, and confirmations—must be relevant, reliable, and voluminous enough to support conclusions, often via substantive testing and analytical procedures. A risk-based approach tailors procedures to assessed risks of material misstatement, emphasizing internal controls' design and effectiveness, as weak controls heighten reliance on detailed transaction testing. Violations of these principles, such as auditor collusion in scandals like (2001), have historically prompted reforms like the Sarbanes-Oxley Act of 2002, reinforcing their empirical role in maintaining market trust.

Historical Evolution

Ancient and Pre-Industrial Origins

The earliest auditing practices emerged in ancient around 3500 BC, where clay tablets recorded agricultural transactions, inventories, and labor efforts, with verification processes evident to reconcile records against physical assets and prevent . Similar systems appeared in ancient and by the 4th century BC, involving scribes who audited granary movements through physical counts, oral examinations of overseers, and cross-checks of ledgers to ensure accurate tracking of grain, taxes, and tribute. These methods prioritized detection of discrepancies in state-controlled resources, reflecting a causal need for oversight in centralized economies reliant on surplus storage. In the Achaemenid Persian Empire under Darius I (r. 522–486 BC), royal inspectors functioned as auditors, traveling incognito as "the King's ears" to examine provincial financial records, tax collections, and administrative compliance, thereby enforcing accountability across vast territories. In classical Greece, particularly 5th–4th century BC Athens, logistai—public accountants numbering up to 30—conducted mandatory post-term audits (euthynai) of magistrates' accounts, reviewing revenues, expenditures, and public funds to identify embezzlement or errors before the Assembly. Roman quaestors, from the Republic era onward, managed the aerarium (state treasury), audited provincial governors' fiscal reports, and oversaw tax farming, with detailed codices required for Senate scrutiny to curb corruption in expanding imperial finances. Pre-industrial auditing persisted and formalized in medieval Europe, adapting ancient principles to feudal, , and royal administration. From the , England's audited sheriffs' annual accounts via —parchment summaries of county revenues and debts—through adversarial hearings that verified cash inflows against expected yields from royal demesnes. Late medieval innovations, circa 1250–1500, integrated auditing into across , with procedures like cross-referenced ledgers and independent verifiers enhancing in courts, monasteries, and emerging bureaucracies, though reliant on manual reconciliation prone to . These practices emphasized over assets, driven by the need to mitigate agency problems between rulers and agents in agrarian societies lacking modern mechanisms.

Industrial Era Professionalization

The , commencing around 1760 in Britain, expanded business operations through factories, railways, and , creating a separation between ownership and management that heightened the need for independent financial verification to safeguard investors. This era's economic growth, with formations surging after the repeal of the in 1825, exposed risks of managerial fraud and accounting errors, prompting demands for specialized auditors beyond mere bookkeepers or shareholders. Early auditing focused on detailed transaction vouching and checks, but the scale of enterprises required expertise in detecting irregularities amid rapid industrialization. Legislative measures advanced professionalization; the Joint Stock Companies Act of 1844 mandated the appointment of auditors for incorporated companies and required preparation, though initial auditors were often company members lacking independence. Corporate failures, such as those in the mid-19th century, underscored the limitations of non-professional oversight, leading to calls for qualified practitioners. By the , auditing techniques shifted toward systematic verification, influenced by growing capital markets where shareholder protection relied on credible attestations. Professional institutes emerged to establish credentials and standards; in , the Society of Accountants in formed in 1854, followed by similar bodies in , marking the first organized accountancy groups with entry via examination and experience. In , regional societies proliferated in the 1870s, culminating in the Institute of Chartered Accountants in (ICAEW) receiving its royal charter in 1880, unifying efforts to regulate membership and promote auditing proficiency. These organizations emphasized independence, ethical conduct, and technical training, professionalizing auditing as a distinct occupation responsive to industrial complexities. In the United States, the trend paralleled with the American Association of Public Accountants founded in 1887, reflecting transatlantic influences from British practices.

20th-Century Standardization

The standardization of auditing in the 20th century was driven by major financial crises, regulatory interventions, and professional initiatives to enhance reliability and consistency in financial reporting. The 1929 stock market crash and ensuing Great Depression exposed deficiencies in auditing practices, prompting U.S. legislative reforms. The Securities Act of 1933 required audited financial statements for new securities issuances, while the Securities Exchange Act of 1934 established the Securities and Exchange Commission (SEC) and mandated annual independent audits for registered companies, emphasizing auditor independence to protect investors. These acts shifted auditing from ad hoc verification to a formalized assurance function tied to public market integrity, increasing auditor liability and demand for uniform procedures. In response to ongoing scandals, such as the 1938 McKesson & Robbins fraud involving falsified inventories, the American Institute of Certified Public Accountants (AICPA) formed the Committee on Auditing Procedure (CAP) in 1939. The CAP issued Statement on Auditing Procedure (SAP) No. 1 that year, marking the first authoritative U.S. auditing standard, which required auditors to verify against generally accepted accounting principles () and expanded testing beyond balance sheets to income statements. Over the next three decades, the CAP produced 54 SAPs (1939–1972), addressing topics like internal controls, sampling, and confirmation procedures, which collectively formed the foundation for (). By 1972, the AICPA codified these into 10 GAAS, divided into general standards, standards of fieldwork (e.g., and gathering), and reporting standards, providing a structured framework for audit execution and opinions. Subsequent refinements included SAP No. 27 (1957), which discouraged lengthy "long-form" reports in favor of concise opinions, and SAS No. 2 (1974), which formalized the short-form audit report structure. Internationally, standardization lagged behind U.S. developments but gained momentum post-World War II amid of capital markets. Professional bodies in the UK and elsewhere adopted similar principles through bodies like the Institute of Chartered Accountants in , influencing practices. The pivotal global step occurred in 1977 with the founding of the (IFAC) by 63 accountancy organizations from 51 countries, aimed at harmonizing practices. IFAC's International Auditing Practices Committee (IAPC, now IAASB) began issuing International Auditing Guidelines in the 1980s, evolving into a comprehensive set of (ISAs) by 1994, which emphasized risk-based approaches and were designed for cross-border applicability without supplanting national rules. These efforts addressed causal gaps in pre-war auditing, such as inconsistent verification amid multinational operations, though adoption varied due to jurisdictional sovereignty. By century's end, GAAS and nascent ISAs had professionalized auditing, reducing variability but revealing limitations later exposed in events like the 1980s .

Post-Enron Reforms and Modern Developments

The collapse of Enron Corporation in late 2001, amid revelations of accounting fraud involving off-balance-sheet entities and auditor complicity by Arthur Andersen, prompted swift legislative action in the United States. The Sarbanes-Oxley Act (SOX), enacted on July 30, 2002, established the Public Company Accounting Oversight Board (PCAOB) as a nonprofit corporation under SEC oversight to regulate audits of public companies, replacing self-regulation by the accounting profession. SOX's Title I empowered the PCAOB to develop auditing standards, conduct inspections of registered firms, and enforce compliance, addressing conflicts of interest that enabled Enron's manipulations. Key provisions included Section 404, mandating management assessment of internal controls over financial reporting with auditor attestation, and Section 302 requiring CEO and CFO certification of financial statements' accuracy. Empirical studies indicate enhanced audit quality by reducing earnings management and financial restatements, though at significant cost—initial compliance expenses averaged $1.5 million to $2.3 million annually for smaller firms in the early years, with benefits accruing through improved investor confidence and fewer material weaknesses in controls. rules prohibited non-audit services and mandated lead partner rotation every five years, curbing familiarity threats observed in . The PCAOB's inspections, starting in 2004, identified deficiencies in 40-50% of Big Four audits initially, driving remediation and higher standards. Internationally, similar reforms emerged, such as the EU's 8th Company Law Directive in 2006, emphasizing oversight, though U.S. changes set a global benchmark amid skepticism of self-policing in a profession historically reliant on reputational incentives over rigorous verification. In recent years, PCAOB efforts have focused on standard modernization amid technological shifts and persistent risks like cyber threats and complex transactions. In May 2024, the PCAOB adopted QC 1000, a scalable standard requiring firms to design systems addressing risks such as insufficient professional skepticism, effective for audits after December 15, 2025. Amendments to AS 1105 (Audit Evidence) and AS 2310 (Confirmations), approved by the SEC in August 2024, emphasize evaluating reliability in technology-assisted environments and third-party confirmations, responding to cases involving manipulated evidence; these take effect for fiscal years ending after June 15, 2025, and December 15, 2025, respectively. Auditing firms increasingly integrate AI and for continuous monitoring, reducing reliance on sampling but raising challenges in validating algorithmic outputs, as evidenced by PCAOB findings of tech-related deficiencies in 2023-2024 inspections. By October 2025, PCAOB guidance clarified AS 1105 implementation with examples for , underscoring causal links between weak controls and undetected misstatements in an era of accelerated filings. These evolutions prioritize substantive verification over procedural compliance, countering critiques that early SOX burdens stifled smaller issuers without proportionally advancing causal .

Purposes and Objectives

Assurance and Verification

Assurance in auditing entails the auditor's independent to provide a high level of to users that or other subject matter are free from material misstatement. Under (ISA) 200, the objective of an audit is to obtain reasonable assurance—defined as a high, but not absolute, level of assurance—about whether as a whole are free from such misstatements, whether caused by or . This reasonable assurance is expressed through an audit opinion, which enhances user in the entity's reported financial position, performance, and cash flows, distinguishing it from absolute assurance due to factors like sampling methods, inherent limitations in evidence gathering, and potential management override of controls. Verification forms the evidentiary foundation for achieving assurance, encompassing substantive procedures to corroborate management's assertions on financial statement elements, including existence, rights and obligations, completeness, accuracy, valuation, and presentation. Auditors verify assets and liabilities through techniques such as external confirmations from third parties for receivables and payables, physical observation for inventory and fixed assets, and vouching transactions back to original documents like invoices and contracts. These procedures, guided by standards like ISA 500 on audit evidence, aim to gather sufficient and appropriate evidence to mitigate detection risk, ensuring the audit opinion is supported by verifiable facts rather than mere representation. In practice, assurance and verification intersect to address —the risk of failing to detect material misstatement—through a risk-based approach where higher-risk areas receive more rigorous verification. For instance, in financial audits under U.S. (GAAS), verification includes analytical procedures to identify unusual fluctuations and substantive testing scaled by assessed control effectiveness. This framework, while providing reasonable assurance, acknowledges residual risks, as evidenced by historical audit failures where undetected occurred despite verification efforts, underscoring the need for professional skepticism.

Risk Mitigation and Compliance

Audits serve to identify, assess, and organizational by systematically evaluating internal controls, processes, and vulnerabilities that could lead to financial losses, operational disruptions, or fraudulent activities. External and internal auditors apply approaches, prioritizing high-impact areas such as material misstatements or control weaknesses, which empirical studies indicate can reduce incidence through proactive detection mechanisms like the fraud triangle analysis—involving , opportunity, and rationalization factors. For instance, internal audits contribute to enterprise-wide by providing assurance on the effectiveness of strategies, including testing controls over financial reporting and operational . In compliance contexts, audits verify adherence to legal, regulatory, and internal policy requirements, thereby averting penalties, , and litigation. Compliance audits specifically scrutinize whether operations align with standards like anti-money laundering rules or environmental regulations, identifying gaps that could expose entities to enforcement actions; for example, they mitigate risks by flagging non-compliance early, as evidenced in frameworks where audits integrate with to enforce . The Sarbanes-Oxley Act of 2002 () exemplifies this in the U.S., mandating public companies to establish and audit internal controls over financial reporting (Section 404), with auditors attesting to their design and operating effectiveness, which has demonstrably enhanced reporting accuracy and reduced material weaknesses reported in subsequent years. Risk mitigation extends beyond detection to recommending remedial actions, such as strengthening segregation of duties or implementing automated monitoring tools, which studies show lower fraud risks in risk-based auditing environments. often lead SOX compliance efforts, coordinating with management to remediate deficiencies, as a 2019 analysis found over half of companies assigning this responsibility to internal audit functions for integrated oversight. Overall, these audit functions foster a of , with evidence from internal audit practices linking them to decreased occurrences through continuous monitoring and control enhancements.

Value-Added Insights

Value-added insights in auditing refer to the strategic recommendations, operational enhancements, and forward-looking analyses derived from audit processes that enable organizations to improve efficiency, optimize , and achieve long-term objectives beyond basic compliance verification. These insights arise primarily from , where professionals apply risk-based methodologies to identify inefficiencies, such as redundant processes or control gaps, leading to measurable cost reductions; for instance, a 2022 survey of internal audit functions identified , competence, and alignment with organizational goals as key factors correlating with enhanced value delivery, including average annual savings of 5-10% in operational costs for participating firms. External audits contribute more limited value-added elements, constrained by requirements under standards like those from the (PCAOB), but can highlight systemic risks in financial reporting that inform management decisions. Advanced technologies amplify these insights by enabling data-driven foresight, such as continuous auditing systems that detect anomalies in real-time, reducing losses by up to 50% in implemented cases according to empirical analyses of enterprise implementations. Auditors leveraging whole-ledger analytics, for example, uncover patterns in transaction data that reveal vulnerabilities or pricing inefficiencies, providing clients with actionable strategies that boost profitability; a 2024 report documented instances where such techniques identified strategic opportunities yielding 15-20% improvements in management. The Institute of Internal Auditors (IIA) emphasizes this role in its Global Internal Audit Standards, effective January 2025, mandating that audits demonstrate purpose through value-adding activities like advisory services on and , evaluated via key performance indicators such as recommendation adoption rates exceeding 80% in high-performing functions. Empirical studies underscore the causal link between robust audit practices and tangible benefits, with effectiveness tied to factors like auditor experience and client collaboration, resulting in higher adoption of value-added services; one of audit-client relationships found that committed partnerships increased provision of such services by 25-30%, enhancing overall audit and client retention. However, realization of these insights requires overcoming barriers like management resistance or resource constraints, as evidenced by literature reviews showing that only functions with systematic programs and board support consistently deliver superior outcomes, such as improved transparency and reduced regulatory penalties. In practice, value-added auditing prioritizes alignment with business strategy, using techniques like against industry peers to recommend innovations, thereby fostering resilience against economic disruptions.

Standards and Regulatory Frameworks

International Auditing Standards

The (ISAs) are a set of professional standards for the performance of audits of historical financial information, developed to promote consistency, quality, and transparency in auditing practices worldwide. They are issued by the International Auditing and Assurance Standards Board (IAASB), an independent standard-setting body operating under the auspices of the (IFAC). The IAASB's objective is to serve the public interest by establishing high-quality auditing, assurance, and related services standards that enhance the credibility of financial reporting. Established in March 1978 as the International Auditing Practices Committee (IAPC), the IAASB rebranded in 2002 and has since issued over 40 ISAs, with a major clarification and redrafting completed in 2009 to improve clarity and applicability. ISAs are principles-based, emphasizing professional skepticism, , and sufficient appropriate audit evidence, and are structured into sections covering responsibilities (e.g., ISA 200), planning (ISA 300), (ISA 315), and fraud considerations (ISA 240). They apply primarily to audits of general-purpose but have been adapted for specialized contexts, such as less complex entities via ISA for LCE issued in December 2023. As of , approximately 130 jurisdictions have adopted or committed to adopting ISAs, representing over 90% of IFAC member bodies, though full convergence varies due to national modifications or "carve-outs" in areas like auditor liability or specific reporting requirements. indicates that ISA adoption correlates with improved financial reporting quality and reduced earnings management, as jurisdictions implementing ISAs exhibit lower discretionary accruals compared to non-adopters. Recent developments include revisions to enhance auditor responsiveness to emerging risks. In July 2025, ISA 240 (Revised) was updated to strengthen fraud detection by mandating a "fraud lens" in risk assessments and requiring explicit documentation of fraud-related inquiries, effective for periods beginning on or after December 15, 2026. Similarly, ISA 570 (Revised 2024) on was revised in May 2025 to expand auditor evaluations of management's assessments amid economic uncertainties, with the same effective date. The IAASB's 2025 Handbook, released in September 2025, incorporates these updates alongside guidance on , reflecting a September 2024 position paper on adapting standards to audit-assurance intersections with AI and data analytics. These enhancements aim to address stakeholder demands for greater transparency without compromising audit efficiency, though implementation challenges persist in jurisdictions with resource-constrained regulators.

National and Sector-Specific Regulations

In the United States, the of 2002 established the to oversee audits of public companies, mandating registration of audit firms, inspection of audits, and enforcement of auditing standards to enhance financial reporting integrity following corporate scandals. SOX Section 404 requires management and auditors to assess and report on over financial reporting, with PCAOB standards applying to audits for fiscal years beginning after December 15, 2024, including requirements for internal control audits under AS 2201. The Securities and Exchange Commission (SEC) provides oversight of the PCAOB, ensuring compliance with these federal requirements for publicly traded entities. In the , Directive 2006/43/EC governs statutory audits of annual and consolidated accounts, requiring audits to be conducted in accordance with international standards while promoting and transparency for public-interest entities. This was amended by Directive 2014/56/EU to strengthen audit firm rotation, non-audit service restrictions, and joint audits for large entities, aiming to mitigate risks of long-term auditor-client relationships. Member states transpose these into national law, with oversight by bodies ensuring cross-border audit equivalence. The United Kingdom's , as amended, mandates audits for companies exceeding certain thresholds and empowers the (FRC) to set auditing standards and supervise audit firms under Part 42. The Statutory Auditors and Third Country Auditors Regulations 2016 (as updated in 2022) regulate auditor registration, inspections, and third-country equivalence, with the FRC enforcing ethical and quality standards for public interest audits. Post-Brexit, these align partially with rules but emphasize domestic oversight to maintain audit reliability. In banking, the Basel Committee on Banking Supervision's principles require internal audit functions to cover all bank activities, including outsourced ones, with direct reporting to the board or to ensure comprehensive and control evaluation. External audits must align with Basel Core Principles (revised 2024), where supervisors expect tailored procedures beyond general standards to address sector-specific risks like and exposures. These apply globally to strengthen prudential regulation under frameworks. Healthcare regulations emphasize data security audits; the U.S. HIPAA Security Rule (updated through 2024) mandates covered entities to implement audit controls for electronic , including logging access and changes to detect breaches. The Office for Civil Rights conducts periodic HIPAA audits to verify compliance, focusing on risks like hacking vulnerabilities. Publicly traded healthcare firms additionally face SOX audits overlapping with HIPAA, requiring integrated assessments of financial and safeguards. In the energy sector, the U.S. (FERC) performs risk-based audits of regulated entities like pipelines and utilities to verify compliance with interstate commerce and reliability standards, including financial and operational reporting. Environmental audits, such as those under India's rules (updated 2025), require accredited auditors to assess high-impact industries for pollution control and , with mandatory periodic reporting to enforce compliance. These sector mandates prioritize verifiable environmental and operational data over general financial audits.

Recent Revisions (2024-2025)

In 2024, the U.S. Government Accountability Office (GAO) issued a comprehensive revision to the Government Auditing Standards, commonly known as , effective for financial audits, attestation engagements, and reviews of for periods beginning on or after December 15, 2024. This update emphasizes a shift to systems over traditional , requiring audit organizations to design, implement, and monitor processes tailored to their size and risks, including enhanced focus on threats and auditor competence in areas like data analytics and fraud detection. The revisions also introduce stricter requirements and expanded documentation for impairments, aiming to address evolving governmental auditing challenges amid increasing regulatory scrutiny. The (PCAOB) adopted AS 1000, General Responsibilities of the , on May 13, 2024, establishing foundational obligations for auditors in conducting audits of public companies, including due professional care, professional skepticism, and objectivity. Approved by the SEC on August 20, 2024, this standard, along with conforming amendments to existing rules, applies to audits for fiscal years beginning on or after December 15, 2024, and seeks to clarify duties in response to findings on deficiencies in audit execution. Additionally, PCAOB amendments to standards on Technology-Assisted Analysis (TAA), effective for fiscal years beginning on or after December 15, 2025, update AS 1105 and AS 2301 to incorporate procedures for auditing in electronic form, reflecting the growing reliance on and AI tools. Confirmations standard amendments, effective for fiscal years ending on or after June 15, 2025, strengthen requirements for external confirmations to mitigate risks in cash and receivables testing. The PCAOB's Standard (QC 1000), delayed to December 15, 2025, mandates scalable, risk-based quality management systems for firms. On the international front, the International Auditing and Assurance Standards Board (IAASB) approved ISA 570 (Revised 2024), , in December 2024, effective for audits of for periods beginning on or after December 15, 2026, with enhancements to and disclosure requirements amid economic volatility. In September 2024, the IAASB finalized ISSA 5000, the first global standard for sustainability assurance engagements, addressing non-financial reporting demands driven by ESG regulations. The Institute of Internal Auditors released mandatory Global Internal Audit Standards in January 2024, restructuring guidance into core principles, implementation, and performance domains to improve effectiveness. In the U.S. non-issuer space, the AICPA Auditing Standards Board advanced standards in 2025, transitioning firms to risk-responsive systems effective for periods beginning on or after June 15, 2025, with proposals for a new standalone standard under consideration to explicitly responsibilities beyond existing SAS requirements. These revisions collectively respond to technological advancements, prevalence, and stakeholder demands for robust assurance, though challenges include strains on smaller firms.

Types of Audits

Financial Audits

A constitutes an independent examination of an entity's , aimed at providing reasonable assurance that they are free from material misstatement, whether resulting from error or , and are presented fairly in accordance with the applicable financial reporting framework, such as U.S. or IFRS. This process verifies the accuracy, completeness, and compliance of reported financial position, results of operations, and cash flows, typically covering the balance sheet, , statement of changes in equity, and statement of cash flows. External auditors, often certified public accountants adhering to standards like those from the PCAOB for U.S. public companies or AICPA Statements on Auditing Standards for nonissuers, conduct these audits to mitigate risks of undetected errors or intentional manipulations that could mislead investors or creditors. The primary objective distinguishes financial audits from other audit types: it focuses on historical financial data and attestation of fair presentation, rather than , beyond financial reporting, or future-oriented performance metrics. Unlike internal audits, which are conducted by employees to enhance internal controls and processes for use, financial audits deliver an independent opinion for external stakeholders, such as shareholders and regulators. For publicly traded companies, Section 404 of the Sarbanes-Oxley Act of 2002 mandates integration with audits of internal controls over financial reporting, ensuring reliability against material weaknesses identified in scandals like , where inadequate controls led to $74 billion in shareholder losses by 2001. Auditors apply a risk-based approach, assessing materiality thresholds—often set at 5% of or 1% of total assets—and performing substantive tests on high-risk areas like or valuation through vouching, confirmations, and analytical procedures. Sampling techniques, such as statistical or non-statistical methods, evaluate transaction populations without full verification, with error projections determining if misstatements exceed tolerable levels. The culminating audit report issues one of four opinions: unmodified (clean), qualified (material issues in specific areas), adverse (pervasive misstatements), or (insufficient evidence), influencing ratings and decisions; for instance, qualified opinions correlate with average price drops of 2-5% upon issuance. International Standards on Auditing (ISAs), issued by the IAASB under IFAC, harmonize practices globally, requiring auditors to obtain sufficient appropriate audit evidence and communicate key audit matters in reports for listed entities since ISA 701's effective date of December 15, 2016. In jurisdictions like the EU, audits under the Statutory Audit Directive emphasize skepticism toward management estimates, reducing instances of over-optimistic provisioning seen in the , where banks like reported overstated assets leading to its September 15, 2008, . These audits enhance integrity by deterring , with PCAOB inspections revealing that 40% of inspected firms had deficiencies in revenue testing as of 2023 reports.

Compliance and Internal Audits

Compliance audits systematically assess an organization's adherence to external regulations, laws, internal policies, and industry standards to mitigate legal, financial, and reputational risks. These audits involve reviewing documentation, processes, and controls to confirm alignment with specific frameworks, such as the Sarbanes-Oxley Act () of 2002, which requires public companies to maintain effective internal controls over financial reporting and mandates Section 404 attestation by management and external auditors. Other key examples include the Health Insurance Portability and Accountability Act (HIPAA) for protecting health information in the U.S., the General Data Protection Regulation (GDPR) for data privacy in the , and the Payment Card Industry Data Security Standard (PCI-DSS) for securing cardholder data. Non-compliance can result in penalties, as evidenced by fines exceeding $1 billion imposed under GDPR in its first few years of enforcement for violations like inadequate data processing consents. Internal audits, by contrast, constitute an independent and objective assurance activity conducted within the organization to evaluate and enhance the effectiveness of , control, and processes. According to the Institute of Internal Auditors (IIA), adds value by providing recommendations for operational improvements, distinct from the narrower regulatory focus of pure compliance audits. The IIA's Global Internal Audit Standards, effective January 2025 following revisions in 2024, emphasize principles like integrity, objectivity, and proficiency, with new requirements addressing data privacy risks and ethical information handling amid rising cyber threats. Internal audits often encompass compliance elements—such as testing controls under frameworks like the Committee of Sponsoring Organizations (COSO)—but extend to broader operational efficiencies, with auditors sampling processes to identify inefficiencies or risks before external scrutiny arises. While compliance audits prioritize verifiable adherence to predefined rules, often with exhaustive sampling of transactions for high-stakes regulations like , internal audits adopt a risk-based approach with potentially smaller but more analytically driven samples to inform strategic decisions. This distinction arises from their scopes: compliance audits serve primarily as regulatory checkpoints, potentially triggered by mandates or certifications, whereas internal audits function proactively to support in preempting issues, though both rely on evidence like logs, records, and interviews. Overlap occurs when internal audit teams incorporate compliance testing, as permitted under IIA guidance, enabling integrated assessments that avoid redundant efforts while ensuring holistic risk coverage. In practice, organizations like financial institutions under Dodd-Frank Act oversight integrate these to balance regulatory demands with internal resilience, reducing the incidence of violations reported to bodies like the U.S. Securities and Exchange Commission.

Performance and Operational Audits

Performance audits involve an independent examination of a or entity's programs, functions, or operations to assess whether they achieve intended objectives through , , and effectiveness, often referred to as the "3Es." These audits provide findings or conclusions based on sufficient, appropriate evidence evaluated against predefined criteria, such as legal requirements or best practices. In the United States, performance audits are governed by the Government Accountability Office's (GAO) Generally Accepted Government Auditing Standards (GAGAS), outlined in the 2024 Yellow Book revision, which mandates compliance with general standards for , competence, and due care; field work standards for planning, evidence gathering, and supervision; and reporting standards for clear communication of results. Operational audits, by contrast, focus on evaluating the and of an organization's internal processes, systems, and utilization in the private or corporate sector, aiming to identify opportunities for cost savings and operational improvements without primary emphasis on accuracy. While performance audits typically prioritize public sector value-for-money outcomes and program accountability, operational audits emphasize broader optimization, such as management or processes, though the terms overlap and are sometimes used interchangeably— with "performance" more common in contexts and "operational" in commercial ones. For instance, a 2023 operational audit of CV. X, an Indonesian company, revealed inefficiencies in controls leading to excess and tied-up capital, recommending streamlined procedures that reduced holding costs by an estimated 15-20% post-implementation. Both types employ systematic methodologies, including risk-based planning to select audit scope, , interviews, and against industry standards to test operational controls and outcomes. In settings, audits have driven measurable efficiencies; for example, a 2022 New Jersey state audit of public programs identified redundant contracting processes, resulting in projected annual savings of $10 million through consolidated . Similarly, operational audits in contexts, such as a global bank's adoption of integrated audit software in 2023, shifted focus from administrative tasks to analytical reviews, enhancing detection and operational throughput by 25%. These audits underscore causal links between process flaws— like inadequate internal controls or misaligned incentives— and suboptimal , prioritizing over anecdotal assessments to recommend actionable reforms.

Specialized Audits

Specialized audits encompass targeted examinations designed for particular industries, risks, or objectives, distinct from routine financial or operational reviews, often requiring expertise in niche domains such as detection, technology systems, or environmental impacts. These audits address specific regulatory, legal, or needs, employing customized methodologies to evaluate compliance, efficiency, or irregularities in focused areas. For instance, they may investigate allegations of or assess adherence to sector-specific standards, providing for litigation, adjustments, or . Forensic audits constitute a prominent category, involving detailed scrutiny of financial records to uncover of , , or irregularities suitable for legal proceedings. Conducted by accountants with investigative training, these audits go beyond standard verification by reconstructing transactions, tracing asset flows, and identifying intentional misstatements, often prompted by whistleblower reports, disputes, or regulatory inquiries. The purpose centers on producing court-admissible findings, such as quantifying losses from fraudulent activities, with techniques including data analytics, interviews, and document . Information technology (IT) audits evaluate the security, integrity, and effectiveness of an organization's information systems, encompassing hardware, software, networks, and practices. Key types include systems and applications audits, which test controls for vulnerabilities; compliance audits verifying alignment with frameworks like ISO/IEC 27001 for or SOC 2 for service organizations; and operational IT audits assessing efficiency in areas such as facilities or . These audits mitigate risks like cyberattacks or data breaches, with standards emphasizing risk-based approaches and continuous monitoring. Environmental audits systematically assess an organization's environmental performance, compliance with regulations, and management systems to identify impacts from operations, such as waste generation, emissions, or resource use. They typically involve site inspections, record reviews, and gap analyses against standards like ISO 14001, revealing non-compliance risks or opportunities for improvements. Common in industries like or , these audits support regulatory filings, liability avoidance, and voluntary reporting, with findings often driving corrective actions like pollution controls. Other specialized forms include construction audits, which review project costs, contracts, and change orders for overruns or disputes; royalty audits, verifying payments in licensing agreements for industries like media or pharmaceuticals; and tax-specific audits focusing on niche areas such as and accuracy or compliance. These engagements demand interdisciplinary knowledge, often integrating legal, technical, or scientific expertise to deliver precise, actionable insights.

Audit Execution Process

Planning and Risk Assessment

Planning an audit engagement begins with preliminary activities to evaluate the auditor's ability to accept or continue the client relationship, including assessing , competence, and resources required. These steps ensure the audit team can perform procedures necessary to reduce to an acceptably low level, as outlined in PCAOB AS 2101, which mandates establishing an overall audit strategy encompassing the scope, timing, and direction of efforts. Internationally, ISA 300 similarly requires auditors to plan the audit to perform it effectively, involving coordination among team members and consideration of prior audits or related services. Central to planning is obtaining an understanding of the entity and its environment, including its system, to identify risks of material misstatement in the . Under ISA 315 (Revised 2019), auditors must assess these risks at both the financial statement level and the assertion level for classes of transactions, account balances, and disclosures, distinguishing between those due to and those due to . This process incorporates inquiries of , analytical procedures, and of operations, with heightened focus on areas like or complex estimates where inherent risks are elevated. PCAOB standards align by requiring evaluation of risks and control environment effectiveness early in to inform the audit plan's nature, timing, and extent. Materiality determination guides thresholds, typically set as a percentage of benchmarks like or total assets—often 5-10% for overall materiality in practice—adjusted for qualitative factors such as regulatory scrutiny or stakeholder expectations. Risk responses are then tailored: higher risks prompt more substantive testing or tests of controls, while planning also addresses staffing, technology use, and specialist involvement to address entity-specific complexities like multinational operations. of the plan records these decisions, serving as a basis for and review, with the process being dynamic to incorporate new information throughout the engagement.

Evidence Collection and Testing

Audit evidence collection and testing constitutes the core execution phase following planning and , wherein auditors apply procedures to obtain sufficient appropriate supporting their conclusions on or other audit objectives. Sufficient refers to the quantity needed to reduce to an acceptably low level, while appropriate encompasses to the assertion under review and reliability based on source, nature, and circumstances of generation. Procedures are designed responsively to assessed risks of material misstatement, prioritizing higher-risk areas, and may include both tests of controls—where reliance on internal controls is planned—and substantive procedures applied universally to detect misstatements. Tests of controls assess the operating effectiveness of entity controls intended to prevent or detect misstatements, performed only when the plans to rely on those controls to modify substantive testing extent. Common methods include of personnel, of control activities, of documents evidencing control execution, and reperformance of controls to verify independent operation. For instance, reperformance might involve the independently authorizing a sample of transactions to confirm segregation of duties. If controls prove ineffective, the expands substantive procedures accordingly. These tests typically employ sampling techniques, such as statistical or non-statistical methods, to infer population-wide effectiveness, with sample sizes determined by expected deviation rates and tolerable rates. Substantive procedures provide direct evidence on assertions like , completeness, accuracy, and valuation, comprising tests of details and substantive analytical procedures. Tests of details involve vouching source documents to records (e.g., tracing invoices to entries), confirming balances externally (e.g., third-party verifications of receivables), recalculating amounts, and inspecting tangible assets. Substantive analytical procedures entail evaluating financial information by studying plausible relationships, such as or trend comparisons, with expectations developed from prior periods, industry data, or entity budgets; significant unexpected variances prompt further investigation. These procedures often use sampling, where auditors select items based on , monetary value, or , ensuring representation of the population. Reliability of evidence varies by type: external confirmations from independent sources generally provide higher reliability than internal documents, while originals exceed photocopies, and auditor-generated evidence through reperformance or surpasses entity-provided . Auditors consider factors like source expertise, contradictions with other , and timeliness, often corroborating lower-reliability with multiple sources. In or operational audits, evidence collection adapts to non-financial objectives, incorporating site visits, interviews, and against standards, though financial audits emphasize quantitative verification. in working papers records procedures, obtained, and conclusions, enabling and supporting defense against challenges. Emerging practices incorporate technology, such as data analytics for and automated confirmations, enhancing efficiency but requiring validation of tool reliability. For example, auditors may use generalized audit software to analyze entire populations rather than samples, identifying anomalies via algorithms. Challenges include override risks, addressed through unpredictable procedures, and remote gathering post-2020, which demands enhanced verification protocols. Overall, the phase culminates in evaluating whether accumulated supports or contradicts assertions, informing subsequent reporting.

Reporting, Opinions, and Follow-Up

The reporting phase of an audit involves the auditor synthesizing evidence gathered during fieldwork to evaluate whether the audited entity's or operational assertions are presented fairly and in accordance with applicable standards, such as U.S. or IFRS. The resulting audit report is a formal written document that communicates the auditor's conclusions, including any material misstatements, control deficiencies, or compliance issues identified. For financial audits under PCAOB standards, the report typically includes sections on the auditor's , the basis for that opinion, responsibilities of and the auditor, and any emphasis-of-matter or other-matter paragraphs for significant events like uncertainties. In performance or operational audits, reports emphasize findings, root causes, and recommendations rather than a binary fair presentation assessment. Audit opinions classify the degree of assurance provided, with four primary types issued in financial audits: , qualified, adverse, and . An opinion, the most favorable, asserts that the present fairly the entity's financial position, results of operations, and cash flows in all material respects. A qualified opinion indicates fair presentation except for specific matters, such as isolated misstatements or limitations in scope that are not pervasive. An adverse opinion states that the do not present fairly due to material and pervasive misstatements, often arising from widespread errors or not corrected by management. A of opinion is issued when the cannot obtain sufficient appropriate , rendering an opinion impossible, such as due to scope restrictions or significant uncertainties. These opinions are determined based on materiality thresholds, typically assessed quantitatively (e.g., 5% of ) and qualitatively, with PCAOB requiring explicit justification for modifications from . Follow-up procedures vary by audit type and auditor role. In external financial audits, formal follow-up is limited, as the auditor's responsibility ends with report issuance; however, regulators like the SEC may require entity responses to audit findings in filings, and subsequent annual audits inherently review prior-period adjustments. Internal audits, governed by standards from the Institute of Internal Auditors, mandate a systematic follow-up process to monitor and verify management's implementation of corrective actions for reported deficiencies, often involving re-testing controls within 6-12 months. Compliance and performance audits similarly emphasize post-report validation, with auditors tracking remediation timelines and escalating unresolved issues to oversight bodies; for instance, U.S. federal performance audits under GAO Yellow Book standards require agencies to report on action plans and outcomes. Failure to address findings can trigger expanded future audits or regulatory sanctions, underscoring follow-up's role in ensuring accountability.

Auditing Profession and Practice

Professional Qualifications and Ethics

To practice as an in the United States, individuals must hold a state-issued (CPA) license, which qualifies them to issue audit opinions under standards from the American Institute of CPAs (AICPA) or the (PCAOB). CPA licensure requires candidates to complete at least 150 semester hours of (typically a plus additional coursework), pass the four-section Uniform CPA Examination administered by the National Association of State Boards of Accountancy (NASBA), and fulfill one to two years of supervised professional experience in accounting or auditing, with specifics varying by jurisdiction. Internationally, equivalent qualifications include the (CA) designation, such as the Associate (ACA) from the Institute of in (ICAEW), which entails passing 15 modular examinations covering technical knowledge in , audit, assurance, and business, combined with three years of structured workplace training and demonstrated ethical competence. For internal auditors, the globally recognized Certified Internal Auditor (CIA) certification from The Institute of Internal Auditors (IIA) demands either a (or equivalent) plus two years of experience, or five years of relevant experience without a degree; candidates must also pass a three-part examination testing essentials of , practice, and business knowledge. License maintenance across these credentials involves ongoing continuing professional education (CPE), such as 120 hours every three years for CPAs or 40 hours annually for CIAs, including ethics training to sustain competence. Ethical standards form the cornerstone of auditing practice, enforced through codes that prioritize and objectivity to ensure unbiased verification of financial or operational assertions. The AICPA Code of Professional Conduct outlines five fundamental principles—integrity, objectivity, competence and due care, , and —and explicitly requires auditors to remain independent in both fact and appearance for attest services, prohibiting financial interests, familial relationships, or non-audit services that could impair judgment. The PCAOB reinforces this via Rule 101, mandating for audits of public companies to prevent self-interest or familiarity threats. The International Ethics Standards Board for Accountants (IESBA), under the International Federation of Accountants (IFAC), adopts a conceptually similar framework in its Code of Ethics for Professional Accountants, including International Independence Standards, which auditors worldwide must apply by identifying threats (e.g., self-review or ), evaluating their significance, and applying safeguards like rotation or external reviews. For internal auditors, the IIA Code of Ethics emphasizes objectivity through avoidance of conflicts and impartial reporting, distinct from external auditors' stricter rules due to their organizational . Breaches, such as compromised , trigger investigations by bodies like state boards, the PCAOB, or the IIA, potentially leading to sanctions including fines, suspension, or expulsion, with peer review programs monitoring compliance.

Internal versus External Auditors

Internal auditors are employees or in-house consultants of an responsible for evaluating and improving the effectiveness of , control, and processes through assurance and consulting activities. Their work encompasses a broad scope, including , compliance with internal policies, detection, and strategic advisory support to , often conducted on an ongoing or risk-based rather than fixed intervals. Internal auditors adhere to the International Standards for the Professional Practice of issued by The Institute of Internal Auditors (IIA), emphasizing organizational achieved via reporting lines to the or rather than operational . This structure, while promoting objectivity, can be compromised by inherent employment ties, potentially subjecting auditors to subtle influence, as evidenced in cases where internal findings are downplayed to align with executive priorities. External auditors, in contrast, are independent professionals from certified public accounting firms contracted to provide an objective opinion on the fairness of an entity's in accordance with generally accepted accounting principles () or (). Their primary focus is statutory assurance for external stakeholders such as shareholders, creditors, and regulators, typically performed annually for public companies under oversight from bodies like the () in the United States, which mandates rigorous rules prohibiting non-audit services that could impair objectivity. External audits test financial assertions through substantive procedures and controls reliance, but their scope is narrower, excluding non-financial operational reviews unless specifically engaged for attestations. The distinctions between internal and external auditors manifest in several core attributes, as summarized below:
AspectInternal AuditorsExternal Auditors
AffiliationEmployed by the audited entity, integrated into its structure.Independent third-party firms, serving multiple clients without employment ties.
Primary ObjectiveEnhance internal processes, risk mitigation, and value addition through advisory insights.Assure external users of financial statement reliability and compliance.
ScopeComprehensive: operations, IT, compliance, and non-financial risks.Focused: financial reporting, with limited reliance on internal controls testing.
ReportingTo management, board, or audit committee for internal improvements.Public opinion letter to shareholders and regulators, often filed with SEC Form 10-K.
FrequencyContinuous or periodic based on risk assessments.Predominantly annual, tied to fiscal year-end reporting.
StandardsIIA International Professional Practices Framework.PCAOB, AICPA, or IAASB auditing standards.
Independence RisksPotential bias from organizational loyalty; mitigated by functional reporting.Safeguarded by rotation rules and prohibitions on contingent fees, though long-term relationships can foster familiarity threats.
Despite these differences, internal and external auditors often collaborate, with external auditors evaluating the competence and objectivity of work to reduce their own testing efforts, as permitted under PCAOB Auditing Standard 2605. This reliance has grown with complex regulations like Sarbanes-Oxley Act Section 404, requiring effective internal controls, but demands rigorous assessment to avoid over-dependence on potentially compromised internal functions. Empirical studies, such as those from the IIA, indicate that coordinated audits improve overall assurance quality, though external auditors bear ultimate legal liability for opinions issued, exposing firms to litigation risks exceeding $1 billion in major failure cases like .

Market Structure and Major Firms

The external audit market for public companies and large entities operates as a highly concentrated , primarily controlled by the "Big Four" firms—, (EY), , and ()—which provide to the majority of publicly traded companies globally. This structure results from , extensive global networks spanning hundreds of countries, and specialized expertise in navigating complex financial reporting standards like IFRS and , enabling these firms to handle the demands of multinational corporations. In the , for example, the Big Four captured 98% of FTSE 350 audit fees and 90% of fees from Entities in 2024, reflecting persistent dominance despite regulatory pushes for diversification. In the United States, they audit a substantial portion of large-accelerated filers, with market shares exceeding 90% for companies as of 2023 data extended into 2024 trends. The Big Four's financial scale underscores their market position, with combined global revenues surpassing $212 billion in 2024, driven largely by audit, tax, and advisory services. Deloitte reported $67.2 billion in 2024 revenue, followed by at approximately $55.4 billion, while EY and each exceeded $45 billion, with audit and assurance comprising a core but diminishing share relative to consulting growth. This concentration has persisted post-major regulatory reforms, such as the U.S. Sarbanes-Oxley Act of 2002, which aimed to enhance competition and independence but coincided with further consolidation following scandals like , reducing the number of major players from eight to four. Regulatory bodies, including the U.S. (PCAOB) and the 's (FRC), continue to monitor for anticompetitive effects, such as elevated fees—UK audit prices rose 27% in a recent year amid Big Four pricing power—but structural barriers like client switching costs and liability risks limit entrants. Beyond the Big Four, mid-tier networks like BDO, Grant Thornton, , and Mazars audit smaller public firms, private companies, and non-Profits, collectively holding under 10% of large-client but serving niche segments with more agile, cost-effective services. These firms have grown revenues through mergers and organic expansion, yet reports highlight their exclusion from major tenders, as Big Four incumbency rates exceed 95% for FTSE 350 entities. Emerging challengers, including boutique specialists, have gained modest traction—FRC data shows non-Big Four rising slightly to challenge oligopolistic pricing—but overall, the industry's structure remains resistant to fragmentation, with audit fees for global entities totaling tens of billions annually under Big Four stewardship.

Controversies, Failures, and Critiques

High-Profile Audit Breakdowns

One of the most notorious audit failures occurred in the of 2001, where LLP, Enron's , approved aggressive accounting practices including off-balance-sheet special purpose entities that concealed billions in debt and inflated profits through . Enron's collapse on December 2, 2001, revealed $63.4 billion in assets undermined by undisclosed liabilities, leading to Andersen's conviction for obstruction of justice after document shredding and the firm's dissolution as a major accounting entity. This breakdown highlighted auditors' tolerance of client-driven manipulations despite internal warnings, contributing to investor losses exceeding $74 billion. The in 2002 exposed another significant lapse, with external auditor failing to detect $11 billion in improperly capitalized operating expenses reclassified as assets to mask declining earnings from 1999 to 2002. Internal auditors under Cynthia Cooper uncovered the in June 2002, prompting WorldCom's filing on July 21, 2002, as the largest in U.S. history at the time with $107 billion in assets. The Securities and Exchange Commission (SEC) settled charges against WorldCom for $2.25 billion, underscoring external audit deficiencies in verifying line costs amid rapid telecom expansion. In the , (EY) audited but overlooked the firm's transactions, which temporarily removed $50 billion in assets from the balance sheet at quarter-ends to portray lower leverage, rebooking them post-reporting. Lehman's September 15, 2008, , involving $619 billion in assets, amplified market turmoil as auditors accepted these as sales despite internal Lehman recognition of their balance-sheet-window-dressing nature. New York regulators later fined EY $10 million in 2015 for approving these practices without adequate disclosure. More recently, the collapse in 2020 demonstrated persistent vulnerabilities, as EY, Wirecard's auditor since 2009, issued clean opinions despite unverified €1.9 billion in cash balances in Asian subsidiaries that proved fictitious. filed for on June 25, 2020, with €3.5 billion in missing funds, erasing a market cap that peaked at €24 billion and prompting €20 billion in investor losses. German regulator Apas banned EY from public-interest audits for two years in 2023, citing grossly negligent audits that ignored whistleblower reports and relied on unchecked third-party confirmations. These cases collectively eroded trust in audit attestations, spurring reforms like enhanced skepticism mandates under standards such as PCAOB AS 2401, though recurrences indicate ongoing challenges in detecting intentional concealment.

Independence and Conflict Challenges

Auditor independence requires that external auditors maintain objectivity and avoid relationships or financial interests that could impair their judgment in expressing an opinion on . Primary threats include , arising from economic dependence on client fees; self-review, from auditing work the firm previously performed; , such as promoting client positions; familiarity, from long-term or personal ties; and , from client pressure. These conflicts can lead to biased audits, as evidenced by pre-2002 scandals like , where Arthur Andersen's provision of extensive consulting services totaling $27 million in 2000 compromised its audit role and contributed to undetected fraud. The Sarbanes-Oxley Act of 2002 () addressed these issues through Title II, prohibiting auditors of public companies from providing non-audit services like , financial , internal audits, actuarial services, and certain services to audit clients, to prevent self-review and self-interest threats. also mandated lead audit partner rotation every five years, a one-year cooling-off period for certain firm employees joining clients, and audit committee pre-approval of all services, aiming to mitigate familiarity and advocacy risks. Despite these measures, enforcement challenges persist, with PCAOB inspections identifying as a recurring deficiency area, including failures in pre-approval processes and quality controls. Non-audit revenues continue to pose self-interest threats, as Big Four firms—, , EY, and —generated $95.4 billion from advisory services in 2023, exceeding $66.5 billion from audit and assurance, potentially incentivizing retention of audit clients for consulting opportunities despite separate business units. services, permitted under with approval, remain controversial, as they can foster economic bonds; critics argue this loophole undermines full , unlike outright bans on other services. Recent enforcement actions highlight ongoing issues: in March 2024, the PCAOB fined $2.75 million for quality control failures in compliance during 2018 engagements, involving unconsulted prohibited services. Similarly, Australia's ASIC reported in October 2025 that many auditors failed to demonstrate compliance, leading to one registration cancellation and fines totaling $78,250. These challenges reflect causal tensions between auditors' gatekeeper role and commercial pressures, where fee dependence—often 10-15% of firm revenue per major client—can subtly erode skepticism, as psychological studies indicate unconscious bias from conflicts. While SOX reduced overt non-audit conflicts, empirical data shows audit quality improvements were modest, with restatements declining only 20-30% post-2002, suggesting regulatory limits against inherent economic incentives. Proposed reforms, such as mandatory firm rotation or stricter non-audit caps, face resistance due to increased costs estimated at $100-200 million per rotation cycle for large firms, balancing independence gains against practical disruptions.

Systemic Quality and Oversight Issues

The (PCAOB), established by the Sarbanes-Oxley Act of 2002, conducts annual inspections of registered audit firms to evaluate compliance with auditing standards and systems. These inspections categorize deficiencies into Part I (engagement-specific audit failures) and Part II (systemic defects), revealing persistent issues in areas such as , internal controls, and assessments. Despite regulatory mandates, inspection data indicate that a substantial proportion of audits—39% aggregate Part I.A deficiency rate in 2024 across inspected firms—fail to meet standards, down from 46% previously but still signaling inadequate execution in high-risk audits. Among major firms, the Big Four (Deloitte, EY, , ) dominate the market, auditing over 95% of U.S. public companies by , which amplifies systemic risks from concentrated failures. PCAOB reports highlight repeated lapses, such as EY's third consecutive criticism in 2025 for deficiencies in equity, goodwill, and testing, underscoring failures in firm-wide monitoring and training protocols. For instance, 's Part I deficiency rate improved to 20% in 2024 from 26% in 2023, yet such patterns reflect broader challenges in scaling oversight amid growth in complex client engagements. Remediation of identified defects remains inconsistent, with PCAOB guidance emphasizing timely firm responses to Part II findings, yet repeat deficiencies in consecutive reports indicate superficial fixes rather than root-cause reforms. Studies link unremediated PCAOB-identified issues to elevated future financial misstatements, suggesting that oversight inspections, while identifying problems, often fail to enforce lasting behavioral changes due to limited enforcement powers beyond public disclosure and fines. Critics, including SEC stakeholders, argue that PCAOB-SEC overlaps create redundancies without proportional gains in deterrence, as evidenced by industry resistance to enhanced transparency rules on audit metrics in 2025. Market incentives exacerbate oversight gaps, with audit partners receiving record compensation despite firm-level deficiencies, fostering a "reward for " dynamic where short-term revenue pressures override long-term quality investments. This structure, coupled with PCAOB's reliance on self-reported firm data for remediation verification, limits proactive intervention, as inspections cover only a fraction of engagements annually. Empirical trends show deficiency rates correlating with economic cycles, rising during booms when audit resources strain, highlighting causal vulnerabilities in firm over regulatory exhortations.

Economic Costs and Regulatory Overreach

The of 2002 imposed substantial compliance costs on public companies, particularly through Section 404 requirements for assessments and attestations, with initial SEC estimates of $1.24 billion annually for implementation proving far understated as actual expenditures reached billions more due to personnel, technology, and external audit fees. By 2025, companies with revenues between $1 billion and $10 billion reported average internal compliance costs of $1 million to $1.3 million annually, while larger firms faced even higher burdens scaling with operational complexity. These costs persist, with empirical analyses indicating annual SOX-related expenses ranging from $6 million for smaller public firms to $39 million for larger ones, encompassing not only direct outlays but also indirect opportunity costs from diverted management resources. Smaller public companies experience disproportionate economic strain from auditing regulations, often paying around $723,000 annually in compliance despite exemptions for non-accelerated filers under Section 404(b), which has deterred initial public offerings and limited capital access for emerging businesses. Regulatory intensity from bodies like the (PCAOB) further elevates audit fees, as heightened scrutiny and documentation demands increase auditor effort and pricing, with studies showing persistent cost elevations post-SOX without commensurate benefits in audit quality for all firm sizes. While proponents cite reduced incidence as a benefit, empirical evidence reveals net costs outweighing marginal improvements in financial reporting reliability for smaller entities, contributing to among larger audit firms. Critics argue that SOX and PCAOB oversight represent regulatory overreach by granting excessive authority to unelected bodies, leading to rules that expand liabilities beyond core financial attestation—such as proposed NOCLAR (non-compliance with laws and regulations) reporting duties that could implicate auditors in tangential corporate conduct—without sufficient cost-benefit justification. In , the U.S. House Committee advanced to abolish the PCAOB, citing its nonprofit status enabling unchecked that burdens firms with firm-wide reporting mandates applying even to non-PCAOB audits, potentially driving smaller audit practices out of the market. Such expansions, while framed as protections, impose compliance complexities that stifle and in auditing services, as evidenced by PCAOB proposals targeting 49% of registered firms not engaged in oversight-eligible audits. Empirical models under varying legal regimes suggest PCAOB-style interventions improve outcomes only under specific conditions, often at the expense of social surplus in less litigious environments.

Technological Integration and Future Directions

Emergence of Digital Tools and AI

The adoption of digital tools in auditing paralleled advancements in computing, with early applications emerging in the 1950s through electronic data processing (EDP) systems used for accounting at firms like in 1954, though auditing-specific uses initially emphasized verifying computerized financial records in the 1960s. By the 1980s, auditors incorporated basic computer-assisted audit techniques (CAATs), such as spreadsheets, to expand data sampling from manual subsets to fuller populations, reducing reliance on statistical and enabling preliminary in transactional records. Specialized audit analytics software accelerated this shift in the late , exemplified by Audit Command Language (ACL), developed to process large datasets interactively for tasks like stratification, Benford's Law compliance checks, and duplicate identification, allowing substantive testing of 100% of data rather than samples. Interactive Data Extraction and Analysis (IDEA), a contemporaneous tool, complemented ACL by supporting scripting for customized queries and visualizations, fostering efficiency in risk-based auditing amid growing data volumes from systems. These generalized audit software (GAS) packages, widely adopted by the , transformed manual vouching into automated workflows, with surveys indicating over 70% of large firms using them for compliance and fraud examinations by 2000. The 2000s saw data analytics evolve with integration, as auditors applied exploratory techniques to client databases for continuous auditing and predictive risk modeling, driven by regulatory demands post-Sarbanes-Oxley Act of 2002 for enhanced internal controls testing. Adoption rates surged in the 2010s, with major firms reporting 80-90% utilization of analytics for journal entry testing and by 2017, shifting audits toward real-time insights over periodic reviews. Artificial intelligence (AI) emerged as a transformative layer in the late 2010s, with models deployed for in , such as automated classification of vendor payments to flag potential kickbacks, achieving detection rates up to 30% higher than traditional methods in controlled studies. By 2023, generative AI tools began assisting in through for extracting covenants from contracts and simulating misstatement scenarios, while handled repetitive reconciliations, freeing auditors for judgment-intensive tasks. Regulatory scrutiny intensified in 2025, with the (PCAOB) issuing guidance on AI risk management, including principles for transparency in algorithmic decision-making to preserve audit independence. Early implementations, however, revealed limitations like model opacity and data dependency, prompting firms to hybridize AI with human oversight for verifiable outcomes.

Limitations and Evolving Risks

Despite advancements in digital tools and AI for auditing, significant limitations persist in their application, particularly regarding transparency and explainability. AI models often operate as "black boxes," where decision-making processes are opaque, complicating auditors' ability to verify outputs against professional standards like those from the PCAOB or IAASB, which emphasize and . This opacity hinders compliance with auditing norms requiring traceable reasoning, as noted in a 2024 analysis of AI adoption challenges. Algorithmic biases and data dependency further constrain effectiveness, as AI systems trained on historical financial data may perpetuate errors or overlook anomalies not represented in training sets, such as novel fraud schemes. For instance, biases in datasets can lead to skewed assessments, undermining the reliability of AI-driven in audits. issues exacerbate this, with poor input leading to unreliable outputs, while privacy regulations like GDPR impose restrictions on data usage in AI tools. Evolving risks include heightened cybersecurity vulnerabilities from integrating AI into audit workflows, where tools processing sensitive financial data become targets for breaches or adversarial attacks. A 2024 survey found 76% of organizations using AI in technology audits anticipate high cybersecurity risks within the next year, including data leakage and AI-enabled social engineering. Malicious exploitation of AI, such as prompt injection or model poisoning, could compromise audit integrity, as highlighted in internal controls assessments. Regulatory and operational risks are intensifying with rapid ; current standards lag behind AI complexities, potentially exposing auditors to liability for unverified automated judgments. The IIA's 2025 Risk in Focus report identifies digital disruption, including AI, as a fastest-growing , demanding enhanced over and generative AI integrations. Over-reliance on AI without sufficient human oversight risks eroding professional judgment, while workforce skill gaps in managing these tools could amplify errors in high-stakes audits.

References

  1. https://pcaobus.org/oversight/standards/auditing-standards/details/AS3101
  2. https://www.gao.gov/assets/gao-18-568g.pdf
  3. https://www.issai.org/wp-content/uploads/2019/08/issai-200.pdf
  4. https://www.rcvacademy.com/auditing-origin-evolution/
  5. https://www.cpajournal.com/2020/11/25/history-of-the-auditing-world-part-1/
  6. https://sao.texas.gov/Resources/AuditTypes/
  7. https://corporatefinanceinstitute.com/resources/accounting/top-accounting-scandals/
  8. https://cwmaudit.com/Pages/History-of-Auditing.asp
  9. https://www.gao.gov/assets/730/721835.pdf
  10. https://www.etymonline.com/word/audit
  11. https://www.merriam-webster.com/dictionary/audit
  12. https://www.taylorfrancis.com/chapters/mono/10.4324/9781351020749-3/history-auditing-birth-audit-profession-mervyn-king-linda-de-beer
  13. https://www.tbs-sct.canada.ca/ia-vi/abu-ans/history-histoire-eng.asp
  14. https://www.saturdayeveningpost.com/2023/04/in-a-word-the-sound-of-an-audit/
  15. https://corporatefinanceinstitute.com/resources/accounting/what-is-an-audit/
  16. https://www.frc.org.uk/library/standards-codes-policy/audit-assurance-and-ethics/auditors-responsibilities-for-the-audit/
  17. https://pcaobus.org/oversight/standards/archived-standards/pre-reorganized-auditing-standards-interpretations/details/AU110
  18. https://www.investopedia.com/terms/a/audit.asp
  19. https://dvp-audit.com/en/blog/financial-audit-concepts-and-types
  20. https://www.icaew.com/technical/trust-and-ethics/ethics/code-of-ethics/the-fundamental-principles
  21. https://www.legalleadership.co.uk/knowledge/delivering-services/finance-and-accounting/the-principals-of-the-financial-audit/
  22. https://www.pwc.com/im/en/services/Assurance/pwc-understanding-financial-statement-audit.pdf
  23. https://auditboard.com/blog/financial-audit
  24. https://www.investopedia.com/articles/financialcareers/09/ancient-accounting.asp
  25. https://www.accaglobal.com/ca/en/study-with-acca/blog/how-humans-invented-accounting.html
  26. https://egrove.olemiss.edu/cgi/viewcontent.cgi?article=1357&context=aah_notebook
  27. https://auditmonk.wordpress.com/2017/05/12/brief-history-of-auditing/
  28. https://internalauditguide.com/2023/04/from-ancient-roots-to-modern-practices-the-fascinating-timeline-of-internal-audit-history/
  29. https://www.unrv.com/government/quaestors.php
  30. https://academic.oup.com/book/10081/chapter/157544972
  31. https://library.oapen.org/bitstream/id/397fb6c0-800c-4ab3-997e-acaf8345bdc6/Accounts%2520and%2520Accountability%2520in%2520Late%2520Medieval%2520Europe.pdf
  32. https://www.tandfonline.com/doi/full/10.1080/2049677X.2018.1534778
  33. https://www.worldwidejournals.com/paripex/recent_issues_pdf/2015/September/September_2015_1492176620__21.pdf
  34. https://egrove.olemiss.edu/cgi/viewcontent.cgi?article=1696&context=aah_journal
  35. https://egrove.olemiss.edu/cgi/viewcontent.cgi?article=1138&context=aah_journal
  36. https://publications.parliament.uk/pa/cm201719/cmselect/cmbeis/1718/171804.htm
  37. https://publications.aaahq.org/ahj/article/44/1/17/5262/Auditing-Practices-from-a-Historical-Perspective
  38. https://camagazine.icas.com/ca-december-2024-january-2025/170th-anniversary/icas-timeline/index.html
  39. https://www.icaew.com/library/historical-resources/timeline
  40. https://www.tandfonline.com/doi/abs/10.1080/09585200903504181
  41. https://www.uncat.com/blog/a-guide-to-the-history-of-the-accounting-industry
  42. https://www.sec.gov/rules-regulations/policy-statements/33-7507
  43. https://business.columbia.edu/sites/default/files-efs/pubfiles/28461/BBKS_WP_2021.pdf
  44. https://egrove.olemiss.edu/aicpa_assoc/1939/
  45. https://publications.aaahq.org/ahj/article/48/1/31/5289/Historical-Development-of-the-Standard-Audit
  46. https://auditboard.com/blog/generally-accepted-auditing-standards
  47. https://www.ifac.org/who-we-are/our-purpose
  48. http://archives.cpajournal.com/1999/1099/Features/F141099.HTM
  49. https://business.rice.edu/sites/default/files/2021-02/Zeff-IAPC-International-Auditing-Guidelines-ABR-online-posting.pdf
  50. https://pcaobus.org/news-events/speeches/speech-detail/lessons-from-enron-the-importance-of-proper-accounting-oversight_45
  51. https://auditboard.com/blog/sarbanes-oxley-act
  52. https://corpgov.law.harvard.edu/2021/12/20/the-lasting-positive-impact-of-sarbanes-oxley/
  53. https://pcaobus.org/oversight/standards/auditing-standards
  54. https://corpgov.law.harvard.edu/2022/08/30/the-important-legacy-of-the-sarbanes-oxley-act/
  55. https://pcaobus.org/news-events/news-releases/news-release-detail/pcaob-updates-standard-setting-and-rulemaking-agendas-following-significant-modernization-progress-in-2024
  56. https://www.sec.gov/newsroom/press-releases/2024-100
  57. https://pcaobus.org/news-events/speeches/speech-detail/audit-regulations-2025---beyond---restoring-trust-in-public-company-audits-and-capital-markets
  58. https://www.journalofaccountancy.com/news/2025/oct/pcaob-publishes-guidance-related-to-audit-evidence-amendments/
  59. https://files.gao.gov/reports/GAO-25-107500/index.html
  60. https://www.icjce.es/images/pdfs/tecnica2/normativainternacional/isa200.pdf
  61. https://www.iaasb.org/focus-areas/isa-lce-standard-audits-less-complex-entities
  62. https://pcaobus.org/oversight/standards/archived-standards/pre-reorganized-auditing-standards-interpretations/details/AU330
  63. https://www.tutorialspoint.com/auditing/auditing_verification.htm
  64. https://www.iaasb.org/standards-pronouncements
  65. https://www.icaew.com/technical/audit-and-assurance/assurance/what-is-assurance
  66. https://www.mdpi.com/2076-3417/14/2/757
  67. https://malque.pub/ojs/index.php/mr/article/download/9806/4339/60631
  68. https://www.theiia.org/globalassets/documents/resources/the-role-of-internal-auditing-in-enterprise-wide-risk-management-january-2009/pp-the-role-of-internal-auditing-in-enterprise-risk-management.pdf
  69. https://youngandright.ae/blogs/the-role-of-compilance-audits-in-risk-management-nd-corporate-governance/
  70. https://www.abacademies.org/articles/auditing-for-compliance-navigating-regulatory-challenges-16940.html
  71. https://www.exabeam.com/explainers/sox-compliance/sox-audits-requirements-process-best-practices/
  72. https://www.sarbanes-oxley-act.com/
  73. https://www.fepbl.com/index.php/farj/article/view/1856/2125
  74. https://www.wolterskluwer.com/en/expert-insights/internal-audits-role-robust-compliance-framework
  75. https://www.hrpub.org/download/20220330/UJAF4-12226271.pdf
  76. https://sites.duke.edu/thefinregblog/2023/08/06/patience-is-key-the-time-it-takes-to-see-benefits-from-continuous-auditing/
  77. https://www.theiia.org/en/standards/2024-standards/global-internal-audit-standards/
  78. https://publications.aaahq.org/cia/article/7/1/P9/7218/How-the-Auditor-Client-Relationship-Affects-the
  79. https://www.researchgate.net/publication/360303191_Internal_Audit_and_Added_Value_What_is_the_Relationship_Literature_Review
  80. https://internalaudit360.com/top-ten-ways-internal-audit-can-truly-add-value-and-improve-operations/
  81. https://www.fsb.org/2024/01/international-standards-on-auditing-isa/
  82. https://www.iaasb.org/about-iaasb
  83. https://www.iaasb.org/news-events/2015-09/standard-setting-public-interest-iaasb-milestones
  84. https://www.iaasb.org/publications/international-standard-auditing-audits-financial-statements-less-complex-entities
  85. https://www.iaasb.org/news-events/2024-09/iaasb-releases-2022-2023-public-report-balancing-effectiveness-and-timeliness-audit-and-assurance
  86. https://www.ifac.org/knowledge-gateway/professional-accountancy-organization-pao-development/publications/international-standards-2022-global-adoption-status-snapshot
  87. https://phys.org/news/2025-03-international-standards-financial.html
  88. https://www.iaasb.org/news-events/2025-07/iaasb-revises-fraud-standard-enhance-public-trust
  89. https://rsmus.com/insights/financial-reporting/iaasb-issues-new-standard-on-going-concern.html
  90. https://www.iaasb.org/news-events/2025-09/iaasb-2025-handbook-now-available-digital-access-and-print-orders
  91. https://www.iaasb.org/iaasb-consultations/latest-our-projects
  92. https://www.iaasb.org/news-events/2025-07/iaasb-highlights-how-revised-standards-reinforce-professional-skepticism
  93. https://pcaobus.org/oversight/standards
  94. https://pcaobus.org/oversight/standards/auditing-standards/details/AS2201
  95. https://www.congress.gov/crs-product/R48647
  96. https://eur-lex.europa.eu/eli/dir/2006/43/oj/eng
  97. https://eur-lex.europa.eu/eli/dir/2014/56/oj/eng
  98. https://www.ceps.eu/ceps-publications/study-on-the-audit-directive-directive-2006-43-ec-as-amended-by-directive-2014-56-eu-and-the-audit-regulation-regulation-eu-537-2014/
  99. https://www.frc.org.uk/library/supervision/professional-bodies-supervision/supervision-of-audit/statutory-regulations/
  100. https://www.legislation.gov.uk/uksi/2022/762/pdfs/uksiem_20220762_en.pdf
  101. https://www.frc.org.uk/library/standards-codes-policy/audit-assurance-and-ethics/
  102. https://www.bis.org/publ/bcbs223.pdf
  103. https://www.bis.org/publ/bcbs280.pdf
  104. https://www.federalreserve.gov/supervisionreg/basel/basel-default.htm
  105. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
  106. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html
  107. https://www.sharetru.com/blog/regulatory-compliance-with-hipaa-sox-and-glba
  108. https://www.ferc.gov/audits
  109. https://www.taxtmi.com/article/detailed?id=15131
  110. https://aurorafinancials.com/energy-sector-audits-navigating-regulatory-pressure/
  111. https://www.gao.gov/products/gao-24-106786
  112. https://www.gao.gov/assets/d24106786.pdf
  113. https://www.federalregister.gov/documents/2024/02/08/2024-02594/government-auditing-standards-2024-revision
  114. https://pcaobus.org/news-events/news-releases/news-release-detail/pcaob-solidifies-foundation-of-every-audit-with-adoption-of-new-standard-on-general-responsibilities-of-the-auditor
  115. https://pcaobus.org/oversight/standards/implementation-resources-PCAOB-standards-rules/amendments-related-to-aspects-of-designing-and-performing-audit-procedures-that-involve-technology-assisted-analysis-of-information-in-electronic-form
  116. https://www.iaasb.org/publications/isa-570-revised-2024-going-concern
  117. https://www.iaasb.org/news-events/2025-01/iaasb-2025-look-ahead
  118. https://www.cpajournal.com/2025/05/21/implementing-the-aicpas-new-quality-management-standards-2/
  119. https://www.journalofaccountancy.com/news/2025/jul/auditing-standards-board-proposes-a-new-fraud-standard/
  120. https://tax.thomsonreuters.com/news/audit-firms-back-pcaob-qc-standard-delay-investors-warn-against-using-deferral-for-rule-revisions/
  121. https://www.aicpa.org/news/article/what-is-a-private-company-audit
  122. https://pcaob.org/Standards/Auditing/Pages/AS2110.aspx
  123. https://us.aicpa.org/research/standards/auditattest/clarifiedsas
  124. https://aurorafinancials.com/financial-audit-vs-performance-audit-differences-explained/
  125. https://linfordco.com/blog/internal-vs-external-audits-explained/
  126. https://pcaob.org/oversight/standards/auditing-standards/details/AS2201
  127. https://www.datasnipper.com/resources/phases-of-the-audit-process
  128. https://dhjj.com/financial-audit-vs-review-vs-compilation/
  129. https://www.strongdm.com/blog/compliance-audit
  130. https://www.wolterskluwer.com/en/expert-insights/compliance-audits-financial-services-techniques-tools-for-success
  131. https://auditboard.com/blog/regulatory-compliance
  132. https://www.theiia.org/en/standards/what-are-the-standards/definition-of-internal-audit/
  133. https://weaver.com/resources/new-iia-standards-reflect-changing-role-of-internal-audit/
  134. https://www.ibm.com/think/topics/compliance-audit
  135. https://auditboard.com/blog/compliance-audit
  136. https://www.ncontracts.com/nsight-blog/internal-audit-audits-compliance-reviews
  137. https://charterediia.org/content-hub/blogs/what-is-internal-audit/
  138. https://www.investopedia.com/terms/p/performanceaudit.asp
  139. https://auditboard.com/blog/operational-audit
  140. https://www.researchgate.net/publication/326696208_Same_same_but_different_a_comparison_between_performance_audit_and_operational_audit
  141. https://www.ijmae.com/article_148960_e24e95def69bfcb624b4079b9dd41667.pdf
  142. https://www.gao.gov/assets/2021-04/Performance-Audit-Discussion.pdf
  143. https://www.nj.gov/comptroller/news/blog/20221213.shtml
  144. https://www.metricstream.com/casestudies/global-bank-improves-internal-audit.htm
  145. https://www.wallstreetmojo.com/special-audit/
  146. https://www.investopedia.com/terms/f/forensic-audit.asp
  147. https://corporatefinanceinstitute.com/resources/accounting/what-is-a-forensic-audit/
  148. https://linfordco.com/blog/it-audit-guide/
  149. https://faddom.com/it-audit-standards/
  150. https://safetyculture.com/topics/environmental-audit
  151. https://amtivo.com/us/resources/insights/what-is-an-environmental-audit/
  152. https://www.indeed.com/career-advice/career-development/types-of-audits
  153. https://www.tailwindvoiceanddata.com/blog/types-of-audits-in-business-benefits-examples
  154. https://pcaobus.org/oversight/standards/auditing-standards/details/as-2101-audit-planning-2022
  155. https://pasai.squarespace.com/s/isa-300.pdf
  156. https://www.iaasb.org/publications/isa-315-revised-2019-identifying-and-assessing-risks-material-misstatement
  157. https://pasai.squarespace.com/s/isa-315.pdf
  158. https://www.auasb.gov.au/media/gnkc2fzb/asa_300_12_21.pdf
  159. https://pcaobus.org/oversight/standards/auditing-standards/details/AS1105
  160. https://tax.thomsonreuters.com/blog/guide-to-substantive-audit-procedures/
  161. https://pcaobus.org/oversight/standards/auditing-standards/details/AS3105
  162. https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/follow-up-audits-and-follow-up-process-the-auditors-impact-litmus-tool
  163. https://nasba.org/licensure/gettingacpalicense/
  164. https://nasba.org/licensure/gettingacpalicense/howtogetlicensed/
  165. https://www.icaew.com/learning-and-development/aca
  166. https://www.theiia.org/en/certifications/cia/
  167. https://nasba.org/licensure/maintainingalicense/
  168. https://www.theiia.org/en/certifications/already-certified/cpe-requirements/
  169. https://www.aicpa-cima.com/resources/landing/code-of-ethics-at-a-glance
  170. https://www.aicpa-cima.com/resources/landing/code-of-ethics
  171. https://pcaobus.org/oversight/standards/ethics-independence-rules/details/ET101
  172. https://www.ethicsboard.org/focus-areas/technology-ethics-independence-considerations
  173. https://www.theiia.org/globalassets/documents/content/articles/guidance/practice-guides/independence-and-objectivity/111032-prof-independenceobjectivity-pg-fnl.pdf
  174. https://pcaobus.org/oversight/standards/ethics-independence-rules
  175. https://www.ideagen.com/thought-leadership/blog/internal-vs-external-audit
  176. https://www.theiia.org/en/standards/what-are-the-standards/
  177. https://www.becker.com/blog/cia/internal-vs-external-audit
  178. https://online.hilbert.edu/blog/external-audit-vs-internal-audit/
  179. https://www.mindbridge.ai/blog/internal-vs-external-audit-key-differences-use-cases-and-strategic-alignment/
  180. https://dokka.com/internal-vs-external-auditors-8-key-differences/
  181. https://bridgepointconsulting.com/insights/internal-vs-external-audit-definition-differences-benefits/
  182. https://internalauditor.theiia.org/en/articles/2023/february/another-set-of-eyes/
  183. https://www.theiia.org/en/standards/
  184. https://www.statista.com/topics/1260/audit-accounting-firms-big-four/
  185. https://www.cpajournal.com/2024/07/24/surveying-a-shifting-landscape/
  186. https://library.croneri.co.uk/cch_uk/ausofrc/miscamcd1224
  187. https://www.ideagen.com/thought-leadership/blog/who-audits-public-companies-2024-edition
  188. https://www.visualcapitalist.com/big-four-audit-fees-market-share-s-p-500/
  189. https://big4accountingfirms.com/top-10-accounting-firms/
  190. https://www.gao.gov/assets/a270959.html
  191. https://cksearchglobal.com/big-four-squeeze-out-mid-tier-auditors-as-prices-rock/
  192. https://www.frc.org.uk/news-and-events/news/2024/12/audit-market-competition-update-sets-out-frcs-evolving-approach/
  193. https://www.investopedia.com/updates/enron-scandal-summary/
  194. https://www.investopedia.com/terms/w/worldcom.asp
  195. https://sc.edu/about/offices_and_divisions/audit_and_advisory_services/about/news/2021/worldcom_scandal.php
  196. https://www.propublica.org/article/lehman-brothers-autopsy-repo-105-explained-auditors-in-trouble
  197. https://www.reuters.com/article/business/ernst-young-settles-with-ny-for-10-million-over-lehman-auditing-idUSKBN0N61SL/
  198. https://www.reuters.com/world/europe/german-regulator-hands-ey-2-year-audit-ban-over-wirecard-scandal-handelsblatt-2023-04-03/
  199. https://www.cnn.com/2023/04/03/business/wirecard-ey-ban-germany
  200. https://www.ft.com/content/bcadbdcb-5cd7-487e-afdd-1e926831e9b7
  201. https://www.sec.gov/newsroom/speeches-statements/munter-statement-auditor-independence-ethical-responsibilities-082922
  202. https://corporatefinanceinstitute.com/resources/accounting/threats-to-auditor-independence/
  203. https://faculty.wharton.upenn.edu/wp-content/uploads/2012/04/Tetlock_2006-auditorsmooreetalpiece.pdf
  204. https://www.sec.gov/news/press/2003-9.htm
  205. https://www.wilmerhale.com/en/insights/blogs/keeping-current-disclosure-and-governance-developments/20241016-pcaob-inspection-findings-offer-valuable-reminders-about-auditor-independence
  206. https://www.projectworks.com/blog/2024-the-big-4s-revenue
  207. https://scholarship.law.nd.edu/law_faculty_scholarship/137/
  208. https://pcaobus.org/news-events/news-releases/news-release-detail/pcaob-fines-pwc--2.75-million-for-quality-control-violations-relating-to-independence
  209. https://www.asic.gov.au/about-asic/news-centre/find-a-media-release/2025-releases/25-228mr-asic-finds-many-auditors-failing-to-demonstrate-compliance-with-auditor-independence-obligations/
  210. https://www.researchgate.net/publication/240743552_Auditor_Independence_Conflict_of_Interest_and_the_Unconscious_Intrusion_of_Bias
  211. https://scholarship.law.vanderbilt.edu/vjtl/vol53/iss3/2/
  212. https://pcaobus.org/oversight/inspections/remediation
  213. https://pcaobus.org/news-events/news-releases/news-release-detail/pcaob-posts-report-detailing-significant-improvements-across-largest-firms--alongside-inspection-results-in-record-time
  214. https://www.wsj.com/articles/big-four-auditing-shortfalls-wane-in-latest-inspections-after-regulator-push-19705221
  215. https://tax.thomsonreuters.com/news/pcaob-criticizes-ey-for-quality-control-issues-third-time-in-a-row-finds-deficiencies-at-4-small-firms/
  216. https://tax.thomsonreuters.com/news/audit-deficiency-rate-drops-in-2024-in-sign-of-improvement/
  217. https://pcaobus.org/news-events/news-releases/news-release-detail/pcaob-publishes-new-supplement-to-staff-guidance-concerning-the-remediation-process
  218. https://onlinelibrary.wiley.com/doi/10.1111/1911-3846.13000
  219. https://tax.thomsonreuters.com/news/sec-faces-dueling-requests-from-auditors-investors-on-pcaob-rules-increasing-transparency/
  220. https://auditreformlab.group.shef.ac.uk/reward-for-failure/
  221. https://pcaobus.org/oversight/inspections/firm-inspection-reports
  222. https://www.tellen.ai/post/the-deeper-trends-in-the-rise-in-pcaob-audit-deficiency-rates
  223. https://www.sox-online.com/costs/
  224. https://www.gao.gov/products/gao-25-107500
  225. https://www.sciencedirect.com/science/article/abs/pii/S0929119909000765
  226. https://financialservices.house.gov/news/documentsingle.aspx?DocumentID=410778
  227. https://onlinelibrary.wiley.com/doi/10.1111/ijau.12362
  228. https://www.sciencedirect.com/science/article/abs/pii/S0927539813000741
  229. https://scholarlycommons.law.hofstra.edu/cgi/viewcontent.cgi?article=3249&context=hlr
  230. https://www.wolterskluwer.com/en/expert-insights/concerns-abound-over-noclar-proposal-to-widen-auditors-duties
  231. https://www.rehmann.com/resource/will-congress-dissolve-the-public-company-accounting-oversight-board-pcaob/
  232. https://www.nortonrosefulbright.com/en-us/knowledge/publications/7ca4af0f/house-financial-services-committee-proposes-to-abolish-the-pcaob
  233. https://pcaobus.org/news-events/speeches/speech-detail/statement-on-the-firm-reporting-proposal---are-we-regulating-the-audit-firms-or-driving-out-competition
  234. https://pmc.ncbi.nlm.nih.gov/articles/PMC10913405/
  235. https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/the-evolution-of-information-systems-audit
  236. https://www.supervizor.com/blog/complete-guide-audit-analytics
  237. https://9jaoncloud.com/all-about-audit-command-language-acl/
  238. https://www.audit.gov.cn/en/n749/c10296921/part/10299824.pdf
  239. https://www.cpajournal.com/2023/09/13/the-use-of-data-analytics-in-auditing/
  240. https://digitalcommons.montclair.edu/cgi/viewcontent.cgi?article=1033&context=acctg-finance-facpubs
  241. https://publications.aaahq.org/jis/article/31/3/63/1114/Big-Data-Analytics-Opportunity-or-Threat-for-the
  242. https://www.wolterskluwer.com/en/expert-insights/artificial-intelligence-auditing-enhancing-audit-lifecycle
  243. https://trullion.com/blog/ai-revolution-transforming-the-auditing-landscape/
  244. https://pcaobus.org/news-events/speeches/speech-detail/ai-and-the-pursuit-of-audit-quality--a-regulatory-perspective
  245. https://tax.thomsonreuters.com/blog/navigating-the-new-era-of-auditing-with-ai-technology-meet-audit-intelligence-analyze/
  246. https://www.sciencedirect.com/science/article/pii/S1467089525000107
  247. https://www.mindbridge.ai/blog/ai-and-auditing-the-future-of-financial-assurance/
  248. https://www.grantthornton.ch/en/insights/challenges-regulation-of-ai/
  249. https://www.sciencedirect.com/science/article/pii/S2468227624002266
  250. https://www.tx.cpa/news-publications/todays-cpa-magazine/issues/article/may-june-2025/2025/06/09/key-considerations-for-financial-statement-auditors-before-leveraging-artificial-intelligence-in-their-audits
  251. https://tax.thomsonreuters.com/blog/challenges-of-adopting-ai-in-accounting-firms-tri/
  252. https://www.flexi.com/mitigating-the-risks-of-ai-in-accounting-software/
  253. https://www.protiviti.com/us-en/press-release-ai-systems-elevate-cybersecurity-and-data-risks
  254. https://www.sysdig.com/learn-cloud-native/top-7-ai-security-risks
  255. https://www.wolterskluwer.com/en/expert-insights/navigating-ai-cybersecurity-risks-internal-controls-threat-driven-landscape
  256. https://www.theiia.org/globalassets/site/foundation/latest-research-and-products/risk-in-focus/2025/2025-global-report-en-riskinfocus.pdf
  257. https://www.grantthornton.co.uk/insights/technology-risk-trends-your-key-priorities-for-2025/
  258. https://kpmg.com/nl/en/home/topics/future-of-audit/ai-audit/impact-artificial-intelligence-audit-profession.html
Add your contribution
Related Hubs
User Avatar
No comments yet.