Audit methodology is a particular set of processes or procedures used to assess a company’s financial and business risk. Internal and external audits may be used to review specific information relating to different operations of a company. Audits generally test financial information for accuracy and validity. Some audits focus on non-financial aspects, however. For example, business risk audits test departmental compliance with standard operating procedures. Variances found during the audit may significantly impact the company’s ability to remain in business. Audit methodologies typically consist of four parts, including a preliminary risk assessment, a planning stage, a testing phase and an exit meeting.
A preliminary risk assessment normally begins with an interview of company management. This meeting usually determines the depth and breadth of the audit methodology because company management generally will disclose their business’s highest risk areas. After the meeting, auditors usually compile their notes and write up a formal agreement outlining the scope of the audit. Changes to the audit methodology may require a separate addendum to the original written agreement. Once the preliminary risk assessment phase is complete, auditors typically begin the planning stage.
The planning stage of audit methodology introduces auditors to each business area they will be auditing. Walk-throughs often are used during this stage of the audit to familiarize auditors with company employees and their specific responsibilities. Additional weaknesses discovered by auditors may be added to the original audit scope agreement. Company management usually introduces the auditors to department managers, allowing auditors to freely conduct interviews without undue influence. This protects the integrity of the audit methodology. The testing phase normally begins once auditors have finished their audit planning assessment.
The testing phase is the meat of the audit methodology process. Auditors actively review financial information or business processes to determine any violations of the Generally Accepted Accounting Principles (GAAP) or internal operational standards. A sample is usually taken from large groups of information and tested independently by auditors. If too many failures occur in the first test sample, the audit methodology may require auditors to test an additional group of information or simply write up the initial sample as a failure or violation of company standards. Once the testing phase is complete, auditors typically have an exit meeting with company management.
The exit meeting represents the wrap-up phase of the audit methodology. This meeting allows auditors and company management to review the audit results and discuss any major violations or failures discovered during the testing phase. Formal audit opinions are usually filed within a week of the audit exit meeting. Companies may also choose to dispute audit findings during the exit meeting if the violations are minor or insignificant compared to the company’s aggregate operations. Audit methodologies may require companies to have a second audit if too many violations were discovered during the first audit.