External audit is a type of assurance service that provides an independent and objective assessment of the financial statements and internal controls over financial reporting and associate processes. The purpose of an external audit is to verify a company's conformance to accounting rules and regulations to ensure that the financial statements are presented without material errors. Public accounting firms, like the big four in the United States (Deloitte, PWC, E&Y, KPMG), as well as smaller regional and local firms, perform external audits. External audits must adhere to the Generally Accepted Auditing Standards (GAAS), which provide requirements and guidance for performance of external audits. These standards are set by national or international organizations, such as the American Institute of Certified Public Accountants (AICPA) in the United States. Auditing standards endure the quality and consistency of assurance engagements, which is important considering the various uses and audience of audit reports. The GAAS pertains to three key areas:
- General standards, which relate to auditor competencies, independence, and professional care.
- Standards of field work, which require that audits are appropriately planned and performed.
- Standards of reporting, which relate to audit report format, disclosures, and communication of audit conclusion (opinion).
There are several types of audit opinions issued by external auditors, as listed below:
- Unqualified opinion – “the financial statements present fairly, in all material respects, the financial position, results of operations, and cash flows of the entity in conformity with generally accepted accounting principles.”
- Explanatory language added to the auditor's standard report – certain situations that do not affect the auditor's overall opinion may require additional explanations (explanatory language) in the report.
- Qualified opinion – “except for the effects of the matter(s) to which the qualification relates, the financial statements present fairly, in all material respects, the financial position, results of operations, and cash flows of the entity in conformity with generally accepted accounting principles.”
- Adverse opinion – “the financial statements do not present fairly the financial position, results of operations, or cash flows of the entity in conformity with generally accepted accounting principles.”
- Disclaimer of opinion - the auditor does not express an opinion on the quality of the financial statements.
External audit requirements
Certain companies are subject to annual independent audit requirements for various reasons. Companies publicly traded on one of the U.S. stock markets under the Securities Exchange Act of 1934 are required by the U.S. Securities and Exchange Commission (SEC) to submit annual and quarterly audited financial statements. National banks in the United States are subject to regulatory audit requirements. The Federal Deposit Insurance Company (FDIC) requires in Part 363 that banks with total assets exceeding $500 million submit audited financial statements to the primary regulator within 90 days for public companies or 120 days for private companies from the fiscal year end.
Examples of External audit
- Auditing standards: These standards are used to evaluate the performance of the external auditor and to ensure that the audit is conducted in compliance with applicable laws and regulations.
- Evidence gathering: This includes methods and procedures used by the external auditor to collect, analyze and evaluate audit evidence to reach conclusions and determine the audit opinion.
- Reporting: This includes providing the audit opinion, detailing the audit procedures and findings, and issuing the audit report.
- Financial statement audits: These are the most common type of external audit. This audit is conducted to give an opinion on the fairness of the financial statements in accordance with the reporting framework (e.g. Generally Accepted Accounting Principles (GAAP) in the United States).
- Internal control audits: These audits evaluate the design and operating effectiveness of internal controls over financial reporting and other processes.
- Forensic audits: These audits involve the investigation of financial statements and other data to detect fraud or other irregularities.
- Compliance audits: These audits evaluate an organization’s compliance with laws, regulations, and other standards such as contracts, grants, or internal policies.
Advantages of External audit
External audit is an important assurance service that provides an independent and objective assessment of the financial statements and internal controls over financial reporting and associate processes. The advantages of external audit include:
- Increased credibility and reliability of financial statements: External audits provide an independent and unbiased assessment of the financial statements and internal controls, which increases the credibility and reliability of the financial statements.
- Improved internal control environment: External audits may identify weaknesses in internal controls that need to be addressed. This can improve the internal control environment and reduce the risk of errors or fraud.
- Increased confidence of stakeholders: External audits provide assurance to stakeholders that the financial statements are accurate and reliable. This can increase stakeholder confidence in the organization and its management.
- Improved compliance with laws and regulations: External audits can help an organization comply with applicable laws and regulations. Auditors can identify any non-compliance issues and provide guidance on how to address them.
- Cost savings: External audits can help an organization identify areas where costs can be reduced, such as through improved internal controls or better management of resources. This can lead to cost savings over time.
Limitations of External audit
- External audits are limited by the scope of the engagement. The scope will depend on the type of audit being performed, the purpose of the audit, and the resources available to the auditor. If the scope of the audit is too narrow, it may not provide a comprehensive view of the financial statements and internal controls.
- The external auditor must be independent from the company being audited. If the auditor has a relationship with the company or its management, their objectivity may be compromised and their ability to detect errors or misstatements could be impaired.
- The external auditor is limited by the time and resources available to them. Depending on the size of the audit, the auditor may need to work with a limited budget and timeline. This may limit the amount of time spent on the audit and the number of procedures that can be completed.
- The external auditor is also limited by the information available to them. The auditor must rely on the information provided by the company, which may be incomplete or inaccurate. The auditor must also assess the risk of material misstatement and adjust their procedures accordingly.
- Finally, the external auditor is limited by their own expertise. If the auditor is not familiar with the industry or the financial statements, they may not be able to accurately assess the risk of misstatement.
- Auditing for Compliance: This approach is used to evaluate the effectiveness of a company’s internal controls as well as its compliance with external regulations.
- Auditing for Efficiency: This approach is used to evaluate how well a business is using its resources and identify areas of possible improvement.
- Auditing for Internal Controls: This approach is used to evaluate the adequacy of internal controls over financial reporting and associated processes.
- Auditing for Risk Assessment: This approach is used to determine the level of risk associated with certain financial activities and to develop strategies to mitigate those risks.
In conclusion, external audit is an important assurance service that helps to verify a company’s financial statements and internal controls. Other approaches related to external audit include auditing for compliance, auditing for efficiency, auditing for internal controls, and auditing for risk assessment. These approaches help to ensure that a company is in compliance with regulations and is using its resources efficiently, while also mitigating potential financial risks.
- American Institute of Certified Public Accountants (1989). on Audited Financial Statements, AU Section 508. Independent Auditor's Report, 2153.
- American Institute of Certified Public Accountants (2001). Generally Accepted Auditing Standards, AU Section 150. Auditing Standards, 1599-1600.
- Federal Deposit Insurance Corporation (2018). 2000 – Rules and Regulations, Section 363.2 Annual reporting requirements, 1.
- U.S. Securities Exchange Commission (2018). Financial Reporting Manual. Topic 4, Independent Accountant's Involvement. Section 4200 Accountant's Reports, 1.
Author: Urszula Szydłowska