General audit

General audit (commonly called financial audit) is a systematic examination of an organization's financial statements, records, and internal controls to provide an independent opinion on whether the statements fairly represent the entity's financial position (AICPA 2021)^[1]. External accountants arrive, request boxes of documents, interview staff, test transactions, and eventually issue a report. That report—typically one page among hundreds of annual report pages—carries enormous weight. It tells investors, lenders, and regulators whether they can trust the numbers.

The process seems simple. The execution isn't. Auditors must balance thoroughness against efficiency, skepticism against cooperation, independence against client relationships. Major corporate frauds—Enron, WorldCom, Wirecard—occurred despite audits, revealing the profession's limitations. Yet auditing remains essential. Without independent verification, financial reporting would be chaos.

Purpose and objectives

Audits serve multiple purposes:

Assurance. Provide reasonable (not absolute) assurance that financial statements are free from material misstatement. Users can rely on audited statements more confidently.

Deterrence. The knowledge that auditors will examine records discourages fraud and error. Employees behave differently when oversight exists.

Improvement. Auditors identify control weaknesses and inefficiencies. Management letter recommendations help organizations improve^[2].

Compliance. Many entities must be audited by law or regulation. Public companies, banks, nonprofits above certain sizes.

The primary objective remains expressing an opinion on financial statement fairness—not detecting all fraud, not guaranteeing accuracy, not predicting future performance.

Audit scope

Scope defines what the audit covers:

Financial statements covered. Typically balance sheet, income statement, cash flow statement, and statement of shareholders' equity. Notes to the statements are included.

Reporting period. Usually one fiscal year, though audits may cover different periods.

Standards applied. GAAP (Generally Accepted Accounting Principles) in the US, IFRS (International Financial Reporting Standards) internationally. The audit tests compliance with applicable standards.

Materiality threshold. Errors below materiality levels don't affect the opinion. A $10,000 error in a billion-dollar company is immaterial. The same error in a million-dollar company matters^[3].

Limitations. Audits rely on sampling, not complete examination. Collusive fraud may escape detection. Professional judgment applies throughout.

Audit process

Financial audits typically follow four phases:

Planning

Engagement acceptance. Can the firm take this client? Independence issues, competence requirements, risk assessment.

Understanding the business. Industry dynamics, regulatory environment, business model. You can't audit what you don't understand.

Risk assessment. Where are material misstatements most likely? Fraud risk factors, complex accounting areas, unusual transactions.

Audit plan. What procedures will be performed? Which accounts get detailed testing? Sampling approaches, timing, staffing^[4].

Fieldwork

Internal control evaluation. How does the organization prevent and detect errors? Strong controls allow reduced substantive testing.

Substantive testing. Examine underlying transactions. Confirm bank balances, test invoices, verify inventory counts.

Analytical procedures. Compare current year to prior years, budgets, industry benchmarks. Investigate unexpected variations.

Documentation. Record everything. Work papers support conclusions and demonstrate due diligence.

Evaluation

Aggregate misstatements. Do identified errors, individually or collectively, exceed materiality? Management may correct some; others remain.

Going concern assessment. Can the organization continue operating? Substantial doubt requires disclosure.

Subsequent events review. Did anything happen after year-end that requires adjustment or disclosure?^[5]

Reporting

Audit opinion. Unqualified (clean), qualified (exception noted), adverse (statements misleading), or disclaimer (unable to form opinion).

Management letter. Private communication to management regarding control weaknesses, inefficiencies, and recommendations.

Audit committee communication. Discussion with board oversight committee regarding significant findings.

Types of audit opinions

The opinion letter is the audit's deliverable:

Unqualified (unmodified). Financial statements present fairly in all material respects. The desired outcome.

Qualified. Statements are fairly presented except for a specific issue. The exception is material but not pervasive.

Adverse. Statements do not present fairly. Material misstatements affect the financial statements pervasively. Rare—usually management corrects before this point.

Disclaimer. Auditor cannot form an opinion. Scope limitations prevented adequate examination. Also rare^[6].

Auditing standards

Professional standards govern conduct:

GAAS (Generally Accepted Auditing Standards). AICPA-issued standards in the US. General standards (qualifications), fieldwork standards (evidence), reporting standards (opinion).

PCAOB Standards. Public Company Accounting Oversight Board standards apply to US public company audits. More prescriptive than GAAS.

ISA (International Standards on Auditing). IAASB-issued standards used in most countries outside the US.

Standards address independence, professional skepticism, evidence requirements, documentation, and reporting formats.

Independence requirements

Auditor independence is fundamental:

Independence in fact. Actually being unbiased. No hidden loyalties or conflicts.

Independence in appearance. Appearing unbiased to reasonable observers. Even actual independence is worthless if no one believes it^[7].

Specific rules prohibit financial interests in audit clients, certain business relationships, and provision of many non-audit services. Audit firm rotation requirements exist in some jurisdictions. Partner rotation is more common—the same engagement partner can't serve indefinitely.

Limitations and expectations gap

Audits have inherent limitations:

Sampling risk. Testing samples rather than entire populations means some errors escape detection.

Professional judgment. Reasonable auditors may reach different conclusions on complex issues.

Fraud detection. Audits provide reasonable, not absolute, assurance. Sophisticated fraud involving collusion may evade detection.

The "expectations gap" describes the difference between what users expect from audits and what audits actually provide. Users sometimes expect fraud detection guarantees; audits don't provide that^[8].

References

• AICPA (2021), Clarified Statements on Auditing Standards, American Institute of CPAs.
• Arens A.A., Elder R.J., Beasley M.S. (2017), Auditing and Assurance Services, 16th Edition, Pearson.
• PCAOB (2023), Auditing Standards, Public Company Accounting Oversight Board.
• IAASB (2023), Handbook of International Quality Control, Auditing, Review, Other Assurance, IFAC.

Footnotes

1. ↑ AICPA (2021), Clarified Statements on Auditing Standards
2. ↑ Arens A.A. et al. (2017), Auditing and Assurance Services, pp.34-56
3. ↑ PCAOB (2023), Auditing Standards, AS 2105
4. ↑ Arens A.A. et al. (2017), Auditing and Assurance Services, pp.234-267
5. ↑ IAASB (2023), ISA 560 Subsequent Events
6. ↑ AICPA (2021), AU-C 705 Modifications to the Opinion
7. ↑ PCAOB (2023), Ethics and Independence Requirements
8. ↑ Arens A.A. et al. (2017), Auditing and Assurance Services, pp.145-167

Author: Sławomir Wawak