There are typically four different audit objectives: define and test controls, verify proper procedure was followed, determine risk of audit error, and write audit opinion. There are a range of different types of audits, from financial to health and safety, but regardless of the focus, the objects remain the same. The tests used to complete the audit vary widely, however, depending upon the industry and area of focus.
An audit always is conducted by people who are not involved in the process under review. This may include staff from the internal audit department or from external auditors who work for a separate organization. The primary objectives are to review the original data to determine the level of procedural compliance, review the procedures themselves, and produce an audit opinion on the accuracy of the data and level of compliance. This usually is important in a range of different industries since business owners need to know how much they can rely on data from different areas and the level of risk in different areas of the operation.
Defining and testing controls are important audit objectives. A control is a procedure or task that prevents staff from failing to follow policy. For example, requiring the signature of the supervisor on every employee time card is a way to stop people from getting paid for time they did not work. The quality of the control, however, is based on the supervisor knowing where staff is and making sure that the time card is accurate.
The best way to verify that the proper procedure was followed is to take a random selection of documents or information from a data set. These documents are tested for evidence of compliance. Using statistics, the auditor can determine how many documents need to be tested and the chance of an error in the data set. It is important to note that most auditors use specialized computer programs to select the appropriate number of documents to review and from where each should be selected.
Each document is then compared against company policy for compliance, in keeping with the main objectives of the audit. The rate of compliance is weighed against the data set size and the degrees of compliance failure. For example, if there was significant evidence of unauthorized payment processing, then the validity of the accounts-payable amounts would be questioned, as well as the strength of internal controls surrounding payment processing.
The risk of audit error is important. This value is the chance that the auditor arrived at the wrong conclusion. For example, if the purpose of the audit was to identify the rate of compliance with health and safety rules, and the auditor confirmed compliance was found, the audit risk is the chance that this is not the case and that the auditor missed it.
Typically, the final output of any audit is the auditor's opinion. The report is issued by the auditor to identify the procedures used, the scope of the audit, and the results of the tests. This is the final audit objective and is the report that usually is reviewed by business owners, investors, and other interested agencies.