There are three different types of audit procedures: data selection, reliability validation, and relevance confirmation. The selection of the procedures used typically depends on the type of audit, the scope, and the level of internal control. An audit procedure is defined as the specific tests that the auditor performs when gathering the evidence required to evaluate if the audit objectives are met.
The primary purpose of an audit usually is to evaluate the level of compliance with internal and external policies, identity the effectiveness of internal controls, and provide a report to external and internal audiences. There are a range of different types of audit, from financial to health and safety. The purpose of the audit procedures, however, remains the same.
Typically, the method used to select the data depends on the characteristics of the data itself. For transactional data that is available electronically, a random selection program typically is used. It can be very important for the data selection to be random within a specific classification of data. For example, an audit of safety-report completion over a three-year period should include the random selection of reports filed throughout the period, and not a series of sequential reports filed in a short time frame.
Validating the reliability of the data typically requires a series of audit procedures that focus on tracking the original source of the data, identifying who generated the original data, and how it was completed. It is important to use an independent verification method, preferably one that cannot be altered to provide proof that the data is reliable. This type of information is called an audit trail, and is used to prove who accessed the data and when.
An effective audit usually is focused on specific tasks or areas of operation. It is not an opportunity to explore interesting information or to look for possible patterns in behavior. One of the most important audit procedures from a supervisory perspective is relevance. All the data collected and tests performed must be directly relevant to the scope of the audit.
Skills typically required to conduct an audit include attention to detail, precision, and a full understanding of business rules and requirements. Financial statement audits must be conducted by a licensed accountant who has completed a certification program. Auditors working in other areas, such as workplace safety or information technology, typically have significant education and experience in these fields. Written communication skills usually are very important, as auditors are required to provide a written report at the end of the audit process.