An audit policy describes the standards and guidelines a company uses when conducting internal audits or going through an external audit by a public accounting firm. This policy helps ensure each accountant in the company knows and understands his role in the audit process. An audit policy may also be instituted to meet the guidelines of a government agency. Publicly-held companies in the United States (U.S.), for example, must meet the audit requirements of the Sarbanes-Oxley Act of 2002, which is a law the U.S. government put in place to protect investors and help prevent financial fraud or scandal. U.S. companies also are required to use a public accounting firm approved for public audits by the Public Company Accounting Oversight Board (PCAOB). There are similar groups in other countries, such as the Auditing Practices Board (APB) and the Financial Reporting Council (FRC) in the United Kingdom.
Companies developing a compliance audit policy may do so according to specific requirements set forth by a trade association or government entity. Compliance audits ensure companies are following specific standards in order to maintain certification or licensure for their business operations. The Occupational Health and Safety Association (OSHA) in the United States or similar organizations, for example, commonly use compliance audits to ensure their members maintain quality operational processes. Companies may also need to use an audit policy when maintaining general liability insurance policies or bond guarantees.
An audit policy regarding internal functions typically outlines what specific accounting functions are reviewed by internal auditors and which employees will be conducting the audit. The internal audit is usually an informal process used for business management purposes. Company and accounting managers may use internal audits to ensure specific controls are in place that limit an employee’s ability to commit fraud, embezzlement or abuse the company’s financial accounting process.
External audit policies may vary from an internal audit policy. External audits are usually formal accounting processes meant to assure external investors or stakeholders regarding the company’s overall financial health. External audit policies typically includes information on the public accounting firm conducting the audit, which processes will be audited, the internal controls that will be reviewed by the auditors and the frequency of external audits. The audit policy may also provide guidelines for a remedial audit, which is a formal type of audit used to review previously failed external audits.
Audit policies may also include definitions or instructions for auditors regarding the materiality of accounting misstatements or errors found in the company’s accounting information. These definitions and instructions usually follow accounting industry standards set forth by various public accounting firms. Unless external government requirements exist, companies typically may develop an audit policy to set internal materiality standards and specific instructions for correcting any such errors.