Audit Types

An audit can usually be classified into one of the following categories: Operational Audit Examines an operating process to determine if resources are being used in the most efficient and effective way to meet the unit's mission and objectives Internal control reviews are a major portion of an operational audit Activities such as cash handling, procurement, equipment inventories, and human resources services are generally subject to this type of audit Financial Audit Reviews accounting and financial transactions to determine if commitments, authorization, receipt, and disbursement of funds are properly and accurately recorded and reported Determines if there are sufficient controls over cash and other assets and if adequate process controls exist for the acquisition and use of resources Compliance Audit Determines if departments are complying with applicable Federal or State laws, NCAA and OSHA regulations, and University policies and procedures Recommendations from these audits usually require improvements in processes and controls used to ensure compliance with regulations Information Systems Audit Reviews the internal control environment of automated information processing systems and how people use these systems Evaluates system input and output processing controls, backup and recovery plans, system security, and computer facilities Investigative Audit May result from findings during a routine audit or from information received from personnel Audits are specialized and tailored to the circumstances and can include investigation of alleged violations of laws, regulations, or University policy.

FEATURES OF AUDITING a. Audit is a systematic and scientific examination of the books of accounts of a business; b. Audit is undertaken by an independent person or body of persons who are duly qualified for the job.

c Audit is a verification of the results shown by the profit and loss account and the state of affairs as shown by the balance sheet. d. Audit is a critical review of the system of accounting and internal control. e. Audit is done with the help of vouchers, documents, information and explanations received from the authorities DEFINATIONS

Audit
An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented. There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits. Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They're also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren't auditing their own work. Second party audits are external audits. Theyre usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However, theyre performed by independent organizations such as registrars (certification bodies) or regulators. ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the

same time, it's called a combined audit; and when two or more auditing organizations cooperate to audit a single auditee organization it's called a joint audit. ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.

Auditee
An auditee is an organization (or part of an organization) that is being audited. Organizations can include companies, corporations, enterprises, firms, charities, associations, and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly owned.

Auditor
An auditor is a person who carries out audits. Auditors collect evidence in order to evaluate how well audit criteria are being met. They must be objective, impartial, independent, and competent. ISO 19011 distinguishes between internal and external auditors. Internal auditors perform first party audits while external auditors perform second and third party audits.

Audit client
An audit client is any person or organization that requests an audit. Internal audit clients can be either the auditee or audit program manager whereas external audit clients can include regulators or customers or any other parties that have a legal or contractual right or obligation to carry out an audit.

Audit conclusions
Audit conclusions are drawn by the audit team after the audit has been completed and after audit findings and audit objectives have been considered. Audit findings result from a process that evaluates audit evidence and compares it against audit criteria.

Audit criteria
Audit criteria include policies, procedures, and requirements. Audit evidence is used to determine how well audit criteria are being met. Audit evidence is used to determine how well policies are being implemented, how well procedures are being applied, and how well requirements are being followed. When requirements are used as audit criteria, auditors often use the terms conformity and nonconformity to indicate whether or not requirements are being met. However, when legal requirements are used as audit criteria, auditors tend to use the terms compliance and noncompliance (instead of conformity and nonconformity).

Audit evidence
Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements. Audit evidence can be either qualitative or quantitative. Objective evidence is information that shows or proves that something exists or is true.

Audit findings
Audit findings result from a process that evaluates audit evidence and compares it against audit criteria. Audit findings can show that audit criteria are being met (conformity) or that they are not being met (nonconformity). They can also identify

best practices or improvement opportunities. Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements.

Audit plan
An audit plan specifies how you intend to conduct a particular audit. It describes the activities you intend to carry out in order to achieve your audit objectives. An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met.

Audit program
An audit program (or programme) is a set of arrangements that are intended to achieve a specific audit purpose within a specific time frame. It includes all of the activities and resources needed to plan, organize, and conduct one or more audits. ISO 19011 expects organizations to appoint audit program managers. They are responsible for setting objectives, assigning responsibilities, allocating resources, and monitoring performance.

Audit scope
The scope of an audit is a statement that specifies the focus, extent, and boundary of a particular audit. The scope can be specified by defining the physical location of the audit, the organizational units that will be examined, the processes and activities that will be included, and the time period that will be covered.

Audit team
An audit team is made up of one or more auditors, one of whom is appointed to be the audit leader. The audit team may also include audit trainees. When necessary, audit teams are also supported by guides and technical experts. Guides and technical experts assist auditors but do not themselves act as auditors.

Competence
Competence means being able to apply knowledge and skill to achieve intended results. Being competent means having the knowledge and skill that you need and knowing how to apply it. Being competent means that you know how to do your job.

Conformity
Conformity is the "fulfillment of a requirement". To conform means to meet or comply with requirements. There are many types of requirements. There are management system requirements, customer requirements, contractual requirements, regulatory requirements, statutory requirements and so on.

Guide
Guides are appointed by auditee organizations to help auditors. However, they may not influence or interfere with the conduct of an audit. Guides are expected to identify potential interviewees, to confirm interview schedules, to arrange access to auditee locations, and to make sure that auditors and observers are familiar with all relevant safety and security procedures. They may also be asked to help auditors collect information and provide clarification.

Management system
A management system is a set of interrelated or interacting elements that organizations use to establish and implement policies and set and achieve objectives. There are many types of management systems . Some of these include quality management systems, environmental management systems, emergency management systems, food safety management systems, occupational health and safety management systems, information security management systems, and business continuity management systems.

Nonconformity
Nonconformity is the "non-fulfillment of a requirement". It is a failure to comply with requirements. A requirement is a need, expectation, or obligation. It can be stated or implied by an organization, its customers, or other interested parties.

Observer
Observers accompany auditors and witness audit activities. However, they're not audit team members and therefore do not perform audit functions. They may not influence or interfere with the audit. Observers can represent auditee organizations, regulators, or any other interested party.

Risk
According to ISO Guide 73, risk is the effect of uncertainty on objectives and an effect is a positive or negative deviation from what is expected. So, risk is the chance that there will be a positive or negative deviation from the objective you hope to achieve.

Technical expert
Technical experts support audit teams by providing specific expertise or knowledge about the organization, process, or activity being audited or about the auditee's language or culture. They do not act as auditors.