What Are the Steps of an Audit?

Published November 5, 2019 • 2 min read

An audit is an objective examination and analysis of some part of an organization’s operations to determine if it’s complying with applicable standards. 

For example, a compliance audit ensures that a company complies with the applicable rules, regulations, and industry standards, as well as internal policies and procedures. A financial audit examines the company’s financial statements to make sure they are accurate.

To ensure a successful audit, companies should follow these specific audit steps:

The Audit Process

Define objectives

Before the audit, an auditor from an Audit & Management Advisory Services (AMAS) firm performs a preliminary planning and information gathering phase to define the objectives and scope of the audit. Such auditors are typically from a third-party organization that performs independent and objective audits and offers management consulting.

Audit announcement

After defining the objectives of the audit, AMAS issues a formal audit engagement memo to a company’s executives outlining the audit plan. The goal of the memo is to present the audit’s objectives, outline the review process, and set expectations for the course of the audit.

Audit entrance meeting

AMAS meets with the head of the area that will be audited to discuss the scope, time frame, and steps of the audit. During this step, company management provides an overview of operations, relevant policies and procedures, and any other pertinent information.

Fieldwork

The auditor gathers the relevant information and conducts audit testing to gain an understanding of internal controls. During this step, AMAS examines documents and other records to determine if effective internal controls are in place. They evaluate compliance with external rules and regulations. and review system-related controls for data security.

Reviewing and communication results

During the audit fieldwork phase, the assigned auditor discusses with the organization’s leaders any potential weaknesses in the internal controls, violations of policies or procedures, or corrective actions to take. Throughout the audit, the auditor communicates any issues with the executives to ensure they understand the risks and to obtain agreement on proposed recommendations. The audit report spells out the audit results.

Audit exit meeting

When AMAS finishes the fieldwork, it meets formally with management to discuss any issues as well as the recommendations contained in the audit report. Both parties discuss and agree on the recommendations and, in most cases, determine when any issues will be corrected.

Audit report

Company executives review the audit issues and recommendations to ensure they’re complete and draft a formal response and action plan. AMAS then issues the formal audit report to management.

Other Helpful Content

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo