30 Aug 2023

The Financial Audit Process

The Financial Audit Process:

Examining the performance of the duties of an External Auditor

By Ume Onyedikachi


Auditing is best described as a preventive measure in business. Due to the rampant nature of financial crimes and fraud, auditing plays an important role in ensuring the accuracy and reliability of financial reporting. An audit is the systematic examination of financial records, accounts, documents, and other relevant information to provide an independent opinion on the financial position and performance of an organization.

Auditing can be defined as a systematic process by which an independent and qualified person collects and objectively evaluates evidence relating to assertions about an economic entity or event to form opinions and report on the assertion’s compliance with a defined set of standards.

The types of audits include:

  1. External audit: External audits are performed by independent Certified Accountants or audit firms that are not part of the audited organization. The primary purpose of an external audit is to provide an objective opinion on the fairness and reliability of an organization’s financial statements. External audits are often required of publicly traded companies and are important to provide reassurance to shareholders and other stakeholders.
  2. Internal audit: Internal audits are performed by employees of the organization or by the internal audit department. The purpose of an internal audit is to evaluate the effectiveness of internal control, assess compliance with policies and procedures, and identify areas for improvement. Internal audits can also help detect and prevent fraud and evaluate operational performance and risk management practices.
  3. Government Audit: Government audits are performed by government agencies to ensure compliance with government laws, regulations, and policies. These audits may focus on specific areas such as tax compliance, government-sponsored programs, or government contracts. Government audits aim to promote transparency, accountability, and proper use of public funds.
  4. Forensic Audit: Forensic audits are specialized audits that investigate suspicions of financial irregularities, fraud, or illegal activities within an organization. Forensic auditors use accounting to investigative and legal skills to gather evidence, analyze financial transactions, and determine the extent of any fraudulent activity. Forensic examinations are usually conducted in response to specific allegations or suspicions.
  5. Compliance audit: Compliance audits are performed to assess an organization’s compliance with laws, regulations, industry standards, or internal policies. These audits ensure that the organization complies with applicable rules and regulations and operates within legal and ethical limits. Compliance audits can be performed by internal or external auditors as required.
  6. Information system audit: Information systems audits focus on evaluating an organization’s information technology (IT) systems, controls, and security measures. These audits assess the reliability and integrity of data, the effectiveness of IT controls, and the protection of sensitive information. Information systems audits help identify vulnerabilities, ensure data privacy, and reduce IT-related risks.
  7. Audit of financial statements: Financial statement audits are the most common type of audit and are performed to give an opinion on the fairness and accuracy of an organization’s financial statements. These audits review financial records, transactions, and disclosures to ensure compliance with accounting principles and regulations. The audit of financial statements is usually performed by external auditors.

An external auditor is an independent professional hired by an organization to perform audits of the organization’s financial statements, internal controls, and compliance with laws and regulations. They are not employees of the organization and usually come from a Certified Public Accountant (CPA) firm. The role of the external auditor is to provide an objective and unbiased assessment of an organization’s financial, transactional, and operating records. They review the financial statements for accuracy and completeness, ensuring that they give a true and fair view of the financial position and performance of the organization.

External auditors also evaluate the effectiveness of internal controls and risk management processes within the organization. They assess whether the organization has the right systems in place to protect assets, prevent fraud, and ensure compliance with applicable laws and regulations. The primary responsibility of the external auditor is to express an opinion on the truthfulness and reliability of an organization’s financial statements. This opinion is communicated in the audit report, which assures stakeholders, such as shareholders, lenders, and government agencies, about the financial position of the organization and compliance with legal requirements. The presence of external auditors helps promote transparency, accountability, and trust in the financial affairs of the organization.

External auditors are bound by professional standards and ethical principles that require them to maintain independence, objectivity, and confidentiality in their work. These principles expect that they exercise professional judgment, skepticism, and diligence in performing their audit procedures. The regulations guiding the performance of an auditor are referred to as International Standards of Auditing (ISA). They include:

  • ISA 200: Overall Objectives of the Independent Auditor and the Conduct of an Audit by International Standards on Auditing
  • ISA 210: Agreeing the Terms of Audit Engagements
  • ISA 220: Quality Control for an Audit of Financial Statements
  • ISA 230: Audit Documentation
  • ISA 240: The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
  • ISA 250: Consideration of Laws and Regulations in an Audit of Financial Statements
  • ISA 260: Communication with Those Charged with Governance
  • ISA 265: Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
  • ISA 300: Planning an Audit of Financial Statements
  • ISA 315: Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment
  • ISA 320: Materiality in Planning and Performing an Audit
  • ISA 330: The Auditor’s Responses to Assessed Risks
  • ISA 402: Audit Considerations Relating to an Entity Using a Service Organization
  • ISA 450: Evaluation of Misstatements Identified during the Audit
  • ISA 500: Audit Evidence
  • ISA 501: Audit Evidence-Specific Considerations for Selected Items
  • ISA 505: External Confirmations
  • ISA 510: Initial Audit Engagements-Opening Balances
  • ISA 520: Analytical Procedures
  • ISA 530: Audit Sampling
  • ISA 540: Auditing Accounting Estimates: Including Fair Value Accounting Estimates: and Related Disclosures
  • ISA 550: Related Parties
  • ISA 560: Subsequent Events
  • ISA 570: Going Concern
  • ISA 580: Written Representations
  • ISA 600: Special Considerations-Audits of Group Financial Statements (Including the Work of Component Auditors)
  • ISA 610: Using the Work of Internal Auditors
  • ISA 620: Using the Work of an Auditor’s Expert
  • ISA 700: Forming an Opinion and Reporting on Financial Statements
  • ISA 705: Modifications to the Opinion in the Independent Auditor’s Report
  • ISA 706: Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report
  • ISA 710: Comparative Information-Corresponding Figures and Comparative Financial Statements
  • ISA 720: The Auditor’s Responsibilities Relating to Other Information in Documents Containing Audited Financial Statements
  • ISA 800: Special Considerations-Audits of Financial Statements Prepared by Special Purpose Frameworks
  • ISA 805: Special Considerations-Audits of Single Financial Statements and Specific Elements: Accounts or Items of a Financial Statement
  • ISA 810: Engagements to Report on Summary Financial Statements.

(Leaccountant, 2023)

ISA 230- Documentation prescribes that the auditor documents matters of importance to provide evidence that supports the audit opinion and evidence that the audit was carried out by auditing standards. Working papers should be complete and detailed enough to provide an overall understanding of the audit.

Audit working papers comprised of these 2 files:

  1. Permanent audit file
  2. Temporary audit file

The Permanent Audit File

The permanent audit file is prepared to:

  1. document recurring information regarding items in the financial statements.
  2. document information of a permanent nature in the client’s business.
  3. give new audit staff, information about the client’s affair and the nature of the audit.

Contents of the permanent audit file

  • The structure of the business
  • History and nature of the company
  • Copies of the founding documents
  • Management structure
  • Details of the accounting system, manuals, and records
  • Registered office address, products, industry, and personnel structure of the audit
  • Audit time budget
  • Letter of engagement etc.

The current audit files

The purpose of the current audit file includes:

  1. To provide a record of the work to be carried out.
  2. To provide details on work carried out.
  • To ensure the reporting partner reviewing the audit to satisfy himself that an adequate examination for audit purposes has been made for the client’s affairs.

Contents of the Current File

  • A copy of the signed financial statements.
  • Copies of all reports issued to the client.
  • Letters of weakness.
  • Letters of representation.
  • Planning program.
  • Budget and fee estimates.
  • Audit programmes.
  • Third-party confirmations and certificates.

Before the commencement of an audit, the auditor has to accept the audit work.

Acceptance of an audit work refers to the auditor’s decision to take on a particular audit engagement. It is an important step in the audit process and involves evaluating various factors to determine whether the auditor is capable and willing to perform the audit effectively and objectively. The acceptance decision is typically made before the planning stage of the audit.

Factors that auditors consider when accepting an audit work include:

1. Independence: The auditor needs to assess their independence and objectivity about the client. If there are any threats to independence, such as financial or personal relationships with the client, the auditor may decline the engagement.

2. Competence and resources: The auditor needs to evaluate their competence and expertise in the industry or sector in which the client operates. They should have the necessary knowledge, skills, and experience to perform the audit effectively. Additionally, the auditor needs to ensure that they have sufficient resources, including staff, time, and technology, to complete the audit engagement.

3. Integrity and ethical considerations: The auditor needs to assess the integrity and ethical standards of the client. If there are any concerns about management’s integrity or unethical practices within the organization, it may impact the auditor’s decision to accept the engagement.

4. Legal and regulatory requirements: The auditor needs to consider any legal or regulatory requirements that may apply to the client or the audit engagement. This includes understanding any specific industry regulations or reporting obligations that may impact the audit.

5. Client acceptance and continuance procedures: The auditor may have established policies and procedures for client acceptance and continuance. These procedures involve evaluating the client’s reputation, financial stability, and previous relationship with the auditor. If there are any significant issues or concerns identified during this evaluation, it may impact the decision to accept or continue with the audit engagement.

Overall, acceptance of audit work is a critical step in ensuring that the auditor can perform the audit effectively, objectively, and in compliance with professional standards and regulations. It helps to safeguard the auditor’s independence and ensures that they have the necessary competence and resources to carry out the audit engagement.

Audit Methodology
To carry out a proper audit, the auditor should take the following steps:

  1. Planning: The auditor needs to understand the organization’s business, industry, and regulatory environment. They should review previous audit reports, financial statements, and internal control documentation to gain insights into the organization’s operations and help in preparing their audit work plan.

An audit work plan is a detailed document that outlines the specific procedures and tasks that will be performed during the audit engagement. It serves as a roadmap for the auditor, guiding how to carry out the audit effectively and efficiently. The audit work plan typically includes the overall objectives of the audit, defines the scope of the audit, outlines the specific procedures that will be performed to gather evidence and test the financial statements or controls, provides a timeline for completing each procedure or task, outlines the resources required to conduct the audit, emphasizes the specific documents or working papers that need to be prepared to support the auditor’s findings and conclusions, and includes a section on reporting, outlining the format and content of the final audit report.

The audit work plan is typically developed during the planning phase of the audit and may be revised or updated as the audit progresses. It serves as a guide for the auditor, ensuring that all necessary procedures are performed and providing a structured approach to achieving the audit objectives.

  1. Risk assessment: The auditor needs to assess the risks associated with the organization’s financial statements and operations. This involves identifying and evaluating both inherent risks (risks that exist regardless of internal controls), control risks (risks related to internal controls), and detection risk (risk that an auditor fails to detect material errors in the financial statements). The auditor may use various techniques, such as analytical procedures, inquiries, and inspections, to assess these risks.
  2. Engagement Letter: The auditor and the organization should agree on the terms of engagement, including the scope of work, audit objectives, timelines, and fees. This is documented in an engagement letter, which serves as a contractual agreement between the auditor and the organization.

An engagement letter typically has the following components:

  • The objective of the audit of the financial statements and the responsibilities of management in preparing the financial statements.
  • Fee basis and other payment terms.
  • Provision of accounting services and other services such as tax
  1. Audit Program: The auditor should develop an audit program that outlines the specific procedures to be performed during the audit. This includes determining the sample size for testing, selecting appropriate audit techniques, and documenting the expected audit evidence required.

An audit program is a detailed set of instructions or guidelines that outlines the specific procedures and tests that will be performed during an audit engagement. It provides step-by-step instructions for the auditor to follow to gather evidence, evaluate controls, and form conclusions about the subject matter being audited.


An audit program typically includes the following features:

  • The program starts by stating the specific objectives of the audit, which may align with the overall objectives outlined in the audit work plan.


  • The program outlines the specific procedures and tests that will be performed to gather evidence and evaluate the subject matter. This includes both substantive procedures (such as testing account balances, reviewing supporting documentation or conducting analytical procedures) and tests of controls (such as evaluating the design and operating effectiveness of internal controls).


  • The program includes a timeline for completing each procedure or test. It specifies when each procedure will be performed, allowing for proper coordination and scheduling of audit activities.


  • The program identifies the individuals or teams responsible for performing each procedure or test.


  • The program emphasizes the importance of documentation throughout the audit process.


  • If applicable, the program may include instructions for selecting samples for testing. This includes determining the appropriate sample size, selecting items from the population, and documenting the sampling methodology used.


  • The program may include instructions on how to document and report the results of each procedure or test.


The audit program is typically developed based on the audit work plan and may be revised or updated as the audit progresses. It provides a structured approach for the auditor to follow, ensuring that all necessary procedures and tests are performed to achieve the audit objectives.


  1. Internal Control Evaluation: Upon audit engagement, the auditor should obtain an understanding of the accounting and internal control system. The auditor needs to assess the design and effectiveness of internal controls relevant to the audit. This may involve performing walkthroughs, testing key controls, and evaluating any deficiencies or weaknesses in the control environment. The auditor is to test that the company’s internal control system provides reasonable assurance that fraudulent activities will be detected and prevented early on.

Internal control is a process put in place but the board of directors, to assure the reliability of financial reports, compliance of financial reports with reporting standards, and the effectiveness and efficiency of operations.

By completing these steps before commencing the audit work, the auditor can effectively plan and execute the audit procedures, ensuring that they address the organization’s risks and objectives.

The audit cycle refers to the process followed by auditors to conduct an audit. It typically consists of several stages or steps that are performed sequentially. The audit cycle can vary depending on the specific audit engagement and the nature of the organization being audited, but generally includes the following steps:

1. Planning: This is the initial stage of the audit cycle where the auditor and the client discuss and agree on the scope and objectives of the audit. The auditor gathers information about the organization, its operations, and any specific risks or areas of concern. The auditor also develops an audit plan, which outlines the procedures and tests that will be performed during the audit.

2. Risk assessment: In this stage, the auditor identifies and assesses the risks that could impact the financial statements or the organization’s operations. This involves understanding the internal control systems in place, evaluating the reliability of financial information, and identifying any potential fraud risks or errors.

3. Testing and evidence gathering: The auditor performs various tests and procedures to gather evidence and verify the accuracy and completeness of financial information. This may include examining documents, conducting interviews, testing internal controls, and performing analytical procedures. The objective is to obtain sufficient and appropriate evidence to support the auditor’s opinion on the financial statements.

4. Evaluation and analysis: Once the evidence is gathered, the auditor evaluates and analyzes the findings. This involves comparing the results of tests with expectations, identifying any significant issues or discrepancies, and assessing their impact on the financial statements. The auditor may also consider any qualitative factors that could affect the overall opinion.

5. Reporting: After completing the evaluation and analysis, the auditor prepares a report that summarizes their findings and conclusions. This report typically includes an opinion on the fairness of the financial statements, along with any significant issues or recommendations for improvement. The report is usually addressed to the organization’s management or shareholders, depending on the nature of the engagement.

6. Follow-up and monitoring: After issuing the audit report, the auditor may follow up with the client to ensure that any identified issues or recommendations are addressed. This may involve monitoring the implementation of corrective actions or providing additional guidance and support as needed.

The audit cycle is a continuous process, and auditors may repeat these steps annually or at regular intervals to provide ongoing assurance on the organization’s financial statements and internal controls. The cycle helps ensure that audits are conducted systematically and thoroughly, allowing auditors to provide reliable and independent opinions on the financial statements.

An audit report is a formal document that summarizes the findings and conclusions of an audit engagement. It is prepared by the auditor and presented to the client or the organization being audited. The purpose of an audit report is to communicate the results of the audit to the stakeholders, such as management, shareholders, or regulatory authorities.

An audit report typically includes the following components:

  1. Title: The report begins with a title that indicates it is an audit report. It may include the name of the auditor or auditing firm, the name of the client or organization being audited, and the period covered by the audit.


  1. Addressee: The report is addressed to the client or organization being audited. It may also be addressed to the shareholders, board of directors, or other relevant parties depending on the requirements or scope of the audit.
  2. Introductory Paragraph: The report starts with an introductory paragraph that states the objective and scope of the audit. It may also provide a brief background or context for the audit.
  3. Management’s Responsibility: The report includes a section that outlines management’s responsibility for preparing and presenting the financial statements. It emphasizes that management is responsible for the accuracy, completeness, and fairness of the financial statements.


  1. Auditor’s Responsibility: The report describes the auditor’s responsibility for conducting the audit by applicable auditing standards. It explains that the audit was performed to obtain reasonable assurance about whether the financial statements are free from material misstatement.


  1. Opinion: The report includes the auditor’s opinion on the financial statements. The opinion may be unqualified (also known as a clean opinion), qualified, adverse, or a disclaimer of opinion. A qualified opinion indicates that there are limitations or exceptions to the auditor’s opinion, but they are not significant enough to affect the overall fairness of the financial statements. An adverse opinion states that there is material misstatement in the books of accounts. A disclaimer of opinion indicates that the auditor is unable to express an opinion due to significant limitations or uncertainties.


  1. Basis for Opinion: The report provides a section that explains the basis for the auditor’s opinion. It describes the audit procedures performed, including testing internal controls, examining evidence supporting the amounts and disclosures in the financial statements, and evaluating accounting policies and estimates.


  1. Key Findings: The report presents the key findings and conclusions resulting from the audit. It may highlight significant weaknesses, deficiencies, or areas of concern identified during the audit process.


  1. Recommendations: The report may include recommendations for improvements or corrective actions based on the audit findings. These recommendations are intended to help the client address any weaknesses or deficiencies identified and enhance their financial reporting processes.


  1. Other Information: The report may include additional information relevant to the audit, such as a statement about the auditor’s independence, limitations of the audit, or any other disclosures required by applicable auditing standards or regulations.


  1. Signature and Date: The report is typically signed by the auditor or auditing firm, indicating their approval and acceptance of the report. The date on the report shows the end of the audit work.

The components of an audit report aim to provide stakeholders with a clear understanding of the auditor’s opinion on the financial statements and to communicate any significant findings or recommendations resulting from the audit. The report serves as a crucial tool for promoting transparency, accountability, and confidence in the financial reporting process.

A letter of weakness in auditing is a communication tool used by auditors to inform the client or organization being audited about significant weaknesses or deficiencies identified during the audit process. It is an important component of the audit report and serves as a means of highlighting areas where improvements or corrective actions are needed.

When preparing a letter of weakness, the auditor typically follows a structured approach to ensure clarity and effectiveness in communicating the identified weaknesses. The letter may include the following elements:

  1. Introduction: The letter begins with an introduction that states the purpose and context of the communication.
  2. Description of Weaknesses: The letter provides a detailed description of each weakness or deficiency identified during the audit.
  3. Impact Assessment: The letter assesses the potential impact or consequences of each weakness on the organization’s operations, financial statements, or compliance with applicable standards or regulations.
  4. Root Cause Analysis: The letter may include a root cause analysis, which identifies the underlying reasons for the weaknesses.
  5. Recommendations for Improvement: The letter provides recommendations for improvement or corrective actions to address each weakness identified.
  6. Priority and Timeline: The letter may assign priorities to each weakness based on their significance and urgency. It also includes a timeline for implementing the recommended improvements or corrective actions.
  7. Management Response: In some cases, the letter may request a formal response from management acknowledging the weaknesses and outlining their planned actions to address them.

Closing the audit.

The audit is closed with an exit meeting. An exit meeting is a meeting held between the auditor and the management of the client organization after the audit meeting to discuss the findings and results of the audit. Before the exit meeting is held, the auditor should carry out the following actions:

1. Completion of Audit Procedures: The auditor completes all planned audit procedures, including testing internal controls, examining evidence, and evaluating accounting policies and estimates.

2. Finalization of Financial Statements: The auditor works with the client or organization being audited to finalize the financial statements. This may involve resolving any outstanding issues or discrepancies identified during the audit process.

3. Drafting the Audit Report: Based on the results of the audit procedures and the finalized financial statements, the auditor prepares the audit report. This includes addressing each component mentioned earlier, such as the title, addressee, introductory paragraph, management’s responsibility, auditor’s responsibility, opinion, the basis for the opinion, key findings, recommendations, and other relevant information.

4. Review and Approval: The audit report is reviewed by the auditor’s supervisors or partners to ensure accuracy, completeness, and compliance with auditing standards and regulations. Any necessary revisions or modifications are made before final approval.

5. Signing and Dating the Report: Once the audit report is approved, it is signed by the auditor or auditing firm to indicate their acceptance and approval of the report. The date of the report signifies the completion of the audit work.

6. Distribution of the Report: The final audit report is distributed to the client or organization being audited, as well as other relevant parties such as shareholders, board of directors, regulatory bodies, or lenders. The report may also be published or made available to the public depending on legal requirements or voluntary disclosures.

7. Follow-Up Actions: After the audit report is issued, the auditor may engage in follow-up actions to monitor the implementation of any recommendations or corrective actions suggested in the report. This may involve periodic reviews or assessments to ensure that the client is addressing any identified weaknesses or deficiencies.

Closing an audit work involves a thorough and systematic process to ensure that all audit procedures are completed, financial statements are finalized, and the audit report accurately reflects the auditor’s opinion and findings. The auditor needs to maintain independence, objectivity, and professionalism throughout the entire audit process.



Leaccountant. (2023). Retrieved from Leaccountant.com: https://leaccountant.com/the-accountant/auditing-standards-summaries/isa/





Facebook Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Hoa can we help you?