What are the Different Audit Steps?

Article Details
  • Written By: Carol Francois
  • Edited By: Heather Bailey
  • Last Modified Date: 11 October 2019
  • Copyright Protected:
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
In 2008, Mike Merrill became the first publicly traded person, allowing shareholders to control his life decisions.  more...

October 23 ,  1983 :  Suicide bombers killed nearly 300 US and French military troops in Beirut.  more...

There are four different audit steps followed in every financial or system audit: planning and risk assessment, testing of internal controls, substantive procedures, and finalization. The purpose of these audit steps is to provide a standard process that is used in every audit. In most organizations, an audit is conducted by the internal audit department or an external auditing or accounting firm.

Planning and risk assessment audit steps are typically conducted before the fiscal year end and are used to gather information. The auditor takes the time to learn about the industry, regulations, accounting policies, and information systems. During this stage, many auditors work from a remote location, as most of this information is available from independent sources.

In order to effectively plan the audit, the overall scope must be evaluated and documented. A standard financial audit is limited in scope to transactions that occurred in the current period and is often completed at a summary level. The number of transactions and dollar values are used to determine the upper and lower bounds that will be used to set the audit values. The industry, strength of internal controls, and any issues raised by management determine the risk assessment for the audit.


One of the most important of all the audit steps is the process of testing the internal controls. These processes and procedures are used to ensure that proper approvals are in place before payment is made or transactions entered in the system. The primary method of internal control testing is to randomly select transactions and check the source documentation. If a random selection from a representative sample finds controls were weak or missing, then the sample size must be increased.

Substantive procedures is the actual process of collecting physical evidence of transactions and verifying the value posted to a specific account is supported by actual documents. This aspect of the audit is the most time consuming and is very detailed work. The account selected for this type of review varies, but is typically one that tracks a range of high and low dollar value activity.

The last stage of the audit is finalization. This is the creation of a report to management that summarizes all the procedures used to conduct the audit, the result of the various processes, and supporting documentation. Audit reports have a variety of formats or layouts used, depending on the audience. For example, most banks require audited financial statements when applying for a business loan. They often have a preferred format, making the comparison and review a simpler process.


You might also Like


Discuss this Article

Post 3

I would personally hate having to follow all these audit procedure steps to do an internal audit of a company. I think it makes a lot more sense to hire an outside auditor to come in and do the audit.

Yes, you would have to give them some time to learn about your industry and processes. However, I think you would probably get more honest results from an outside auditing firm rather than internal auditors that work with the company every day.

Post 2

@Azuza - I didn't know that every audit followed the same steps either. I also didn't think there would be so many steps! I thought an audit would just be looking at financial transactions and making sure everything matched up. I didn't know that auditors actually did a control audit to check the internal controls!

However, I guess it kind of makes sense to do this during an audit. Because that way, if something doesn't match up, you would at least have a start to investigating what went wrong.

Post 1

I always hear about audits, but I had no idea that every audit followed the same internal audit steps. I always thought it might be different for different industries, or maybe different steps if you were doing an audit that spanned a large amount of time versus a small amount of time.

However, I guess it's easier on people who perform audits to have the steps stay the same. Because even if you have to learn about a new industry, at least you already know the steps to doing the actual audit. I imagine this saves some time!

Post your comments

Post Anonymously


forgot password?