Audit Procedures: A Quick Tour with 19 (Free) Templates

What are audit procedures? Can you define the term with a single definition?

How are audit procedures relevant to your business?

How would you go about implementing audit procedures?

I will stop with the interrogation. I hope though, I have you thinking – I mean really thinking – about the term audit procedure. From my own experience, most people hear the term audit and have a general idea of what this is. But when it comes to defining the term or implementing audit procedures in a business, they struggle.

If you are one of those people, then luck is in your favor for having stumbled on this article. In this article, we at Process Street will take a look at audit procedures, define what they are and how they are implemented.
We then turn our attention to a specific type of audit procedure, namely, the internal audit. Finally, I will introduce to you Process Street’s new, game-changing feature: approvals.

This article is structured as below:

• Audit procedures: What are they?
• Audit procedures: The auditing process
• Audit procedures: Four different types of auditing opinion
• Internal audit: What is an internal audit
• Internal audit: The benefits internal audits bring to your business
• Internal audit: Disasters caused by internal audit neglect
• How you can use Process Street to conduct an internal audit for your business
• Process Street’s approvals feature and its use-value for internal audits
• A whistle-stop tour through Process Street’s free internal audit template resources

In the section A whistle-stop tour through Process Street’s free internal audit templates, you are presented with 19 free templates. I have listed these templates below so that you can plunge right in. Keep reading for more information on each template.

1. Financial Audit Checklist
2. Environmental Accounting Internal Audit
3. Environmental Management Self Audit Checklist
4. Management Systems Audit Checklist
5. ISO 9001 and ISO 14001 Integrated Management System (IMS) Checklist
6. ISO 9001:2015 Internal Audit Checklist for Quality Management Systems
7. PPC Audit Checklist
8. Google Analytics Audit
9. Technical SEO Audit
10. UX Audit
11. ISO 27001 Information Security Management System (ISO27K ISMS) Audit Checklist
12. SQL Server Audit Checklist
13. Firewall Audit Checklist
14. Network SecurityAudit Checklist
15. Occupational Health and Safety (OHS) Audit Checklist
16. Diversity Management Monthly Audit
17. Hotel Sustainability Audit
18. Laboratory Safety Procedure Audit
19. Retail Store Audit Checklist

Shall we get started?

Audit procedures: What are they?

 

Audit procedures are the processes and methods that auditors perform to obtain audit evidence which enables them to make a conclusion on the set audit objective and express their opinion – Wiki Accounting, Audit procedures: Definition, Types, Example, List, Preparation

The term audit procedure encapsulate’s a very broad set of processes and methods. These are designed to determine the accuracy or safety of a given business operation, statement and/or record. Despite the broad range of procedures enveloped within the term audit procedure, they are all designed for the same end. That aim being, as per the definition above, to draw a conclusion on the set audit objective.

To clarify audit procedures further, we can break down the term into its two constituents: audit and procedure.

Audit definition

An audit is the process of evaluation or analysis of something to determine its accuracy or safety, or is the document that declares the result of such an analysis or evaluation – Your Dictionary, audit

An audit is a result, usually given in the form of a report, obtained from evaluating a particular business process or processes.

An interesting fact for you, the term audit is Latin derived from the word audire, which means to hear. With the prevalence of manual bookkeeping, auditors would hear accounts read out to them. Auditing was a case of being able to audire fraudulent and negligent behavior.

An audit can cover any business operation or subject matter. Commonly audited areas include:

1. Financial
2. Secretarial and compliance audit
3. Internal controls
4. Quality management
5. Project management
6. Water management
7. Energy conservation

To produce an audit, you need a procedure, bringing us to the definition of our next constituent term (procedure).

Procedure definition

A set of actions that is the official or accepted way of doing something – Cambridge Dictionary, procedure

With the term audit procedure, we are referring to set procedures that are designed to produce an audit result. For successful audit completion, every step of the procedure must be performed to the T. That means removing any error and ensuring accuracy.

At Process Street, accuracy, efficiency, and productivity lie at the heart of our business offering. Process Street allows you to document and record set procedures and business processes. You can do this by using our superpowered checklists. To not jump the gun, for now, I will continue with my overview of audit procedures before I move onto Process Street and how we can help.

Already have a firm understanding of audit procedures? Why not scroll down to find out how Process Street can help you in the execution of your audit procedures for free.

Right, back to audit procedures.

Grasping a solid definition for audit procedure is a great starting point. This set foundation of understanding can be built on in the rest of this article. Next, we will consider – albeit briefly – the auditing process (because we love processes at Process Street).

Audit procedures: The auditing process  ️

The individual carrying out an audit is called an auditor. Auditors may be internal to your business, as part of your organization. Alternatively, auditors can be external to your business, as part of a regulatory body or a governmental agency.

For successful completion of an audit, the auditor must follow the below six specific steps, as detailed by Chron.com:

#1 Auditing process: Know your client/organization

The given organization is notified of the upcoming audit. The auditor then works to get to know the organization. This step is more appropriate for an external auditor. Conducting client interviews is the simplest way to ensure step one’s completion. The auditor may also get written representations, or ask for access to previous audits and other documentation.

#2 Auditing process: Audit planning and strategy

On getting to know the company, the auditor will then plan their audit strategy. A risk workshop can be conducted during this stage, to find and identify possible problems. The audit plan is then drafted.

Need help with risk management? Check out our Ultimate Risk Management Guide: Everything You Need to Know with free to use templates to help you get started.

It is good to schedule an open meeting during this stage, inviting senior management and key administrative staff. The scope of the audit can be presented, and the time frame of the audit is determined. Relevant staff should be informed of possible interviews from the auditor.

#3 Auditing process: Fieldwork

The fieldwork part of the auditing process is usually where the main work begins. This part is about collecting information and evidence, which can be gathered by multiple means such as:

• Inspecting organizational records
• Inspecting organizational documents
• Inspecting both tangible and intangible assets. For example, does the organization hold the correct amount of inventory as stated?)
• Sourcing confirmation of organizational claims, often from a third party
• Observing business operations
• Conducting interviews and open meetings

#4 Auditing process: Analysis

Stage 4 takes all fieldwork information and compares this information against set standards. Compliance is tested using policies and procedures. Internal controls are evaluated to make sure they are adequate.

#5 Auditing process: Exercise professional judgment

Conclusions are made and a report draft is begun. Aspects of the report may include:

• mathematical errors
• posting problems
• false claim
• operational concerns
• organizational breaches from set standards

#6 Auditing process: Exercise professional judgment

Conclusions made will include commentary given by the auditor. This commentary may include recommended solutions for highlighted problems.

A closing meeting would solicit a response from management in terms of agreement or disagreement on the audit results. An action plan run by the auditor will address problems projected, to resolve all issues.

Finally, the audit report will be given one of four types of audit opinions, which we shall discuss next.

The four different types of audit opinion  ️

In the final stage of the audit process, the audit report is branded with an audit opinion. You can think of different audit opinions as grades on a scale: with a pass at the lower end and fail at the upper end, and grades in-between. Although, admittingly, it does get a little more complicated than that.

There are four different types of audit opinions, which I have summarized below:

Disclaimer: these audit opinions are mostly associated with financial audits

1. Unqualified: This is the gold star result. The result that every business strives for. An unqualified opinion means that all information is presented fairly, and is reliable.
2. Qualified: A qualified opinion is a next level downgrade from the unqualified opinion. A qualified opinion means all information par one single issue, is presented as it should.
3. Adverse opinion: An adverse opinion is the opposite of an unqualified opinion. This is your big fat F. Adverse opinion means that there are gross issues in need of addressing.
4. Disclaimer: When a definite opinion is not possible, an auditor will give a disclaimer. The absence of information often results in a disclaimer opinion.

Speaking of disclaimers, you may have noticed that I added a disclaimer above the listed audit opinion types. This disclaimed that the above opinions are usually associated with financial audits.

Want to know more about financial audits? Keep a lookout for my upcoming post entirely focussed on this audit type.

You see, the auditing world is a bit of minefield in the sense that there is more the one type of audit. For example, as I mentioned under the header Audit definition, there are several different audit areas. The financial sector is just one of many business sectors that can be audited.

The classification of the audit type is dependent on the following factors:

• Type and level of assurance
• The objective
• The purpose
• The scope
• The use

However, this article will cover only one audit type, namely the internal audit.

Why?

An internal audit is one that is most relevant to you as a business owner or employee. It is this audit type that you have complete control over. It is the internal audit, that is absolutely in your hands.

Want to find out more regarding audits and the different types? Check out Wiki Accounting‘s Types of Audits: 14 Types of Audits and Level of Assurance.

For the remainder of this article on audit procedures, I will concentrate solely on the internal audit. You will find out the following:

• What an internal audit is
• Internal audits and the benefits they bring to your business
• Disasters caused by internal audit neglect
• How you can use Process Street to conduct an internal audit for your business
• A whistle-stop tour through Process Street’s free internal audit template resources

It is in this next section that you will be introduced to our state-of-the-art approvals feature. I will show you the feature’s considerable value for the running of your internal audit processes.

Internal audit: What is an internal audit? 

An internal audit is a type of audit procedure that is conducted within an organization in a completely independent and objective manner, to ensure assurance of a given business operation to standards set by the organization, regulatory body or government.

The main features of an internal audit are:

1. They are voluntary
2. They are undertaken internally to your business, as part of your organization

Internal audits are broad. They can provide affirmation regarding compliance to set standards for different business operations. Once an internal audit is completed, the results are communicated to senior management and a committee board of directors.

There are six key activities centralizing internal audits. These are outlined by Accounting Simplified.com:

1. Monitoring internal controls effectiveness and suggesting areas for improvement
2. Instances of fraud and theft are investigated
3. Compliance to laws and regulations is monitored
4. Financial and operating information is reviewed and verified
5. Risk management policies and procedures are evaluated
6. Effectiveness, efficiency and the economy of operations and processes are examined

 

Internal Audit: The benefits internal audits bring to your business 

So far, we have built a good stem of knowledge regarding audit procedures. From this, we have branched out, considering the internal audit, defining what the internal audit is. Why though, do we need to use both time and energy to diverge down this internal audit offshoot?

Our question: why use precious business time and energy to conduct an internal audit?

Whenever I look to answer the why, I question, what are the benefits? In this sense, what benefits will an internal audit bring to your business?

Luckily for you, I have summarized five fundamental benefits internal audits bring below, as defined by Partners:

1. Measure practices and processes against proposed procedures to make corrections
2. Reduce the risks of data breaches and other cybersecurity concerns
3. Protect your internal network
4. Enable you to stay up to date on governmental regulations to maintain compliance
5. Monitor mobile technology security and efficiency

Internal audits are designed for the continual improvement of your business operations, The aim is to identify system weaknesses, and have plentiful opportunities and time to correct those weaknesses.

Considering the above benefits internal audits can bring to your business should be enough to spur you into action.

However, if you are still not convinced, I recommend that you continue reading. In this next part, we will find out what can happen when regulations and set standards go awry.

Internal audit: Disasters caused by internal audit neglect 

Standards are set to manage risk and ensure the clean running of business operations. If you are not checking your procedures, how do you know they aider to the standards set?

In this next section, I will give examples of when business operations and procedures neglect set standards. The aim is to drill down the importance of the internal audit. I will then give an example of correct internal audit use, for contrast with the given examples of internal audit neglect.

The U.S financial crash caused by regulation neglect?

Source

Something big happened in 2008, shocking our economic world to a near-enough halt. The 2008 U.S. financial crisis has been described as the worst economic disaster since the great depression of 1929. Since there have been numerous studies and points of view on the cause or causes of the crisis.

One potential cause was put forward by the Financial Crises Inquiry Commission. In the commission’s own words – regarding the financial crisis cause:

The Commission concluded that this crisis was avoidable. It found widespread failures in financial regulation; dramatic breakdowns in corporate governance; excessive borrowing and risk-taking by households and Wall-Street; policymakers who were ill-prepared for the crises; and systemic breaches in accountability and ethics at all levels – The Financial Crises Inquiry Commision (FCIC), Conclusions

As concluded by the FCIC, financial regulatory breaches could have played a key part in the financial crisis. Regular, thorough and extensive internal financial audits are designed to prevent such breakdowns, preventing the associated negative repercussions.

According to a study by the U.S. Government Accountability Office, the financial crises cost the U.S Economy ~$22 trillion. This figure sums up my point: neglecting set standards can have detrimental, costly impacts down the road. Internal audits are there to make sure you keep on track.

London’s Grenfall tower caused by regulation neglect?

Source

As a past London dweller, the Grenfell tower disaster really struck a chord. I had been a student in London for the past four years, and so knew of Grenfell tower and the surrounding area before the building crumbled to ashes.

On the 14th of September 2017, just before 01:00, a fire broke out in the 4th-floor kitchen of the 23 story tower block, located in West Kensington, London. It took only minutes for the fire to spread, racing up the exterior of the building. In as little as 2 hours, the majority of the upper floors were ablaze. Seventy-two people died from the catastrophe. How did this happen?

Grenfell Tower had a stay-put fire policy. The building had been designed to contain a fire to a single flat. However, as the residents sat tight, the fire sparked out of control, pumping thick poisonous smoke up the stairwell. Clearly, there had been a substantial failure to the policy.

This failure was due to regulatory breaches during the tower’s refurbishment. With hindsight, particular attention was paid to breaches in building cladding. It was this cladding that caused the fire to spread so rapidly resulting in the death of 72 people.

In this instance, the implementation of a strict and effective internal audit would have controlled fire risk. For one,  by ensuring appropriate cladding fixtures.

Speaking to my colleague about this incident, who was also living in London at the time, Thom James Carter summed up my point very nicely:

I remember seeing the smoke from across London. Grenfell tower highlights why businesses/organizations should always, always adhere to regulations, undergo regular audits, and not skip corners – Thom James Carter

Correct use of an internal audit

Source

In 2017 I landed a job at an environmental science laboratory. The laboratory tested samples of water and soil, to check the contamination levels of common pollutants. This included testing for pesticides, metals, and hydrocarbons.

The laboratory is an accredited laboratory, meaning that all tests and procedures have to be carried out as per set standards. This means no deviation. No errors. No inaccuracies. Failure to continue as per set standards will result in accreditation loss. Laboratory customers only wanted accreditated results, as only accreditated results are recognized.

The laboratory often carried out internal audit checks, making sure procedures did not lax away from set standards. Results from one internal audit meant accreditation from a sole metal test had to be removed. Without accreditation for this single metal test, the laboratory lost customers. However, this was only a short-term adversity.

The procedure was soon set right as per the required standards. In the long-term, identifying the regulation breach internally meant the laboratory avoided fines and reputation loss that would have eventually hit hard with a guaranteed but unexpected, external audit.

Want to know more about external audits? Check out Humentum‘s External Audit post.

How you can use Process Street to conduct an internal audit for your business 

So far we have:

• Defined what audit procedures are
• Obtained a basic understanding of the audit procedure processes
• Briefly considered different audit opinions
• Explained the broad range of audit types
• Focussed specifically on internal audits, defining what an internal audit is
• Explained the advantages internal audits bring to a business
• Looked at disasters caused by internal audit neglect
• Looked at an example of an internal audit done right

In this next part of the article, we turn our attention to Process Street, and how Process Street can help you with your own internal audit.

You see, as we mentioned before, audit procedures – which encompasses the internal audit – are a set of standard operations, that should be carried out precisely, accurately, efficiently and effectively. Any deviation from these set standards will lose you your unqualified – or equivalent – audit opinion, and we don’t want that.

Process Street has been created to help business owners such as yourselves. We look at every business operation, and think ‘what can we do to help?

When it comes to audits, we understand how daunting they seem.  Especially with the added pressure of making sure every step is performed to the T. That is why Process Street’s content creation team has been working hard to create a broad range of internal audit checklists, free and ready to use right away.

For those of you that are unfamiliar with Process Street and our offerings, check out our Monthly Webinar: An Introduction to Process Street below.

Once you have added the tasks, within your internal audit, that are subject to approval, then they can be assessed. The assigned approver can easily open the checklist, see the information from the tasks, then either approve or reject, or reject with a comment.

Want to know more about this game-changing feature? Read our Approvals: How to Streamline Decision-Making in Process Street article.