What Is a Financial Statement Audit? (2024)

Some cringe at the word “audit.” But those of us with hands-on experienceunderstand thevalue of financial statement audits. Businesses often perceive audits as an invasion oftheir books and records, and the fear of judgment at the end can cause angst for businessowners and their accountants. Audits, however, are one of the most respected and meaningfulways for external stakeholders to gain confidence when lending to, investing in or even justdoing business with an organization. Companies of all sizes and industries, public andprivate, have their financial statements audited annually.

As a certified public accountant (CPA) and former auditor for a “Big 4”accounting firm,allow me to demystify financial statement audits, their objectives and how they work.

What Is a Financial Statement Audit?

A financial statement audit is a professional examination of a company’s financial statements.Its goal is to determine whether the financial statements present a fair and materiallycorrect representation of a business’s activity and financial position, in accordancewiththe Generally Accepted Accounting Principles (GAAP) issued by the Financial AccountingStandards Board. Specifically, auditors opine on the accuracy of an income statement, balance sheet, statement of cash flowsand all the disclosures that support them. Under GAAP, external, independent auditors mustperform financial statement audits.

A financial statement audit differs from other common types of audits, such as tax audits and internal audits.Tax audits are performed by the IRS with the objective of ensuring the accuracy of taxreturns and the amount of taxes paid. Internal audits are performed by employees of thecompany and can take many forms at the direction of company management. When an internalaudit department reviews financial statements, it is for the benefit of company managementand is not considered an independent review for external stakeholders.

Reviews and compilations are two other engagements that external auditors may undertake.These are both more limited in scope than a financial statement audit.

Key Takeaways

• A financial statement audit assesses whether the statements under review present a fairand materially correct representation of a business’s activity and financialposition,resulting in an audit opinion.
• Independent auditors conduct audit planning, internal control and substantive testing,all in accordance with multiple established standards.
• Companies can benefit from audits in several ways, beyond simply meeting compliancerequirements; auditors may, for example, make suggestions for improving the business.
• Audits also have inherent limitations, so undetected fraud remains possible.
• Understanding the audit process, using the right accounting software and getting to knowthe auditor can help audits be unproblematic and increase the likelihood of an“unqualified” audit opinion — the best possible outcome.

Financial Statement Audits Explained

An audit verifies whether financial statements fairly represent a company’s financialposition, through a series of tests (described in the next section). They are performed byexternal auditors using professional standards called Generally Accepted Auditing Standards(GAAS), which were established and are continually reviewed and updated by the AmericanInstitute of Certified Public Accountants (AICPA). These standards help ensure that externalaudits are performed accurately, consistently and reliably. GAAS guides how audits should bedone properly, whereas GAAP are the standards for how accounting should be done properly.Public companies have additional audit rules beyond GAAS (discussed later in this article).Audits of international companies adhere to International Standards on Auditing, rather thanGAAS, and are regulated by the International Auditing and Assurance Standards Board.International Financial Reporting Standards are the international equivalent ofGAAP.

At the end of the process, the auditor provides an opinion that is attached to the financialstatements when they are released to external shareholders. There are five outcomes of afinancial statement audit, each of which comes with a corresponding audit opinion (inaccounting lexicon):

1. Unqualified opinion: An unqualified opinion is the best outcome.It’ssometimes casually referred to as a “clean” opinion. It indicates that thefinancialstatements present fairly, in all material respects, the financial position, results ofoperations and cash flows of the entity, in conformance with GAAP.
2. Unqualified with explanatory language: In this case, the auditor isissuing an unqualified opinion, but adds an explanation about an issue that arose duringthe audit that is worth mentioning but doesn’t change the nature of the opinion.Forexample, if part of the audit relies on work done by another auditor, explanatorylanguage may be added.
3. Qualified: A qualified opinion indicates that the financial statementsare materially fair, but there is a specific exception. The exception is described inthe opinion, for transparency. A departure from GAAP for an item that isinconsequential, and, therefore, does not cause the financial statements to bemisleading, could prompt a qualified opinion. Scope limitations, meaning that the auditwas unable to perform a specific procedure, are another common cause of qualifiedopinions.
4. Adverse: If an auditor determines that the financial statements arematerially incorrect or do not conform with GAAP, they issue an adverse opinion. Thereason for the adverse opinion is described on the face of the opinion. Externalstakeholders view financial statements containing adverse opinions with high skepticism.In practice, most companies will choose to remedy the concerning issue raised by theauditor before bringing the audit to a close to avoid publishing an adverse opinion.
5. Disclaimer of opinion: A disclaimer of opinion means that the auditordoes not express an opinion on the financial statements. The reason(s) why the auditoris unable to determine whether the financial statements are materially correct is notedin the disclaimed opinion. A significant scope limitation, such as not having access tophysical inventory, is one common reason for a disclaimed opinion.

Stages of a Financial Statement Audit

Most sources will tell you there are three stages in a financial statement audit,ultimatelyleading to the audit opinion. The length and scope of each stage may differ, based onthecomplexity of a company’s business, the sophistication of its accounting staff andwhetherit’s an initial or recurring audit. Understanding these stages can help companiesbetterprepare for an audit,whichcan make it go much smoother.

1. Planning and risk assessment: This first stage begins when acompany’saudit committee or board of directors hires the external auditor and signs an engagementletter. The auditor begins a series of administrative steps, including assigning theaudit team (including any specialists, if needed), verifying that the auditor(s) isindependent of any disqualifying relationships with the company being audited, andestablishing a timeline for the audit. The risk assessment part of this stage includesgetting the audit team up to speed on the nuances of the company’s business, itsindustry, native accounting issues and any applicable regulatory requirements. Thishelps the auditor plan appropriate efforts for areas that have a higher potential forerror. In addition, the audit team engages in a high-level discussion about thesusceptibility of the company’s financialstatements to fraud. At the end of this stage, an overall audit strategy andtactical plan are documented for the auditor to follow in the next two stages. The plancan be updated if the auditor discovers something unexpected in the subsequent stages.
2. Internal controls testing: This step involves identifying,documentingand evaluating a company’s internal controls — the processes and policies abusinessuses to reduce the likelihood of financialreporting errors and fraud. If the auditor perceives a weak controlenvironment,they will be on high alert for errors and fraud and will increase the amount ofsubstantive testing of balances (see step 3). A strong control environment has theopposite effect. Preventive controls — such as segregation of duties, user accessrestrictions for accounting systems, physical safeguarding of assets and properauthorization and delegation of authority — are designed to prevent errors beforetheyoccur. Detective controls, such as account reconciliations and physical inventorycyclecounts, work to identify errors or irregularities for investigation and correctionafterthey happen. Control tests aim to make sure the control is actually in place, thatit isworking as designed and that it is effective.
3. Substantive testing: The purpose of substantive testing is toverifybalances in the accounting data. It involves sampling transactions and gatheringevidence to support the data in accounting records. Evidence from third parties ispreferred, such as bank statements, confirmation letters from customers andsuppliers,invoices and statements. In addition, the auditor may physically observe assets,like inventory and equipment.Insome cases, substantive testing may simply consist of analytical analysis orrecalculations, as with depreciation or reserves.

Auditors apply skepticism and judgment throughout these three steps and use the resultstoform the audit opinion. It’s important to note that the auditor is in constantcommunicationwith the company’s management team, and the ultimate opinion should not be a surprise.Infact, it’s common practice to discuss audit findings before the opinion is finalized,sothat any issues can be remedied before the opinion is issued.

It’s also important for company managers embarking on their first independent audit tounderstand that the audit experience won’t necessarily be neatly linear, the way thesestages suggest. In about a third of our audits, the audit teams I’ve been ondiscoveredthatthe company’s control environment did not work exactly as advertised. That would makeusgoback to the planning stage and adjust the strategic and/or tactical portion of the auditplan to make sure we were gathering sufficient evidence to support an audit opinion. If,forexample, a company told us that changes to its accounting data required doubleauthentication, but its accounting system didn’t enforce that policy or staff was abletowork around it, additional substantive testing would need to be done beyond what wasspecified in the original plan.

In addition, the control and substantive testing — which we thought of, together, as“fieldwork” — doesn’t necessarily all happen after the close of the period beingaudited.Forcompanies on a calendar fiscal year, for example, much, if not all, of the controltestingcould be done in October or November. In addition, certain substantive testing could beperformed in advance if it was clear that those elements wouldn’t change materiallybetweenthen and January, after the books close. For example, you can confirm that a company’sbuildings exist and are as the company has described. As a practical matter, mostsubstantive testing has to be done after the year-end accountingclose.

Purpose of a Financial Statement Audit

Financial statement audits provide assurance that the statements fairly present thefinancialposition of a company. This assurance is very meaningful for external parties that relyonthe financial statements, such as investors, lenders, suppliers and even some customers.Infact, many lending institutions require annual audits as part of their loan covenants,andthe U.S. Securities and Exchange Commission (SEC) mandates them for publicly tradedcompanies, although the extent of the reportingrequirementsare reduced for those that meet the SEC’s definition of a small company.

Top Financial Statements to Audit

A financial statement audit typically focuses on the three core financial statements, aswellas the footnotes to those statements (which may be its own separate document) and otherrelated disclosures. Each financial statement serves a specific purpose, but they havethemost impact when read together. The top financial statements to audit include:

• Balance sheet: Lists a company’s assets, liabilities and equity.Itpresents a company’s financial position as of a certain point in time, typicallythelast day of a month, quarter or year.
• Income statement: Presents a company’s revenue, expenses, gainsandlosses for a period of time, such as one, three or 12 months. The income statement,sometimes called a P&L (for “profit and loss”), shows whether thebusinessmade aprofitor withstood a loss during the period.
• Statement of cash flows: Displays the inflows and outflows of cashduring a reporting period. The sources and uses of cash are categorized into threesections: cash flow from operating activities, from financing activities and frominvesting activities.

The footnotes to each of the three core financial statements are also audited. Theyprovideimportant context, such as accounting methods used, as well as supporting information,suchas lease details, for certain balances.

When it comes to annual reports, it’s worth mentioning that not all information isaudited.The annual report is a corporate document sent to shareholders that includes the auditedfinancial statements, along with graphics, photos and management narrative about acompany’sperformance. Typically, when auditors review annual report information that is outsidethefinancial statements, they only make sure there are no inconsistencies in relation totheaudited statements.

Benefits of an Audit

Financial statements are great tools for communicating financial information in astandardized way — as long as they are accurate. The primary benefit of audits is toassureexternal stakeholders that the financial statements are fairly stated and materiallycorrect. But potential audit benefits extend beyond that, including:

• Helping customers and suppliers feel more comfortable doing business with a company.
• Keeping a company compliant withregulations,thus avoiding the reputational damage and potential fines that may come fromnoncompliance.
• Uncovering ways a company can improve their business. An auditor is an independent,fresh set of eyes familiar with the industry and the company. Their perspective canidentify potential ways to improve operating efficiencies.
• Revealing opportunities for a company to improve accounting operations. Auditors cansuggest ways to make accounting functions more effective and efficient, such asaccounting software, workflow and staff training.
• Identifying weaknesses and recommending remedies for the company’s controlenvironment.A strong control environment reduces the potential for fraud.

Limitations of an Audit

Even the best planned and expertly executed audits have certain limitations. A clean,unqualified opinion states that the financial statements are “free of materialmisstatements,” which is not the same as being completely error-free. The concept ofmateriality is fundamental to auditing. Materiality can be described as an acceptablerangeof error in the financial statements that would not cause a reasonable reader to drawthewrong conclusions. During the planning phase, auditors use their judgment and experiencetodetermine materiality levels. Materiality is both quantitative, based on the size of acompany’s business, and qualitative, based on the nature of an error. Beyond theboundariesof materiality, here are some other limitations of an audit:

• Auditors opine on financial statements, they do not create them. The primaryresponsibility for creating financial statements lies with company management.
• While auditors are responsible for identifying and evaluating fraud risks,usingthe professional standards set forth by GAAS, fraud can sometimes remain undetected—especially a well-orchestrated fraud perpetrated by internal employees.
• Because it would be time- and cost-prohibitive, audits do not verify every singlepieceof financial data. Instead, audit procedures rely on testing representative samples.

Auditor Qualifications and Skills

As an audit manager at a Big 4 accounting firm, I had a number of longtime clients. Inoticed, with some disappointment, the times when I detected a collective sigh as myteamwalked into a client’s office. We didn’t necessarily want to be seen asstandoffish oraloof, but the job of auditor comes with certain requirements that make us seem thatway.There are certain lines auditors are not allowed to cross. Let me describe anauditor’squalifications and skills, so you can get to know us better.

Auditors must be CPAs or working toward their CPA license under the supervision of a CPA. CPAshave at least 150 college semester hours (five years), have passed all four sections oftheCPA exam, have a certain amount of work experience (which varies by jurisdiction) andhavecompleted annual continuing professional education requirements set by the AICPA andstatelicensing authorities. They understand GAAP and GAAS and are familiar with SECregulations.

Inherently, auditors must possess high integrity and the ability to keep informationconfidential. They must adhere to multiple ethics requirements from the SEC, AICPA andthePublic Company Accounting Oversight Board (PCAOB). A primary aspect of these codes isthatan auditor must be independent of their client, meaning that the auditor is free fromanyrelationships that could compromise their ability to make unbiased decisions. Examplesofdisqualifying relationships include being an investor, shareholder or lender to aclient;having relatives who work at or do business with a client; and maintaining personalrelationships with client employees. Independence also means that auditors can giveadviceto clients but cannot execute that advice.

Auditors must possess a combination of hard and soft skills to be successful. They needto beproficient in analytics, statistics andtechnology. They also need a high level of business acumen, critical thinking, logicaljudgment and organizational skills. The most successful auditors also havewell-developedsoft skills, ranging from interpersonal communication and collaboration to customerserviceand leadership. Like most CPAs, auditors typically must put in long hours.

Financial Audits for Public vs. Private Companies

Public companies are required by law to undergo an annual audit of their financialstatements by independent auditors. Audited financial statements are included in a publiccompany’s annualform 10-K, filed with the SEC. Audits of public companies are extra rigorous so as toprotect shareholders and the integrity of public markets. In addition to GAAS, audits ofpubliccompanies must also adhere to standards from PCAOB, an agency overseen by the SEC, which wasformed to promote quality in audits. In addition, public companies must file an annual auditof their internal controls, in accordance with the Sarbanes-Oxley Act, although there aresomeexceptions for small businesses (as defined by the SEC).

Private companies are those without publicly traded shares, typically owned by anentrepreneur, a group of investors or a family. They are not subject to SEC or PCAOBrequirements, and their audits must only be GAAS-compliant. Private companies of anysizeoften need audited financial statements to satisfy investors and lenders. Selling ormerginga private business typically requires audited financial statements.

Manage Your Financial Statements With Software

While independent external auditors increase the legitimacy of a company’s financialstatements, the burden of responsibility for compiling those statements and all theunderlying accounting data falls squarely on the shoulders of the company. Managing thedataand creating financial statements using automated software, such as NetSuite Financial Management, not onlymakes the process more accurate but also can streamline the audit process. Thesoftware’sseamless integration and access controls enhance the control environment. When properlydeployed, the system’s accounting data is more accurate and GAAP compliant, whichreducesthe number of potential audit adjustments. The ability to drill down to the transactionlevel makes audit testing easier. And since it’s cloud-based, auditors can access theinformation they need from anywhere.

A financial statement audit is an examination of a company’s financial statements by anindependent auditor. Companies of all sizes, public or private, undertake audits. It’sdoneto give external parties, like shareholders, investors and lenders, confidence that thefinancial statements fairly represent a company’s results and financial position.Auditsareperformed in accordance with GAAS and other standards by highly trained and impartialCPAs.Audits generally follow three steps and focus on the company’s core financialstatements.Understanding the audit process and using the right accounting and reporting softwarecanhelp audits proceed more smoothly and quickly — and increase the likelihood of anunqualified audit opinion, the best possible outcome.

Financial Statement Audit FAQs

What is the objective of a financial statement audit?

The primary object of a financial statement audit is to provide assurance that financialstatements fairly present the financial position of a company. This assurance is verymeaningful for external parties that rely on the financial statements, such asinvestors,lenders, suppliers and even some customers. In fact, many lending institutions requireannual audits as part of their loan covenants, and the U.S. Securities and ExchangeCommission (SEC) mandates them for publicly traded companies, although the extent of thereporting requirements are reduced for those meeting the SEC’s definition of a smallcompany.

What are the 4 types of financial statements?

There are three core financial statements: the balance sheet, the income statement andthestatement of cash flows. When referring to four types of financial statements, eitherthefootnotes or a statement of equity is also included.

How do auditors check financial statements?

There are three phases to an audit: the planning phase, testing internal controls andsubstantive testing. Auditors check the accounting data using substantive testing,withinthe context of materiality and risk assessed during the planning phase, as well as theoverall effectiveness of the control environment. Substantive testing involves samplingtransactions and gathering evidence to support the accounting data. Evidence from thirdparties is preferred, such as bank statements, confirmation letters from customers andsuppliers, as well as invoices and statements. In addition, auditors may physicallyobserveassets, like inventory and equipment. In some cases, substantive testing may simplyrequireanalytical analysis or recalculations, as with depreciation or reserves.

When should financial statements be audited?

Financial statements should be audited annually. Most lenders and the SEC will requireauditsof full-year financial statements at the end of each year. The audit should be performedbyan independent external auditor after the books have been closed and management hascreatedthe financial statements. Often, control testing can be performed prior to the year-endclose.