Types of Audits: 14 Types of Audits and Level of Assurance (2022)


The audit is an art of systematic and independent review and investigation on a certain subject matter, including financial statements, management accounts, management reports, accounting records, operational reports, revenues reports, expenses reports, etc.

The result of reviewing and investigation will be reported to shareholders and other key internal stakeholders of the entity for their decision-making or other purposes.

Audit reports sometimes submit to other stakeholders like the government, banks, creditors, or the public.

For example, the statutory audit report is submitted to the regulator or authority like the tax department, the central bank, or the security authority.

The audit is classified into many different types and levels of assurance according to the objectives, scopes, purposes, and procedures of auditing.

The execution of financial statements auditing normally follows International Standards on Auditing (ISA) and other local auditing standards.

There are many types of audits including financial audits, operational audits, statutory audits, compliance audits, and so on.

In this article, we will explain the main 14 types of audits being performed in the current audit industry or practices.

Here is the list of 14 Types of Audits and Levels of Assurance:

1) External Audit:

The external audit refers to the audit firms that offer certain auditing services, including Assurance Services, Consultant Services, Tax Consultant Services, Legal Services, Financial Advisory, and Risk Management Advisory.

The best example of external auditing services is the services these big four audit firms provide, including KPMG, PWC, EY, and Deloitte.

External auditors are normally referred to as audit staff who are working in audit firms. The positions are ranked from audit associate, and senior auditors to audit partners, and managing partners.

These kinds of firms are sometimes called CPA firms as they are required by law to hold a CPA qualification/certificate to run an audit firm and issue audit reports.

This type of audit requires maintaining the professional code of ethics and strictly following International Standards on Auditing and local standards as required by local law.

The firms are working independently from auditing clients that they are auditing. If a conflict of interest has occurred, proper procedures must be taken to minimize the conflicts.

The firm should consider withdrawing from the audit engagement if the impairment cannot minimize to an acceptable level.

Some external audit firms are also offering internal audit services. The popular services offered by external audit firms are an audit of financial statements, tax consultant, and advisory services.

2) Internal Audit:

Internal Auditing is an independent and objective consulting service designed to add value to the business and improve the entity’s operation.

It provides a systematic and disciplined approach to evaluating and assessing risk management, internal control, and corporate governance.

The audit committee generally determines the scope of the internal audit, the board of directors, or directors with equivalence authorization. And if there is no audit committee and board of directors, an internal audit normally reports to the entity owner.

Internal audit activities normally cover internal control reviewing, operational reviewing, fraud investigation, compliant reviewing, and other special tasks assigned by the audit committee or BOD.

3) Forensic Audit:

The forensic audit is normally performed by a forensic accountant who has the skill in both accounting and investigation.

Forensic Accounting is the type of engagement undertaking the financial investigation in response to a particular subject matter. The findings of the investigation normally are used as evidence in court or conflict resolution among the shareholders.

The investigation covers several areas: fraud investigation, crime investigation, insurance claims, and disputes among shareholders.

A forensic audit is also needed to have a proper plan, procedure, and report like other audit engagements.

Related article  GDPR Compliance Audit - 8 Points to Cover (Scope and Detail Explanation)

Forensic audit also needs to follow ethical guidelines like an audit of financial statements. This kind of engagement is not so popular as an audit of financial statements or statutory auditing.

4) Statutory Audit:

Statutory audit refers to an audit of financial statements for the specific type of entities required by law or local authority.

For example, all banking sectors require their financial statements to be audited by qualified audit firms authorized by their central bank.

The statutory audit might be different from financial statements auditing as the financial audit refers to the audit of all types of entity’s financial statements, including whether both meeting or not meet the government’s requirements.

However, statutory audit refers to only auditing the entity’s financial statements required by local law.

External audit firms normally perform the statutory audit, and the audit report will be issued by the auditor and submitted to the government body by the entity. Not by the auditor.

The best example of firms that offer statutory auditing is KPMG, PWC, EY, …. etc.

The common criteria set by law that require entities to have their financial statements by qualified audit firms are annual turnover, the value of assets, and the number of staff the entity employed.

Some countries may require companies in specific industries like banks, minerals, and others based on their decision to have those companies’ financial statements audited.

Companies listed on the stock exchange are generally required and enforced by the stock exchange authority to have a qualified audit form audit their financial statements.

5) Financial Audit:

Financial audit refers to the audit of the entity’s financial statements by an independent auditor where audit opinion will be provided on those financial statements after auditing works are done.

A financial audit is normally performed by an external audit firm that holds a CPA and is normally performed annually and at the end of the accounting period. This type of audit is also known as financial statements auditing.

But, sometimes, as required by management, bank, security exchange, regulation, or else, the financial audit is also performed quarterly.

Most entities prepare their financial statements based on IFRS, and some financial statements are prepared based on local GAAP.

For example, financial statements are prepared based on US GAAP for the entity registered in the US. If the financial statements are prepared based on IFRS, the financial audit needs to be audited against IFRS.

However, if the financial statements are prepared based on local GAAP, then the audit needs to be performed against those local GAAP.

The audit standards used by the auditor to conduct financial audits need to adopt international standards and local law requirements.

Some country requires an audit firm to follow its audit standards while others have adopted international standards and transformed them into local ones.

6) Tax Audit:

A tax audit is a type of audit that performing by the government’s tax department or tax authority.

A tax audit could be performed as the result of in-compliant found by a government agency or the schedule set by the government tax department.

An entity needs not to invite or engage with the tax authority to come to perform a tax audit. They will come by themselves. An entity just needs to file its tax obligation properly and timely based on the country’s tax law.

To minimize the penalty as the result of the tax audit, the entity is recommended to follow all the requirements set by tax law and for those areas that they are not sure about, the entity should engage with a tax consulting firm for advice. As mentioned above, the big four firms also offer such a service.

Related article  Auditing Inventories: Procedures, Risks, Assertion, and More

7) Information System Audit or Information Technology Audit (IT Audit)

An information system audit is sometimes called an IT audit. This type of audit assesses and checks the reliability of the security system, information security structure, and integrity of the system so that the system’s output is reliable.

Sometimes, financial auditing also requires IT auditing as now technology is increasing and most of the client’s financial reports are recorded by complex accounting software.

The audit approach also changed due to the changing of management’s approach in recording and reporting their entity’s financial information.

Normally, before relying on information systems (software) that are used for producing financial statements, auditors must have IT and audit teams test and review that information system first.

Especially, when an entity uses an ERP system where the operational reportings are also integrated with the accounting system. For example, a banking system normally links operational reporting with the accounting system.

IT audit is also offered and requested separately from the financial audit.

As you know, most big firms have this kind of service. They do not only provide IT audits but also offer consultants in the information system areas.

8) Compliance Audit

A compliance audit is a type of audit that checks against the internal policies and procedures of the entity as well as the laws and regulations where the entity operates. Law and regulation here refer to the government’s law where the business is operating.

For example, in the banking sector, there are many regulations required for bankers to follow and comply with.

Most of the central banks require commercial banks to set up a complaint review (assessment) or compliance audit to ensure that they comply with those laws and regulations.

The entity may also assign its internal audit function to review whether the entity’s internal policies and procedures are complying and effectively followed.

A compliance audit is part of the system used by the entity’s management to enforce the effectiveness of the implementation of the government’s laws and regulations, and the entity’s internal policies and procedures. 

9) Value For Money Audit

Value for money audit refers to activities that assess and evaluate three main difference factors: Economy, Efficiency, and Effectiveness of entity operation.

Economically, the auditor assesses and evaluates whether the resources that the entity purchases are at a low cost with acceptable quality whereas efficiency audit, the auditor checks whether the resources that the entity use have a better conversion ratio.

Effectiveness, by the way, looks at the big picture of the objective whether the entity using the resources meets its objective or not.

The auditor might review the entity’s purchasing system to assess and evaluate whether it is helping the entity to purchase materials or services at low costs or not.

Value for money audit is really important for the entity since it helps the entity improve resource efficiency usage and make sure that the entity obtains good quality material at a low cost.

10) Review Financial Statements

Reviewing financial statements is a type of negative engagement where auditors review the entity’s financial statements.

At the end of the review, the audit is not going to express whether financial statements are a true and fair view and free from material.

But, the auditor will issue the opinion to say that nothing is coming to their attention that financial statements are not prepared with a true and fair view and free from material.

Related article  What is a Single Audit? (Definition and Explanation)

This kind of service is normally required when an entity borrows money from the bank. And the banks, as part of their policy require the entity to provide financial statements reviewed by an external auditor.

Or sometimes it is requested by management to have their financial statements before asking for the auditor to audit the financial statements. Or sometimes it is required by management for internal use.

11) Agreed Upon Procedures (AUP)

The agreed-upon procedure is the type of negative engagement where auditors review the procedures agreed upon with the client. This type of engagement is called limited assurance.

Even though the client’s procedures are set, auditors must also ensure that the firm has enough resources to perform the job and the fee is not low-balling.

Auditors will also need to ensure no conflict of interest between the audit and client management teams.

If the auditor finds a conflict of interest, the safe guide needs to be checked and introduced to reduce the conflict.

Once auditors complete their review or perform all the procedures required by management, they will issue the factual finding report by listing down all the findings they found during the audit.

12) Integrated Audit

Integrate audit happens when there are two different areas of audit requirements. For example, there is a financial audit and a social audit, or some areas need to be confirmed with the financial audit.

For example, NGOs require their financial statements to be audited, and the technical areas that those NGOs are spending the money on need to be audited by a specialist auditor.

For example, NGOs are working on public health and most of the money spent is related to public health.

Besides the expense reports that present the expenses that NGOs paid for and need to be audited by the financial auditor, there are many technical reports like health reports that need to be verified by technical auditors that have experience in assessing health reports.

This is called an integrated audit. The integrated audit also happens when the entity operates in many different countries, and the financial statements are audited by different audit firms.

13) Special Audit

A special audit is a type of audit assignment that is normally done by the internal auditor.

This happens when a problem/case occurs in the organization, like fraud, business case, or other special cases.

For example, fraud occurred in the payroll department, and this concern was raised to the audit committee or board of directors, or sometimes there is a request from the CEO to have a special audit on these areas.

The special audit is a bit different from the forensic audit as a special audit is done by the internal staff of the entity.

Once the auditor completes the audit, then the report is prepared by the audit team and then submitted to the audit committee or board of directors. It is sometimes also reported to the CEO of the entity.

14) Operational audit

An operational audit is a type of audit service that mainly focuses on key processes, procedures, systems, and internal control. The main objective is to improve the operation’s productivity, efficiency, and effectiveness.

Operation audit has also targeted the leak of key control and processes that cause waste of resources and then recommended improvement.

Operational audit is part of the internal audit and their main aim is to add value to the business and their professional services.

Systematic and highly disciplined is also the part that helps to make sure the operational audit adds value to the organization. Written by Sinra