What are 1 the function and 2 the responsibilities of the independent auditor in the audit of financial statements?

What Is an Independent Auditor?

An independent auditor is a certified public accountant (CPA) or chartered accountant (CA) who examines the financial records and business transactions of a company with which they are not affiliated. An independent auditor is typically used to avoid conflicts of interest and to ensure the integrity of performing an audit.

Independent auditors are often used—or even mandated—to protect shareholders and potential investors from the occasional fraudulent or unrepresentative financial claims made by public companies. The use of independent auditors became more critical after the implosion of the dotcom bubble and the passage of the Sarbanes-Oxley Act (SOX) in 2002.

An auditor may perform various auditing, tax, and consulting services for individuals, corporations, nonprofit organizations, or government entities.

An independent auditor either works for a public accounting firm or is self-employed. An auditor examines financial statements and related data, analyzes business operations and processes, and provides recommendations on achieving greater efficiency. They evaluate company assets for impairment and proper valuation and determine tax liability, ensuring compliance with tax code and laws.

The auditor develops an opinion asserting the reliability and fairness of clients' financial statements, then communicates the information to investors, creditors, and government organizations. Also, an auditor may perform other auditing, tax, and consulting services for individuals, corporations, nonprofit organizations, or government entities.

Procedures for an Independent Audit

An independent auditor asks questions of management and staff for a better understanding of the business, its operations, financial reporting, internal control system, and known fraud or error. They may perform analytical procedures on expected and unexpected variances in account balances or transaction classes, then test documentation supporting those variances. The auditor also observes the company’s physical inventory count and confirms accounts receivable (AR) and other third-party accounts.

The Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 was passed after Enron, WorldCom, and several other technology companies collapsed due to accounting improprieties. The goal of SOX was to improve corporate governance and restore the faith of companies' investors. However, many in the business world are against SOX, seeing it as a politically motivated move leading to a loss of risk-taking and competitiveness.

Of concern to many is the mandate requiring that public companies obtain an independent audit of their internal control practices. The cost of the requirement is felt most acutely by companies with a market capitalization of $75 million or greater. The audit standards were modified in 2007, reducing costs for many firms by 25% or more annually.

Key Takeaways

• Independent auditors are certified public or chartered accountants who examine the financial records of companies and are not affiliated with the companies being audited.
• Independent auditors have a mandate to protect shareholders and potential investors from a public company’s possible fraud and accounting improprieties.
• Company managers can use the results of an independent audit to improve company processes.
• Independent audits provide a clear picture of a company's worth, which helps investors make an informed decision when considering whether to purchase a company’s shares.

Benefits of an Independent Auditor

Despite the high initial costs of the internal control mandate, companies can experience many benefits from the independent audit process. Managers can use the information to continually improve internal processes. Companies frequently find that over time the internal control testing becomes more cost-effective.

Additionally, markets use the information from the audit to assess businesses more effectively. Audits provide a clear picture of a company's worth, which helps investors make an informed decision when considering whether to purchase shares in a company. Financial analysts and brokerage companies also rely on an audit's results when making investment recommendations to their clients.

It is a misconception that the responsibilities of an external auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements. An audit, in a broader sense, is a method of creating an opinion or conclusion about processes, transactions, or other information when compared to a standard or criteria. There are a variety of different services or reasons a company may need to engage an auditor.

If embraced, business owners can use auditors as tools to enhance processes and procedures, create a tone from the top that deters fraudulent activity, and hold both management and employees accountable to execute their roles and responsibilities. In this post, we will review a number of topics to gain an understanding of an auditor’s responsibilities in completing an audit and the professional duties they hold as an external auditor.

What are the Main Functions of an Auditor?

Below are examples of different audit functions, the auditor’s duties, and scope of work:

Internal Audit

An internal auditor is responsible for performing procedures that test the efficiency and effectiveness of company internal controls put in place to achieve business objectives. The scope of an internal audit includes all financial and operational controls that are used to create maximum productivity at a company. Example findings or duties include:

• Provide recommendations to improve weak internal controls
• Investigate instances of possible fraud (even those considered immaterial)
• Perform reconciliations of financial and operating information
• Monitor compliance with industry standards, laws, and guidelines
• Evaluate whether processes and procedures are functioning properly

Forensic Audit

An auditor is responsible for using a mixture of audit and investigative techniques to determine whether the suspicion of fraud is warranted and if so, the effects of the fraud. The scope of forensic audits can be as wide as necessary and can take a significant amount of time and resources. Generally, a successful forensic audit relies greatly on the types of monitoring a company has in place. This allows a forensic auditor to utilize logs and information captured as part of monitoring to put an accurate timeline together.

Attestation Services

An external auditor is responsible for providing different services to clients such as guidance on accounting-related matters, technical disciplines, or industry knowledge. Scope of work depends on services rendered but is generally defined by an agreement between the client and auditor.

Auditors report on subject matters like the design and operating effectiveness of a service organization’s internal controls over a certain objective such as security. This is also known as System and Organization Controls (SOC) Reports. See below for more information on this type of report.

Information System Audit: Sample Attestation Service

An external auditor is responsible for evaluating the internal controls pertinent to a company’s IT infrastructure. Scope of information system audits can be determined based on a specific objective but generally include the following steps.

• Suitability of the design and operational effectiveness of internal controls related to the security of information. Types of internal controls include logical and physical access, data transmission, and system health monitoring. See more about specifics related to SOC reports at some of our other posts here, such as “What is a SOC 1 Report?”
• Effectiveness of maintaining information security and privacy
• Completeness and Accuracy of information processing and data integrity
• Evaluate whether the system development life cycle meets necessary standards

What are the Duties and Responsibilities of an External Auditor?

The AICPA has defined the professional responsibilities of auditors performing attestation services. As outlined in AU Section 110, an auditor’s responsibilities when performing a financial statement audit is to create a plan and then execute that plan by collecting applicable supporting evidence to make a determination, or opinion, on whether or not the financial statements presented by management are free and clear of any material misstatements that were presented by way of error or fraudulent activity. Any errors or fraud that do not meet the threshold for materiality are not the responsibility of the auditor

For other types of attestation examinations, auditors are responsible for following SSAE 18. SSAE 18 details an auditor’s responsibilities in performing an audit, and reporting on the opinion, conclusion, or findings in accordance with the attestation standards and type of engagement. While an external auditor is responsible for making sure that the opinion, findings, or conclusion are reported in accordance with requirements, the ultimate responsibility of the subject matter itself is still the responsibility of the client. Let’s talk a little more about that.

Another responsibility of an auditor includes the request for management to supply a written and signed assertion. Why is an assertion so important you may ask? The simple answer is that auditors base their opinion, conclusion, or findings on the information provided by management. Because of this, management is responsible for explicitly stating to the users of their audit report that the information within the report is complete and accurate. This is all outlined as part of the assertion. If management will not provide this assertion, an auditor will be required to provide a modified opinion.

What Skills Do Auditors Need?

Auditors are required to retain the type of skills such as proper education, industry background, and working knowledge when acting as an external auditor under SSAE 18. Having the right type of expertise is particularly essential because auditors are oftentimes required to exercise their own professional judgement in determining whether certain criteria are met or if an opinion should be qualified. In addition to having the right type of proficiency, external auditors are also expected to follow certain ethics requirements. These requirements are outlined in the AICPA’s Application Code of Professionalism.

Depending on the type of audit or attestation engagement underway, the type of designations required will likely differ. A good place to start is at CPA firms. If your organization requires an attestation engagement, the report will only be legitimate if it is signed by a CPA or CPA firm.

This is, however, just the beginning. Attestation services can include a number of different processes from financial services, information technology services, cryptocurrency, oil and gas, health care and the list goes on. When engaging an external auditor to perform these services, doing the proper due diligence such as checking designations such as CISSP, CISA, or past references should be reviewed to determine whether those working on the engagement have the right type of background.

Why are Auditing and the Auditor Important?

Many times, people cringe at the sight of auditors, but it is important to understand what auditors do and their function in creating a better business. Auditors provide the opportunity for business owners to incorporate independence into the review process of their internal control program. Additionally, the process helps to define gaps, weak controls, and possible risks. Moreover, recognizing the different functions auditors can provide, and using their services as an asset, can ultimately provide companies with an edge over their competitors.

Do Auditors Get Audited?

In fact, yes, auditors do get audited by a third-party auditor. This is done as a way to determine whether a CPA firm and the individuals working there have the correct technical knowledge and that processes are in place to follow planning and reporting requirements. The AICPA Peer Review Program is completed once every three years.

Summarizing the Auditor Responsibilities and Duties

Hopefully, as you read through this post, it became clear that choosing the right auditor for the type of engagement your organization needs is extremely important. The responsibilities of auditor and client are truly maximized when both parties understand their roles in the audit process. As a summary, those external auditor responsibilities include the following:

CPA Firm will be conducting the audit

• CPA Firm staff working on the audit have the necessary skills to provide professional judgement
• CPA Firm has been through a peer review at least one time in the last three years
• CPA Firm requires that management provide a written assertion
• CPA Firm acts in a professional and ethical manner

These key concepts when picking an auditor should be fundamental as your organization decides on engaging an external auditor in the future.

If you have any additional audit questions or concerns, or have an upcoming audit engagement, and are in need of CPA services, please contact Linford & Co.

Jaclyn Finney started her career as an auditor in 2009. She started with Linford & Co., LLP. in 2016 and is a partner with the firm. She is a CISA with a special focus on SOC, HITRUST, FedRAMP and royalty examinations. Jaclyn works with her clients to provide a process that meets the needs of each customer and generates a tailored report that is useful to the client and the users of the report.

Related Posts:

• Understanding the NIST Privacy Framework: Insights from an Auditor
• Audit Risk 101: An Auditor’s Guide to Understanding Audit Risk 
• Choosing an Auditor: How Do I Find a Good, Better, Best Auditor?
• Virtual CISO: What Is it? Services, Responsibilities, & Cost
• AICPA Peer Reviews - Who Audits the Auditor?
• Vulnerability Management Program: Insights From an Auditor

What are the responsibilities of the independent auditor in the audit of financial statements?

What are the roles and responsibilities of an independent auditor?

What are the 2 main duties of an auditor?

What is the basic primary role and responsibility of an independent external auditor?