• constantiaconsulting

The Audit Process

Updated: Feb 27

The audit process consists of four phases which ensure a quality audit is conducted and a meaningful report is delivered to assist decision makers and other stakeholders who place reliance on the final audit opinion. Depending on the audit firm’s methodology, these steps may be performed sequentially, or in a more agile environment, logical groupings of activities can be performed simultaneously.


The majority of the stages below can be adapted to internal audit.


Stage 1: Pre-engagement activities


  1. The audit firm should do an initial engagement risk assessment and determine whether it wishes to establish or continue a professional relationship with the client. There could be several reasons why an audit firm would not wish to engage with a client, including:

  2. The client may appear to lack ethics or integrity

  3. The audit firm may not wish to be associated with the client’s industry or line of business

  4. The client may have a reputation for poor relationships with their auditors. For example, not paying audit fees or suing auditors.

  5. The audit firm needs to assess whether it can adequately perform the audit. This includes an assessment of whether the firm has:

  6. The necessary technical skills and competence within the firm, or access to the skills

  7. The necessary resources to complete a quality audit.

  8. The audit firm needs to ensure it is free from conflict of interest and independent to the client.

  9. The terms of the engagement should be formalised in an engagement letter.


Stage 2: Planning


  1. Obtain or update knowledge of the client’s business.

  2. Make a preliminary assessment of materiality for planning purposes. Information gathered about the client in the first step with have a direct influence on materiality.

  3. Assess inherent risk of misstatement relating to assertions.

  4. Obtain an understanding of both the accounting systems and processes, as well as the internal control systems and framework.

  5. Based on the planning work in the previous steps, formulate an audit approach with regards to nature, timing and extent of testing.


Stage 3: Audit testing


  1. The planning phase of the audit determines the testing to be performed in this stage. Testing will generally include both tests of control and substantive procedures. These could include:

  2. Inspection of records, documents, assets

  3. Observation of processes and procedures

  4. Enquiry and confirmation both internally and with third parties

  5. Computation involving accuracy checks and reperformance of calculations

  6. Analytical procedures including the analysis of significant ratios and trends

  7. Reperformance by the auditor of the client’s procedures.

  8. The auditor should initially start with tests of control where possible, evaluate these results and modify planned substantive procedures if necessary.

  9. Perform substantive procedures and evaluate results.

  10. Carry out further substantive procedures if necessary.


Stage 4: Evaluating, concluding and reporting


  1. Perform an overall review of the financial information and evaluate the audit evidence gathered by the audit team in the previous stage. Ensure there is sufficient evidence to support the audit opinion.

  2. Conclude and formulate an opinion.

  3. Prepare and deliver the final audit report.


It is generally accepted that evaluation and review will be taking place throughout the audit to ensure when the final evaluation is performed an opinion can be formulated without any additional work being required.


Based on the evaluation the manager or partner will decide whether an unqualified audit opinion is appropriate. If not, the audit could result in an “except for” qualification, an adverse opinion, or a disclaimer of opinion.

17 views0 comments

Recent Posts

See All

The Internal Audit Charter is a formal document that defines internal audit's purpose, responsibility, authority and position within the organisation. The charter should set out the nature of services

Risk evaluation uses the information obtained during the analysis to make decisions about whether the risk is acceptable in its current state or whether further action needs to be taken to mitigate th

Risk analysis is the process of developing an understanding of each risk. This involves analysing the causes of risk, consequence and likelihood, identification of the effectiveness of existing contro