An audit is a structured check of records and controls to confirm whether claims, numbers, or processes match the evidence.
“Audit” can mean a tax check, a financial statement audit, a grant review, or a review of a public program. The core idea stays the same: an independent party follows a rulebook, gathers proof, and writes up what they found.
You’ll see what happens from notice to final report, what auditors ask for, and how to keep the process steady on your side.
What An Audit Is And What It Is Not
An audit isn’t a guess. It’s a repeatable process built around evidence. Auditors start with a question such as “Are these financial statements fairly presented?” or “Were tax rules followed for this return?” Then they design steps to answer it.
An audit isn’t the same as a review or a compilation. In a full audit, the auditor aims for a high level of assurance, which means deeper testing and more documentation. Standards set what “enough” evidence looks like and how the report must be written.
Why Audits Get Triggered
Selection depends on the type of audit. Tax agencies use screening methods and mismatch checks. Financial statement audits can be required by lenders, investors, regulators, or bylaws. Grant and government audits can be tied to funding rules or oversight cycles.
Selection alone doesn’t prove wrongdoing.
How Audits Work For Financial Statements And Taxes
Tax audits and financial statement audits feel different, yet they share the same spine: planning, fieldwork, reporting. The difference is the rulebook and the target. In a tax audit, the target is the return and the tax law behind it. In a financial statement audit, the target is whether the statements are presented fairly under the chosen accounting rules.
Step 1: Scope And Ground Rules
The auditor sets boundaries: which period is covered, which entities and accounts are in scope, and what standards apply. You’ll often see this set out in an engagement letter. For tax audits, scope is tied to the tax year and the items the agency wants verified.
Step 2: Process Walkthrough
Auditors learn how work gets done. They may walk through how you bill customers, approve expenses, track inventory, or run payroll. They map the flow of documents and data, then mark spots where errors can slip in.
Step 3: Risk Ranking
Auditors don’t test everything. They spend time where a mistake would matter most. That could be revenue, cash handling, related-party deals, or deductions that are easy to overstate.
Step 4: Testing Plan
Next comes the audit program: the list of procedures the auditor will run. These can include document inspection, recalculations, confirmations with third parties, and analytics that flag odd swings across months.
Step 5: Fieldwork And Evidence
Fieldwork is where the work happens. The auditor requests documents, asks questions, and performs tests. Evidence can be internal (invoices, logs, approvals) and external (bank confirmations, customer confirmations, vendor statements). External evidence tends to carry more weight because it’s less under your control.
Step 6: Findings And Wrap-Up
If the auditor finds a gap, they’ll raise it. Sometimes it’s solved with one missing document. Sometimes it leads to a proposed adjustment, a control recommendation, or a request for more testing. Near the end, auditors step back and judge whether the evidence backs the conclusion.
For a tax audit, wrap-up may lead to “no change,” an agreed adjustment, or a dispute that moves into an appeal path. The IRS describes how it notifies taxpayers, conducts audits, and handles next steps on its IRS audits page.
What Auditors Actually Test
People picture auditors flipping through every receipt. In practice, testing is a mix of targeted sampling and deeper work on high-risk areas. Auditors want evidence that is relevant, reliable, and tied to the claim being checked.
Controls Versus Transactions
Auditors test controls (approvals and checks) and transactions (invoices, payments, entries). Strong controls can reduce transaction testing. Weak controls lead to more direct checks.
Sampling And Confirmations
Auditors use sampling because checking every item is costly. They may add third-party confirmations, like bank balance confirmations or customer balance confirms, when extra proof helps.
Audit Types And What Each One Covers
Knowing the type of audit tells you what the auditor is trying to prove and what proof will satisfy the check.
| Audit Type | Who Runs It | Typical Focus |
|---|---|---|
| Tax audit | Tax authority | Income, deductions, credits, filing positions |
| Financial statement audit | Independent CPA firm | Whether statements are fairly presented under accounting rules |
| Internal audit | In-house audit team | Process checks, control design, fraud risk checks |
| Compliance audit | Regulator or auditor | Following a law, policy, contract, or license requirement |
| Grant or program audit | Auditor under funding rules | Allowable costs, reporting rules, eligibility, documentation |
| Government audit (GAGAS) | Public audit office or contractor | Financial, attestation, or performance work under Yellow Book |
| Operational audit | Internal or external auditor | Efficiency checks, waste checks, process quality |
| IT or security audit | Internal audit or specialist | Access controls, change management, logging, data protection |
How The Audit Timeline Usually Unfolds
Most audits follow a predictable rhythm. Once you can name the phase you’re in, it’s easier to set expectations and avoid last-minute scrambles.
Kickoff And Request List
The kickoff sets roles, dates, and how requests will be tracked. Soon after, you’ll get a request list. Strong request lists stay specific: what file, which period, and what format works.
Open Items And Closing Meetings
Auditors track open items: missing files, unclear entries, exceptions found in samples. Review the list often during fieldwork. Close items quickly and label your responses clearly, so the same question doesn’t come back.
Draft Report And Final Report
Near the end, the auditor drafts conclusions. In financial statement audits, report format and required elements are controlled by standards. For U.S. public companies, PCAOB standards set what an auditor’s report must contain, including required statements under AS 3101: The Auditor’s Report.
What You Can Do To Make An Audit Easier
You can’t control whether you get audited. You can control how smooth your response is. The best prep is boring work done early.
Keep A Clean Trail From Source To Summary
If you show a revenue total, be ready to trace it back to invoices, contracts, and deposits. If you show an expense, be ready to tie it to a vendor bill, approval, and proof of payment.
Use One Owner For Requests
Pick one person to route requests and track status. They don’t have to create every file. They should know who owns each system and where documents live.
Send Files With Tiny Notes
When you send a spreadsheet or a PDF, add a one-line note: what it is, what period it covers, and where totals connect. That single line saves rounds of email.
Documents Auditors Commonly Request
Requests vary by audit type, yet these categories show up again and again. If you prep these folders early, you’ll move faster once fieldwork starts.
| Area | Documents | What It Helps Show |
|---|---|---|
| Cash | Bank statements, reconciliations, deposit detail | Balances exist and tie to records |
| Revenue | Invoices, contracts, shipping logs, sales reports | Sales are real and recorded in the right period |
| Expenses | Vendor bills, approvals, receipts, expense reports | Costs are business-related and documented |
| Payroll | Payroll registers, timesheets, tax filings | Pay is authorized and taxes are handled |
| Inventory | Count sheets, valuation method, purchase records | Inventory exists and valuation is reasonable |
| Debt | Loan agreements, amortization schedules | Terms and balances are accurate |
| Equity And Ownership | Cap table, minutes, distributions | Ownership and related entries are correct |
| Taxes | Returns, workpapers, notices, payment proof | Positions are documented and payments match |
What The Final Report Means
The report is the end product. It states what was audited, which standards were used, and what the auditor concluded. In a financial statement audit, the report is written for users of the statements, not just for management.
Common Conclusions
- Clean opinion: The auditor didn’t find material misstatements based on the work performed.
- Modified opinion: The auditor found a material issue, or couldn’t get enough evidence for one area.
- Disclaimer: The auditor couldn’t complete the work in a way that backs an opinion.
Government audits often follow Government Auditing Standards, sometimes called the Yellow Book. These standards cover ethics, independence, quality controls, and reporting expectations for audits of government entities and award recipients, as described by GAO’s Yellow Book.
How Standards Shape The Work
Standards define how auditors plan work, document evidence, and write conclusions. In many countries, International Standards on Auditing guide financial statement audits, collected by the IAASB.
If you want to see how those standards are organized, the IAASB 2025 handbook is the official collection.
When You Disagree With A Finding
Disagreement happens. The cleanest response separates facts from judgment. Start by checking whether the auditor’s understanding of the process and documents is correct. Then answer with proof, not opinion.
Ask For The Exact Standard
When a finding refers to a rule, ask the auditor to name it and show how it applies. That narrows the debate and points you to the right files.
Checklist Before Fieldwork Starts
- Confirm scope, dates, and contact list.
- Set up one shared tracker for requests and due dates.
- Prep core folders: bank, revenue, expenses, payroll, tax, legal.
Once you understand the phases and the evidence standard, audits feel less like chaos and more like a structured review.
References & Sources
- Internal Revenue Service (IRS).“IRS audits.”Explains notice, selection, process steps, and options during a U.S. federal tax audit.
- Public Company Accounting Oversight Board (PCAOB).“AS 3101: The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion.”Lists required content and structure for the auditor’s report in PCAOB audits.
- U.S. Government Accountability Office (GAO).“Yellow Book: Government Auditing Standards.”Overview of standards used for audits of government entities and recipients of government awards.
- International Auditing and Assurance Standards Board (IAASB).“2025 Handbook of International Quality Management, Auditing, Review, Other Assurance, and Related Services Pronouncements.”Official collection of International Standards on Auditing and related pronouncements.