|Version 1.0 Alpha
An independent assessment of an activity, reported to an activity stakeholder independent of the management of the activity. The subject of the audit can be a statement or a report, rather than an activity, as in the case of a financial statement.
Read more about ‘audit’ as understood for this series
|There are many different definitions for ‘audit’ in different contexts.
A board sub-committee or equivalent enterprise governance committee with at least some non-executive members. The audit committee represents the board or the external stakeholder community for audit responsibilities. One enterprise audit committee usually deals with both external and internal audit functions, and often also with other governance functions such as ‘risk’ or ‘compliance’.
Chief Audit Executive (CAE)
Within an organisation structure, the highest executive manager with responsibilities for the audit function. The CAE carries out and oversees activities undertaken for the audit committee, between meetings. The CAE is directly accountable to the audit committee, and usually provides secretariat services. The CAE has a special responsibility to ensure the independence of the audit functions from executive management, and has special reporting responsibilities to the audit committee. The CAE is almost necessarily the line executive for the internal audit function. It is possible for CAE functions to be performed outside of the organisation structure, by a service firm is engaged directly by the audit committee or board.
Staff or external consulting organisation that undertakes audits, forms audit opinions and writes audit reports. Auditors are subject to strict rules to ensure independence from enterprise management or other improper influences, and other professional standards.
|Rules and standards do not apply automatically when a person is designated as ‘auditor’. The rules need to be brought into effect through terms of engagement and organisation policies.
An auditor or audit firm engaged to report publicly to investors, regulators, or other stakeholders independent of the enterprise Board. External audits cannot be performed by enterprise staff. External auditors are appointed by, or on behalf of, the external stakeholder. They cannot be terminated or replaced without the knowledge (and ultimate consent) of the external stakeholder.
An auditor directed by the audit committee or board (under formal protocols). The audit committee controls the work program of internal audit. The internal auditor may be a consultant from outside the enterprise, or staff within the enterprise.
Finding (audit finding)
A deficiency in organisation activity identified in an audit, that is, an audit conclusion that the activity does not meet a criterion applied by the audit in some respect. The deficiency can be relative to a broad range of (audit) criteria.
|There can also be positive ‘findings’, representing an audit conclusion that organisation activity meets or exceeds an audit criterion. Negative findings can be seen as an exception or qualification to an ‘assurance’ or otherwise positive audit conclusion.
Recommendation (audit recommendation)
Management actions proposed by an audit to resolve a negative ‘finding’. In principle, a recommendation could follow a positive ‘finding’ along the lines of ‘continue with practices X, Y and Z’.
The actual status and life-cycle of an audit recommendation is far more subtle, as explained in this series.
|Monitoring of the implementation of recommendations made in audits, after primary audit reporting is complete. Typically, but not necessarily, tracking is performed by the Chief Audit Executive on behalf of the audit committee. Tracking can also be performed by the auditors directly, without involving any Chief Audit Executive.
Client (audit client)
The term ‘audit client’ can refer either to the part of enterprise management subject to an audit (also called an auditee), or to the ultimate recipients of the audit report (the audit committee, board, or external stakeholders). These two meanings of ‘client’ are separate and unrelated. The two meanings of ‘audit client’ cause confusion almost immediately, so the term ‘client’ is best avoided entirely in the audit world. (Consulting firms acting as auditors will continue to use the word ‘client’ in their own way.)