In the world of accountancy, to audit is to give an opinion on the truth and fairness of a set of financial statements. To reach this opinion, the auditor must examine the financial statements, the working papers used to prepare them, for every probable kind of error, whether caused by negligence, or fraud, or anything else.
An audits provides "reasonable assurance" of "truth and fairness". This is not to say that the financial statements are completely correct, or that there are no errors. What auditors say is that the statements are free from "material errors". It would be too costly in terms of time and energy to ensure the statements are completely correct.
So what auditors mean when they say the statements are true and fair is that from the point of view of a shareholder, reading the company's balance sheet, or profit and loss account will give them the right idea of the companies performance. If you have a company with a 100 million a year turnover, it does not matter if the sales have been miss-quoted by a few thousand here or there. From the point of view of the shareholder, that would not affect their decision of whether or not to invest in the company.
An error which does affect such a person's opinion is referred to as “material”. This is usually seen as being something which adds up to 0.5% of turnover (sales), or 1% of gross assets, or 5% of net profits. However, this is not set in stone. Some items are more material than others by there very nature. Shareholders are very sensitive about certain kinds of errors. In the case of director's remuneration, they want to know for absolute certain how much the directors are being paid – no one wants to invest in a company if the directors are swindling money. Similarly, in the case of related party transitions, materiality is zero – if a director is arranging dodgy looking sales to his brother in law at mysteriously low prices, the shareholders will want to know.
So auditors go through a process of checking figures, where they come from, and how they were put together, to reach a conclusion as to whether they are reliable sources of information for shareholders to use. To do this they use substantive testing and the testing of controls.
For example, to check if the figure for sales is accurate, they will take a sample of sales invoices, and check them against the aged debtors listing. This should show that the sale actually took place, and the customer paid for it. They might also check the inventory listings, to see if the goods actually left the warehouse to go to the customer, and they might look at the minutes of directors meetings to see if there was any discussion of complaints from customers of goods not being delivered.
Furthermore, they may look at the controls the company has in place to make sure mistakes are not made in preparing statements. For example, to be sure that the assets figure in the balance sheet is correct, the auditor will want to know that all the goods the company says are in the warehouse are really there. The auditor will not want to waste a lot of time counting all the stock in the warehouse. So he will want to be certain that the companies own staff have been doing regular stock counts, in a reliable way, so when they say what goods are in the warehouse, they are in a position to know. The auditor will also want to know that there are good physical barriers to protect goods from theft, so he may check to make sure the warehouse has a lock on it.
You may have noticed two things. One, the auditor does not check every single figure and count every item of inventory, but rather checks samples and makes assumptions based on the probability of things being okay. Auditing is a kind of risk management – and this is why we say the auditor only provides “reasonable assurance”, i.e. that everything is probably okay.
The second is how open to fraud everything is. The auditor is not going to call up a customer, and investigate if they are a real person the company is dealing with. They may ask to see the ownership documentation of a warehouse or a machine, but they are not going to bring in an expert in forgery to make sure it is genuine. They are not going to ask for every employees birth certificate. As the saying goes, they are watch dogs, not blood hounds. Auditors are there to look for material errors in financial statements, they are not criminal investigators. They are not experts in looking for fraud, and the chances are, if a manager or finance director has half a brain, he will be smart enough to hide any mischief he is making from the auditors.
So, what use is an audit? The audit is really a minimal requirement to prevent companies from mucking around in a way so obvious as to attract the public's outrage. It gives the shareholders a least a minimum of protection from unscrupulous managers.
In terms of the assurance the audit provides – the auditors do not promise the figures are correct. They only promise that they have done their work properly. So let us say our imaginary company goes bust 3 months after its audit. All hell breaks loose, and the shareholders find that the financial statements the auditors told them were okay were actually a load of rubbish. The shareholders promptly take the auditors to courts, but they can only sue the auditors if they can show that the auditors did not do their work properly, which is usually a very difficult thing to show, as there are very few groups of people in the world more pedantic than auditors.