Financial audit (known as external audit, commercial audit or audit of financial statement) can be defined as a sys-tematic and independent examination of data, statements, records, operations and performances (financial) of an enterprise for a stated purpose. In any auditing the auditor perceives and recognizes the propositions before him for examination, collects and evaluates evidence, and on this basis formulates his judgment which is communicated through his audit report.
An audit involves performing procedures to obtain evidence about the amounts and disclosures in the financial statements. Selected procedures depend on the auditor’s judgement, including the assessment of the risks of material misstatement of financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal controls relevant to the entity’s preparation and fair presentation of the financial statements,. in order to design audit procedures that are appropriate in the circumstances. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by the management of the client, as well as evaluating the overall presentation of the financial statements. The evidence obtained should be sufficient and appropriate to provide a basis for the audit opinion. At the end of the audit, the auditor expresses an opinion whether financial statements present fairly, in all material aspects, the financial position of the client at the balance date, its financial performance and cash flows for the period than ended in accordance to the financial reporting standards (international or local) .
It is essential that auditors (companies and individuals) are completely independent from their clients.
Regular annual statutory audit
In accordance with the Law on Auditing (NN 146/05, 139/08 i 144/12) and Accounting Act (NN107/09) the obliga-tion of an statutory audit have big, middle, listed, special companies as well as companies with more than 30 mil. HRK income in the previous year.
Audit are conducted in accordance with International standards on Auditing which require from the auditor to comply with ethical requirements and plan and perform the audit to obtain reasonable assurance whether the financial statements are free form material misstatements.
Management is responsible for keeping accurate accounting records and for the preparation and fair presentation of financial statements in accordance with financial reporting standards (international or national), and for such internal control as management determines necessary to enable the preparation of the financial statement that are free from material misstatement, whether due to fraud or error.
The Audit is conducted in two phases:
Interim audit in the last quater of the current year
The main audit of financial statements in first quater of the following year.
Specific legal Audit
• Audit of the share capital or increase of capital in kind (material property, rights, profit and reserves) in ac-cordance with the Companies Act and tax regulations
• Audit of the appropriate severance pay in the process of squeeze-out of minority shareholders in accordance with Article 300 of the Companies Act
• Audit of Mergers and Acquisition in accordance with Companies Act
• Audit according to Law of financial operations and bankruptcy settlement
Many “daughter” companies must send reports to their “mother” companies abroad on the monthly basis. Although not being obliged to have a statutory audit, such companies do one, due to their mother requirement. Such reports are prepared according to the Group’s accounting and reporting rules.
In some cases, company owner wants to have an audit of his company’s financial statements in order to control it. Very often the banks require from their potential clients the audited financial statements in order to get a loan.
To obtain funds from EU or other funds, the expenditures of the project must be audited (in Croatia for example HAVC, Nacionalna zaklada). Most often such audits are „Upon agreed procedures“ and procedures to be performed are determined by the Fund or Institution providing funds.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal auditing is a catalyst for improving an organization’s governance, risk management and management controls by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.
The scope of internal auditing within an organization is broad and may involve topics such as an organization’s governance, risk management and management controls over: efficiency/effectiveness of operations (including safeguarding of assets), the reliability of financial and management reporting, and compliance with laws and regulations. Internal auditing may also involve conducting proactive fraud audits to identify potentially fraudulent acts; participating in fraud investigations under the direction of fraud investigation professionals, and conducting post investigation fraud audits to identify control breakdowns and establish financial loss.
Internal auditors are not responsible for the execution of company activities; they advise management and the Board of Directors (or similar oversight body) regarding how to better execute their responsibilities. As a result of their broad scope of involvement, internal auditors may have a variety of higher educational and professional backgrounds.
Forensic audit or fraud audit
In the recent years, the forensic audit (or the audit of fraud) unfortunately has become more and more popular as an instrument to manage the companies. The aim of fraud audit is to investigate anomalies and gather evidences that can be used as a base for criminal procedure. This type of audit can be initiated by the operating management in the case of doubts on employees. Or the initiator can be supervisory board or board of directors in a case of doubt on the operating management. This type of audits is performed by the audit companies specialised in forensics.
Information systems audit
Information system is a business system model which contain information overview of a company and contains data model, process model and executive model. Information models are complicated and contains a lot of components (hardware, software, life ware, data ware, orgware and netware) which all together makes business information system of a company.
Information system of a company is a system which collects, stores, keeps, process and delivers information which are connected to some company, so they could be available and useful for everyone who should use them, including board, management, employees, clients, government and all other users.
Information system audit is a process of collecting and evaluating evidences that can be established if the assets of firms information system is kept properly, data integrity is maintained, performance of efficient achievement of allocated goals, there is an efficient use of available resources and organization is complied with appropriate directives, rules or legal business conditions.
Some of usual information systems audits are: Operative system audit, software application audit, electronic data exchange audit, access control audit, network audit, database audit etc.
Some of procedures in information system audit are used in financial statement audit, internal audit, fraud audit or some other types of audit Information system audit is fit in as a part of standard audit. That type of information system audit with above mentioned elements can also be a special service focused principally on information system and information technologies aspect which results can be used by external and internal auditors apropos fraud auditors or other auditors.
Internal controls overview
Internal control system of one organization is consisted of politics, practices and procedures in order to achieve following goals: assets care, assurance of correctness and reliability of accounting data’s and information’s; efficiency growth of companies operations; measurement of compatibility with politics and procedures enacted by management.
Implementation and maintenance of the appropriate internal control system is management legal obligation in every company.
Internal controls are divided at Preventive, Detection and Corrective, PDC control model.
Preventive controls are passive techniques which are made to prevent creation of unwanted occurrences. Preventing a fraud before it comes into existence is costly more profitable than to detect and correct after it happens. Most of unwanted occurrences can be prevented in the beginning. Good example of quality preventive control is properly placed/designed screen/interface for customer data entry. Address, registration number, credit limit, limited overdraft or how many days is payments delay and value type are useful in order that some of basic data would not be dropped during entering a particular customer.
Detective controls are „second line of Defence“. That are procedures, techniques and devices placed in order to identify and detect unwanted occurrences which bypassed preventive controls. Detective controls detect misstatements comparing unwanted occurrences with established standards. When control detects deviation from standard, initiates a warning in order to pay attention on the problem. For example, customer’s order of 20 pieces of some product at the price of 10 HRK/piece, total amount is 2000 HRK. Before transaction process, detective control would summarise quantity and price and compare if it fits with total amount. In that case if misstatement occurs during entering of data it would be detected.
Corrective controls corrects problem which is detected with the help of detective controls. For any of the detected unwanted occurrence it can exist more than one corrective activity but the most correctly corrective action may not be always obvious. In the above example system assumes that the quantity and price are correct, that assumption may not have to be true. We know that problem exist but not what is the cause of it. Connecting corrective action with detected misstatement as automatic respond on the problem may occur to the wrong step so correcting misstatements should not take „good for granted“.
Due diligence” is a term used for a number of concepts, involving either an investigation of a business or person prior to signing a contract, or an act with a certain standard of care.
It can be a legal obligation, but the term will more commonly apply to voluntary investigations. A common example of due diligence in various industries is the process through which a potential buyer evaluates a target company or its assets for an acquisition.
Due diligence takes different forms depending on its purpose:
1. The examination of a potential target for merger, acquisition, privatization, or similar corporate finance transaction normally by a buyer. (This can include self-due diligence or “reverse due diligence”, i.e. an assessment of a company, usually by a third party on behalf of the company, prior to taking the company to market.)
2. A reasonable investigation focusing on material future matters.
3. An examination being achieved by asking certain key questions, including, how do we buy, how do we structure the acquisition, and how much do we pay?
4. An investigation of current practices of process and policies.
5. An examination aiming to make an acquisition decision via the principles of valuation and shareholder value analysis.
In business transactions, the due diligence process varies for different types of companies. The relevant areas of concern may include the financial, legal, labour, tax, IT, environment and market/commercial situation of the company. The auditor are mostly responsible for financial and tax due diligence, legal and management due diligence is provided mostly by a lawyer’s firm and other types of due diligence areas covers the investor mostly by himself.
Due diligence findings impact a number of aspects of the transaction including the purchase price, the representations and warranties negotiated in the transaction agreement, and the indemnification provided by the sellers.