An audit is a formal review of records, finances, or operations to verify that everything is accurate, complete, and follows the rules. The term shows up in several contexts: the IRS auditing your tax return, an accounting firm auditing a company’s financial statements, or an organization’s own team reviewing internal processes. While the specifics differ, every audit shares the same core idea: an independent set of eyes checks the work to make sure the numbers add up and the rules were followed.
Tax Audits
When most people hear “audit,” they think of the IRS. A tax audit is a review of your tax return to confirm that the income, deductions, and credits you reported are accurate. The IRS selects returns for audit using a few methods. One is computer screening, where your return is compared against statistical norms for similar returns. If your numbers fall outside those norms, your return gets flagged. The IRS also selects returns through related examinations, meaning your return might be pulled because a business partner, investor, or other connected taxpayer is already being audited.
Tax audits come in three forms. A mail audit (also called a correspondence audit) is the most common and least invasive. The IRS sends a letter asking you to provide documentation for specific items on your return, like a deduction or a source of income. You respond by mail, and the issue is often resolved without ever speaking to someone in person. An office audit requires you to visit an IRS office with your records for an in-person interview. A field audit is the most thorough: an IRS agent comes to your home, business, or accountant’s office to examine your records directly. Field audits are typically reserved for more complex returns, such as those involving business income or large amounts of money.
Financial Statement Audits
Public companies are required to have their financial statements audited annually by an independent accounting firm. The purpose is to give investors, shareholders, and regulators confidence that the company’s reported numbers are trustworthy. The auditing firm must be registered with the Public Company Accounting Oversight Board (PCAOB) and must be independent from the company it’s auditing, meaning the firm has no financial ties or conflicts of interest that could compromise its objectivity.
During a financial statement audit, auditors assess whether the company’s financial statements are free of material misstatement. “Material” means significant enough that it could change an investor’s decision. The auditors test samples of transactions and records, evaluate the accounting methods the company used, review significant estimates made by management, and assess the overall presentation of the financial statements. The goal is not to check every single transaction but to gather enough evidence to form a reasonable conclusion about whether the financial picture is accurate.
Audit Opinions: What the Results Mean
At the end of a financial statement audit, the auditing firm issues a formal opinion. There are four possible outcomes, and each one tells investors something different about the reliability of the company’s financial reports.
- Unqualified opinion (clean opinion): The financial statements are presented fairly and follow accepted accounting standards. This is the best result a company can receive and the one investors want to see.
- Qualified opinion: The financial statements are mostly accurate, but there’s a specific issue or area where they don’t fully comply with accounting standards. Think of it as a passing grade with a footnote.
- Adverse opinion: The financial statements do not accurately represent the company’s financial position. This is a serious red flag and is rare among publicly traded companies because of the consequences it triggers with regulators and investors.
- Disclaimer of opinion: The auditor couldn’t gather enough evidence to form any opinion at all. This might happen if the company restricted access to records or if the scope of the audit was too limited to draw conclusions.
Internal vs. External Audits
External audits are performed by independent outside firms. Their primary job is to give an impartial opinion on the accuracy of financial statements, and they report their findings to shareholders and the board of directors through an audit committee. External audits typically happen once a year and focus specifically on financial records and compliance with accounting standards and laws.
Internal audits are conducted by a company’s own audit team. Rather than just verifying financial accuracy, internal auditors have a broader scope: they assess business practices, risk management, internal controls, and operational efficiency throughout the year. Their findings go to senior management and the board’s audit committee, with the focus on identifying weaknesses and recommending improvements. A company might use internal audits to spot inefficiencies in a supply chain, evaluate whether employees are following procurement policies, or test whether cybersecurity controls are working as intended.
How the Audit Process Works
Whether it’s a tax audit, a financial statement audit, or an internal review, audits generally follow four phases.
Planning. The audit begins with notification. In a tax audit, the IRS sends you a letter explaining what’s being reviewed. In a corporate audit, the audit team sends a notification letter to the relevant department or executive. An entrance meeting may follow, where the auditors explain the objective, scope, timeline, and methodology. This meeting sets expectations for what the auditors will need and how long the process will take.
Fieldwork. This is the core of the audit, where the actual examination happens. Auditors review documents, test transactions, verify records, and assess whether internal controls are working properly. For a tax audit, this might mean reviewing receipts and bank statements. For a financial statement audit, it involves sampling transactions, tracing numbers back to source documents, and evaluating how the organization recorded its accounting entries. Throughout fieldwork, the auditors typically keep the people being audited informed through regular updates or status meetings.
Reporting. After fieldwork, the auditors prepare a draft report summarizing what they found. In many settings, the draft goes first to the manager or executive responsible for the audited area, giving them a chance to review the findings and respond. If the audit includes recommendations, the audited party is usually asked to provide a corrective action plan with specific steps, responsible parties, and target dates. An exit meeting resolves any remaining questions or disagreements before the final report is issued.
Follow-up. Audits don’t end with the report. Auditors circle back later to check whether the recommended corrective actions were actually implemented and whether they’re producing the expected results. For a tax audit, follow-up might mean the IRS adjusting your tax bill and confirming payment. For an internal audit, it means verifying that the process changes or controls the company committed to are now in place.
Other Types of Audits
Beyond taxes and financial statements, audits happen across many industries and contexts. Compliance audits check whether an organization is following specific laws, regulations, or industry standards. An environmental audit reviews a company’s compliance with pollution limits and waste disposal rules. IT audits examine an organization’s technology infrastructure, data security, and system controls. Operational audits focus on efficiency, looking at whether resources are being used effectively and whether processes could be streamlined.
In each case, the fundamental structure is the same: an independent reviewer examines evidence, compares it against a set of standards or expectations, and reports on whether those standards are being met. The specifics change depending on what’s being audited, but the purpose is always accountability and accuracy.