Audit types

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Audit types

    This guide outlines various audit types, each serving a distinct purpose within audit engagements. Understanding these audit types helps organizations ensure compliance, enhance operational efficiency, and maintain robust controls across different business areas.

    Show full answer Show less

    Key Audit Types and Their Purposes

    • Internal Audit: Evaluates a company's internal controls, corporate governance, and accounting processes to ensure organizational integrity.
    • External Audit: Conducted independently to examine the accuracy of an organization’s financial statements.
    • SOX Audit: Measures compliance with Sarbanes-Oxley requirements, focusing on internal controls related to financial data management.
    • IT Audit: Reviews IT infrastructure, policies, and operations to assess effectiveness and adherence to standards.
    • Financial Audit: Provides assurance on the accuracy and completeness of financial reports for stakeholders such as regulators and investors.
    • Compliance Audit: Verifies adherence to external laws, regulations, and internal policies.
    • Certification Audit: Confirms conformance to standards such as ISO 9001 prior to certification issuance.
    • Regulatory Audit: Ensures projects comply with relevant regulations and standards.
    • Operational Audit: Examines business operations to identify opportunities for increased efficiency and effectiveness.
    • Continuous Audit: Employs technology to perform ongoing review of accounting, risk, compliance, IT systems, and business processes in real time.
    • Vendor Audit: Assesses vendors’ compliance with contract terms and conditions objectively.
    • Customer Audit: Reviews customer perceptions and needs to evaluate the company’s role in customers’ businesses.
    • Store Audit: Analyzes retail locations using data to determine what is successful or needs improvement.
    • Quality Audit: Systematic evaluation of quality systems conducted by internal or external auditors.
    • Project Audit: Formal review of project management adherence, typically conducted by audit departments or external auditors.

    Application for ServiceNow Customers

    ServiceNow customers can leverage this taxonomy to map audit requirements across their enterprise processes, IT systems, compliance frameworks, and operational activities. Understanding these audit types enables precise configuration of audit workflows within ServiceNow, supports compliance monitoring, and helps automate continuous auditing through integrated IT audits.

    There are many types of audits and each of the audit types has a specific use in an audit engagement.

    Audit Type Description
    Internal Audit An internal audit checks a company's internal controls, corporate governance, and accounting processes.
    External Audit An external audit is an independent examination of the financial statements prepared by the organisation.
    SOX Audit A Sarbanes Oxley (SOX) compliance audit is a measure of how well your company manages its internal controls. While SOX doesn't specifically mention information security, for practical purposes, an internal control is understood to be any type of protocol dealing with the infrastructure that handles your financial data.
    IT Audit An IT audit is the examination and evaluation of an organization's information technology infrastructure, policies and operations.
    Financial Audit A financial audit is an independent, objective evaluation of an organization's financial reports and financial reporting processes. The primary purpose for financial audits is to give regulators, investors, directors, and managers reasonable assurance that financial statements are accurate and complete.
    Compliance Audit A compliance audit is an independent evaluation to ensure that an organization is following external laws, rules, and regulations or internal guidelines, such as corporate bylaws, controls, and policies and procedures.
    Certification Audit A certification audit is an audit your registrar conducts to verify conformance against the ISO 9001 standard before they issue your official ISO 9001 certificate.
    Regulatory Audit The aim of a regulatory audit is to verify that a project is compliant with regulations and standards.
    Operational Audit An operational audit is an examination of the manner in which an organization conducts business, with the objective of pointing out improvements that will increase its efficiency and effectiveness.
    Continuous Audit A continuous audit is an internal process that examines accounting practices, risk controls, compliance, information technology systems, and business procedures on an ongoing basis. Continuous audits are usually technology-driven and designed to automate error checking and data verification in real-time.
    Vendor Audit A vendor audit is performed for a company that aims to attain an objective assessment of its contractors' or vendors' compliance to the terms, conditions and intent of the contracts or agreements between two entities.
    Customer Audit A customer audit is a detailed review of how your company is perceived by its customers, a review of each customer's needs, and an evaluation of the role your company is playing in each of your customer's businesses.
    Store Audit A store audit assesses the health of your retail location using hard data. Retailers, staff, or a third party combs through your store or pop-up shop to collect information on what's working and what's selling or what isn't.
    Quality Audit A Quality audit is the process of systematic examination of a quality system carried out by an internal or external quality auditor or an audit team.
    Project Audit A project audit is a formal review of a project, often intended to assess the extent to which project management standards are being upheld. Audits are generally carried out by a specially designated audit department, the Project Management Office, an approved management committee or an external auditor.