Audit questions can be divided into four main categories: preliminary, process-based, validation and risk. The primary purpose of an audit is to review the level of compliance with an organization's policies and any legal obligations. Although most people think of an audit in relation to financial statements, an audit can be conducted on any process that is documented and has transactions that can be reviewed. Auditing work is the most effective way to identify gaps in actual processing, to identify areas of risk within the operation and to provide assurances that proper procedures are being followed.
Preliminary audit questions are focused on gaining an understanding of the organizational structure, clients, suppliers and primary business operations. During this stage, common questions to the executive include areas of concern, any fraudulent or suspicious activity and the primary purpose of the audit. This information is essential in order for the auditor to determine what processes are included in the audit scope and whom to contact about access to the files.
During the preliminary phase of the audit, it is very common for the auditor to request access to the operations manual, copies of the companies policies and any documentation on the use of various systems or business processes. He or she will review this material for completeness, accuracy and overall quality. Using this information as the reference point, the auditor will create an audit plan that focuses on determining compliance with the stated procedures.
Process-based audit questions are directed at staff members who are responsible for completing the actual processes. For example, an accounts payable clerk will be asked if he or she has received any training on the company accounting policies, information system or accounting in general. The clerk might be asked to explain how he or she would process a request for payment that is more than a specific monetary value. Other questions might include month-end and year-end procedures, check security and payment schedules.
After the auditor has independently evaluated sample transactions, he or she will have questions based on the evidence collected. These questions are very specific, focusing on the specific transaction, and are used to resolve any questions about actual business practices. For example, if an expense reimbursement was processed with no signature from the employee's manager, the person who processed it would be asked to explain how this occurred. The answer provided is included in the audit file and final report.
Audit questions surrounding security of documents, materials and staff members are used to evaluate specific risks. Other questions used to highlight risk include staff members' receptiveness to instructions from superiors, the level of compliance with these instructions and the overall working environment. The level to which managers are involved in daily operations is another area of questions used to identify the level of risk.