There are several different types of audit that can affect a company, each of which tests a particular element of business. These include financial, government, compliance and IT. The audit guidelines will depend on both the type of audit, and whether it is a mandatory and legal audit or merely good practice.
The best known form of audit is a financial audit, which checks through a company's accounts. In many countries, publicly traded companies must have their accounts audited by an independent source: this helps keep stockholders informed and ensures a fair comparison between different companies. The audit guidelines do not simply cover whether the figures are accurate and correctly calculated. Instead, the guidelines also cover the assumptions used in preparing the accounts. Notable examples include how a company accounts for the depreciating value of an asset, and how it handles the difference between receiving or making payment for a sale, and the goods or services being delivered, particularly if payment and delivery fall into different accounting periods.
A government audit looks at whether a business meets the requirements to supply goods or services to a public body. Here, the audit guidelines vary, depending on the country and, in some cases, the specific body. The issues checked could include financial stability, quality of service, and whether the company has been involved in corruption. Some public bodies will also check a potential supplier's environmental record.
Compliance audit guidelines cover whichever laws and regulations apply to a company. Some will be specific to an industry sector, such as health and safety guidelines for a construction company. Others will apply to all companies in a particular country. These could include minimum wage laws, working conditions and equal opportunity legislation.
IT and security audits cover different elements of a company's computer systems. One aspect covered by an audit will be security: how protected a company's network is against attack, and what precautions are in place to prevent employees from misusing company data. Another key aspect is the reliability of the network, covering points such as whether it contains built-in redundancy so it can carry on working even if some machinery or system fails.