The Savvy Director >> Weekly insights delivered to your inbox on Sunday mornings. Click here
Join Now Blog Courses ChatDPQ Login

The Director's Role in External Audit

build governance skills Mar 02, 2025

 

If you’ve served on a board for a year or more, you’ve probably lived through an external audit. It’s one of those governance fundamentals that you need to have a handle on to fulfill your director responsibilities.

Failing to exercise proper oversight over external audit has caused a lot of grief for boards in the past. You can help make sure your board doesn’t become one of them.

In a nutshell, an external audit involves an independent auditor reviewing an organization's financial statements to ensure accuracy and compliance. By providing an objective assessment of the organization's financial health and internal controls, the audit helps protect stakeholders’ interests.

There’s a lot more to it, so let’s explore this nuts-and-bolts topic.

 

What is External Audit?

An audit consists of evaluating subject matter with a view to expressing an opinion on whether it’s fairly presented. Although there are different types of audits, we’re focusing here on audits of an organization’s financial statements to provide assurance that management has presented a true and fair view of its financial performance and position.

Management prepares the financial statements — the formal record of an organization’s performance over a period of time and its position at a point in time — in accordance with accounting standards specific to the jurisdiction and type of entity. The standards are designed to provide consistency, transparency, reliability, and comparability.

The need for management’s financial statements to be audited by an independent auditor is a cornerstone of confidence in the world’s financial systems. The audit underpins the trust and obligation of stewardship between those who manage a company and those who need a true and fair view, i.e. owners and other stakeholders such as investors, creditors, and regulators.

And as a board director, an independent audit gives you an extra level of confidence that the organization you serve is doing things right.

 

Audits in Different Sectors

Do you even need an independent audit? Or would a more limited review be sufficient? (If you’re not sure about the difference between a review and an audit, click here.) The answer depends on your legal and regulatory environment and, in some cases, your bylaws. We’ve focused on audits here, but the same principles would apply to a review.

Audits vary depending on whether the organization being audited is a for-profit entity, a non-profit organization, or a government agency. The differences lie in the areas of focus, stakeholder needs, the regulatory environment, and the accounting standards.

For-Profit Organizations. In the case of a for-profit entity, the audit provides assurance to stakeholders — investors, creditors, and regulators — so they can make informed decisions about the organization. The focus is on profitability, cash flows, and compliance. Audits for publicly traded companies have special considerations and stringent requirements designed to protect investors and maintain the integrity of financial markets.

Non-Profits. For non-profits, the audit not only provides assurance about accuracy, but also that funds have been used in accordance with donor restrictions and the organization’s mission. The stakeholders include donors, grantors, regulatory bodies, and beneficiaries — all of whom are concerned about the proper use of resources and the organization’s ability to achieve its mission. The focus is on compliance with the requirements for tax-exempt status as well as donor restrictions and grant compliance.

Government Agencies. In the case of a governmental body, the audit provides assurance about compliance with laws, regulations, and policies specific to the public sector as well as financial statement accuracy. Stakeholders include taxpayers, government officials, and regulatory bodies concerned with the proper use of public funds and accountability. The focus is on budgetary and regulatory compliance, financial reporting accuracy, and internal controls.

 

Who Does What?

When it comes to an external audit, several parties share the responsibility for integrity and effectiveness.

  • The board holds ultimate responsibility for overseeing financial reporting and disclosure. In most cases, the board delegates the task of overseeing external audit to a committee, but in smaller organizations, the work may be performed by the full board.
  • Where an audit committee has been established, the external auditor reports to the board through the committee. The committee recommends the appointment of the external auditor, reviews the scope and results, and addresses issues raised by the auditors.
  • Management is responsible for preparing the financial statements. They provide the external auditors with the necessary information and access to conduct the audit.
  • The CFO oversees the preparation of the financial statements, acting as the primary liaison between management and the external auditors.
  • The external auditors provide an objective assessment of the financial statements. They conduct the audit, report their findings, and provide an opinion on the financial statements.

 

Appointing the Auditor

The auditor’s appointment is usually approved by the organization’s owners, shareholders, or members at the annual general meeting. The recommendation for the choice of audit firm comes from the board which, in most cases, relies on the audit committee to select a firm and recommend their appointment or re-appointment.

The committee also satisfies itself that the audit fee is competitive yet sufficient to ensure a proper audit, and monitors auditor independence.

Stakeholders need to be confident that the auditors can perform their work objectively, critically, and free from bias and undue influence. The longer a company works with the same auditors, the more their independence is called into question. To address this issue, a company may change audit firm every few years, or the firm may rotate the lead auditor every so often.

If you’re on the audit committee, make sure you’re aware of any regulations about maximum auditor tenure. Here are a few questions for you to ask:

  • How long has the audit firm been our external auditor?
  • How does the firm ensure the independence and objectivity of the audit team?
  • What are the firm’s plans for training and developing the audit team?
  • What are the firm’s plans for lead auditor rotation or other changes to the audit team?

 

The Audit Plan

Audit planning is crucial for an efficient and effective audit. The auditor assesses the risks that could affect the financial statements and decides on the nature, timing, and extent of audit procedures. The auditors then present their plan to the audit committee.

In reviewing the audit plan, you could ask questions such as:

  • How did you determine the key areas of focus?
  • What risks have you identified and how will you address them?
  • Is there anything missing from this plan that you would recommend?
  • What changes in accounting standards, regulations, or industry practices influenced your plan?

 

Conducting the Audit

The auditors gather evidence by testing controls, inspecting documents, tracking down source records, observing processes, and interviewing employees. Their work involves interacting with operational managers, senior executives, and internal audit.

The auditors have to apply professional judgement and skepticism when evaluating the evidence they’ve gathered. Their function requires them to challenge management’s assertions about the numbers and disclosures in the financial statements and to obtain third party confirmation when necessary.

 

The Audit Report

The auditors present their report to the audit committee. As a director, it’s crucial for you to understand the audit findings, implications, and recommendations contained in the report.

Here are some questions you could consider asking if the answers aren’t obvious from the report.

  • Were there any material misstatements, significant issues, or adjustments?
  • Were there any areas where you faced significant challenges or limitations?
  • How do our internal controls compare with industry best practices?
  • Are there any emerging risks or trends that the audit has highlighted?

 

The Auditor’s Opinion

The audit report includes an opinion on whether the financial statements present a true and fair view of the company's financial position and comply with relevant accounting standards. It’s an opinion — not a statement of fact or a guarantee.

Auditors use their experience, skill, and judgement to reach their opinion. They obtain reasonable assurance — not absolute assurance — about the accuracy of financial statements by testing selected financial records, but they don’t verify every single fact and detail.

There are four different types of auditor’s opinion:

  1. Unqualified opinion. This is a clean report without any adverse comments or disclaimers, indicating the auditors believe the financial statements comply with regulations and standards and are free from material misstatements.
  2. Qualified opinion. This indicates the auditors can’t confidently clear the financial statements, either because of material misstatement (a significant error or omission) or scope limitation (inability to obtain audit evidence.) A qualified opinion indicates there are issues that need to be addressed.
  3. Disclaimer of opinion. This means the auditors will not provide an opinion on the financial statements because they couldn’t conduct a thorough audit, get satisfactory explanations, or decipher the nature of some transactions, or they weren’t allowed to observe operational procedures. A disclaimer of opinion creates a very negative image.
  4. Adverse opinion. This is a big red flag that indicates the financial statements weren’t prepared according to accounting standards, contain gross misstatements, and have the potential for fraud. Investors and creditors take an adverse opinion very seriously and will refuse to do business with the company.

 

Meeting with the Auditors without Management Present

After the audit report, the committee should meet with the auditors without management present. This allows them to speak candidly about any concerns they may have about management. During this session, you could ask questions such as:

  • Was management cooperative and transparent throughout the audit?
  • Did you identify any concerns about the integrity or competence of management?
  • Did you encounter any resistance or difficulties in obtaining the necessary information?
  • Were there any significant disagreements with management?
  • Are there any areas where you believe management's judgments or estimates are overly aggressive or conservative?
  • Did you identify any instances of suspected fraud involving management or employees?

Any indication that management wasn’t cooperative during the audit is a serious concern that warrants immediate attention. Potential follow-up questions include:

  • How did non-cooperation impact the audit process and the financial statements?
  • How did management explain the reasons for the lack of cooperation?
  • What actions do you recommend to ensure cooperation in the future?
  • How should we communicate the issue and our response to stakeholders?

 

Assessing the External Auditor

If you’re on the audit committee, your work isn’t done until you’ve performed an assessment of the auditor. Since an audit involves many people, make sure your assessment is based on opinions from across the business at every level, including the CEO, the CFO, finance departmental staff, internal audit, and others.

There are tools to help you, such as this one from the Chartered Professional Accountants of Canada which allows you to assess factors such as auditor independence and objectivity, quality of the engagement team, and communications and interactions.

 

Your takeaways:

  • An external audit involves an independent auditor reviewing an organization's financial statements to ensure they present a true and fair view of its financial performance and position.
  • Audits vary depending on whether the organization is a for-profit entity, a non-profit organization, or a government agency.
  • The audit committee oversees the external audit process on behalf of the board of directors.
  • The auditor’s opinion isn’t a statement of fact or a guarantee.
  • After reviewing the audit report, the audit committee should meet with the auditors without management present.

 

Resources:

 

Thank you.

Scott

Scott Baldwin is a certified corporate director (ICD.D) and co-founder of DirectorPrep.com – an online membership with practical tools for board directors who choose a growth mindset.

 

We Value Your Feedback: Share your suggestions for future Savvy Director topics.

 

Comment

Filter by Topic

All Topics

ask great questions

build governance skills

collaborate with others

demonstrate courage

prepare for meetings

think independently

your governance journey

Recent posts

The Director's Role in External Audit
Speak Up and Get Results
Navigating Disruption Risk

Scott Baldwin, ICD.D

Co-founder | Director

Scott has served on boards and provided governance advisory services to boards since 2001. Private company, nonprofit and government agency boards have been his focus. He is now leveraging that expertise with his own director work while helping directors prepare for their board role so they can collaborate, contribute and influence decisions.

Close

Welcome to the Savvy Director Blog

Stay connected with our weekly posts about what it takes to be a savvy board director