An audit is simply an ex post facto investigation of prior events, as recorded in documents collected during the audit process. Thus, recordkeeping is an indispensable requirement for conducting an audit.

Audit Levels
Auditing comes at different levels, as any certified public accountant will tell. A review of records presented by a party is not the same as an independent verification of the accuracy of the records by statistical sampling and verification of selected issues.

Audits of Suppliers
Enterprise customers need to be able to audit their suppliers for matters that relate to their own recordkeeping and audits. In addition, the enterprise customer may wish to audit the manner of performance to verify compliance with agreed policies and procedures. Finally, regulatory audits of an enterprise customer should be expected to include audits of their service providers.

Contrast with Other Forms of Verification
Audits can be distinguished from other forms of verification.

  • A benchmarking study is, in a sense, the opposite of an audit, since it reviews records of third parties in comparison to those of the service provider.
  • In litigation, verification of records is essential to preserving evidentiary integrity and to avoid imposition of evidentiary sanctions.
  • A disaster recovery operation focuses on data restoration, not on verification of accuracy of the restored data. However, the accuracy of such data is critical to the operations, so audits of the disaster plans and business continuity procedures may help ensure the integrity of data after a disaster.