Audits are largely feared — or at least misunderstood — by many businesspeople. That’s a shame. Audits should be celebrated, and audit reports treasured. Audits provide reassurance that the information in financial statements is materially accurate, which is particularly useful if you’re a senior manager inside a company charged with stewarding the organization’s performance, a member of the board of directors or a shareholder or investor deciding whether to buy, hold or sell a company’s shares.

Anyone who relies on financial statements to make decisions ought to appreciate audits and, especially, a clear and precise audit report. An audit report falls short of being a seal of approval, but it’s as close as independent auditors are allowed to get. This guide lays out exactly what audit reports are and their different variations, to help business owners and managers value them and use them appropriately.

What Are Audit Reports?

An audit report is a document produced by an independent auditor, or audit firm, at the end of a financial audit. While there are other types of audits — such as tax, IT, operational, regulatory compliance or environmental, social and governance (ESG) audits — most times, when businesspeople refer to an audit report, they’re talking about a report from an independent, external auditor hired by a company to review its financial statements. The audit report is a summary of the auditor’s findings and an opinion on the accuracy of a company’s financial statements and their compliance with generally accepted accounting principles (GAAP) in the U.S. or international financial reporting standards (IFRS) outside the U.S.

Audit reports are prepared using specific guidelines and formats established by the American Institute of Certified Public Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). These standards are meant to ensure comparability of form and meaning among financial audit reports, which maximizes their utility for the report’s readers. Audit reports are delivered to a company’s board of directors or its audit committee and are attached to the financial statements wherever they are published or distributed, such as in annual reports and U.S. Securities and Exchange Commission (SEC) filings, or to potential lenders, partners and acquirers.

Key Takeaways

  • An audit report documents the results of an independent financial audit and provides an opinion on the fairness of the financial statements.
  • Professional accounting standards have been established to make audit reports comparable, useful and transparent.
  • Such standards build trust for internal and external stakeholders, who read them and apply their own judgment before making investment, lending and operational decisions.
  • An “unqualified” opinion is the best of the four types of audit opinions found in audit reports.
  • Using the right financial management technology improves the accuracy of financial statements, can reduce audit costs and may increase the chances of receiving an unqualified opinion.

Audit Reporting Explained

To understand the nature and limits of audit reports, it’s important to be aware of a few underlying points about audits. In the U.S., audits use specific guidelines from the AICPA called generally accepted auditing standards (GAAS). Public company audits have an added layer of requirements from the PCAOB, which also inspects audit firms, reviews a sample of their audits and enforces adherence. Audit firms that issue 100 or more audits per year are inspected annually; those that issue fewer than 100 are inspected every three years. These professional standards support audit consistency, reliability and quality.

Still, no audit guarantees that financial statements are perfect, and responsibility for the quality of the statements lies with company management, not auditors. Instead, the auditing standards endorse sampling and a concept called “materiality,” which boils down to ensuring that the financial statements are reasonably accurate and present a fair representation of a company’s financial position when taken as a whole. That’s as far as an audit opinion goes — so take that into account when reading an audit report.

Components of an Audit Report

A standard financial audit report is required to have a number of components. In the past, certified public accountants (CPAs) would memorize the parts of a standard audit report before taking the CPA exam. Audit reports have evolved over time — for example, due to the Sarbanes-Oxley Act of 2002 — becoming more transparent, useful and better reflecting the guidelines from AICPA, PCAOB and the International Standards on Auditing (ISA).

Let’s dig into the 10 components of a current audit report.

  1. Report Title

    The report title is at the very top of an audit report and is typically short and straightforward, such as “Report of Independent Auditors.” The word “independent” is particularly important because it helps to avoid any ambiguity about the auditor’s role and responsibility.

  2. Addressee

    The addressee is the party for whom the audit report was prepared. The addressee is usually the person or group that engaged the auditors, such as a company’s audit committee or the owner of the company. For public companies, the audit report is addressed to the company’s shareholders.

  3. The Opinion

    This section, the auditor’s opinion on the financial statements, is such a key part of the audit report that it was recently bumped up to the top of the document by auditing-standards setters. This is the place where an auditor states whether the financial statements are free of material misstatement. There are four types of opinions (described in detail later in this guide). The best opinion an auditor can give (or that a company can receive) is called an “unqualified” or “clean” opinion.

    The specific wording of each of the four types of opinions is standardized. Each includes the names of the financial statements audited (income statement, balance sheet, cash flow statement, etc.), the fiscal periods audited and the basis of accounting that was applied, such as GAAP or IFRS. The opinion relates only to the accuracy of the financial statements — it makes no comment or endorsement about whether to invest in the company or whether it is well run.

  4. The Basis of the Opinion

    This section provides context about how the auditor arrived at the opinion. It states the audit guidelines that were followed, such as GAAS or PCAOB, and gives a brief overview of what those entail. For example, the basis section reminds readers that certain examinations are done on a test basis and that management estimates were evaluated within the scope of the relevant accounting rules. Two other key parts of this section are the auditor’s assertion of independence from the company and a statement as to whether the auditor believes the evidence examined was sufficient to support their opinion.

  5. Critical Audit Matters

    This section is required for most public companies that are audited using PCAOB rules, but it is optional for private businesses. It’s meant to foster transparency and provide stakeholders with deeper insights into the most challenging, subjective or complex aspects of the audit. When present, this section describes any matters that auditors felt were important, as well as how they were addressed in the audit procedures. Critical audit matters — and their international “cousins,” key audit matters — are meant to give the audit report reader additional insight into unique items that are significant for that company in particular. Examples include items that involve significant judgment, estimates, high risk or are very complex. Inclusion of critical audit matters is not meant to undermine the overall audit opinion nor to suggest that the auditor specifically validated the critical matters. Audit report users can think of critical matters as “things to be aware of.”

  6. Management Responsibilities

    This section and the next aim to distinguish the responsibilities of the company’s management from those of the auditor. It is important to explicitly delineate management responsibilities to establish accountability and increase transparency for anyone who relies on the audit report. Typical responsibilities of management include:

    • Preparation and fair presentation of financial statements.

    • Accountability for maintaining adequate internal controls, such as three-way matching, to ensure data accuracy and to safeguard the company’s assets.

    • Disclosure of any known reasons for concern about the company’s ability to continue for the foreseeable future.

    However, in practice, auditors may sometimes choose to integrate these themes within other sections of the report, as in the example below.

  7. Auditor’s Responsibilities

    This section logically follows the management responsibilities section and outlines the auditor’s responsibilities related to the audit. It identifies the auditing standards that were applied (GAAS, PCAOB or ISA) and the scope and limitations of the audit procedures. It also explains the concepts of materiality and reasonable assurance, together with the risk of undetected fraud. It also describes the auditor’s responsibility to apply diligence and use professional skepticism when planning and executing the audit and when forming the opinion. Other typical auditor responsibilities include:

    • Using tests and sampling to examine the accuracy of both the account values and any qualitative disclosures in the financial statements and its notes.

    • Understanding the internal control environment and adjusting audit procedures accordingly.

    • Identifying areas that could raise doubt about the audited company’s ability to remain a viable business.

    • Evaluating the appropriate use and application of financial accounting standards.

    Similar to the treatment of “Management Responsibilities” (described above), auditors may sometimes choose to integrate the auditor’s responsibilities within other sections of the report.

  8. Signatures

    The auditing firm and the specific partner responsible for the engagement sign the audit report. This provides transparency, accountability and, in some jurisdictions, legal liability.

  9. Location

    The penultimate section of an audit report indicates the city and state where the audit report was issued. The location relates to the auditing firm that did the work, not the company being audited. This is especially helpful for establishing accountability when auditing firms have offices in multiple cities.

  10. Date

    The final line on an audit report is the issue date. The report date is important for two reasons. First, it shows the timeliness of the audit as compared to the fiscal period being audited. It is generally preferable for audited information to be as recent as possible. Second, the audit report date is the point at which the auditors are released from responsibility for any subsequent events that might impact the audited financial statements. Consider a scenario where an audit report is dated April 1, 2024, regarding the financial statements as of December 31, 2023. If the audited company had a significant event, like a fire destroying its primary factory, on February 28, 2024, the financial statements and audit opinion might be adjusted to include this material, subsequent event. However, if the fire occurred after the audit report date, say on April 10, 2024, the auditor would have no responsibility to update the audit. Readers should take note of how much time has passed since the audit report date.

4 Types of Auditor Opinions

While an unqualified opinion is the best of the four types of audit opinions, the other three are sometimes equally valuable to stakeholders. Keep in mind that auditors and company management are in constant communication during the course of an audit, so the audit opinion never comes as a surprise. In fact, any issues that arise during an audit are discussed with company management to ensure that the auditor has a proper understanding of the issue and to give the company an opportunity to make adjustments to resolve the issue prior to the end of the audit. Readers of audit reports can have confidence that company management is well aware of the audit opinion and the reasoning behind it.

  1. Clean report/unqualified opinion: An unqualified, or “clean,” opinion is the best outcome a company can get. It means that their financial statements fairly present, in all material respects, their financial position, results of operations and their cash flows, in conformance with GAAP or IFRS. Those who rely on financial statements generally feel most confident when they are accompanied by an unqualified audit opinion. It’s important to note that a clean opinion does not indicate that a company is a good investment or even financially healthy — it simply means that the financial statements are a fair indication of the facts.
  2. Qualified report/qualified opinion: A qualified opinion indicates that the financial statements are materially fair, except for a particular item. This is meant as a heads-up for financial statement readers that there was something worthy of an “asterisk” on the opinion. The item is described in the opinion, so the user can make their own determination on whether it is important to their personal decision-making. There can be several paragraphs explaining the nature of the qualification. Reasons for a qualified opinion include a company’s departure from GAAP for an item that does not cause the financial statements to become misleading; and scope limitations, where an auditor was unable to perform a specific procedure. A common reason for a qualified opinion is when there is substantial doubt about a company’s ability to continue as a going concern, and the company’s management has not disclosed that properly as part of their responsibilities. According to industry statistics, about one in five qualified opinions filed with the SEC in 2022 (for fiscal year 2021) was due to a going concern issue.
  3. Adverse audit report/adverse opinion: An adverse opinion is a serious situation and a red flag for anyone who relies on financial statements for decision making. When an auditor issues an adverse opinion, it means that one or more of the financial statements is not presented fairly in accordance with GAAP or IFRS. In other words, in the auditor’s judgment, the financial statements are inaccurate and misrepresent the company’s financial position, its profitability, its cash flows or all of the above. This does not indicate fraud, necessarily, but it is a warning that there are significant, distorting departures from GAAP or IFRS. The reasons for the adverse opinion must be described in significant detail in the body of the audit report, for transparency. Adverse opinions are uncommon, and related financial statements will not be accepted in SEC filings, such as an SEC Form 10-K.
  4. Disclaimer report/disclaimer of opinion: A disclaimer report is a different type of opinion from the previous three. A disclaimer of opinion means that the auditor has determined that they cannot express any opinion at all. Perhaps the auditor wasn’t able to complete the audit, or the audit scope was limited for some reason, and, as a result, the auditor lacks the ability to make an opinion. A disclaimed opinion is fundamentally different from an adverse opinion, since in an adverse opinion the auditor is able to form an opinion. A description of the reason for the disclaimed opinion is included in the audit report, but other report components can be omitted, since there is no opinion. In addition, the fourth component of the 10 previously defined is renamed, to “Basis for Disclaimer of Opinion.”

Other Types of Audits and Audit Reports

While financial audits are the best-known and most widely used type of audit, there are many others that companies may undertake. These are often performed to meet industry and regulatory requirements or for internal purposes. Like financial audits, there is typically an “audit report” prepared at the conclusion, although the form and substance of those reports can be quite varied. Examples of other types of audits include:

  • Tax audits are done by the IRS or other taxing agencies to verify the accuracy of information included on a tax filing, any amounts owed and/or tax payments.
  • Supply chain audits examine a company’s supply chain, from procurement all the way to customer fulfillment, to identify areas for improvement. A company’s internal audit team often performs these.
  • Inventory audits can be part of financial audits but are also performed separately in companies that have significant inventory. Inventory audits involve a physical counting of stock, used to support and reconcile inventory balances in the accounting data, as well as to identify inventory shrinkage.
  • ESG audits compare a company’s actual performance in areas involving environmental, social and governance versus stated objectives and the disclosures made to the public.

Example of an Auditor’s Report

Audit reports are included in a public company’s SEC Form 10-K and are searchable online through the SEC EDGAR database — a free online resource providing public access to official corporate filings, including financial statements. In addition, public and private companies typically post their annual reports, which also include the audit report, on their websites. The following example is Ernst & Young LLP’s audit report of General Motors Company for the year ended Dec. 31, 2023, as found in GM’s SEC Form 10-K.

Audit Report Example Taken From GM Regulatory Filing

infographic audit report brief
This audit report from GM’s SEC Form 10-K, dated Jan. 30, 2024, covers the fiscal year ended Dec. 31, 2023. All of the 10 components described earlier in this article are labeled for convenient identification.

Accounting Software Has the Paper Trails in Case of Audits

Most companies aim to attain an unqualified audit opinion. To do so, companies must start long before the auditors arrive by preparing precise accounting data, good internal controls and the creation of accurate financial statements. Automated software, such as NetSuite Financial Management, makes generating accurate financial statements that comply with GAAP, IFRS or other accounting standards easier and more efficient than almost any other approach. NetSuite’s drill-down feature saves time and effort for audit testing, and, because it’s cloud-based, auditors can spend less time on-site. Both of those capabilities can reduce audit fees. In addition, NetSuite software provides independent auditors with critical information about the system’s internal controls and supports electronic audit file formats.

Audits and audit reports give internal and external stakeholders the reassurance that a company’s financial statements fairly represent that company’s financial position, profitability and cash flows, which makes the statements more reliable for all kinds of decision-making. Understanding how to read an audit report and the extent and limits of the various audit opinions is vital, whether you’re a potential investor, lender, partner or a member of a company’s management team.

#1 Expense
Management
Software

Free Product Tour

Audit Report FAQs

What is the main purpose of the audit report?

The primary purpose of the audit report is to document and convey an independent auditor’s opinion on a company’s financial statements.

Who prepares/makes the audit report?

The independent auditor prepares the audit report. The audit firm and the individual partner responsible for the engagement sign it.

What is the main part of an audit report?

The main part of an audit report is the opinion. There are four possible opinions: unqualified, qualified, adverse or disclaimed. Unqualified is a clean audit opinion and is considered the most desirable. Qualified means that the financial statements are still materially correct, except for one or more items that will be discussed in the audit report. An adverse option means that the financial statements are misleading, which is an undesirable opinion. Disclaimed opinions mean there is no audit opinion; this happens when an auditor cannot sufficiently determine the accuracy of the financial statements one way or another.

What are the five contents of an audit report?

The number of components in an audit report varies depending on how they are counted. Five key contents are: the opinion, the basis for the opinion, critical audit matters, the signatures and the audit report date.