Businesses worldwide are rapidly automating their operations with cloud-based technologies and people working remotely. This trend is driving a need for delivering assurance on integrity and internal controls. Hence, it is increasingly vital for organisations to expand audits to demonstrate transparency and gain trust. Let us take a closer look at the basics of the audit industry.

What is an Audit?

According to Merriam-Webster, an audit is a formal examination of an organisation’s or individual's accounts or financial situation. It is also defined as a methodical examination and review of any business process. Audits are also referred to as independent assessments, examinations, or reviews. Enterprises rely on independent audits as a mechanism to deliver assurance on the integrity of their processes.

Audit firms and their clients engage in a mix of outsourcing, insourcing or co-sourcing services. A typical audit firm-client engagement is an annual or audit-specific contract.

What are the types of audits?

An audit can be performed on any financial, operational, technology, security, or regulatory process. It involves an in-depth examination of the business operations to determine compliance to standards, best practices, regulations, internal policies, behavioural practices, environmental impact, financials, etc.

The audit types evolve with time as the business landscape evolves and adapts to innovation. Financial audits, ISO, SOC2 and HIPAA, are examples of popular audits across industry verticals. Recently, Vulnerability Assessment and Penetration Testing (VAPT) and DevSecOps have gained prominence and use automated scanning tools, human-led testing or red team operations. New types of audits are expected to evolve rapidly with the adoption of Environment, Social and Governance (ESG) standards, machine learning, natural language processing, computer vision, augmented and virtual reality.

Ecosystem participants

Audits participants include:

  1. Auditors (independent experts - internal teams, external vendors or government agencies).
  2. An auditee is an organisation, a business unit or an individual being evaluated/assessed.
  3. An audit service provider is a professional or an organisation helping the auditee in an audit.

The audit process

The audit is a collaborative process with multiple phases.


  1. Planning: Auditees identify business processes to be examined, engage auditors, schedule audits and assign internal responsibilities. Internal risk assessments are inputs to audit planning.
  2. Information requests and delivery: Auditors submit requests for data to their auditees.
  3. Examination and communication: Auditors examine the received information and perform due diligence, including physical onsite verification as required.
  4. Audit findings and Remediation: Auditors identify gaps and provide recommendations. Auditees provide remediation plans. The auditors submit the final audit report to close an audit.
  5. Audit Committee Reporting: Auditors and auditees continue to periodically review status updates, audit plan and risks of open audit findings.

This process takes many months and requires collaboration between business units in multiple firms. Auditors may need to travel to customer sites for physical examination. To communicate and share information, they use a combination of emails, document sharing tools, multiple technology solutions with limited coverage of some segments of the workflow and labour-intensive manual processes.

How does the industry work?

Audit firms offer multiple services to their clients (auditees).

  1. Perform independent audits.
  2. Provide services to help them get ready for an audit or assessment.

Audit firms and their clients engage in a mix of outsourcing, insourcing or co-sourcing services. A typical audit firm-client engagement is an annual or audit-specific contract. An audit is a project, and it is closed when auditors deliver the final audit report. Accounting and consulting firms are service providers, while clients have internal teams to manage audits. To minimise the fines and reputation risk in external audits, clients engage internal audit teams of independent experts or vendors providing audit services.

The Global Audit market


Auditing services are a highly concentrated and regulated industry. Worldwide Auditing Services is estimated at $217.7B in 2020 and is projected to reach $287.2B by 2027. The US market represents 28.8% ($62.8B) of the global audit services market.


The Big 4 audit firms represent 26% ($57B) of global revenue which is 37% of their total global revenue ($153B). The table shows the audit firm market share among Russell 3000 companies.

Audit Firms
Size (# of clients, Annual Revenue)
Big 4
1,040 ($33B)
Top 20
1,651 ($15B)
Large Regionals
300 ($5B)
Regionals and Small Accounting firms
25,000+ ($9B)
Government and Public Business
5000+ ($30B)

Conclusion

The audit firms need to expand their service offerings and collaborate more effectively with auditees to reduce labour-intensive manual processes. They need to internally adopt the emerging technologies and transition from delivering audit reports to real-time assurance to clients in the age of remotely working staff and clients.