7 Essential Types of Audit Procedures Explained

Audit procedures form the backbone of every high-quality audit. The various types of audit procedures determine how auditors gather evidence, assess risks, validate management’s assertions, and ultimately reach their opinion on the financial statements. 

In an environment where stakeholders expect speed, accuracy, and transparency, understanding these foundational audit techniques – and how they align with Public Company Accounting Oversight Board (PCAOB) standards – is crucial. What’s applicable here generally aligns with the UK’s Financial Reporting Council (FRC) requirements. 

This article breaks down the seven essential types of audit procedures, explains how standards support and govern their use, and highlights how AI and automation are elevating traditional audit work without replacing the professional judgment auditors rely on.

What the standards say about audit evidence and audit test types

The PCAOB defines audit evidence in AS 1105 (Audit Evidence):

“Audit evidence is all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor’s opinion is based.” (AS 1105)

A similar principle appears in the UK’s auditing standards. ISA (UK) 500, Audit Evidence, states:

“The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence.”

Audit evidence must be both sufficient and appropriate. AS 1105 for example notes that the auditor must “plan and perform audit procedures to obtain appropriate audit evidence that is sufficient to support the opinion.”

AS 1215 (Audit Documentation) reinforces the requirements for how this evidence must be recorded:

“Audit documentation must contain sufficient information to enable an experienced auditor, having no previous connection with the engagement, to understand the nature, timing, extent, and results of the procedures performed… who performed the work, and the date such work was completed.” (AS 1215)

The UK Financial Reporting Council provides a nearly identical requirement. ISA (UK) 230, Audit Documentation, states that audit documentation must be prepared such that:

“An experienced auditor, having no previous connection with the audit, is able to understand the nature, timing and extent of the audit procedures performed; the results of those procedures; the audit evidence obtained; and significant matters arising during the audit and the conclusions reached thereon.”

In other words, strong audit procedures and strong audit documentation must coexist.

Substantive procedures and tests of controls

PCAOB standards center on evidence gathering through two overarching methods:

1. Substantive procedures
2. Tests of controls

Under AS 2301 (The Auditor’s Responses to the Risks of Material Misstatement), auditors must design procedures responsive to assessed risks. For higher-risk areas, the PCAOB states:

“The auditor should perform substantive procedures, including tests of details, that are specifically responsive to the assessed risks.” (AS 2301)

The FRC provides similar direction in ISA (UK) 330, The Auditor’s Responses to Assessed Risks, which requires that:

“Irrespective of the assessed risks of material misstatement, the auditor shall design and perform substantive procedures for each material class of transactions, account balance and disclosure.”

Substantive procedures include tests of details and substantive analytical procedures. Tests of controls may reduce the extent of substantive testing, but they must be supported by appropriate evidence that controls are designed and operating effectively.

AS 2305 (Substantive Analytical Procedures) defines analytical procedures as “comparisons of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the auditor.”

With these foundational standards in mind, the seven essential types of audit procedures fit neatly into the PCAOB framework for evidence gathering.

The seven types of audit procedures 

1. Inspection of records and documents

Inspection involves examining documents such as invoices, contracts, bank statements, and ledger entries to support recorded transactions or balances.

Inspection is directly supported by AS 1105, which recognizes documentary evidence – particularly from external or reliable sources – as more persuasive than purely internal evidence.

Two key inspection techniques are:

• Vouching: Working backward from the ledger to supporting documents to test occurrence.
• Tracing: Working forward from source documents to the ledger to test completeness.

Modern AI automation strengthens inspection by:

• Extracting data from documents at scale
• Flagging inconsistencies
• Supporting full-population testing rather than sampling
• Standardizing evidence trails

These capabilities align with PCAOB expectations that auditors evaluate the reliability of evidence, including electronic information (AS 1105, paragraph .10A).

2. Inspection of physical assets

This procedure verifies the existence of tangible assets, such as inventory or fixed assets. It provides evidence for the existence and rights and obligations assertions.

While PCAOB standards do not prescribe physical inspection as a named procedure, AS 1105 clearly supports obtaining evidence directly through observation or physical examination when relevant.

Examples include:

• Inventory counts
• Verifying fixed assets on site
• Reconciling physical counts with inventory records

Physical inspection is time-sensitive and requires proper documentation under AS 1215.

In modern audits, technologies such as digital inventory systems, geolocation tagging, and remote verification tools are increasingly supplementing this work.

3. Observation

Observation involves watching a process or procedure performed by client personnel. This is often used in tests of controls.

Examples include:

• Observing inventory count procedures
• Watching how cash-handling procedures are performed
• Observing the month-end close process

Under AS 2301, auditors may observe processes to evaluate control design and operating effectiveness. However, observation provides only point-in-time evidence and must be documented clearly to comply with AS 1215.

Technology, such as timestamped system logs or process-automation records, can increase the reliability of observation evidence.

4. External confirmation

External confirmation is one of the most reliable forms of audit evidence because it comes from independent sources. Common examples include:

• Bank confirmations
• Accounts receivable confirmations
• Legal confirmations
• Debt confirmations

AS 1105 notes that evidence obtained from knowledgeable, independent external sources provides greater reliability. External confirmations are particularly important in responding to fraud risks or high-risk balances, as encouraged by AS 2301.

Digitized confirmation platforms reduce delays, reduce fraud risk, and strengthen audit trails in line with PCAOB documentation and reliability requirements.

5. Inquiry

Inquiry involves seeking information from management or staff. It may be written or oral and is used in nearly all phases of the audit.

Examples include:

• Asking about revenue recognition processes
• Discussing unusual fluctuations
• Inquiring about pending litigation

AS 1105 makes clear that inquiry alone is rarely sufficient and must be corroborated by other forms of evidence, especially for significant assertions.

Under AS 1215, meaningful inquiries must be documented, including:

• Who was asked
• What was asked
• The responses
• How those responses were evaluated

Modern audit platforms help track, structure, and retain all inquiry responses in an audit-ready format.

6. Recalculation

Recalculation verifies the mathematical accuracy of client-prepared calculations.

Examples include:

• Recalculating interest expense
• Verifying depreciation
• Recomputing amortization schedules
• Checking payroll calculations

AS 1105 considers recalculation an appropriate, highly reliable form of audit evidence. It is objective and provides direct verification of numerical accuracy.

Automated recalculation tools can test entire data sets in real time, identify anomalies, and produce standardized evidence files – allowing auditors to focus on interpretation rather than manual computation.

7. Reperformance

Reperformance means independently executing a control or process originally performed by the client.

Examples include:

• Reperforming bank reconciliations
• Reperforming approval workflows
• Reperforming three-way match procedures

Under AS 2301, reperformance is an essential method for assessing whether controls operate effectively. When controls are relied upon for significant assertions, this type of procedure becomes even more critical.

Automation systems that log transactions, approval trails, and workflow details make reperformance more efficient and more transparent, aligning with requirements for clear, traceable audit evidence.

Recent PCAOB developments: technology and electronic information

PCAOB updates adopted for fiscal years beginning on or after December 15, 2025, clarify the auditor’s responsibilities when using technology-assisted analysis and evaluating electronic evidence.

Key provisions include:

• Auditors must evaluate the reliability of external electronic information provided by the company (AS 1105, paragraph .10A).
• Technology-assisted analysis must produce reliable, relevant evidence.
• Electronic reports, data feeds, and system exports are subject to the same validation as traditional documents.

These changes recognize that audits increasingly rely on digital information, data analytics, and automation, while reaffirming that professional judgment and evidence evaluation remain the auditor’s responsibility.

Common challenges in traditional audit procedures

Traditional audit workflows place heavy demands on teams – especially during peak periods when deadlines accelerate and evidence requirements intensify. Manual processes, fragmented data sources, and repetitive validations can strain even well-structured teams, often creating bottlenecks that impact both efficiency and audit quality. Among the most significant challenges are:

Manual, time-intensive evidence collection. Auditors frequently spend hours locating, extracting, and standardizing data from invoices, contracts, statements, and supporting documents. When information lives in different systems and formats, basic tasks like preparing audit support or reviewing samples can consume disproportionate time and attention.

Human error in calculations and data review. Manual tie-outs, cross-checks, version comparisons, and spreadsheet-based recalculations increase the risk of formula errors or overlooked discrepancies. These issues are especially common in multi-entity or multi-period audits where documents and schedules evolve from year to year.

Limited sampling instead of full-population testing. Time pressure drives many teams to rely on sampling, even where the underlying data could be tested holistically. This creates the possibility that irregularities remain undetected simply because they fall outside the sample frame.

Fragmented or inconsistent documentation. Evidence may be stored across emails, shared folders, PDFs, spreadsheets, and legacy systems. This fragmentation complicates supervisory review, makes evidence harder to trace back to source data, and creates challenges during PCAOB or internal inspections.

Difficulty comparing multi-period data. Analytical procedures and financial statement reviews often require comparing numbers across versions or periods. Performing these checks manually – especially when files are formatted differently year over year – is slow and susceptible to oversight.

Need for cleaner audit trails and standardized evidence capture. Both PCAOB and FRC standards emphasize traceability and documentation quality. Traditional processes struggle to produce a consistent, end-to-end audit trail that shows exactly what was tested, how it was tested, and the source of the underlying evidence.

These are precisely the pressure points addressed by modern audit technology. Trullion’s Audit Suite automates testing, links every value back to its source document, centralizes the audit workflow, and enhances both the speed and the quality of evidence collection. Rather than spending hours on manual tie-outs, auditors can focus on the professional judgment, analysis, and risk assessment that matters most.

Read more about how human expertise and automation complement one another, here.

How AI and automation transform audit procedures

AI is reshaping the audit landscape by reinforcing, rather than replacing, the procedures auditors already perform. By automating repetitive tasks and elevating the reliability of evidence, AI enables audit teams to deliver higher-quality audits with greater confidence and transparency. 

Several capabilities are especially transformative:

Automated document inspection and data extraction. Trullion’s AI-powered Data Extract converts unstructured documents – PDFs, contracts, invoices – into structured, Excel-ready formats. This eliminates manual copy-and-paste, reduces transcription risk, and allows auditors to begin testing immediately with accurate, standardized data.

Automated testing, vouching, and tracing. Instead of performing tick-and-tie manually, Trullion’s AI generates test logic and automates both controls testing and substantive testing. Auditors can vouch recorded amounts back to source documents or trace from source documents to the ledger in seconds, improving both coverage and reliability.

Continuous monitoring rather than year-end sampling. With automated ingestion and testing, auditors can analyze data throughout the year rather than compressing all procedures into the post–year-end window. This shift – from reactive sampling to proactive data review – provides greater visibility into anomalies and emerging risks.

Full-population testing capabilities. Because the platform processes entire document sets and data extracts, auditors can test 100% of relevant transactions, balances, or calculations. This reduces dependence on sampling and aligns with PCAOB and FRC expectations for evidence sufficiency and precision.

Machine learning–based pattern recognition and anomaly detection. ML models surface inconsistencies, unusual patterns, or outliers that warrant auditor attention. These insights enhance risk assessment and help auditors direct substantive procedures to areas of highest importance.

Real-time recalculation and cross-period validation. Trullion’s Financial Statement Review tools cross-check financials across versions and periods, helping auditors identify inconsistencies quickly – often before the client or regulators do. Automated recalculation ensures the mathematical accuracy of depreciation, amortization, interest computations, and other formula-driven accounts.

Enhanced analytical procedures. By centralizing data and enabling rapid, multi-period comparison, AI empowers auditors to develop stronger expectations, improve variance analysis, and perform more robust analytical procedures in line with ISA (UK) 520 and PCAOB AS 2305.

Centralized audit workflow and collaboration. Instead of working across fragmented systems, Trullion brings audit teams together on a single platform with real-time collaboration, standardized templates, and secure permissions. Evidence is consistently captured, easily retrievable, and directly linked to source documentation – strengthening both audit quality and review efficiency.

Support from an AI audit assistant. Trulli, the AI audit assistant, helps auditors ask more targeted questions, locate relevant evidence, extract insights from documents, and work through issues more efficiently – reducing time spent on administrative tasks while improving the accuracy of findings.

Together, these capabilities transform and elevate the audit process. By freeing teams from manual tasks and improving the reliability of underlying evidence, AI enhances professional judgment, strengthens responses to assessed risks, and supports the documentation standards set by regulators in both the U.S. and the U.K.

Achieving audit goals with the 7 types of audit procedures

The seven types of audit procedures – inspection, physical examination, observation, external confirmation, inquiry, recalculation, and reperformance – remain essential to building a strong, reliable audit. PCAOB and FRC standards reinforce the need for high-quality evidence, strong documentation, and professional judgment across each procedure.

As AI and automation reshape how audit work is performed, the fundamental principles remain the same: gather sufficient appropriate audit evidence, document clearly, evaluate reliability, and apply professional skepticism. 

Modern tools like Trullion enhance audit quality by expanding coverage, improving consistency, and reducing manual effort; while complementing rather than replacing, the core audit procedures auditors have relied on for decades.

To learn more about Trullion and how it’s used by companies and auditors to drive better results, set up a call with an expert here.