19  Recent Trends in Auditing: Management audit; Energy audit; Environment audit; Systems audit; Safety audit

19.1 A Widened Profession

The classical financial audit expressed an opinion on the truth and fairness of accounts. As organisations grew larger and more complex, the audit function widened in three directions: deeper (into management decisions, IT systems, internal controls), broader (energy, environment, safety, social impact) and forward-looking (risk-based audit, continuous audit, predictive analytics). This topic surveys the recent non-financial audits — Management, Energy, Environment, Systems (IT), Safety — that the UGC syllabus specifically lists, plus other modern strands such as forensic audit, social audit and operational audit.

19.2 Management Audit

19.2.1 Concept

Management audit is the comprehensive and constructive review of an organisation’s management — its objectives, policies, procedures, organisational structure, and performance. Its purpose is to evaluate managerial effectiveness and recommend improvements. William P. Leonard in his 1962 book The Management Audit gave the field its modern shape.

19.2.2 Features

TipDistinguishing Features of Management Audit
  • Future-oriented, unlike the past-oriented financial audit.
  • Comprehensive — covers all functions (planning, organising, staffing, directing, controlling).
  • Constructive — aimed at improvement, not certification.
  • Performed by an internal team or outside consultants, with no statutory mandate.
  • Confidential and managerial — report is for the board / top management.

19.2.3 Areas Examined

TipAreas Covered
Area Examples of focus
Strategic Mission, vision, long-term goals, competitive strategy
Organisational Span of control, hierarchy, decision rights
Operational Productivity, capacity utilisation, quality
Functional Marketing, HR, finance, R&D
Control Performance measurement, MIS, internal control

19.2.4 Operational Audit — A Cousin

Operational audit — closely related — is a systematic review of operating procedures to identify economy, efficiency and effectiveness (the three E’s). The audit looks at how things are done and where they can be done better.

19.3 Energy Audit

19.3.1 Concept

An energy audit is “the verification, monitoring and analysis of use of energy, with submission of technical report containing recommendations for improving energy efficiency and cost-benefit analysis and an action plan to reduce energy consumption” (Energy Conservation Act, 2001).

19.3.3 Types

TipThree Levels of Energy Audit
Level Working content
Walk-through (preliminary) audit Quick site visit; identifies obvious savings
General (diagnostic) audit Detailed energy-balance; benchmarking; medium-scope measurement
Investment-grade (detailed) audit Comprehensive metering, modelling, financial appraisal for capital projects

19.4 Environment Audit

19.4.1 Concept

An environment audit is the systematic, documented, periodic and objective evaluation of how an organisation’s activities, products and services comply with environmental policy, regulations and best practice. It assesses air, water, soil, noise, waste and resource use.

19.4.2 International Frameworks

TipMajor Frameworks for Environment Audit
  • ISO 14001 — Environmental Management System (EMS) certification (1996, updated 2015).
  • EMAS — EU Eco-Management and Audit Scheme.
  • GRI Standards — sustainability reporting.
  • TCFD — Task Force on Climate-related Financial Disclosures.
  • ISSB IFRS S2 — climate-related financial disclosures.

19.4.3 Indian Position

  • The Comptroller and Auditor General (CAG) conducts environment audits of government departments and PSUs since 2009 (Environmental Audit Wing).
  • Environment (Protection) Act 1986 and rules (Air Act 1981, Water Act 1974) provide the regulatory base.
  • SEBI BRSR captures environmental disclosures for top 1,000 listed companies.
  • State Pollution Control Boards (SPCBs) monitor industry compliance with consent conditions.

flowchart TB
  PLAN[Plan<br/>Environmental Policy] --> DO[Do<br/>Operate the system]
  DO --> CHECK[Check<br/>Monitor & Audit]
  CHECK --> ACT[Act<br/>Review & Improve]
  ACT --> PLAN
    classDef default fill:#003366,color:#ffffff,stroke:#ffcc00,stroke-width:3px,rx:10px,ry:10px;

The Plan-Do-Check-Act (PDCA) cycle is the spine of ISO 14001 EMS.

19.5 Systems Audit / IT Audit

19.5.1 Concept

A systems audit (also called IT audit, information systems audit or EDP audit) is the examination of an organisation’s information systems, infrastructure, policies and operations to evaluate (a) information integrity (accuracy, completeness, timeliness), (b) security (confidentiality, data protection), (c) availability and (d) compliance with laws and policies.

19.5.2 Standards and Frameworks

TipFrameworks for IS Audit
  • COBIT — Control Objectives for Information and Related Technologies (ISACA).
  • ISO/IEC 27001 — Information Security Management System (ISMS).
  • ITIL — IT Infrastructure Library (process framework).
  • CISA — Certified Information Systems Auditor (ISACA certification).
  • SOC 1 and SOC 2 — Service Organisation Control reports.
  • NIST Cybersecurity Framework — US National Institute of Standards and Technology.

19.5.3 Common Areas

TipTypical IS-Audit Coverage
  • Application controls — input, processing, output controls.
  • General IT controls — change management, access controls, backup, disaster recovery.
  • Cyber-security — firewalls, intrusion detection, encryption.
  • Data privacy — under DPDP Act 2023 in India; GDPR in EU.
  • Third-party / vendor risk.
  • Cloud risk.
  • Business continuity and IT disaster recovery.

19.5.4 CAATs — Computer-Assisted Audit Techniques

CAATs are software tools used by auditors to test large volumes of electronic data. Common examples: ACL, IDEA, SQL queries, generalized audit software, parallel simulation, integrated test facilities. The role of CAATs has expanded as accounting systems have become fully digital.

19.6 Safety Audit

19.6.1 Concept

A safety audit is a systematic, periodic examination of an organisation’s workplace, equipment, processes and management systems against accepted safety standards, with a view to identifying hazards and reducing accidents.

19.6.3 Process

TipSafety Audit — Six Steps
  1. Define scope — area, processes, hazards covered.
  2. Document review — policy, accident records, MSDS.
  3. Site walk-through — observe practices, equipment.
  4. Personnel interview — workers, supervisors, safety officers.
  5. Hazard identification and risk assessment — HAZOP, JSA, fault-tree analysis.
  6. Report and follow-up — action plan with priorities and timelines.

19.7 Other Modern Audits

TipSelected Other Audits
  • Forensic audit — investigation into financial fraud, often for litigation or law-enforcement; uses techniques from accounting, investigation and law.
  • Social audit — assessment of an organisation’s social impact on stakeholders; mandatory for NGOs implementing certain CSR projects and SHGs in MGNREGA.
  • Compliance audit — focused on adherence to specific laws and regulations.
  • Performance / Value-for-Money audit — used by CAG to assess economy, efficiency, effectiveness.
  • Cooperative audit — for cooperative societies under State Cooperative Acts.
  • Concurrent audit — for banks; conducted alongside operations.
  • Risk-based audit — modern approach where audit effort is allocated by assessed risk.
  • Continuous audit — ongoing, real-time audit enabled by digital systems.
  • Operational audit — economy, efficiency, effectiveness.

19.8 Practice Questions

Q 01 Management Easy

Management Audit is essentially:

  • AA statutory financial audit
  • BA constructive, future-oriented review of managerial effectiveness
  • CA cost-recording exercise
  • DA tax-compliance review
View solution
Correct Option: B
Management audit reviews managerial decisions, structures and effectiveness with an eye to **future improvement**.
Q 02 Leonard Medium

The modern concept of management audit is most associated with:

  • AWilliam P. Leonard
  • BPeter Drucker
  • CR.B. Bose
  • DHenri Fayol
View solution
Correct Option: A
**William P. Leonard** — *The Management Audit* (1962).
Q 03 3E Medium

The *Three E's* examined in operational / performance audit are:

  • AEconomy, Efficiency, Effectiveness
  • BEquity, Ethics, Earnings
  • CEnvironment, Energy, Ergonomics
  • DExamination, Evaluation, Evidence
View solution
Correct Option: A
The classic **3E's** — Economy, Efficiency, Effectiveness — used by CAG and operational audits.
Q 04 Energy Medium

The Energy Conservation Act in India was enacted in:

  • A1986
  • B1991
  • C2001
  • D2013
View solution
Correct Option: C
**Energy Conservation Act 2001** — set up BEE; designated consumers; PAT scheme.
Q 05 BEE Medium

The Bureau of Energy Efficiency (BEE) operates under:

  • AMinistry of Environment
  • BMinistry of Power
  • CMinistry of Petroleum
  • DMinistry of Industry
View solution
Correct Option: B
BEE is under the **Ministry of Power**.
Q 06 PAT Medium

"Perform, Achieve and Trade (PAT)" is a:

  • ACapital-market scheme
  • BEnergy-saving scheme with tradable certificates
  • CQuality assurance framework
  • DTax-incentive programme
View solution
Correct Option: B
PAT — energy-saving targets for designated consumers; tradable **ESCerts** for outperformance.
Q 07 ISO Medium

The international standard for *Environmental Management Systems* (EMS) is:

  • AISO 9001
  • BISO 14001
  • CISO 45001
  • DISO 27001
View solution
Correct Option: B
**ISO 14001** for EMS; 9001 for quality; 45001 for OHS; 27001 for InfoSec.
Q 08 ISO Match Medium

Match each ISO standard with its scope:

Standard Scope
(i) ISO 9001 (a) Environmental Management
(ii) ISO 14001 (b) Information Security
(iii) ISO 45001 (c) Quality Management
(iv) ISO 27001 (d) Occupational Health and Safety
  • A(i)-(c), (ii)-(a), (iii)-(d), (iv)-(b)
  • B(i)-(a), (ii)-(b), (iii)-(c), (iv)-(d)
  • C(i)-(b), (ii)-(c), (iii)-(a), (iv)-(d)
  • D(i)-(d), (ii)-(c), (iii)-(b), (iv)-(a)
View solution
Correct Option: A
9001 — Quality; 14001 — Environment; 45001 — OHS; 27001 — InfoSec.
Q 09 Systems Medium

CISA — the global certification for systems auditors — is issued by:

  • AICAI
  • BIFAC
  • CISACA
  • DAICPA
View solution
Correct Option: C
**ISACA** issues CISA (Certified Information Systems Auditor) and the COBIT framework.
Q 10 COBIT Hard

COBIT is a framework for:

  • AQuality management
  • BInformation technology governance and control
  • CEnvironmental audit
  • DEmployee safety
View solution
Correct Option: B
**COBIT** — Control Objectives for Information and Related Technologies (ISACA).
Q 11 Safety Medium

The international standard for *Occupational Health and Safety Management Systems* (replacing OHSAS 18001 in 2018) is:

  • AISO 9001
  • BISO 14001
  • CISO 27001
  • DISO 45001
View solution
Correct Option: D
**ISO 45001** (2018) replaced OHSAS 18001.
Q 12 OSH Medium

India's *Occupational Safety, Health and Working Conditions* (OSH) Code was enacted in:

  • A1948
  • B1986
  • C2013
  • D2020
View solution
Correct Option: D
**OSH Code 2020** consolidates 13 central labour laws.
Q 13 PDCA Medium

The PDCA (Plan-Do-Check-Act) cycle is the spine of:

  • AForensic audit
  • BISO 14001 EMS
  • CBank audit
  • DTax audit
View solution
Correct Option: B
PDCA cycle is foundational to **ISO 14001 EMS** and other ISO management standards.
Q 14 CAATs Hard

CAATs in auditing stand for:

  • ACost-Adjusted Audit Techniques
  • BComputer-Assisted Audit Techniques
  • CComparative Analytical Audit Tools
  • DCorporate Annual Audit Tests
View solution
Correct Option: B
**CAATs** — Computer-Assisted Audit Techniques (ACL, IDEA, SQL, etc.).
Q 15 Forensic Medium

Forensic audit is best described as:

  • ARoutine financial audit
  • BInvestigation of financial fraud, often for litigation or law-enforcement
  • CTax audit
  • DBank concurrent audit
View solution
Correct Option: B
Forensic audit applies investigative techniques to suspected fraud, often for use in court.
Q 16 Energy Hard

Match each level of energy audit with its description:

Level Description
(i) Walk-through audit (a) Detailed energy balance; benchmarking
(ii) General audit (b) Quick site visit; identifies obvious savings
(iii) Investment-grade audit (c) Comprehensive metering; capital-project appraisal
  • A(i)-(b), (ii)-(a), (iii)-(c)
  • B(i)-(a), (ii)-(b), (iii)-(c)
  • C(i)-(c), (ii)-(b), (iii)-(a)
  • D(i)-(b), (ii)-(c), (iii)-(a)
View solution
Correct Option: A
Walk-through (quick) → General (detailed balance) → Investment-grade (full appraisal).
Q 17 CAG Medium

Environmental audit of government departments in India is conducted by:

  • AICAI
  • BCAG of India
  • CSEBI
  • DCBI
View solution
Correct Option: B
**CAG** of India set up the Environmental Audit Wing in 2009 to audit government and PSU environmental compliance.
Q 18 Social Medium

Social audit is **mandatory** under which programme?

  • AMGNREGA
  • BCompanies Act §139
  • CSEBI LODR
  • DIBC 2016
View solution
Correct Option: A
Social audit by gram sabha is statutorily mandated under **MGNREGA** (2005).
Q 19 Continuous Hard

"Continuous audit" refers to:

  • AAudit conducted only at year-end
  • BAudit conducted alongside operations in near real-time
  • CAudit by the company secretary
  • DAudit covering only fixed assets
View solution
Correct Option: B
Continuous audit is ongoing, enabled by digital systems and CAATs.
Q 20 Modern Medium

Match each modern audit with its primary focus:

Audit Focus
(i) Management audit (a) Hazards in workplaces
(ii) Energy audit (b) Managerial effectiveness
(iii) Environment audit (c) Consumption and conservation of energy
(iv) Safety audit (d) Pollution, resource use, regulatory compliance
  • A(i)-(b), (ii)-(c), (iii)-(d), (iv)-(a)
  • B(i)-(a), (ii)-(b), (iii)-(c), (iv)-(d)
  • C(i)-(c), (ii)-(a), (iii)-(b), (iv)-(d)
  • D(i)-(d), (ii)-(b), (iii)-(a), (iv)-(c)
View solution
Correct Option: A
Management — managerial; Energy — consumption; Environment — pollution; Safety — workplace hazards.

19.9 Quick Recall

ImportantQuick recall
  • Management audit — constructive, future-oriented review of managerial effectiveness (William P. Leonard, 1962).
  • Operational audit — three E’s: Economy, Efficiency, Effectiveness.
  • Energy auditEnergy Conservation Act 2001BEE (Ministry of Power); Designated Consumers; PAT scheme with ESCerts. Three levels: walk-through → general → investment-grade.
  • Environment audit — ISO 14001 EMS, GRI, TCFD, ISSB IFRS S2, EMAS; in India — CAG Environmental Audit Wing (2009), SEBI BRSR, Env Protection Act 1986.
  • Systems / IT audit — COBIT (ISACA), ISO 27001, ITIL, CISA, SOC 1/2, NIST CSF; CAATs: ACL, IDEA, SQL.
  • Safety audit — Factories Act 1948, OSH Code 2020, ISO 45001 (replaced OHSAS 18001 in 2018), NSC, DGFASLI.
  • Other modern audits: forensic (fraud), social (MGNREGA mandate), compliance, performance / VFM (CAG), risk-based, continuous, concurrent (banks).
  • Frame: ISO management systems follow PDCA — Plan-Do-Check-Act.
  • ISO mnemonic — 9001 Quality, 14001 Environment, 27001 Information Security, 45001 OHS.