flowchart TB
PLAN[Plan<br/>Environmental Policy] --> DO[Do<br/>Operate the system]
DO --> CHECK[Check<br/>Monitor & Audit]
CHECK --> ACT[Act<br/>Review & Improve]
ACT --> PLAN
classDef default fill:#003366,color:#ffffff,stroke:#ffcc00,stroke-width:3px,rx:10px,ry:10px;
19 Recent Trends in Auditing: Management audit; Energy audit; Environment audit; Systems audit; Safety audit
19.1 A Widened Profession
The classical financial audit expressed an opinion on the truth and fairness of accounts. As organisations grew larger and more complex, the audit function widened in three directions: deeper (into management decisions, IT systems, internal controls), broader (energy, environment, safety, social impact) and forward-looking (risk-based audit, continuous audit, predictive analytics). This topic surveys the recent non-financial audits — Management, Energy, Environment, Systems (IT), Safety — that the UGC syllabus specifically lists, plus other modern strands such as forensic audit, social audit and operational audit.
19.2 Management Audit
19.2.1 Concept
Management audit is the comprehensive and constructive review of an organisation’s management — its objectives, policies, procedures, organisational structure, and performance. Its purpose is to evaluate managerial effectiveness and recommend improvements. William P. Leonard in his 1962 book The Management Audit gave the field its modern shape.
19.2.2 Features
- Future-oriented, unlike the past-oriented financial audit.
- Comprehensive — covers all functions (planning, organising, staffing, directing, controlling).
- Constructive — aimed at improvement, not certification.
- Performed by an internal team or outside consultants, with no statutory mandate.
- Confidential and managerial — report is for the board / top management.
19.2.3 Areas Examined
| Area | Examples of focus |
|---|---|
| Strategic | Mission, vision, long-term goals, competitive strategy |
| Organisational | Span of control, hierarchy, decision rights |
| Operational | Productivity, capacity utilisation, quality |
| Functional | Marketing, HR, finance, R&D |
| Control | Performance measurement, MIS, internal control |
19.2.4 Operational Audit — A Cousin
Operational audit — closely related — is a systematic review of operating procedures to identify economy, efficiency and effectiveness (the three E’s). The audit looks at how things are done and where they can be done better.
19.3 Energy Audit
19.3.1 Concept
An energy audit is “the verification, monitoring and analysis of use of energy, with submission of technical report containing recommendations for improving energy efficiency and cost-benefit analysis and an action plan to reduce energy consumption” (Energy Conservation Act, 2001).
19.3.2 Legal Framework — Energy Conservation Act 2001
- Established the Bureau of Energy Efficiency (BEE) under the Ministry of Power.
- Authorises notification of Designated Consumers (energy-intensive industries — aluminium, fertilizers, iron and steel, textiles, pulp and paper, chemicals, railways, ports, electricity-generating stations, cement, etc.).
- Designated Consumers must conduct periodic energy audits by Certified Energy Auditors (CEA).
- Sets up Star Rating of appliances (refrigerators, ACs, motors, etc.).
- The Perform, Achieve and Trade (PAT) scheme runs energy-saving targets for designated industries; achievers earn tradable Energy Saving Certificates (ESCerts).
19.3.3 Types
| Level | Working content |
|---|---|
| Walk-through (preliminary) audit | Quick site visit; identifies obvious savings |
| General (diagnostic) audit | Detailed energy-balance; benchmarking; medium-scope measurement |
| Investment-grade (detailed) audit | Comprehensive metering, modelling, financial appraisal for capital projects |
19.4 Environment Audit
19.4.1 Concept
An environment audit is the systematic, documented, periodic and objective evaluation of how an organisation’s activities, products and services comply with environmental policy, regulations and best practice. It assesses air, water, soil, noise, waste and resource use.
19.4.2 International Frameworks
- ISO 14001 — Environmental Management System (EMS) certification (1996, updated 2015).
- EMAS — EU Eco-Management and Audit Scheme.
- GRI Standards — sustainability reporting.
- TCFD — Task Force on Climate-related Financial Disclosures.
- ISSB IFRS S2 — climate-related financial disclosures.
19.4.3 Indian Position
- The Comptroller and Auditor General (CAG) conducts environment audits of government departments and PSUs since 2009 (Environmental Audit Wing).
- Environment (Protection) Act 1986 and rules (Air Act 1981, Water Act 1974) provide the regulatory base.
- SEBI BRSR captures environmental disclosures for top 1,000 listed companies.
- State Pollution Control Boards (SPCBs) monitor industry compliance with consent conditions.
The Plan-Do-Check-Act (PDCA) cycle is the spine of ISO 14001 EMS.
19.5 Systems Audit / IT Audit
19.5.1 Concept
A systems audit (also called IT audit, information systems audit or EDP audit) is the examination of an organisation’s information systems, infrastructure, policies and operations to evaluate (a) information integrity (accuracy, completeness, timeliness), (b) security (confidentiality, data protection), (c) availability and (d) compliance with laws and policies.
19.5.2 Standards and Frameworks
- COBIT — Control Objectives for Information and Related Technologies (ISACA).
- ISO/IEC 27001 — Information Security Management System (ISMS).
- ITIL — IT Infrastructure Library (process framework).
- CISA — Certified Information Systems Auditor (ISACA certification).
- SOC 1 and SOC 2 — Service Organisation Control reports.
- NIST Cybersecurity Framework — US National Institute of Standards and Technology.
19.5.3 Common Areas
- Application controls — input, processing, output controls.
- General IT controls — change management, access controls, backup, disaster recovery.
- Cyber-security — firewalls, intrusion detection, encryption.
- Data privacy — under DPDP Act 2023 in India; GDPR in EU.
- Third-party / vendor risk.
- Cloud risk.
- Business continuity and IT disaster recovery.
19.5.4 CAATs — Computer-Assisted Audit Techniques
CAATs are software tools used by auditors to test large volumes of electronic data. Common examples: ACL, IDEA, SQL queries, generalized audit software, parallel simulation, integrated test facilities. The role of CAATs has expanded as accounting systems have become fully digital.
19.6 Safety Audit
19.6.1 Concept
A safety audit is a systematic, periodic examination of an organisation’s workplace, equipment, processes and management systems against accepted safety standards, with a view to identifying hazards and reducing accidents.
19.6.2 Legal and Standard Framework
- Factories Act 1948 and State rules — mandatory safety provisions for factories.
- Occupational Safety, Health and Working Conditions (OSH) Code, 2020 — consolidates 13 central labour laws on safety.
- ISO 45001 — Occupational Health and Safety Management Systems (replaced OHSAS 18001 in 2018).
- National Safety Council (NSC) — India — issues safety audit guidelines.
- DGFASLI — Directorate General of Factory Advice Service and Labour Institutes — apex body under Ministry of Labour for occupational safety.
- Disaster Management Act 2005 — relevant for major-accident hazards.
19.6.3 Process
- Define scope — area, processes, hazards covered.
- Document review — policy, accident records, MSDS.
- Site walk-through — observe practices, equipment.
- Personnel interview — workers, supervisors, safety officers.
- Hazard identification and risk assessment — HAZOP, JSA, fault-tree analysis.
- Report and follow-up — action plan with priorities and timelines.
19.7 Other Modern Audits
- Forensic audit — investigation into financial fraud, often for litigation or law-enforcement; uses techniques from accounting, investigation and law.
- Social audit — assessment of an organisation’s social impact on stakeholders; mandatory for NGOs implementing certain CSR projects and SHGs in MGNREGA.
- Compliance audit — focused on adherence to specific laws and regulations.
- Performance / Value-for-Money audit — used by CAG to assess economy, efficiency, effectiveness.
- Cooperative audit — for cooperative societies under State Cooperative Acts.
- Concurrent audit — for banks; conducted alongside operations.
- Risk-based audit — modern approach where audit effort is allocated by assessed risk.
- Continuous audit — ongoing, real-time audit enabled by digital systems.
- Operational audit — economy, efficiency, effectiveness.
19.8 Practice Questions
Management Audit is essentially:
View solution
The modern concept of management audit is most associated with:
View solution
The *Three E's* examined in operational / performance audit are:
View solution
The Energy Conservation Act in India was enacted in:
View solution
The Bureau of Energy Efficiency (BEE) operates under:
View solution
"Perform, Achieve and Trade (PAT)" is a:
View solution
The international standard for *Environmental Management Systems* (EMS) is:
View solution
Match each ISO standard with its scope:
| Standard | Scope | ||
| (i) | ISO 9001 | (a) | Environmental Management |
| (ii) | ISO 14001 | (b) | Information Security |
| (iii) | ISO 45001 | (c) | Quality Management |
| (iv) | ISO 27001 | (d) | Occupational Health and Safety |
View solution
CISA — the global certification for systems auditors — is issued by:
View solution
COBIT is a framework for:
View solution
The international standard for *Occupational Health and Safety Management Systems* (replacing OHSAS 18001 in 2018) is:
View solution
India's *Occupational Safety, Health and Working Conditions* (OSH) Code was enacted in:
View solution
The PDCA (Plan-Do-Check-Act) cycle is the spine of:
View solution
CAATs in auditing stand for:
View solution
Forensic audit is best described as:
View solution
Match each level of energy audit with its description:
| Level | Description | ||
| (i) | Walk-through audit | (a) | Detailed energy balance; benchmarking |
| (ii) | General audit | (b) | Quick site visit; identifies obvious savings |
| (iii) | Investment-grade audit | (c) | Comprehensive metering; capital-project appraisal |
View solution
Environmental audit of government departments in India is conducted by:
View solution
Social audit is **mandatory** under which programme?
View solution
"Continuous audit" refers to:
View solution
Match each modern audit with its primary focus:
| Audit | Focus | ||
| (i) | Management audit | (a) | Hazards in workplaces |
| (ii) | Energy audit | (b) | Managerial effectiveness |
| (iii) | Environment audit | (c) | Consumption and conservation of energy |
| (iv) | Safety audit | (d) | Pollution, resource use, regulatory compliance |
View solution
19.9 Quick Recall
- Management audit — constructive, future-oriented review of managerial effectiveness (William P. Leonard, 1962).
- Operational audit — three E’s: Economy, Efficiency, Effectiveness.
- Energy audit — Energy Conservation Act 2001 → BEE (Ministry of Power); Designated Consumers; PAT scheme with ESCerts. Three levels: walk-through → general → investment-grade.
- Environment audit — ISO 14001 EMS, GRI, TCFD, ISSB IFRS S2, EMAS; in India — CAG Environmental Audit Wing (2009), SEBI BRSR, Env Protection Act 1986.
- Systems / IT audit — COBIT (ISACA), ISO 27001, ITIL, CISA, SOC 1/2, NIST CSF; CAATs: ACL, IDEA, SQL.
- Safety audit — Factories Act 1948, OSH Code 2020, ISO 45001 (replaced OHSAS 18001 in 2018), NSC, DGFASLI.
- Other modern audits: forensic (fraud), social (MGNREGA mandate), compliance, performance / VFM (CAG), risk-based, continuous, concurrent (banks).
- Frame: ISO management systems follow PDCA — Plan-Do-Check-Act.
- ISO mnemonic — 9001 Quality, 14001 Environment, 27001 Information Security, 45001 OHS.