Answer:
First of all, it depends upon how well the audit program is written. A well written audit program will include three areas of an organizations records: 1. money in and out, 2. procedures for handling the receipt of money and authorizations for the spending of money, and 3. the hierarchy of responsibility for both items 1 and 2, that is to say how each level of management uses it's authority regarding financial matters and procedural matters. And finally, it depends upon the size of an organization as to how areas of responsibility are distributed.
After an audit confirms that the procedures in place are adequate for the control of money in and money out and that those procedures are followed, the audit will dictate that the money received is properly handled, banked, accounted for and that the proper reconciliations have been performed between the receipt controls, the bank and the financial statements. On the money out side the dictate would be that the disbursement is legitimate, properly authorized and accounted for.
For a very small organization an audit of 100 percent of transaction may be examined, but for a large organization the transactions will be tested, that is to say only a given number of transactions will be followed or tracked through the whole process of money in and money out.
In the final analysis, it also depends upon whether or not an organization has an established internal audit program where a responsible department does regular audits on a timely basis, and that any outside audit firm can rely upon the adequacy and reliability of internal audits. If internal audits are performed the outside or third party auditor will have to start from scrach.