Product
Solutions
Pricing
About
LoginStart Free
Templates
/
Human Resources
/
Job Descriptions

Auditor Job Description Template

Free Word download • Edit online • Save & share with Drive • Export to PDF

3 pages20–30 min to fillDifficulty: StandardSignature requiredLegal review recommended
Learn more ↓
FreeAuditor Job Description Template

At a glance

What it is
An Auditor Job Description is a formal document that defines the scope, duties, qualifications, reporting structure, and compliance obligations of an auditor role within an organization. This free Word download gives you a structured, legally grounded starting point you can edit online and export as PDF to post publicly or attach to an employment offer.
When you need it
Use it when hiring an internal or external auditor, filling a compliance or risk assurance role, or formalizing an existing auditor's responsibilities to meet regulatory or governance requirements.
What's inside
Role title and department, reporting structure, core audit duties, required qualifications and certifications, performance standards, confidentiality obligations, independence requirements, and compensation band references.

What is an Auditor Job Description?

An Auditor Job Description is a formal document that defines the title, reporting structure, scope of duties, required qualifications, independence obligations, and performance standards for an audit role within an organization. It functions as both a recruitment tool and a governance document — establishing what the auditor is accountable for, who they report to, and what professional standards apply to their work. When signed by the employee and countersigned by the employer, it creates a documented record of agreed role expectations that supports onboarding, performance management, and regulatory compliance.

Why You Need This Document

Without a clearly drafted auditor job description, organizations expose themselves to four concrete risks. First, an undefined reporting structure — particularly one that lacks a direct line to the Audit Committee — can compromise auditor independence and trigger compliance findings from regulators, external auditors, or stock exchange examiners. Second, vague duty descriptions create scope disputes that make it difficult to hold the auditor accountable for coverage gaps when material findings are missed. Third, missing qualifications and performance standards weaken the employer's position in any performance-related termination proceeding. Fourth, in several US states and most Canadian provinces, the absence of written role terms can expose the employer to implied-contract claims or statutory violations. A complete, signed auditor job description — paired with a full employment contract — closes all four gaps and gives both parties a clear, enforceable record of what the role requires from day one.

Which variant fits your situation?

If your situation is…Use this template
Hiring an auditor who will work inside the company full-timeInternal Auditor Job Description
Engaging an independent firm or individual to conduct periodic auditsExternal Auditor Engagement Letter
Filling a senior audit leadership position overseeing a teamAudit Manager Job Description
Hiring a specialist focused on IT systems and data integrityIT Auditor Job Description
Recruiting for a compliance-focused role in a regulated industryCompliance Auditor Job Description
Defining a forensic accounting or fraud investigation roleForensic Auditor Job Description
Posting a junior or entry-level audit associate openingAudit Associate Job Description

Common mistakes to avoid

❌ Single reporting line to the CFO only

Why it matters: An internal auditor who reports exclusively to the CFO cannot independently audit financial reporting — the CFO is the subject of key financial audits. This compromises independence and can violate SOX, IIA Standards, and stock exchange listing rules.

Fix: Establish dual reporting: administrative to the CFO for day-to-day management and functional to the Audit Committee or Board for independence on significant findings and audit plan approval.

❌ Omitting the independence and conflict-of-interest clause

Why it matters: Without a documented independence standard, there is no contractual basis to require disclosure of conflicts or to take action when an auditor's objectivity is compromised. Regulatory examiners and external auditors will flag this gap.

Fix: Include an explicit independence clause requiring prompt disclosure of any financial, personal, or professional relationship that could impair or appear to impair objectivity, with a specific escalation path.

❌ Requiring all certifications as mandatory rather than separating preferred from required

Why it matters: Listing CPA, CIA, CISA, and CFE as all required for a single mid-level role creates an unrealistically narrow candidate pool and signals the description was not written by someone who understands the audit profession.

Fix: Identify the one certification most directly relevant to the role (CPA for financial audit, CIA for internal audit, CISA for IT audit) as required, and list others as preferred or 'actively pursuing.'

❌ No performance standards or KPIs in the description

Why it matters: A job description without measurable expectations makes annual reviews subjective, creates ambiguity about what 'good' looks like, and weakens the employer's position in any performance-related disciplinary or termination proceeding.

Fix: Include three to five specific, measurable KPIs — audit plan completion rate, report turnaround time in days, and finding remediation closure rate — tied to the IIA International Standards.

❌ Using a signed job description as the sole employment document

Why it matters: A detailed, signed job description without a separate employment contract leaves IP assignment, confidentiality, non-compete, and severance terms undocumented — courts have in some cases treated comprehensive job descriptions as implied contracts.

Fix: Pair the job description with a full employment contract that covers IP, confidentiality, termination, and severance, and include the 'not a contract' disclaimer in the job description itself.

❌ Scoping duties to cover all audit types without resourcing the role accordingly

Why it matters: A single auditor assigned to financial, operational, IT, and compliance audit simultaneously cannot do any of them thoroughly. Overly broad scope descriptions lead to superficial audits and missed material findings.

Fix: Scope the role to two or three audit domains aligned with the organization's primary risks. If broader coverage is needed, plan for a team or staggered hiring and reflect that in the description.

The 10 key clauses, explained

Role Title, Department, and Classification

In plain language: States the official job title, the department or business unit the auditor belongs to, and the employment classification (full-time, part-time, exempt, or non-exempt).

Sample language
Position: [AUDITOR TITLE] | Department: [FINANCE / INTERNAL AUDIT / COMPLIANCE] | Reports To: [CFO / AUDIT COMMITTEE / CHIEF AUDIT EXECUTIVE] | Classification: [FULL-TIME / EXEMPT]

Common mistake: Using a generic title like 'Auditor' when the role is specifically internal or IT audit — mismatched titles attract unqualified applicants and complicate compensation benchmarking.

Purpose and Scope of the Role

In plain language: Defines the overarching objective of the position — what the auditor is accountable for achieving — and the boundaries of their audit authority within the organization.

Sample language
The [AUDITOR TITLE] is responsible for independently evaluating [COMPANY NAME]'s financial reporting, internal controls, and compliance with applicable laws and policies across [SCOPE — all business units / the [SPECIFIC DIVISION] division].

Common mistake: Defining scope so broadly that the auditor is expected to cover all risk areas single-handedly — this creates unrealistic workloads and blurs accountability with other control functions.

Core Duties and Responsibilities

In plain language: Lists the specific tasks the auditor is expected to perform on a recurring basis, including audit planning, fieldwork, reporting, and follow-up on findings.

Sample language
Duties include: (a) developing risk-based annual audit plans; (b) executing financial, operational, and compliance audits; (c) preparing written audit reports with findings and recommendations; (d) tracking management responses and remediation timelines; (e) presenting findings to the Audit Committee quarterly.

Common mistake: Listing duties without indicating frequency or output — 'conducts audits' tells a candidate nothing about volume, depth, or deliverable format expected.

Required Qualifications and Certifications

In plain language: Sets the minimum education, professional certification, and years of experience required for the role to be performed at the expected standard.

Sample language
Minimum qualifications: Bachelor's degree in Accounting, Finance, or related field; [CPA / CIA / CISA] certification required (or actively pursuing); [X] years of audit experience in [PUBLIC ACCOUNTING / INTERNAL AUDIT / INDUSTRY]; proficiency in [AUDIT SOFTWARE / ERP SYSTEM].

Common mistake: Requiring certifications that are not yet standard for the seniority level — demanding a CIA for a junior associate discourages qualified candidates and signals the description was not tailored to the actual role.

Auditor Independence and Conflict of Interest

In plain language: Establishes the requirement that the auditor maintain objectivity and disclose any actual or potential conflicts of interest that could compromise audit integrity.

Sample language
The [AUDITOR TITLE] shall at all times maintain independence from the activities being audited. The auditor must promptly disclose to [CFO / AUDIT COMMITTEE] any circumstance — financial, personal, or professional — that could impair or appear to impair objectivity.

Common mistake: Omitting the independence clause entirely in internal audit job descriptions, leaving no documented standard against which conflicts of interest can be evaluated or enforced.

Confidentiality and Information Security

In plain language: Requires the auditor to protect all sensitive financial, operational, and personnel information accessed during audits and to comply with the organization's data security policies.

Sample language
The [AUDITOR TITLE] agrees to maintain the strict confidentiality of all information obtained during audit engagements and shall not disclose such information to any unauthorized party during or after employment. All audit workpapers and findings are the property of [COMPANY NAME].

Common mistake: Using a generic confidentiality clause not tailored to audit-specific data — auditors routinely access compensation data, board materials, and M&A information that require heightened protection beyond standard employee NDAs.

Reporting Structure and Communication Obligations

In plain language: Defines who the auditor reports to administratively and functionally, including escalation paths for significant findings or fraud suspicions.

Sample language
The [AUDITOR TITLE] reports administratively to the [CFO / VP FINANCE] and functionally to the [AUDIT COMMITTEE / BOARD OF DIRECTORS]. Significant findings, fraud suspicions, or material control deficiencies must be reported to the [AUDIT COMMITTEE] within [48 HOURS / 5 BUSINESS DAYS] of identification.

Common mistake: Establishing only one reporting line — to the CFO — with no direct path to the Audit Committee. This structure compromises independence when financial management is itself subject to audit.

Performance Standards and Key Performance Indicators

In plain language: Sets measurable expectations for audit cycle time, finding closure rates, report quality, and adherence to professional auditing standards.

Sample language
Performance will be evaluated against: (a) completion of [X]% of the annual audit plan by fiscal year-end; (b) issuance of final audit reports within [30] days of fieldwork completion; (c) [X]% of prior-period findings remediated within agreed timelines; (d) compliance with IIA International Standards for the Professional Practice of Internal Auditing.

Common mistake: Excluding performance metrics from the job description entirely — without documented KPIs, annual reviews become subjective and disciplinary actions tied to performance are harder to defend.

Compensation, Classification, and Benefits Reference

In plain language: States the compensation band, overtime classification, and a reference to the organization's benefits program without locking in specific plan details.

Sample language
Compensation: $[MINIMUM] – $[MAXIMUM] annually, commensurate with qualifications and experience. Classification: [EXEMPT] under the FLSA. Benefits: eligible for [COMPANY NAME]'s standard benefits program as in effect from time to time, including health, dental, retirement, and [X] days PTO annually.

Common mistake: Stating an exact salary rather than a band — a single salary figure removes negotiating flexibility and creates pay equity risk if the same figure appears in job postings across different geographies.

Equal Opportunity and At-Will Statement

In plain language: Affirms the employer's equal opportunity hiring commitment and, where applicable, clarifies that the employment relationship is at-will and that the job description does not constitute a contract of employment.

Sample language
[COMPANY NAME] is an equal opportunity employer. This job description does not constitute a contract of employment. Employment is at-will and may be terminated by either party at any time, with or without cause, subject to applicable law.

Common mistake: Omitting the 'not a contract' disclaimer — in several jurisdictions, a signed and sufficiently specific job description has been treated by courts as an implied employment contract, particularly when it includes a compensation figure.

How to fill it out

  1. 1

    Define the role type and reporting structure

    Decide whether the role is internal or external audit, the seniority level, and the dual reporting line — administrative (to CFO or VP Finance) and functional (to Audit Committee). Enter these clearly at the top of the template.

    💡 The functional reporting line to the Audit Committee is non-negotiable for SOX-compliant internal audit roles — confirm this with your board before drafting.

  2. 2

    Write the purpose and scope statement

    Define the objective of the role in one to two sentences and specify which business units, processes, or geographies fall within the auditor's mandate. Use specific language rather than 'all company activities.'

    💡 Scoping the role to specific risk areas (financial reporting, IT systems, operational compliance) attracts more qualified candidates than a catch-all description.

  3. 3

    List duties with output-level specificity

    For each duty, state the deliverable — not just the activity. 'Prepares audit reports with findings, root-cause analysis, and management recommendations' is more useful than 'conducts audits.'

    💡 Limit the duties list to 8–12 items. More than 12 signals scope creep and will deter experienced auditors who recognize an overloaded role.

  4. 4

    Set minimum and preferred qualifications separately

    Separate hard requirements (e.g., bachelor's degree, 3 years of audit experience) from preferred qualifications (e.g., CIA certification, SAP proficiency). Conflating the two either over-filters or under-filters the applicant pool.

    💡 Check current labor market data for your geography before setting certification requirements — demanding a CIA for a role paying below the median CIA salary will result in a long vacancy.

  5. 5

    Include the independence and conflict of interest clause

    State the independence standard explicitly and specify the disclosure obligation — what the auditor must report, to whom, and within what timeframe. Reference the organization's existing code of ethics or auditor independence policy.

    💡 If your organization is publicly traded or preparing for a public offering, have legal counsel confirm this clause aligns with SEC and PCAOB independence requirements before posting.

  6. 6

    Add measurable performance standards

    Include three to five KPIs tied to audit plan completion rate, report turnaround time, and finding remediation rate. Reference the IIA International Standards as the professional benchmark.

    💡 Make the KPIs achievable in Year 1 — setting a 95% audit plan completion target for a new hire building the function from scratch sets them up to fail in their first review cycle.

  7. 7

    Review compensation band and FLSA classification

    Confirm the salary band reflects current market rates for the role's seniority and geography. Verify FLSA exempt status applies — most professional auditors qualify, but hourly or junior roles may not.

    💡 Pull compensation data from at least two sources (e.g., Robert Half Salary Guide and IIA salary survey) before finalizing the band to ensure it is competitive and defensible.

  8. 8

    Obtain signatures before the role is posted or filled

    Have HR, the hiring manager, and legal or compliance sign off on the final job description before it goes live or is attached to an offer letter. File the signed version in the employee's personnel record upon hire.

    💡 A countersigned job description acknowledged by the employee at onboarding reduces duty-scope disputes and supports performance management documentation down the line.

Frequently asked questions

What is an auditor job description?

An auditor job description is a formal document that defines the title, reporting structure, duties, qualifications, independence requirements, and performance standards for an audit role within an organization. It serves as the foundation for recruiting, onboarding, and evaluating the auditor, and — when signed — creates a documented record of the agreed scope of the role. It is typically attached to or referenced by the employment contract.

What is the difference between an internal and external auditor job description?

An internal auditor job description defines a permanent employee role within the organization's finance, risk, or compliance function — reporting to management and the Audit Committee. An external auditor engagement letter or job description defines the scope of work for an independent third-party firm conducting a periodic statutory or regulatory audit. Internal auditors focus on ongoing risk assurance; external auditors focus on issuing an independent opinion on the financial statements.

Does an auditor job description need to be legally reviewed?

For most organizations, a well-structured template is sufficient for standard internal audit roles. Legal review is recommended when the role involves SOX compliance responsibilities, the organization is publicly traded or preparing for an IPO, the auditor will have access to board-level or M&A information, or the description will be used in a jurisdiction with specific employment law requirements around job classifications and written terms.

Why is auditor independence important in a job description?

Auditor independence is the foundation of audit credibility. An auditor who reports only to the executive they are auditing cannot objectively evaluate that executive's decisions or financial reporting. Job descriptions for internal auditors at publicly traded companies in the US must reflect functional reporting to the Audit Committee to comply with SOX Section 301 and NYSE/NASDAQ listing standards. Documenting independence requirements also gives the organization a contractual basis to act on conflicts of interest when they arise.

What certifications should an auditor job description require?

The right certification depends on the audit domain. For financial statement and public company audit, CPA is the standard. For internal audit practice and governance, CIA (Certified Internal Auditor) is the benchmark credential. For IT and systems audit, CISA (Certified Information Systems Auditor) is most relevant. For fraud investigation, CFE (Certified Fraud Examiner) applies. Most job descriptions should require one and list others as preferred, rather than mandating all certifications for a single role.

Should an auditor job description include a salary range?

In the US, several states — including California, Colorado, New York, and Washington — now require salary ranges in job postings. Even where not legally required, including a band attracts better-qualified candidates and reduces time spent on candidates whose expectations are misaligned. Use a range rather than a single figure to preserve negotiating flexibility and reduce pay equity risk across geographies.

Can an auditor job description be used as an employment contract?

A job description is generally not intended to function as an employment contract, and a well-drafted description will include a disclaimer stating this explicitly. However, courts in some jurisdictions have found that a detailed, signed job description with compensation details can create an implied contract. Always pair the job description with a standalone employment agreement covering IP, confidentiality, non-compete, and termination to avoid this ambiguity.

How often should an auditor job description be updated?

Review the job description annually or whenever the auditor's scope, reporting structure, or key responsibilities change materially. Regulatory changes — such as new SOX guidance, updated IIA Standards, or revised PCAOB inspection requirements — may also require updates to the independence, qualifications, or performance standards sections. An outdated job description complicates performance management and can create legal exposure if the documented duties no longer reflect what the employee is actually expected to do.

What professional standards govern auditor job descriptions?

For internal audit roles, the IIA International Standards for the Professional Practice of Internal Auditing provide the authoritative framework — including requirements for an audit charter, independence, objectivity, and proficiency. For external audit roles at US public companies, PCAOB auditing standards and SEC independence rules apply. In the UK, the FRC's Ethical Standard and Auditing Practices Board guidance govern auditor conduct and independence requirements.

How this compares to alternatives

vs Employment Contract

A job description defines the scope and expectations of a role; an employment contract creates the legally binding obligations — IP assignment, confidentiality, non-compete, and severance — that govern the employment relationship. The job description is typically attached to or referenced by the employment contract. Using a job description alone leaves critical legal protections undocumented.

vs Audit Engagement Letter

An audit engagement letter is a contract between an organization and an external audit firm defining the scope, fees, timeline, and deliverables of a specific audit engagement. An auditor job description defines an internal employee's ongoing role and responsibilities. The two documents serve different parties — one governs a vendor relationship, the other governs an employment relationship.

vs Offer Letter

An offer letter confirms compensation and start date to secure a candidate's acceptance; it is not a comprehensive governance document. An auditor job description defines duties, independence requirements, performance standards, and qualifications in the detail needed for onboarding, performance management, and regulatory compliance. Both should be used together, not in place of each other.

vs Independent Contractor Agreement

If an auditor is engaged as an independent contractor rather than an employee, the governing document is a contractor agreement — not a job description. Contractor agreements define deliverables, fees, IP ownership, and termination. Misclassifying an employed auditor as a contractor triggers payroll tax liability, benefit obligations, and potential regulatory violations. Use a job description only for employment relationships.

Industry-specific considerations

Financial Services

Auditor job descriptions in banking and asset management must reference Basel III internal control requirements, AML/KYC audit scope, and regulatory examination readiness as core duties.

Healthcare

Healthcare auditors are typically expected to cover HIPAA compliance, CMS billing accuracy, and clinical documentation integrity — these domain-specific duties must be explicit in the job description.

Manufacturing

Manufacturing audit roles focus on inventory valuation accuracy, cost accounting controls, and supply chain compliance — often requiring experience with ERP systems such as SAP or Oracle.

Technology / SaaS

Tech-sector auditor descriptions frequently include SOC 2 readiness, revenue recognition under ASC 606, and IT general controls as core scope areas, particularly for companies approaching an IPO or major enterprise contract.

Jurisdictional notes

United States

SOX Section 301 requires that internal auditors at public companies have a direct reporting line to the Audit Committee, not solely to management. Several states — including California, Colorado, New York, and Washington — now require salary ranges in job postings. FLSA classification (exempt vs. non-exempt) must be verified; most professional auditors qualify as exempt administrative or professional employees, but misclassification carries significant back-pay liability.

Canada

Provincial employment standards legislation governs written job terms in Canada; Ontario, British Columbia, and Alberta all have minimum standards that affect how duties and compensation are documented. Quebec employers must provide job descriptions in French for provincially-regulated roles. Public companies listed on the TSX are subject to National Instrument 52-110, which governs audit committee composition and auditor oversight in ways that affect internal audit reporting structures.

United Kingdom

UK employers must provide a written statement of employment particulars on or before day one, which the job description typically supplements. The FRC's Ethical Standard governs auditor independence for statutory audit roles. IR35 rules apply where an auditor is engaged through a personal service company — misclassification can result in significant HMRC tax liability. Senior internal audit roles at FCA-regulated firms may require pre-approval under the Senior Managers and Certification Regime (SM&CR).

European Union

The EU Audit Regulation (537/2014) and Audit Directive (2014/56/EU) impose strict independence requirements on statutory auditors of public-interest entities, including mandatory firm rotation every 10 years. GDPR applies to the personal data auditors access during engagements — job descriptions for EU-based auditors should reference data protection obligations. Member state labor laws govern written employment terms; Germany, France, and the Netherlands each have statutory requirements on job classification and notice periods that must be reflected in the description.

Template vs lawyer — what fits your deal?

PathBest forCostTime
Use the templatePrivate companies hiring standard internal auditors at mid-level seniority in a single jurisdictionFree30–60 minutes
Template + legal reviewPublicly traded companies, SOX-scoped roles, senior audit leadership positions, or cross-border hires$300–$800 for an employment lawyer or HR consultant review1–3 days
Custom draftedFinancial institutions subject to PCAOB or FCA oversight, roles with board-level reporting, or highly regulated industries with sector-specific audit standards$1,000–$3,000+1–2 weeks

Glossary

Internal Audit
An independent, objective assurance function within an organization that evaluates the effectiveness of risk management, control, and governance processes.
External Audit
An independent examination of an organization's financial statements by a third-party firm or professional to verify accuracy and compliance with accounting standards.
Auditor Independence
The requirement that an auditor has no financial or personal interest in the entity being audited, ensuring objectivity in findings and opinions.
Materiality
A threshold above which a financial misstatement or omission is considered significant enough to influence the decisions of a reasonable user of the financial statements.
Audit Charter
A formal document that establishes the internal audit function's purpose, authority, scope, and accountability within an organization.
SOX Compliance
Adherence to the Sarbanes-Oxley Act of 2002, which mandates internal controls over financial reporting for US public companies and imposes personal liability on certifying officers.
Risk-Based Auditing
An approach that prioritizes audit resources toward areas with the highest probability and impact of financial or operational risk.
CPA (Certified Public Accountant)
A licensed accounting professional in the United States who has passed the Uniform CPA Examination and met state-specific education and experience requirements.
CIA (Certified Internal Auditor)
A globally recognized certification from the Institute of Internal Auditors (IIA) designating proficiency in internal audit theory and practice.
Audit Opinion
The formal conclusion issued by an auditor at the end of an audit engagement, stating whether financial statements are presented fairly and in accordance with applicable standards.
Segregation of Duties
An internal control principle requiring that no single employee has control over all phases of a transaction, reducing the risk of fraud or error.

Part of your Business Operating System

This document is one of 3,000+ business & legal templates included in Business in a Box.

  • Fill-in-the-blanks — ready in minutes
  • 100% customizable Word document
  • Compatible with all office suites
  • Export to PDF and share electronically

Related templates

You might also need these contracts and agreements:

Create your document in 3 simple steps.

From template to signed document — all inside one Business Operating System.
1
Download or open template

Access over 3,000+ business and legal templates for any business task, project or initiative.

2
Edit and fill in the blanks with AI

Customize your ready-made business document template and save it in the cloud.

3
Save, Share, Send, Sign

Share your files and folders with your team. Create a space of seamless collaboration.

Save time, save money, and create top-quality documents.

★★★★★

"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."

Managing Director · Mall Farm
Robert Whalley
Managing Director, Mall Farm Proprietary Limited
★★★★★

"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."

Business Owner · 4+ years
Dr Michael John Freestone
Business Owner
★★★★★

"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."

Owner · Upstate Web
David G. Moore Jr.
Owner, Upstate Web

Run your business with a system — not scattered tools

Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.

Free Forever Plan · No credit card required