How to Account for Cash Overdrafts

Alternative presentations of cash overdrafts

How should you account for cash overdrafts on a balance sheet and in a cash flow statement?

It is year-end and your audit client has three bank accounts at the same bank. Two of the accounts have positive balances (the first with $50,000 and the second with $200,000). The third account has a negative balance of $400,000. Since a net overdraft of $150,000 exists, how should we present cash in the financial statements?

Cash overdrafts

Picture Courtesy of DollarPhoto.com

Balance Sheet

In the balance sheet, show the negative balance as Cash Overdraft in the current liabilities. Or you can also include the amount in accounts payable.

If you are netting the three bank accounts, consider using the Cash Overdraft option. If you bury the overdraft in accounts payable, the financial statement reader may think, “there is a mistake, where is cash?” Using Cash Overdraft communicates more clearly. (The right of offset must exist in order to net bank accounts. The right of offset commonly exists for multiple bank accounts with one bank.)

Some companies have multiple bank accounts with multiple banking institutions. In such cases, the net balance of one bank might be positive and the net balance of the second bank might be negative. Then the company would reflect the positive balance as cash and the negative balance (of the second bank) as an overdraft.  

Suppose a company has bank accounts with two different banks and the net balance of the first bank is $1,350,000 and the net balance of the second bank is an overdraft of $5,000. Then show cash as one amount on the balance sheet ($1,345,000). The $5,000 overdraft is not material.

Cash Flow Statement

Some companies do not include cash overdrafts in the definition of cash; instead, they include the overdraft in accounts payable. Consequently, the company treats the overdraft as an operating activity (change in accounts payable). So, the company includes the overdraft as a change in a liability in the operating section of the cash flow statement. (Some accountants treat overdrafts as a financing activity, but overdrafts clear quickly. Therefore, an operating activity classification is more appropriate.)

Alternatively, include the overdraft in the definition of cash (rather than in accounts payable). In doing so, you combine the cash overdraft with other cash (that with positive balances) in the cash flow statement. The beginning and ending cash–in the cash flow statement–should include cash overdrafts.

FASB ASC 230-10-45-4 requires that the total amounts of cash and cash equivalents in the cash flow statement agree with similarly titled line items or subtotals in the balance sheet. If a cash overdraft is included in the definition of cash, the cash captions in the statement of cash flows should be revised accordingly (e.g., Cash (Cash Overdraft) at end of year).

If the balance sheet contains a positive cash balance in assets and a cash overdraft in liabilities, provide a reconciliation at the bottom of the cash flow statement (or in a disclosure). In the reconciliation, show the composition of cash (cash overdraft)–one line titled Cash, one line titled Cash Overdraft, and a total line titled Total Cash (Cash Overdraft)

One Other Consideration

If checks are created but not released by year-end, reverse the payment. Merely printing checks does not relieve payables. Payables are relieved when payment is made (checks are printed and mailed, or electronic payments are processed).

Restricted Cash

FASB recently issued a new standard dealing with how restricted cash is to be reported in the cash flow statement. Click here for more information.

The Most Efficient Way to Issue Financial Statements

SSARS 21 Tax Basis Financial Statements

What is the most efficient way to issue financial statements?

Tax basis financial statements without disclosure, using the Preparation of Financial Statements option (Section 70 of SSARS 21).

efficient way to issue financial statements

This answer assumes you are preparing financial statements in conjunction with a tax return and that those financial statements are issued separately—apart from the tax return—to your client.

The Why and How of Auditing Receivables and Sales

Here's an overview of how to audit receivables and sales

In this post, we look at how to audit accounts receivable and sales. We’ll answer questions such as, “should I confirm receivables or examine subsequent receipts?” and “why assume an overstatement of revenues?”

Auditing receivables and sales

Picture from AdobeStock.com

Auditing Receivable and Sales — An Overview

In this post, we will cover the following:

  1. Primary accounts receivable and sales assertions
  2. Accounts receivable and sales walkthrough
  3. Directional risk for accounts receivable and sales
  4. Primary risks for accounts receivable and sales
  5. Common accounts receivable and sales control deficiencies
  6. Risk of material misstatement for accounts receivable and sales
  7. Substantive procedures for accounts receivable and sales
  8. Common accounts receivable and sales work papers

1. Primary Accounts Receivable and Sales Assertions

First, let’s look at assertions. The primary relevant accounts receivable and sales assertions are:

  • Existence and occurrence
  • Completeness
  • Classification
  • Accuracy
  • Valuation
  • Cutoff

Of these assertions, I believe—in general—existence and occurrence and valuation are most important. So, the client is asserting that the accounts receivable exist and sales balances occurred and that they are valued properly.

Accuracy comes into play if the customer has complex receivable transactions.  Additionally, the cutoff assertion is often seen as relevant, especially if the client has increased incentives to inflate the receivables balance (e.g., bonuses triggered by certain income levels).

2. Accounts Receivable and Sales Walkthrough

Second, think about performing your risk assessment work in lights of the relevant assertions.

As we perform walkthroughs of accounts receivable and sales, we are looking for ways that accounts receivable and sales are overstated (though they can also be understated as well). We are asking, “What can go wrong—whether intentionally or by mistake?” 

In performing accounts receivable and sales walkthroughs, ask questions such as:

  • Are receivables subsidiary ledgers reconciled to the general ledger?
  • Is a consistent allowance methodology used?
  • What method is used to compute the allowance and is it reasonable?
  • Who records and approves the allowance?
  • Who reviews aged receivables?
  • What controls ensure sales are recorded in the right period?
  • Is there adequate segregation of duties between persons recording, billing, and collecting payments?
  • What software is used to track billings and collections?
  • Are there any decentralized collection locations?
  • When are sales recognized and is the recognition in accordance with the reporting framework?
  • What receivables and sales reports are provided to the owners or governing body?

As we ask questions, we also inspect documents (e.g., aged receivable reports) and make observations (who is doing what?).

If controls weaknesses exist, we create audit procedures to respond to them. For example, if—during the walkthrough—we see inconsistent allowance methods, we will perform more substantive work to prove the allowance balances.

3. Directional Risk for Accounts Receivable and Sales

Third, consider the directional risk of accounts receivable and sales.

The directional risk for accounts receivable and sales is an overstatement. So, in performing your audit procedures, perform procedures to ensure that accounts receivables and sales are not overstated. For example, review the cutoff procedures at period-end. Be sure that no subsequent period sales are recorded in the current fiscal year.

Audit standards require that auditors review estimates for management bias. So, consider the current year allowance and bad debt write-offs in light of the prior year allowance. This retrospective review allows the auditor to see if the current estimate is fair. The threat is that management might reduce allowances to inflate earnings.

Moreover, the audit standards state there is a presumption (unless rebutted) that revenues are overstated. Again, the threat is an overstatement of income.

4. Primary Risks for Accounts Receivable and Sales

Fourth, think about the risks related to receivables and sales.

The main risks are:

  1. The company overstates accounts receivable and sales  
  2. Company employees steal collections  
  3. Without proper cutoff, an overstatement of accounts receivables and sales occurs  
  4. Allowances are understated

Look for risks specific to the entity you are auditing. Risk vary from company to company.

auditing receivables and sales

Picture is from AdobeStock.com

5. Common Accounts Receivable and Sales Control Deficiencies

Fifth, think about the control deficiencies noted during your walkthroughs and other risk assessment work.

In smaller entities, the following control deficiencies are common:

  • One person performs one or more of the following: 
    • billing customers, 
    • receipts monies, 
    • makes deposits, 
    • records those payments in the general ledger 
    • reconciles the related bank account
  • The person computing allowances doesn’t possess sufficient knowledge to do so correctly
  • No surprise audits of receivables and sales 
  • Multiple people work from one cash drawer
  • Receipts are not appropriately issued
  • Receipts are not reconciled to daily collections
  • Daily receipts are not reviewed by a second person
  • No one reconciles subsidiary receivable ledgers to the general ledger
  • Individuals with the ability to adjust customer receivable accounts also collect cash (with no second-person approval or review of the adjustments)
  • Inconsistent bad debt recognition with no approval process
  • The revenue recognition policy is not clear and may not be in accordance with the reporting framework

6. Risk of Material Misstatement for Accounts Receivable and Sales

Sixth, now it’s time to assess your risks.

In smaller engagements, I usually assess control risk at high for each assertion. Controls must be tested to support the lower control risk assessments. Assessing risks at high is often more efficient than testing controls. 

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (controls risk X inherent risk = risk of material misstatement). The assertions that concern me the most are existence, occurrence, and valuation. So my RMM for these assertions is usually moderate to high. 

My response to higher risk assessments is to perform certain substantive procedures: namely, receivable confirmations and tests of subsequent collections. As RMM increases I send more confirmations and examine more subsequent collections. 

Additionally, I thoroughly test management’s allowance computation. I pay particular attention to uncollected amounts beyond 90 days. Uncollected amounts beyond 90 days should usually be heavily reserved. And amounts beyond 120 days should–generally–be fully reserved.  

7. Substantive Procedures for Accounts Receivable and Sales

And finally, it’s time to determine your substantive procedures in light of your identified risks.

My customary audit procedures are as follows:

  1. Confirm accounts receivable balances (especially larger amounts)
  2. Vouch subsequent period collections, making sure the subsequent collections relate to the period-end balances (sampling can be used)
  3. Thoroughly review allowance computations to see if they are consistent with prior years, agree to supporting documentation, and are appropriately computed
  4. Create comparative summaries of all significant revenue accounts, comparing the current year amounts with at least three years of historical data
  5. Create summaries of average customer income and compare with prior years 
  6. Compute average profit margins by sales categories and compare with previous years

8. Common Accounts Receivable and Sales Work Papers

My accounts receivable and sales work papers frequently include the following:

  • An understanding of accounts receivable and sales-related internal controls 
  • Risk assessment of accounts receivable and sales at the assertion level
  • Documentation of any control deficiencies
  • Accounts receivable and sales audit program
  • A detail of receivables comprising amounts on the general ledger 
  • Copies of confirmations sent
  • A summary of confirmations received
  • Subsequent collections work papers 
  • Allowance work paper

In Summary

In conclusion, today we looked at how to perform accounts receivable and sales risk assessment procedures, the relevant accounts receivable and sales assertions, the accounts receivable and sales risk assessments, and substantive accounts receivable and sales procedures. 

If you audit accounts receivable and sales differently, please share your ideas below. 

Continuing Audit Series

This post is a part of my series titled the Why and What of Audits. If you’ve missed the previous series articles, click here

Next week, we’ll look at how to audit plant, property, and equipment.

Look for Management Bias with Retrospective Reviews

Retrospective reviews of estimates enable auditors to see if financial statement fraud is occurring

Auditing standards require a retrospective review of estimates. Why? Because management can manipulate estimates to inflate earnings and assets.

Suppose a company has an established policy of reserving 90% of receivables that are 90 days or older. If in the current year, the greater-than-90-days-bucket contains $1 million, then management can increase earnings $400,000 by decreasing the reserve percentage to 50%.

Manipulating estimates is easy. Complex estimates (such as the allowance for loan losses in a bank) are even easier to change. Why? Because complex estimates are harder to understand, making it easier to explain away variations.

Retrospective Review in Financial Statement Audits

AU-C 240, Consideration of Fraud in a Financial Statement Audit, says (in paragraph .32) the auditor should do the following:

review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud. In performing this review, the auditor should

    1. evaluate whether the judgments and decisions made by management in making the accounting estimates included in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the entity’s management that may represent a risk of material misstatement due to fraud. If so, the auditor should reevaluate the accounting estimates taken as a whole, and
    2. perform a retrospective review of management judgments and assumptions related to significant accounting estimates reflected in the financial statements of the prior year. Estimates selected for review should include those that are based on highly sensitive assumptions or are otherwise significantly affected by judgments made by management.

The retrospective review is–like the tests of journal entries required in all audits–a response to potential management override of controls.

Does Bias Exist?

Financial statement fraud occurs when a business willfully manipulates numbers. Why would management intentionally alter profits? There are many potential reasons including profit-based bonuses and the need to meet debt covenant requirements. Regardless of the reason, auditors are to perform a retrospective review of judgments and assumptions used in computing the estimate. Are the judgments and assumptions the same? If they changed, why?

A retrospective review means the auditor places the current year judgments and assumptions next to those of the prior year. Why? To gain perspective. Consider doing so for at least two years. Then see if there is a trend that favors the company.

Document Your Retrospective Review

You should reference your audit program to the work paper containing the retrospective review documentation.

Consider heading up the work paper as “Retrospective Review.” Or on the work paper, use a label (Retrospective Review) to show the purpose of the trend information. Also, consider adding a purpose and conclusion statements such as:

  • Purpose of work paper: To perform a retrospective review of the judgments and assumptions used in computing the estimate.
  • Conclusion: While the allowance estimate is higher in the current year, the judgments and assumptions are the same. It does not appear that management bias is present.

Other examples of conclusions are as follows:

  • Conclusion: Based on our review of the economic lives of assets in the depreciation schedule, no management bias was noted.
  • Conclusion: We reviewed specific bad debt write-offs in the current year and compared them to the estimate for bad debts in the prior year. No management bias was noted.

Elements of Unpredictability in Financial Statement Audits

Audit standards require an elements of unpredictability

The audit standards require elements of unpredictability. Why? So clients can’t guess what the auditor is going to do. Clients naturally observe and learn what auditors normally do. The client’s knowledge of what is audited (and what is not) makes it easier to steal–simply take from unaudited places. This knowledge also enables the company to manipulate numbers–do so in unaudited balances.

The purpose of the unpredictable element is to create uncertainty–in the client’s mind–about what we will audit.

elements of unpredictability

Picture from AdobeStock.com

Elements of Unpredictability – The Audit Standards

AU-C 240.29 states the following:

In determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor should…incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.

AU-C 240.A42 states:

Incorporating an element of unpredictability in the selection of the nature, timing, and extent of audit procedures to be performed is important because individuals within the entity who are familiar with the audit procedures normally performed on engagements may be better able to conceal fraudulent financial reporting. This can be achieved by, for example,

  • performing substantive procedures on selected account balances and assertions not otherwise tested due to their materiality or risk.
  • adjusting the timing of audit procedures from that otherwise expected.
  • using different sampling methods.
  • performing audit procedures at different locations or at locations on an unannounced basis.

Examples of Unpredictable Tests

To introduce elements of unpredictability, perform procedures such as these:

  • Examine payments less than your normal threshold in your search for unrecorded liabilities (e.g., in the last three years your threshold was $7,000; this year, it’s $3,000)
  • Perform a surprise unannounced review of teller cash (for a bank client)
  • Make a physical visit to the inventory location one month after the end of the year and review inventory records (assuming you don’t normally do so)
  • Review payroll salary authorization sheets for ten employees and agree to amounts in the payroll master table (in the payroll software)
  • Test a bank reconciliation for the seventh month in the year being audited (in addition to the year-end bank reconciliation)
  • Confirm an immaterial bank account that you haven’t confirmed in the past
  • Pick ten vendors at random and perform procedures to verify their existence (as a test for fictitious vendors)

Document Your Unpredictable Test

Since unpredictable tests are required in every audit, document where you performed this procedure. Reference your audit program step for unpredictable tests to the work performed. Title your work paper, “Unpredictable Test,” and then add a purpose statement such as, “Purpose: To confirm the immaterial bank account with ABC Bank as an unpredictable test.” Doing so will eliminate the potential for a peer reviewer to say, “that’s a normal procedure.” You are overtly stating the purpose of the test is to satisfy the unpredictable test requirement.

Change Your Unpredictable Tests Annually

Change your unpredictable tests annually. Otherwise, they will–over time–become predictable.

Tips on Searching Your Evernote Account

Evernote accounts can have thousands of notes, but then how to you find particular information?

Are you looking for tips on searching your Evernote account?

Today I was working on a fair value note disclosure and needed to find information about the reconciliation required for level 3 changes. I knew I had, several weeks ago, fed my Evernote account with an example fair value disclosure. So I typed “fair value” “level 3” in my Evernote search box. Presto, there it was, and it took me about ten seconds.

Once you add hundreds and, yes, thousands of notes to your Evernote account, you need to know how to find the needle in the haystack.

Searching your Evernote account

Searching Your Evernote Account

Back in the 60s, when I was a mere child, I could call the operator if I needed help locating someone. While you can’t call Evernote operators, they are just as helpful in finding, not people, but information.

Operators

You can use operators in an Evernote search box to locate particular information. Some of the more commonly used operators are:

1. And
2. Any
3. Tag
4. Notebook
5. Intitle
6. Created

And – Normally you will not type the word “and” as an operator; it’s implied. So if you type: comprehensive income in the search box, Evernote will locate all notes with the words comprehensive and income. If you want to see all notes with the phrase “comprehensive income,” then type: “comprehensive income”–using quotation marks.

Any – Typing the words “any: compilation review” will provide all notes with either the word “compilation” or the word “review.” If a note has the word “compilation” (and not “review”), then it will appear in your search list. If a note has the word “review” (and not “compilation”), then it will also appear in the list.

Tag – By typing “tag:Bank” into the search box, you’re telling Evernote that you want to see all notes tagged “Bank.” (You can tag each note regardless of which notebook it is in; for example, you might have four different notes in four different notebooks, but each tagged “Bank.”)

Notebook – Let’s say you have a notebook titled: Auditing (along with 70 other notebooks). You can type: “notebook:Auditing” in the search box and Evernote will locate your auditing notebook.

Intitle – Typing “intitle:derivative” will yield all notes with the word “derivative” in the title. So if you have one note titled “Mitigating Risk with Derivatives” and another note titled “Derivative Disclosures,” both notes will appear in your search list.

Created – “created:day-1” will provide you with a list of all notes created yesterday and today. You can substitute “day” with “week,” “month,” or “year”. If you want to see all the notes created in the last two weeks, issue a search with “created:week-1.”

Combining Operators

Searching becomes even more powerful when you combine operators.

For example, typing:

Intitle:derivative swap “cash flow hedge”

will provide you with all notes that have the word “derivative” in the title and the words (1) “swap” and (2) “cash flow hedge” as a phrase.

Another example, typing:

Notebook:Accounting any:swap “cash flow hedge”

will provide you with a list of all notes from your accounting notebook that have either the word “swap” or the words “cash flow hedge” as a phrase.

Finally, typing:

Notebook:Bank tag:Deposits FDIC “Due to Due from”

will provide you with notes from your Bank notebook that have a “Deposits” tag and that contain the words FDIC and “Due to Due from” as a phrase.

Give It a Try

Go ahead, try some of these tips with your Evernote account. You’ll soon be sifting through your notes with ease.

Evernote offers a free version, so if you haven’t tried it, give it a test drive.

You’ll find more information about Evernote in the following posts:

Confirmation of Receivables: Is It Required?

Audit standards require certain documentation when receivables are not confirmed

When is the confirmation of receivables required?

confirmation of receivables

accounts receivable

Confirmation of Receivables is Usually Required

AU-C 330 paragraph 20 states the following:

The auditor should use external confirmation procedures for accounts receivable, except when one or more of the following is applicable:

  1. The overall account balance is immaterial.
  2. External confirmation procedures for accounts receivable would be ineffective.
  3. The auditor’s assessed level of risk of material misstatement at the relevant assertion level is low, and the other planned substantive procedures address the assessed risk. In many situations, the use of external confirmation procedures for accounts receivable and the performance of other substantive procedures are necessary to reduce the assessed risk of material misstatement to an acceptably low level.

If receivables are material and confirmation procedures will be effective, then confirmations must be sent. (Normally, the existence assertion related to receivables is moderate to high. So, 3. above is not in play.)

When are Confirmations Ineffective?

AU-C 330.A56 states:

External confirmation procedures may be ineffective when based on prior years’ audit experience or experience with similar entities:

  • response rates to properly designed confirmation requests will be inadequate; or
  • responses are known or expected to be unreliable.

If the auditor has experienced poor response rates to properly designed confirmation requests in prior audits, the auditor may instead consider changing the manner in which the confirmation process is performed, with the objective of increasing the response rates or may consider obtaining audit evidence from other sources.

Alternative Procedures When Confirmations are not Sent

What audit procedure should be performed if confirmations are not sent? Usually, the auditor will examine cash collections after the period-end. Care must be taken to ensure that the subsequent collections examined relate to receivables that existed at period-end and not to sales occurring after period-end.

Required Documentation When Confirmations are not Sent

AU-C 330.31 states that “the auditor should include in the audit documentation the basis for any determination not to use external confirmation procedures for accounts receivable when the account balance is material.” So, it is not sufficient to simply state that the use of confirmations is ineffective. We should state that we tried to confirm receivables in a prior year without effective results or that we tried to confirm receivables for clients in a similar industry, but without effective results.

The auditor should include a memo to the file or add comments on the receivables work paper explaining why confirmations were not sent.

When are SOC Reports Needed by an External Auditor?

When should an auditor request a SOC report?

Service organization control (SOC) reports are often necessary to understand outsourced accounting services. So, when are SOC reports needed? 

when are SOC reports needed

When are SOC Reports Needed?

SOC reports are needed when:

  • The user entity’s complementary controls are not sufficient to lessen the possibility of material misstatements
  • The SOC report provides information concerning a significant transactions cycle

Many organizations outsource portions of their accounting to service organizations. Think ADP–a service organization that provides payroll services. External auditors need to understand a service organization’s system and related controls–particularly if that work could allow material misstatements in the user’s financial statements. This understanding is provided in SOC reports.

All financial statement audits focus upon whether material misstatements are occurring. Moreover, the auditor’s opinion is supported by audit evidence proving the financial statements are fairly stated. But does (some of this) audit evidence come from SOC reports? Sometimes, yes.

A financial statement auditor is concerned with material misstatements, regardless of how or where they occur–and regardless of who allows the misstatement. Therefore, auditors look for internal controls weaknesses in both the entity being audited and outsourced service organizations.

As we will see, the external auditor may not need all SOC reports. On the other hand, some SOC reports may be needed but don’t exist.

Definitions Related to Service Organizations

Before delving into the details of service organization controls, let’s define a few key words. These definitions come from AU-C 402.

Complementary user entity controls. Controls that management of the service organization assumes, in the design of its service, will be implemented by user entities and are necessary to achieve the control objectives stated in management’s description of the service organization’s system, are identified as such in that description.

Service auditor. A practitioner who reports on controls at a service organization.

Service organization. An organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.

User auditor. An auditor who audits and reports on the financial statements of a user entity.

User entity. An entity that uses a service organization and whose financial statements are being audited.

Audit Standard for Service Organizations

AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization, states the following:

Services provided by a service organization are relevant to the audit of a user entity’s financial statements when those services and the controls over them affect the user entity’s information system, including related business processes, relevant to financial reporting. Although most controls at the service organization are likely to relate to financial reporting, other controls also may be relevant to the audit, such as controls over the safeguarding of assets. A service organization’s services are part of a user entity’s information system, including related business processes, relevant to financial reporting if these services affect any of the following:

  1. The classes of transactions in the user entity’s operations that are significant to the user entity’s financial statements;
  2. The procedures within both IT and manual systems by which the user entity’s transactions are initiated, authorized, recorded, processed, corrected as necessary, transferred to the general ledger, and reported in the financial statements;
  3. The related accounting records, supporting information, and specific accounts in the user entity’s financial statements that are used to initiate, authorize, record, process, and report the user entity’s transactions. This includes the correction of incorrect information and how information is transferred to the general ledger; the records may be in either manual or electronic form;
  4. How the user entity’s information system captures events and conditions, other than transactions, that are significant to the financial statements;
  5. The financial reporting process used to prepare the user entity’s financial statements, including significant accounting estimates and disclosures; and
  6. Controls surrounding journal entries, including nonstandard journal entries used to record nonrecurring, unusual transactions, or adjustments.

If a service organization’s work affects any of the items listed in a. through f., those services are a part of the audited entity’s information system.

When is a SOC report not needed?

When does the external auditor not need SOC reports or other information related to a service organization? Paragraph .05 of AU-C 402 answers that question as follows:
 
This section does not apply to services that are limited to processing an entity’s transactions that are specifically authorized by the entity, such as the processing of checking account transactions by a bank or the processing of securities transactions by a broker (that is, when the user entity retains responsibility for authorizing the transactions and maintaining the related accountability).
 
Additionally, complementary user entity controls may be strong enough to eliminate the need for information about the service organization’s controls.

Complementary User Entity Controls

The user entity–an entity that uses a service organization and whose financial statements are being audited–may have controls sufficient to eliminate the need for SOC reports or other information from the service organization. Sometimes the user entity has controls that mitigate the risk of material misstatements caused by service organization deficiencies. Such controls are referred to as “complementary user entity controls.” If the complementary controls operate effectively, the user auditor–an auditor who audits and reports on the financial statements of a user entity–may not need SOC reports or other service organization information.

Alternatively, if the service organization initiates, executes, and does the processing and recording of the user entity’s transactions, then the user auditor may need SOC reports or other service organization information.

Is the Placement of a SOC Report in the Audit File Sufficient?

Placing a SOC report in an audit file without reading and understanding it provides little-to-no audit evidence.

A SOC report provides information about how the service organization’s controls lessen the possibility of material misstatement. So, the user auditor needs to read and document how the service organization’s controls lessen the risk of material misstatement. This understanding of controls is necessary if the service organization’s work affects a significant transaction cycle such as payroll.

Think of SOC reports in this manner: Pretend there is no service organization and the company being audited performs the same processes and controls. If the audited entity performs these controls–and no service organization exists–the auditor gains an understanding of the controls using risk assessment procedures such as inquiry, observations, and inspections of documents. Potential control weaknesses are exposed by the risk assessment process. Thereafter, the identified risks are used to develop the audit program and substantive procedures. The same audit process is true when there is a service organization. But when a service organization is used, the user auditor is using the SOC report to gain the understanding of the service organization’s part of the entity’s accounting system.

If controls weaknesses are noted in the SOC report, the user auditor may–as a response–perform substantive procedures. By doing so the auditor lowers the overall audit risk (which is the risk that the auditor will issue an unmodified opinion when one is not merited).

Type 1 or Type 2 SOC Reports?

Service organization auditors can issue type 1 or type 2 reports.

A type 1 SOC report provides a description of a service organization’s system and the suitability of the design of controls.

A type 2 SOC report includes a service organization auditor’s opinion on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls.

The type 1 report provides information about the service organization’s system and related controls. The type 2 report provides an opinion on the system description and the design and effectiveness of the controls. A type 1 or a type 2 report can be used to gain an understanding of the controls.

Should the Auditor Visit the Service Organization?

Usually, the auditor does not need to visit the service organization, but sometimes it is necessary to do so. If the service organization provides no SOC report and the complementary user controls are not sufficient, then the auditor may have no choice but to review the service organization’s system and controls. Only do so if the service organization handles significant parts of the accounting system.

How to Make Your Business More Profitable by Funding Depreciation

Money in the bank for capital purchases

From time to time, I have clients ask me “What is funding depreciation?” And more importantly, they ask, “How can this technique make my organization more profitable and less stressful?”

Here’s a simple explanation.

It’s the setting aside of cash in amounts equal to an organization’s annual depreciation. The purpose: to fund future purchases of capital assets with cash.

Funding Depreciation

Picture Courtesy of Canva

Funding Depreciation

Suppose you buy a $10,000 whiz-bang gizmo – a piece of equipment – that you expect to use for ten years, and at the end of the ten years you expect it to have no value. Your annual depreciation is $1,000.

In this example, a $1,000 depreciation expense is recognized annually on your income statement (depreciation decreases net income) even though no cash outlay occurs. The balance sheet includes the cost of the whiz-bang gizmo, but at the end of ten years, the equipment has a $0 book value, being fully depreciated.

The smart manager will annually set aside $1,000 in a safe investment – such as a certificate of deposit or money market account – for the future replacement of the whiz-bang gizmo.

If the company does not annually invest the $1,000, it has a few options at the end of the ten-year period:

  • Borrow the full amount for the replacement cost
  • Seek outside funding (e.g., grants)
  • Use other funds from within the organization
  • Ask U2 to do a special benefits concert – just kidding

Obviously, if you borrow money to replace the equipment, you will have to pay interest – another cash outlay. Suppose the rate is 10%. Now the organization must pay out $1,100 each year. If the organization funds the depreciation (invests $1,000 annually), it earns interest. If the entity chooses not to fund depreciation, it will pay interest.

Businesses that fund depreciation are always making money from interest (granted not much these days) rather than paying for it.

Another advantage to funding depreciation: you know you will have the money to purchase the capital asset. You’re not concerned with whether a creditor will lend you the money for the acquisition. You’re financially stronger.

Why Doesn’t Every Entity Fund Depreciation?

So why doesn’t everyone fund depreciation?

  • Some don’t understand the concept
  • Some had rather spend the cash flows for the ten years (e.g., owners taking too much in distributions)
  • Some need the money just to run the organization
  • In governments, elected officials desire to keep tax rates low while they are in office
  • In growing businesses, the owners may need the money to fund the growth of the company
  • Most importantly, it may require two cash payments (more in a moment)

Concerning the last point, if the business had to borrow money to purchase the initial capital asset, then it must make the debt service payments (cash outlay 1). If the company also funds depreciation for that same asset (making investments equal to the annual depreciation), another cash flow occurs (cash outlay 2).

If the business can ever get into a position where it pays cash for new equipment, it will be better off. Then only one cash outlay (investment funding) occurs, and the company is making–not paying–interest.

What if the organization cannot–due to cash flow constraints–fund depreciation for all new equipment purchases? Consider doing so for just one or two pieces of equipment–over time, the entity may be able to move into a fully funded position.

Who Should Fund Depreciation?

So, who should fund depreciation?

Organizations with sufficient cash flow and discipline. It’s the smart thing to do.

Imagine a world with no debt, a world where you don’t have to wonder how you will pay for equipment. Dreaming? Maybe, but it’s definitely worth consideration.

The Why and How of Auditing Cash: Where are the Dangers?

This article covers risk assessment and audit procedures for cash

Today we look at how to audit cash.

Can intentional misstatements of cash be covered up with fake bank statements and confirmations? Think about Parmalat and ZZZZ Best Carpet Cleaning. Fake bank statements do exist, and false bank confirmations can mislead auditors. Or maybe control weaknesses allow the theft of cash, and your client is unaware. There are many ways that cash can be misstated. 

how to audit cash

Made with Canva

How to Audit Cash

In this post, we will take a look at the following:

  • Primary cash assertions
  • Cash walkthrough
  • Directional risk for cash
  • Primary risks for cash
  • Common cash control deficiencies
  • Risk of material misstatement for cash
  • Substantive procedures for cash
  • Common cash work papers

Primary Cash Assertions

The primary relevant cash assertions are:

  • Existence
  • Completeness
  • Rights
  • Accuracy
  • Cutoff

Of these assertions, I believe—in general— existence, accuracy, and cutoff are most important. The audit client is asserting that the cash balance exists, that it’s accurate, and that only transactions within the period are included.

Classification is normally not a relevant assertion. Cash is almost always a current asset. But when bank overdrafts occur, classification can be in play. The negative cash balance can be presented as cash or as a payable—depending on the circumstances. See my cash overdraft post for more information. 

Cash Walkthrough

As we perform walkthroughs of cash, we are normally looking for ways that cash might be overstated (though it can also be understated as well). We are asking, “What can go wrong—whether intentionally or by mistake?” 

In performing cash walkthroughs, ask questions such as:

  • Are timely bank reconciliations performed by competent personnel?
  • Are all bank accounts reconciled?
  • Are bank reconciliations reviewed by a second person?
  • Are all bank accounts on the general ledger?
  • Are transactions appropriately cutoff at period-end?
  • Is there appropriate segregation between persons handling cash, recording cash transactions in the general ledger, reconciling the bank statements, making payments
  • What bank accounts were opened?
  • What bank accounts were closed?

As we ask questions, we also inspect documents (e.g., bank reconciliations) and make observations (who is doing what?).

If controls weaknesses exist, we create audit procedures to address them. For example, if—during the walkthrough—we review three monthly bank reconciliations and they all have obvious errors, we will perform more substantive work to prove the year-end bank reconciliation is correct—such as vouching every outstanding deposit and disbursement.

Directional Risk for Cash

What is directional risk? It’s the bias that a client might have regarding an account balance. A client might desire an overstatement of assets and an understatement of liabilities—each makes the balance sheet look healthier. 

The directional risk for cash is overstatement. So, in performing your audit procedures, perform procedures to ensure that cash is not overstated—such as testing the bank reconciliation.

Primary Risks for Cash

The primary risks are:

  1. Cash is stolen 
  2. Cash is intentionally overstated to cover up theft 
  3. Not all cash accounts are on the general ledger
  4. Cash is misstated due to errors in the bank reconciliation
  5. Cash is misstated due to improper cutoff 

Common Cash Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

  • One person receipts and/or disburses monies, records those transactions in the general ledger, and reconciles the related bank accounts
  • The person performing the bank reconciliation does not possess sufficient skills to carry out the task appropriately
  • Bank reconciliations are not timely performed 

Risk of Material Misstatement for Cash

In my smaller engagements, I usually assess control risk at high for each assertion. If control risk is assessed at less than high, then controls must be tested to support the lower risk assessment. Assessing risks at high is usually more efficient than testing controls. 

risk of material misstatement for cash

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (controls risk X inherent risk = risk of material misstatement). The assertions that concern me the most are existence, accuracy, and cutoff. So my RMM for these assertions is usually moderate to high. 

My response to higher risk assessments is to perform certain substantive procedures: namely, bank confirmations and testing of the bank reconciliations. As RMM increases I examine more of the period-end bank reconciliations and more of the outstanding reconciling items. Also, I am more inclined to use cut-off bank statements and confirm the balances.

Substantive Procedures for Cash

My customary audit tests are as follows:

  1. Confirm cash balances
  2. Vouch reconciling items to the subsequent month’s bank statement
  3. Ask if all bank accounts are included on the general ledger
  4. Inspect final deposits and disbursements for proper cutoff 

The auditor should send the confirmations directly to the bank. Some companies create false bank statements to cover up theft. Also, some companies—again, to cover up theft—provide false bank confirmation addresses. Then the confirmation is sent to the company (or an accomplice) rather than the bank. Once received, the company replies to the confirmation as though the bank is doing so. You can lessen the chance of fraudulent confirmations by using Confirmation.com, a company that specializes in bank confirmations.

Agree the confirmed bank balance to the period-end bank reconciliation (e.g., December 31, 2016). Then, agree the reconciling items on the bank reconciliation to the bank statements subsequent to the period-end. For example, examine the January 2017 bank statement activity when clearing the December 2016 reconciling items. Finally, agree the reconciled balance to the general ledger cash balance for the period-end (e.g., December 31, 2016). 

Cut-off bank statements (e.g., January 20, 2017 bank statement) may be used to test the outstanding items. Such statements—similar to bank confirmations—are mailed directly to the auditor. Alternatively, an auditor might examine the reconciling items by viewing online bank statements. (Read-only rights can be given to the auditor.)

Common Cash Work Papers

My cash work papers normally include the following:

  • An understanding of cash-related internal controls 
  • Risk assessment of cash assertions at the assertion level
  • Documentation of any control deficiencies
  • Cash audit program
  • Bank reconciliations for each significant account
  • Bank confirmations

In Summary

Today, we looked at how to audit cash. We’ve discussed how to perform cash risk assessment procedures, the relevant cash assertions, the cash risk assessments, and substantive cash procedures. To get the most benefit from this post, compare your cash work in one or two audit files to this post.

If you audit cash differently, please share your ideas in a comment below. 

Continuing Audit Series

This post is a part of my series titled the Why and What of Audits. If you’ve missed the prior articles, click here

Next week, we’ll look at how to audit receivables and revenue.