When is a Disclosure Material?

FASB proposes to clarify materiality as it relates to disclosures

Back in the fall of 2015, FASB issued two proposed standards to address materiality as it relates to disclosures:

  1. Amendment to conceptual framework
  2. Update to Topic 235-10 (Notes to Financial Statements)

The intent of FASB is to clarify that it does not establish materiality and that the preparers have (some) discretion in determining disclosures to be included in financial statements.

Financial Statements

Picture is courtesy of AdobeStock.com

Proposed Changes

FASB’s proposals would:

  • Clarify that FASB does not define materiality.
  • State that materiality is a legal concept.
  • Delete the existing discussion of materiality in FASB’s conceptual statements and replace it with a broad observance of the Supreme Court’s definition of materiality.
  • State that materiality is applied to quantitative and qualitative disclosures individually and in the aggregate in the context of the financial statements taken as a whole.
  • Clarify that an omission of immaterial information is not an accounting error.

The proposed FASB language (in the amendment to FASB’s conceptual framework) includes the following:

Materiality is a legal concept.* In the United States, a legal concept may be established or changed through legislative, executive, or judicial action. The Board observes but does not promulgate definitions of materiality. Currently, the Board observes that the U.S. Supreme Court’s definition of materiality *, in the context of the antifraud provisions of the U.S. securities laws, generally states that information is material if there is a substantial likelihood that the omitted or misstated item would have been viewed by a reasonable resource provider as having significantly altered the total mix of information.* Consequently, the Board cannot specify or advise specifying a uniform quantitative threshold for materiality or predetermine what could be material in a particular situation.

* Emphasis added by CPA-Scribo

Investors are Fuming

As usual, investor groups are raising a ruckus. The New York Times even did a piece about investor perspectives. Historically investors have wanted everything and the kitchen sink. After all, gathering and presenting the information costs them nothing. While I respect the need for clear and useful investor information (and this should be provided), financial statement users should receive only information that is relevant and pertinent to decision making.

Excessive disclosures are a waste of time and money. Worse yet, they may even distract from valuable information in the financial statements.

Regardless of how one defines materiality, there will always be judgment (see my recent post: Materiality is Not (Just) a Number). The subjectivity involved in applying materiality will not disappear simply because a legal definition is used.

Overkill by Financial Statement Reviewers

The exposure draft titled Assessing Whether Disclosures are Material points out that some audit committees see the omission of immaterial disclosures as “errors.” Some regulators and government agencies have this same perspective. New FASB requirements are added to disclosure checklists, and if the financial statements don’t include every (possible) note, it’s considered a mistake. This process is fallacious and–in some cases–detrimental to providing information to financial statement users. Preparers, after being stung by a regulator or some other outside party, become paranoid and then spend an inordinate amount of time adding minutiae. The result: Notes that contain an overabundance of information.

For example, who cares if a company with $300 million in assets spends $2,542 for advertising? The preparer–fearing the audit committee, regulator, or government agency–includes the advertising disclosure and adds to the clutter that dilutes the overall financial statement communication. It’s counterproductive (for crying out loud). Does the advertising note help? I don’t think so.

Your Thoughts

We’ll see where this all goes. Once FASB provides additional information, I’ll pass it along to you.

What are your thoughts concerning the proposed FASB amendments?

Key Fraud Statistics from The Association of Certified Fraud Examiners

Fraud Statistics

Graphic created with Canva.com

I have followed the Association of Certified Fraud Examiners (ACFE) biennial survey for about the last ten years. Some key statistics have remained constant such as average loses of 5% and detection by tips–usually around the 40% mark. Another stat (not included above) is the median duration of fraud before detection: this metric continues at 18 months.

Key take-away: Think about how your organization would benefit if it had no fraud. The survey says, “the typical organization loses 5% of revenues in a given year as a result of fraud.”

You can download the ACFE survey here. It’s free.

Four Steps to Making Memorable Presentations

How to leave a lasting impression

If you’ve read the book Presentation Zen, you know that many speakers–without intending to–hide their message. In watching CPE presentations and board presentations, I have noticed that (we) CPAs unwittingly hide our messages. How? We present slide decks that look like intermediate accounting textbooks–chock full of facts, but too much to digest. And do we really believe that those attending will take those slides back to the office and study them?

Probably not.

My experience has been those slides end up in the office dungeon, never to be seen again. We have one chance to communicate–in the session.

iStock_000016828736XSmall

Courtesy of iStockphoto.com

It is the presenter’s duty to cause learningSo how can we  engage our audience (even those sitting on the back row reading the newspaper)? Let’s start with the slide deck.

1. Make Simple Slides

I try to have no more than two points per slide, and I leave out references to professional standards (at least on the slides).

What happens when you see a slide that looks like it contains the whole of War and Peace? You may think, “Are you kidding? You want me to consume all of that in the next three minutes. Forget it. I will not even try.” And then you begin to think about your golf game or your next vacation. So how much information should you include on a slide?

Nancy Duarte recommends the glance test for each slide. “People should be able to comprehend it in three seconds.”

2. Include a picture related to the topic

For example, if I am presenting to governmental auditors, I might create a slide that simply says Bribes with a picture of someone being bribed.

3. Tell a story (and ask questions)

People love stories. If your presentation is about bribes and you have not audited a bribery situation, Google bribes, and you will find all the fodder you need. If you can’t find a story, use a hypothetical. Why? You are trying to draw your audience in–then maybe they will put that newspaper down (your most triumphant moment as a speaker!).

Also engage your audience with questions. Stories get the juices going; questions make them dig. And, if the audience is with you at this point, you now have dialog. This is when it gets fun. Those talking learn, the audience learns, and, yes, you learn.

4. My last point: Move

Move. Not too much, but at least some.

A statue is not the desired effect. Michael Jackson is also not the desired effect (moonwalking was never in my repertoire anyway). But movement, yes. I like to walk slowly from side to side (without moonwalking) and will, at times, move toward the audience when I want to make an important point. And, no, I am not moving constantly.

Presentation Software and Handouts

Presentation Software

If you have an Apple computer, let me recommend Keynote as your presentation software. I do think PowerPoint (for you Windows users) has improved in the last two years, but I personally still prefer Keynote.

One More Point

If you need to provide detailed information, use handouts (I sometimes provide narrative summaries in addition to the slide deck). Then, if you like, refer your audience to the supporting material.

Your Presentation Tips

What do you do to make your presentations sizzle?

How to Steal Money with Altered Check Payees

This simple fraud occurs all too often

Some fraudsters steal money with altered checks.

As a kid I once threw a match in a half-gallon of gasoline – just to see what would happen. I found out. Quickly. In a panic, I kicked the gas container–a plastic milk jug–several times, thinking this would somehow put the fire out. But just the opposite occurred, and when my father found out? Something else was on fire.

Steal money with altered check payees

Some accounting weaknesses create unintended consequences. Show me an accounting clerk who (1) can sign checks (whether by hand, with a signature stamp, or with a computer-generated signature), (2) posts transactions to the accounting system, and (3) reconciles the bank statements, and I will show you another combustible situation. Here’s how one city clerk created her own blaze.

Altered Check Example

Using the city’s signature stamp, the clerk signed handwritten checks made out to herself; however, when the payee name was entered into the general ledger (with a journal entry), another name was used – usually that of a legitimate vendor.

For example, Susie, the clerk, created manual checks made out to herself and signed them with the signature stamp. But the check payee was entered into the accounting system as Macon Hardware (for example). Also, she allocated the disbursements to accounts with sufficient remaining budgetary balances. The subterfuge worked as the expense accounts reflected appropriate vendor activity and expenses stayed within the budgetary appropriations. No red flags.

Check

The accounting clerk, when confronted with evidence of her deception, responded, “I don’t know why I did it, I didn’t need the money.” We do a disservice to accounting employees when we make it so easy to steal. Given human nature, we should do what we can to limit the temptation.

How?

Controls to Lessen Check Fraud

First, if possible, segregate the disbursement duties so that only one person performs each of the following:

• Creating checks
• Signing checks
• Reconciling bank statements
• Entering checks into the general ledger

If you can’t segregate duties, have someone (the Mayor, a non-accounting employee, or an outside CPA) review cleared checks for appropriateness.

Secondly, have a second person approve all journal entries. False journal entries can used to hide theft. With sleight of hand, the city clerk made improper journal entries such as:

                                                Dr.                 Cr.

Supply Expense              $5,234

Cash                                                        $5,234

 

The check was made out to Susie, but the transaction was, in this example, coded as a supply expense paid to Macon Hardware. You can lessen the risk of fraud by preventing improper journal entries.

Thirdly, limit who has access to check stock. It’s usually wise to keep blank check stock locked up until needed.

Finally, limit who can sign checks, and deep-six the signature stamp.

A word to external auditors looking for a fraud test idea (or those just looking for check fraud): Consider testing a random sample of cleared checks by agreeing them to related invoices. Work from the cleared check to the invoice. It is best for the auditor to pull the invoices from the invoice file; if you ask someone in accounting to pull the invoices, that person might create fictitious invoices to support your list (not hard to do these days). If the payee has been altered, you will, in many cases, not find a corresponding invoice. Pay particular attention to checks with payees that are company employees.

How to Capture and Communicate Control Deficiencies

Capturing and reporting internal control weaknesses

We’re concluding another audit, and it’s time to consider whether we will issue a letter communicating internal control deficiencies. A month ago we noticed some control issues in accounts payable, but presently we’re not clear about how to describe them. We hesitate to call the client to rehash the now-cold walkthrough. After all, the client thinks we’re done, and quite frankly, they are tired of seeing us. We know that boiler-plate language will not adequately apprise the client of the weaknesses nor will it provide corrective steps. Now we’re kicking ourselves for not taking more time to document the control deficiencies.

Here’s a post to help capture and document internal control issues as we audit.

Today, we’ll take a look at the following control weakness objectives:

  1. How to communicate them
  2. How to discover them
  3. How to capture them
Internal Controls

Picture is courtesy of AdobeStock.com

Before we get started, let’s define three types of weaknesses:

  • Material weaknesses – A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
  • Significant deficiencies – A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  • Other deficiencies – For purposes of this blog post, we’ll define other deficiencies as those less than material weaknesses or significant deficiencies.

As we look at these definitions, we see that categorizing control weaknesses is subjective. Notice the following terms:

  • Reasonable possibility
  • Material misstatement
  • Less severe
  • Merits attention by those charged with governance

Categorizing a control weakness is not a science, but an art. With this thought in mind, let’s start our journey with how control weaknesses should be reported.

1. How to Communicate Control Weaknesses

Material weaknesses and significant deficiencies must be communicated in writing to management and those charged with governance. While other deficiencies don’t have to be writing, they should nonetheless be disclosed to management and documented in the work papers.

2. How to Discover Control Weaknesses

Rather than trying to recall control weaknesses at the end of the audit, capture them as you perform the audit. You might see control problems in the following stages:

  • Planning – Risk assessment and Walkthroughs
  • Fieldwork – Transaction-level work
  • Conclusion – Wrapping up

Planning Stage

You will discover deficiencies as you perform walkthroughs which are carried out in the early stages of the engagement. Correctly performed walkthroughs allow you to see process shortcomings and where duties are overly concentrated (what auditors refer to as a lack of segregation of duties). Are functions appropriately segregated concerning:

  • Custody of assets
  • Reconciliations
  • Authorization
  • Bookkeeping

Notice the first letters of these words spell CRAB (I know it’s cheesy, but it helps me remember).

Within each transaction cycle, these functions–if possible–need to be performed by different people. Doing so lessens the possibility of theft. If one person performs multiple duties, ask yourself, “Is there any way this person could steal funds?” If yes, then the client should add a control in the form of a second-person review. If possible, the client should have someone external to prior accounting processes (usually a supervisor) examine daily reports or other supporting documentation. How often should the review be performed? Daily, if possible. If not daily, as often as possible. Regardless, the client should not allow someone with the ability to steal to work without reviews by a second person. As we saw in my recent post, the fear of detection will lessen fraud.

If a transaction cycle lacks segregation of duties, then consider the potential impact from the control weakness. Three possibilities exist:

  • Theft that is material (material weakness)
  • Theft that is not material but which deserves the attention of management and the board anyway (significant deficiency)
  • Theft that is so small that you don’t have to communicate the issue to the board but will do so to management (other deficiency)

My experience has been that if any theft potential exists, those charged with governance want to know about it, but this too is a subjective decision.

Too often auditors make blanket statements that the client lacks appropriate segregation of duties, and then practically excuse the weakness with words such as, “Segregation of duties is not possible due to the limited staff.” I fear such statements are made to protect the auditor (should fraud occur in the future). It is better to be specific about where the weakness lies and what the potential impact might be. For example:

The accounts payable clerk can add new vendors to the vendor file. Since checks are signed electronically as they are printed, there is a possibility that fictitious vendors could be added and funds stolen. Such amounts could be material.

Such a statement tells the client where the problem is and the potential damage. Be prepared to provide a recommendation to remediate the problem.

While I just described how a lack of segregation of duties may allow theft to occur, the same applies to financial statement fraud (or cooking the books). When one person controls the reporting process, there is a greater risk of financial statement fraud. Appropriate segregation mitigates the risk that someone will manipulate the numbers.

Fieldwork Stage

While it is more likely you will discover process control weaknesses in the planning stage of an audit, the results of control deficiencies surface during fieldwork. How? Audit journal entries. What are journal entries but corrections to results (from the accounting system)? The stronger the system, the fewer the journal entries in number and size. Not that all journal entries are evidence of internal control weaknesses, but consider why the errors occurred. If the corrections are the result of control weaknesses, then consider if the client has a material weakness.

A material weakness is defined as:

  • being reasonably possible,
  • material in amount, and
  • [will not be] prevented on a timely basis

When the auditor makes a journal entry for a material amount, it’s difficult to argue that a material weakness does not exist. We know the error is “reasonably possible.” It occurred. We also know it was not “prevented on a timely basis.”

Conclusion Stage

When concluding the audit, review all of the audit entries to see if any are indicators of control weaknesses. Also, review your internal control deficiency work papers (more on this in a moment). If you have not already done so, discuss the noted control weaknesses with management. In particular, it is wise to communicate any potential significant deficiencies or material weaknesses. As you already know, management may oppose these since they are reported to the board–and can cast a poor light on the accounting staff. So be prepared to explain your determination. Your firm may desire to have a policy that only managers or partners make these communications since they are sensitive.

It is a good practice for your company to designate a particular location in your audit files for internal control deficiency documentation. Let’s discuss the appearance of these controls evaluation work papers.

3. How to Capture Control Weaknesses

Create a standard form (if you don’t already have one) to capture control weaknesses. The main point I am stressing is to document the internal control deficiency when you see it.

Internal Controls

Picture is courtesy of AdobeStock.com

Too often auditors don’t write the weakness down, thinking they will remember the issue at the conclusion of the audit. Be disciplined in documenting on the go. Why?

Two reasons:

  1. You may not be on the engagement when it concludes (you are transferred to another audit) and
  2. You may not remember the issue (weeks later).

The audit standards require that we document our internal control weakness communications–either in a letter (for significant deficiencies and material weaknesses) or another way such as a memorandum (for control weaknesses we verbally communicate). Either way, the communication should be documented.

Think of the internal control communication process as follows:

  1. Capture the control deficiency on your firm’s form
  2. Later, determine whether the weakness if a significant deficiency or a material weakness
  3. If the deficiency is a significant deficiency or a material weakness, create your written letter to management and those charged with governance
  4. If the deficiency is not a significant deficiency or a material weakness, then you have already met the documentation requirement for this type of control issue (you’ve already completed your firm’s form to capture the control problem)
    • Note – You can include these other deficiencies in your written letter, but you are not required to; the communication can be verbal.

What should be on the internal control capture form? At a minimum include the following:

  1.  Check-mark boxes for:
    1. Significant deficiency
    2. Material weakness
    3. Other control deficiency
    4. Other issues (e.g., violations of laws or regulations) — this general category has no relation to internal control weaknesses
  2. Whether the probability of occurrence is at least reasonably possible and whether the magnitude of the potential misstatement is material
    • If the probability of occurrence is at least reasonably possible and the magnitude of the potential misstatement is material, then the client has a material weakness
  3. Description of the deficiency and verbal or other communications with the client about the issue (at the time the problem was identified or later); also the client’s response
  4. The cause of the condition
  5. The potential effect of the condition
  6. Recommendation to correct the issue
  7. Person who identified the issue and the date the issue was noted
  8. Whether the issue is a repeat from the prior year
  9. An area for the partner to sign off that he or she agrees with the description of the deficiency and the category assigned to it (e.g., material weakness)
  10. Reference to related documentation in the audit file

How Do You Capture and Report Control Deficiencies?

Whew! We’ve covered a lot of ground today. How do you capture and report control deficiencies? I’m always looking for new ideas: Please share.

Looking for Answers to Independence Questions?

If you are looking for answers to independence questions, check out the AICPA’s Plain English Guide to Independence. Click here. This is a great resource.

How Can You Improve Your Work Paper Documentation?

The importance of identifying characteristics

The AICPA’s April 2016 Peer Review newsletter highlights the lack of audit documentation as a continuing problem in audits.

AU-C section 230, Audit Documentation requires the auditor, in documenting the nature, timing, and extent of audit procedures performed, to record:

  1. the identifying characteristics of the specific items or matters tested;
  2. who performed the audit work and the date such
    work was completed
    ; and
  3. who reviewed the audit work performed and the date and extent of such review.
Audit Documentation

Picture is courtesy of AdobeStock.com

What does this mean? Auditors can’t, for example, just say, “I randomly selected journal entries throughout the year. All entries were appropriately made.” Either the journal entries must be included in the audit file, or–at a minimum–the journal entry numbers must be noted. A person who has never seen the file must be able to reperform the test; without the journal entry numbers, the reperformance can’t be done.

Why would the Auditing Standards Board require “identifying characteristics”? To put it bluntly: Because some auditors will say they tested journal entries when they did not. The “identifying characteristics” requirement creates accountability for the auditor.

Don’t get me wrong. Memorandums have their place, but specificity is necessary. Too often we auditors make wondering generalities rather than statements of substance. Once we detail the specific work performed, then it is appropriate to make more general statements such as “It appears the accounts payable controls are working appropriately.” But without the detailed documentation, the general statement is just filler.

The April 2016 AICPA Peer Review newsletter says:

AU-C section 230, Audit Documentation, notes that audit documentation can include audit plans and checklists. It further states that the existence of an adequately documented audit plan demonstrates that the auditor has planned the audit. However, the audit plan supports the fact that the audit was planned, not that specific procedures were performed.

Checklists can be used to facilitate audit procedures, but, using them correctly requires that they be appropriately tailored for the specific audit. Checking off a step in an audit program or a checklist will not provide sufficient documentation about the nature, timing, and extent of audit procedures performed or the identifying characteristics of the specific items or matters tested.

Identifying Characteristics

Here are examples of identifying characteristics. (These are just examples; documentation will vary based upon what the auditor is attempting to do.)

  • In fraud inquiries, the documentation of who you spoke with and when and the person’s position
  • When examining purchase orders, documentation of:
    • P.O. numbers
    • P.O. dates
  • For journal entry tests, documentation of:
    • Journal entry numbers
    • Date of the journal entries
  • When sampling check disbursements, documentation of:
    • The name of the report that the sample is coming from
    • The starting and ending numbers of the population
    • The interval being used (e.g., every 25th check)
    • All check numbers examined
    • What was examined (e.g., payee)

How to Improve

So how can we make sure our work papers possess proper identifying characteristics?

Review one or two audit files for appropriate documentation. Ask yourself, “Have I made any general statements without detailed support?” and “Am I over-relying on checklists without supporting documentation that proves the step has been performed?”

Here are some example work papers to review:

  • Fraud inquiries (have we documented who we spoke with, their position, and when we talked?)
  • Test of journal entries (have we identified the specific journal entries reviewed?)
  • Search for unrecorded liabilities (have we documented thresholds and the period of time for which the search was performed?)
  • Tests for compliance with grant requirements (have we identified the specific documents examined such as bids, invoice numbers, purchase orders, check numbers?)
  • Plant, property and equipment (for additions vouched to invoices, have we documented the invoice number and date? Have we specified any threshold such as “all amounts greater than $25,000”?)

Signing Off on Work Papers

Another common work paper deficiency is a lack of sign-offs. Who prepared the work paper and when? Who reviewed the same? While not every work paper must be reviewed, all have a preparer—documentation doesn’t just magically appear! So, at a minimum, all work papers should have a preparer sign-off. Without sign-offs, we may not be able to determine who created the work paper.

Finally reviewers should sign off on each work paper reviewed. A single sign-off at the top of the file does not provide sufficient documentation of what was reviewed. Sign-offs are a means of documenting accountability. Some auditors omit sign-offs as a means of avoiding responsibility—not a good thing. With regard to a work paper, we should either own it or discard it. 

How to Use the Camera Effect to Kill Fraud

The threat of being seen diminishes theft

43% of fraud detection comes by way of tips. This is why whistleblower programs are the number one means of reducing theft. Time and time again the Association of Certified Fraud Examiners’ surveys prove that whistleblower programs lessen the number of and dollar amount of frauds. Employers provide 1-800 numbers whereby employees can anonymously report potential red flags 24/7. So why would a telephone number reduce fraud?

The camera effect.

Fraud Prevention

Picture is courtesy of AdobeStock.com

We know that when potential fraudsters believe their thefts will be detected they will often stay clean. No one wants to go to jail. No one desires to embarrass themselves or their family members.

The key is to introduce the threat of discovery.

We don’t necessarily need a program that detects every theft (which can be quite expensive), but we do need potential thieves to believe–that if they take–they will get caught.

This is why whistleblower programs are effective. When in place, such programs make employees feel that others will see and communicate fraud signals such as the new $80,000 car on a $40,000-a-year income. Think of the whistleblower programs as lots of roving cameras recording and communicating actions in real time. Now employees think, “If I take, I might be seen.”

When I teach fraud prevention classes, I turn a security camera on, and it whirls and turns making class members feel as though they are being recorded. It’s funny; people act differently when the eye of the camera is on them. They sit up straight, fix their hair, smile. After the camera rotates a couple of times, I say, “The camera is not hooked up to anything. You are not being recorded.” What did I just do? I made them think they were being taped.

My point: We want employees to believe their actions are visible though they may not be.

Examples of Fraud Prevention Using the Camera Effect

Here are examples of fraud prevention steps that create the camera effect:

  • Someone outside of the accounts payable department randomly selects ten cleared checks each month and reviews the payee, the signature, and the invoice support (and the accounts payable personnel know this occurs)
  • The bank statements are mailed to someone outside of accounting who opens them and inspects the contents before providing the statements to the accounting department (even if the bank statements were only opened and the contents were not reviewed, the accounting department thinks the checks are being reviewed)
  • An outside CPA or CFE performs surprise tests of accounting information twice a year, picking whatever area she desires to inspect (now everyone knows their work might be reviewed)

Your Camera Effects

What fraud prevention procedures have you implemented that create the camera effect?