Tick and Tie Financial Statements

Here are examples of financial statement numbers that tick and tie

What are the steps to tick and tie financial statements?

You may be wondering what “tick and tie” means. It refers the action an accountant performs when he agrees one financial statement number to another.  For example, the accountant can compare total assets with total liabilities and equity–they should be the same. If they are not, something is wrong. This is the purpose of ticking and tieing numbers: to ensure that the financial statements are correct. Accountants also compare financial statement numbers with note disclosures or to supplementary information. Again, many such numbers should agree.

tick and tie financial statements

This picture is AdobeStock.com

Financial statements come in a wide variety of presentation formats depending on the industry and the requirements of the financial reporting framework (e.g., generally accepted accounting principles). Below I provide common numbers that accountants tick and tie (agree), assuming the financial statements include:

  1. Balance sheet
  2. Income statement
  3. Statement of changes in equity
  4. Cash flow statement

The Accounting Equation

Keep in mind the accounting equation: Total Assets = Total Liabilities + Total Equity.  All three (total assets, total liabilities, total equity) appear on the balance sheet.

Also, remember that net income–which appears on the income statement–is the result of subtracting expenses from revenues. In equation form, the formula is Net Income = Revenues – Expenses.

Tick and Tie Examples

Here are the numbers that should agree:

  • Total assets equals total liabilities and equity (the balance sheet includes each of these)
  • Net income on the income statement should agree with net income on the statement of changes in equity
  • Net income on the income statement should agree with the first line on the cash flow statement (assuming the indirect method is used to prepare the cash flow statement)
  • The last line of the cash flow statement is cash; this period-end cash balance should agree with the cash balance on the balance sheet
  • The last line(s) of the statement of changes in equity (the period-end equity balance) should agree with the equity balance(s) on the balance sheet
  • A statement of changes in equity can include multiple columns for each category of equity (e.g., retained earnings, common stock, paid-in capital); each of the ending equity balances should agree with the equity shown on the balance sheet
  • Any payments made to the owners (e.g., distributions) appear on the statement of changes in equity and should agree with the same amount on the cash flow statement (in the financing section of the cash flow statement)
  • If the cash flow statement is comparative (e.g., two-year presentation), the ending cash for the prior year should agree with the beginning cash balance in the current year
  • If the financial statements contain notes, some disclosure numbers will agree with financial statement balances (e.g., the receivables note disclosure will usually include total receivables; this figure should agree with the receivable line on the balance sheet)
  • The plant, property, and equipment note will typically include total depreciation expense for the year; this depreciation expense number should agree with the cash flow statement depreciation line (assuming the cash flow statement is shown using the indirect method)
  • Supplementary information (e.g., a detail of other expenses) should agree with the other expense line on the income statement 

Closing Thoughts

The above list of tick-and-tie numbers is not comprehensive. There are too many variations in financial statement presentations to provide a full universal list. But, hopefully, this helps.

10 Super Easy Ways to Increase Your Productivity

Here are ways for CPAs to be more efficient

Are you a CPA looking for ways to increase your productivity?

Here are ten suggestions.

CPA Productivity

Courtesy of Dollar Photo

1. Control f

First, I see too many CPAs hen-pecking around, trying to find information in their electronic piles. Many times the quickest route to finding information is Control f (Command f on a Mac). Hold your control key down and type f. This action will usually generate a find dialog box–-then key in your search words. Control f works in Excel, Word, PowerPoint, and Adobe Acrobat.

2. OCR Long Documents

Computers can’t read all electronic documents (that is, not all documents are electronically searchable). Sometimes you need to convert the document to OCR. OCR stands for optical character recognition. So how can you make an electronic document readable and searchable?

Scan documents into Adobe Acrobat and use the OCR feature to convert bitmap images into searchable documents. Then use Control f to locate words. When should you OCR a document? Typically when it’s several pages long. Do so when you don’t want to read the entire document to find a particular word or phrase.

For example, suppose your client gives you a one-hundred-page bond document, and you need to locate the loan covenants. Rather than reading the entire document, convert it to searchable text (using Adobe Acrobat) and use Control f to locate each instance of the word covenant

3. Dispatching Paper Quickly

A clean work surface enables you to think clearly.

So make filing decisions quickly–as soon as a paper or electronic document is received. Keep your desk (and computer desktop) clean.

If you can dispatch a document in less than two minutes, do so immediately. For documents that take more than two minutes to file, electronically scan them. Then place the document in an action folder on your computer’s desktop. (If you don’t have time to scan the document at the moment, create a To Be Scanned pile in a paper tray.)

You’re thinking, “But I’ll forget about the document if it’s not physically on my desk.” Allay this fear by adding a task in Outlook to remind you of the scanned document (you can even add the document to a task). I create tasks with reminders. So, for example, the reminder pops up at 10:00 a.m. on Tuesday morning; attached is the relevant document. That way I don’t forget.

For more information about scanning, see my post How to Build an Accountant’s Scanning System. I also recommend David Allen’s book Getting Things Done which provides a complete system for making filing decisions.

4. Close Your Door

An open door says what? Come in.

A cracked door says what? Knock and come in.

A closed door says what? Don’t enter, especially without knocking.

I close my door for about an hour at a time. Additionally, I turn off all electronic devices and notifications. Doing so allows me to focus on the task at hand. 

5. Use a LiveScribe Pen

Do you remember everything someone says in a meeting? I don’t. Livescribe allows me to take notes and simultaneously record the conversation. Then I can hear any part of the conversation. For example, if I–in a meeting–write the words “intangible amortization,” I can (later) touch the tip of my pen to that phrase (in my Livescribe notebook) and hear what was said as I wrote those words. That way, I don’t have to call a meeting attendee and ask, “What did you say about intangible amortization?”

6. Take Breaks and Naps

Another idea is to take breaks and naps.

Counterintuitive? Yes, but it works.


I come from the old school of “don’t lift your head up or someone will see how lazy you are.” I’m not sure where this thinking comes from, but you will be more efficient–not less–when you take periodic breaks. I recommend a break at least once every two hours.


Naps? You may be thinking, “Are you kidding?”

Research shows you will be more productive if you take a nap during the day. It doesn’t have to be long, maybe ten or fifteen minutes after lunch. You’ll feel fresher and think more clearly. According to Dr. Sandra Mednick, author of Take a Nap, Change Your Life, napping can restore the sensitivity of sight, hearing, and taste. Napping also improves creativity.

Michael Hyatt recently listed several famous nappers:

  • Leonardo da Vinci took multiple naps a day and slept less at night.
  • The French Emperor Napoleon was not shy about taking naps. He indulged daily.
  • Though Thomas Edison was embarrassed about his napping habit, he also practiced his ritual daily.
  • Eleanor Roosevelt, the wife of President Franklin D. Roosevelt, used to boost her energy by napping before speaking engagements.
  • Gene Autry, “the Singing Cowboy,” routinely took naps in his dressing room between performances.
  • President John F. Kennedy ate his lunch in bed and then settled in for a nap—every day!
  • Oil industrialist and philanthropist John D. Rockefeller napped every afternoon in his office.
  • Winston Churchill’s afternoon nap was non-negotiable. He believed it helped him get twice as much done each day.
  • President Lyndon B. Johnson took a nap every afternoon at 3:30 p.m. to break his day up into “two shifts.”
  • Though criticized for it, President Ronald Reagan famously took naps as well.

For empirical evidence that naps help, check out the book Rest, Why You Get More Done When You Work Less.

Also, here are more ideas to create energy in your day.

7. Answer Emails and Phone Calls in Chunks

If you pause every time you get an email or a phone call, you will lose your concentration. Therefore, try not to move back and forth between activities. Do one thing at a time since multitasking is a lie.

Pick certain times of the day (e.g., once every three hours) to answer your accumulated emails or calls.

8. Exercise

I run (by myself) or walk (with my wife) six times a week–usually in the morning before work. Exercising helps my attitude and clears my mind. Also, I feel stronger late in the day.

9. Lunch at 11:30 a.m. or 1:00 p.m.

Another idea: Go to lunch at 11:30 a.m. or 1:00 p.m. Why stand in line? 

10. Take One Day Off a Week

Finally, I usually don’t work on Sundays (even in busy season). For me, it’s a day to worship, relax, see friends, and revive. I find the break gives me strength for the coming week.

Muddled minds destroy productivity.

Your Ideas?

These are a few of my thoughts. Please share yours.

The Balance Sheet Audit Approach: Slaying a Sacred Cow

Why the risk based audit approach is better

Sacred cows make great steaks. Richard Nicolosi.

Risk-based audit standards have existed for years, but I still see a resistance to risk assessment procedures. Why? A reliance on the traditional balance sheet audit approach. I think many auditors prefer to test a bank reconciliation (ticking off each cleared transaction) to interviewing the company’s CFO. They enjoy the certainty of vouching payables (yep, the invoice agrees with the payable detail) and disdain the difficulty of walking a transaction through the accounting system. Regardless, many CPA firms struggle to slay the sacred cow of balance sheet audits.

What is a Balance Sheet Audit?

So what is a balance sheet audit approach?

It’s the examination of period-end balance sheet totals (the results of accounting processes) rather than the accounting processes themselves. For example, the auditor might confirm receivables and not perform a walkthrough of billing and collections. The balance sheet audit approach lacks any significant focus on the income statement.

While it is true that nailing down (or “beating up”) the balance sheet provides helpful audit evidence, there are some downsides.

The Downside of Balance Sheet Audits

So what are the weaknesses of a balance sheet audit approach?

First, the balance sheet approach does not address the income statement. Consequently, income statement line items may be misclassified (e.g., expenses netted with revenues). If the balance sheet is correct, net income (the result of revenues and expenses) is correct. But revenues and expenses can still be misclassified. (I once saw grant revenue of $300,000 netted with related grant expenses resulting in a $0 impact to revenues and expenses.)

Secondly, and more importantly, the balance sheet audit method does not address the possibility of theft (and some forms of fraudulent reporting of revenues and expenses). Sure we can confirm cash and reconcile the balance to the general ledger. So what? If someone steals $1 million in cash receipts (or $10 million or whatever number you want to use), the balance sheet approach may not address the risk of theft.

The same is true if the CFO steals money by cutting checks to himself (or to fictitious vendors). The accounts payable balance can be reconciled to a detail, and a search for unrecorded liabilities can be performed–typical balance sheet audit steps–but these procedures don’t address theft.

Finally, audit standards require walkthroughs, fraud inquiries, planning analytics, and an understanding of the business. Without these steps, we cannot truly understand audit risks that lie hidden in accounting processes.

balance sheet audit

Picture from AdobeStock.com

The Upside of Risk-Based Audits

I still believe that auditors can save time using a risk-based audit approach.

Understanding the business and its processes requires time, but doing so can lead to a leaner audit. You can decrease some substantive procedures when you know where your risks are. We can also mitigate audit risk (because we know what the risks are).

And this is the beauty and logic of risk-based audits. We determine where the risks are, and then we perform procedures to address those risks. We cease to blindly focus on the balance sheet. 

Less time, less risk.

Sounds good to me–but slaying a sacred cow is necessary. I like my steaks medium rare. How about you?

Agree or disagree? Please let me know.

How to Review Financial Statements Efficiently and Effectively

Tips to quickly review financial statements and to ensure effectiveness

Most CPA firms create financial statements for their clients. This blog post tells you how to create and review financial statements efficiently and effectively.

Review Financial Statements

Picture is courtesy of AdobeStock.com

How to Create Financial Statements

First, staff members create the original financial statements. Where possible, electronically link the trial balance to the financial statements. Doing so will expedite the financial statement process and enhance the integrity of the numbers. Ask the staff member to do the following:

  • Prepare the initial draft of the statements
  • Create clear disclosures
  • Complete a current financial statement disclosure checklist 
  • Research any nonstandard opinion or report language (place sample reports from PPC or other sources in the file) — later the partner will compare this supporting document to the opinion or report
  • Research any additional reports (e.g., Yellow Book, Single Audit); place copy of such reports in the file — the partner or manager will have such reports available for their review
  • The staff person should review the partner’s planning document to see if any new standards are to be incorporated into this to year’s financial statements

How to Proof the Financial Statements

Second, proof your financial statements. The proofer usually does the following before the partner or managers’ review:

  • Add (foot the numbers for) all statements, notes, schedules
  • Tick and tie numbers such as:
    • Total assets equal total liabilities and equity
    • Ending cash on the cash flow statement agrees with the balance sheet
    • Net income on the income statement agrees with the beginning number of an indirect method cash flow statement
    • Numbers in the notes agree with the financial statements
    • Numbers in the supplementary schedules agree with the financial statements
  • Review financial statements for compliance with firm formatting standard 
  • Read financial statements for appropriate grammar and punctuation (consider using Grammarly)
  • Compare the table of contents to all pages in the report
  • Review page numbers

Partner or Manager Review

Finally, the partner or manager reviews the financial statements. Having the proofer do their part will minimize the review time for this final-stage review.

Here are tips for the final review:

  • Scan the complete set of financials to get a general feel for the composition of the report (e.g., Yellow Book report, supplementary information, the industry, etc.) — this is a cursory review taking three or four seconds per page
  • Read the beginning part of the summary of significant accounting policies taking note of the reporting framework (e.g., GAAP), type of entity (e.g., nonprofit), and whether the statements are consolidated or combined — doing so early provides context for the remaining review of the financials
  • Read the opinion or report noting any nonstandard language (e.g., going concern paragraph)
    • Agree named financial statement titles in the opinion or report to the financial statements
    • Agree the dates (e.g., year-end) in the opinion or report and compare to the statements
    • Compare supporting sample report (as provided by your staff member and noted above) to the opinion or report
    • Compare representation letter date to the opinion or review report date
  • Review the balance sheet making mental notes of line items that should have related notes (retain those thoughts for review of the notes)
  • Review the income statement
  • Review the statement of changes in equity (if applicable)
  • Review the cash flow statement
  • Review the notes (making mental notes regarding sensitive or important disclosures so you can later see if the communication with those charged with governance appropriately contains references to these notes)
  • Return to the balance sheet to see if there are additional disclosures needed (since you just read the notes, you will be more aware of omissions — e.g., intangibles are not disclosed)
  • Review supplementary information (and related opinion for this information if applicable)
  • Review other reports such as Yellow Book and Single Audit (the staff member preparing the financial statements should have placed supporting examples in the file; refer to the examples as necessary)
  • If the review is performed with a printed copy of the statements, use yellow highlighter to mark reviewed sections and numbers
  • If the review is done on paper, pencil in corrections and provide corrected pages to the staff member for amendments to be made
  • If the review is performed on the computer, take screenshots of pages needing corrections and provide to the staff member
  • Alternatively, make corrections using Track Changes if the financial statements are in a Word document; these changes will appear in a different color so you can visually see what was changed; Word also provides a different color for each person who makes a change, so you can see who changed what

Last Step

Destroy all drafts–or at a minimum, don’t leave them in the file. Once the financial statements are complete, there is no reason to retain drafts.

Your Suggestions

What other review procedures do you use?

AICPA Code of Professional Conduct: Answers to Your Ethical Questions

Check out this post for two helpful AICPA resources

Are you a CPA looking for answers to independence or other ethical questions? Below, you’ll see two handy AICPA resources:

  • AICPA Code of Professional Conduct
  • Plain English Guide to Independence
AICPA Code of Conduct

Picture from AdobeStock.com

AICPA Code of Professional Conduct

The AICPA provides online access to the Code of Conduct. You can also download a PDF copy here (this PDF covers all standards issued through August 31, 2016).

Online access is free, and users are able to save searches and bookmark content.

The Code is organized into three parts:

  1. Public practice
  2. Members in Business
  3. All other members (including those who are in between jobs or retired)

The Code includes a threats and safeguards framework. CPAs should identify threats and then consider safeguards to mitigate those threats. The CPAs can proceed with the engagement if threats–after considering safeguards–are at an acceptance level.

Plain English Guide to Independence

As the Quality Control partner for our firm, I receive quite a few questions about ethical issues (mainly about independence). Nine out of ten times I find the answers to those questions in the AICPA’s Plain English Guide to Independence. I download this guide and keep it handy. When I need to research an issue, I open the document and perform word searches. If you aren’t already using this resource, I highly recommend it. 

How to Report Debt Covenant Violations

Violations may require debt to be shown as current

How does a debt covenant violation affect the presentation of debt on a balance sheet?

If a debt covenant violation occurs, the debt should be classified as current unless the lender provides a waiver for at least one year from the balance sheet date or the debtor is able to cure the violation subsequent to the balance sheet date but before the issuance date (or date available for issuance) of the financial statements.

Some loans provide for a grace period. If the violation is cured during the grace period, the debt–other than current maturities–will be reported as as long-term. Also if the cure has not already occurred but the company demonstrates it is probable that it (the cure) will occur within the grace period, then, again, the debt will be reported as long-term.

report debt covenant violations

Picture is courtesy of AdobeStock.com

The Main Consideration

The main consideration in classifying long-term debt is whether the amount is due or callable within one year of the balance sheet date. (By definition, a liability is current when due within one year of the balance sheet date.) If due or callable within the year subsequent to the period-end, the amount generally should be reported as current. (One exception: when it is probable the cure will occur within the grace period.) If a debt covenant violation is timely cured, then the debt is no longer callable and will, therefore, remain long-term. The same is true if the creditor provides a waiver that extends one year beyond the balance sheet date.

Note–Even minor violations of debt agreements may allow the creditor to call a loan.

FASB Codification Guidance

470-10-45 of the FASB Codification provides the following guidance:

Some long-term loans require compliance with quarterly or semiannual covenants that must be met on a quarterly or semiannual basis. If a covenant violation occurs that would otherwise give the lender the right to call the debt, a lender may waive its call right arising from the current violation for a period greater than one year while retaining future covenant requirements. Unless facts and circumstances indicate otherwise, the borrower shall classify the obligation as noncurrent, unless both of the following conditions exist:

a. A covenant violation that gives the lender the right to call the debt has occurred at the balance sheet date or would have occurred absent a loan modification.
b. It is probable that the borrower will not be able to cure the default (comply with the covenant) at measurement dates that are within the next 12 months.

Is Disclosure Required if a Waiver is Obtained?

If the company obtains a waiver for one year from the balance sheet date, must the financials disclose this fact (that a waiver was obtained)?

The AICPA answers this question–in Q&A section 3200 (paragraph 17)–with the following:

The authoritative literature applicable to nonpublic entities does not address disclosure of debt covenant violations existing at the balance-sheet date that have been waived by the creditor for a stated period of time. Nevertheless, disclosure of the existing violation(s) and the waiver period should be considered* for reasons of adequate disclosure. If the covenant violation resulted from nonpayment of principal or interest on the debt, inability to maintain required financial ratios, or other such financial covenants, that information may be vital to users of the financial statements even though the debt is not callable.

*Emphasis added by CPA-Scribo

Translation: It is wise to disclose the debt covenant violation and the existence of the waiver.

FASB’s Current Work on a New Standard

On January 10, 2017, the FASB issued the Exposure Draft, Debt (Topic 470): Simplifying the Classification of Debt in a Classified Balance Sheet (Current versus Noncurrent). Click here for more information.

Wire Transfer Theft: How to Prevent It

How to steal $6.9 million in less than an hour

In one of the easiest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to another account in Austria. The wire transfer originated with the fax of a letter (which took less than an hour to create). Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned her husband in; he later came back to the states of his own volition (after his wife gave him an earful). He went to jail. I guess, after a few boat rides down the Danube, he missed his family.

Preventing wire transfer theft

Picture from AdobeStock.com

Wire Transfer Theft is Easy

It’s easy for an accounting clerk (or other authorized company official) to wire funds and to cover their tracks with a journal entry – too easy in many cases. If a company  accountant or official has the ability to (1) wire funds by himself and (2) make journal entries without a second-person review, then the organization has left the fraud door wide open. Such a situation is not uncommon in small businesses, nonprofits and governments.

As you think about wire transfers, consider that they can be originated with a fax, a phone call, a personal visit to the bank, or a computer. Determine how your bank handles wire transfers and craft your internal controls based on those dynamics.

Wire Transfer Internal Controls

Organizations should do the following to mitigate wire transfer fraud:

  1. Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  2. Require two persons to consummate all wire transfers to external parties (the most important control in my opinion)
  3. If the wire transfer request is by phone or by fax, require the bank to call your organization back before the wire transfer is consummated
  4. The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are keyed into the bank software as a part of the transfer request)
  5. Restrict the bank accounts from which a wire transfer can be made (the organization may want to limit external wire transfers to just one bank account)
  6. Restrict certain bank accounts so that wire transfers can only be made to other bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  7. Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  8. Require sufficient documentation for all wire transfer journal entries; require a second-person review of these journal entries
  9. Consider using a dedicated computer for all wire transfers; do not use this computer for any other purpose (malware is often picked up by computers as they visit Internet websites)
  10. Use all bank-provided wire transfer controls
  11. Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

Use Fraud Prevention Controls Offered by Banks

Not using controls offered by banks may make your organization liable should funds be stolen by hackers. One company sued its bank when hackers took $440,000 from its bank account with a wire transfer; the judge ruled against the company because it had opted out of control procedures offered by the bank. Also make sure your company uses appropriate firewall and antivirus protection.

Closing Words

If one person can make external wire transfers and journal entries to record those transactions, you have the makings of wire fraud–soon you may see that employee on Facebook, riding down the old Danube.

Video from Gary Zeune

You can see a news video about the nonprofit fraud mentioned above at Gary Zeune’s website: The Pros and The Cons. (If you have not heard Gary speak about fraud, you should do so. He does a great job.)

Assessing Audit Control Risk at High (and Saving Time)

Assessing control risk at high is often an efficiency decision

At times, auditors errantly assess control risk at less than high. Why? Because the (lower) assessment is not supported by a test of controls.

So can you assess control risk at high without testing controls? Yes–and you may want to. Below you’ll see why.

We have been told that “you can’t default to maximum risk.” While we can’t default to maximum (the old pre-risk-assessment standards term), we can–and in many audits should–assess control risk at high (the present risk assessment term).

assess control risk

Picture is from AdobeStock.com

Assessing Control Risk at High

First, the auditor should determine the existence and location of risks–the purpose of risk assessment procedures. Once risk assessment procedures (walkthroughs, inquiries, analytics, etc.) are performed, we know more about what the risks are and where they are. Then we can assess control risk (CR) at whatever level we desire (if CR is below high, then controls must be tested to support the lower risk assessment).

The Efficiency Decision

At this point, our assessment of control risk becomes a question of efficiency. We can:

  1. Assess control risk at high and not perform additional tests of controls, or
  2. Assess control risk at low to moderate and test the operating effectiveness of controls

The salient question is, “Which option is most efficient?”

Risk Assessment Procedures

Risk assessment procedures, such as walkthroughs, generally are not sufficient to support a low to moderate control risk assessment. A walkthrough (often a test of one transaction) allows us to see if appropriate controls are in place. They don’t, however, tell us if the controls are consistently working.

Testing Controls

AU-C Section 330.08 states: The auditor should design and perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls if the auditor’s assessment of risks of material misstatement…includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining…substantive procedures).

A test of one transaction–often performed in walkthroughs–generally is not considered “sufficient appropriate audit evidence” to assess control risk at less than high.

Back to the Efficiency Issue


To test and rely on controls, the auditor should examine more transactions. We might, for example, test forty disbursements for proper purchase orders. If the control is working, then we can assess control risk at low to moderate and decrease our substantive work. We could, for example, test fewer additions to plant, property and equipment.

If it takes longer to test controls (e.g., the forty purchase orders) than to perform substantive tests (e.g., vouching invoice support for additions to plant, property and equipment), then it makes more sense to assess control risk at high and perform substantive procedures. And we should do just that–if we desire to make a higher profit on the engagement (and I’m betting you do).

For example, if it takes six hours to test forty transactions for appropriate purchase orders, and it takes four hours to vouch all additions to plant, property, and equipment, then we should assess control risk at high and not perform the test of controls. We should perform the substantive procedure of vouching all significant additions to plant, property, and equipment.

Reducing Substantive Tests (Without Testing Controls)

Can we assess the risk of material misstatement (RMM) at low to moderate without testing controls?


If the inherent risk (IR) is low to moderate, then our combined risk of material misstatement can easily be low to moderate. (Let me encourage you to assess risk at the assertion level and not at the transaction level, but I will save that topic for another post.)

For example, a low inherent risk and a high control risk can yield a low to moderate RMM. In an equation it looks like this:

 IR         CR         RMM            Audit Approach
Low X High = Moderate              Basic

This approach produces a moderate RMM without testing controls. A moderate RMM supports a basic approach, and a basic approach means we are performing fewer substantive tests (a high RMM means the auditor will perform more substantive tests).

In short, many times inherent risk is low to moderate. If you combine a low to moderate inherent risk with a high control risk, you can assess RMM at low to moderate. This low to moderate RMM comports with a basic audit approach. Continuing with our plant, property and equipment example from above, you can–with the low to moderate RMM–test fewer asset purchases. And no test of controls is necessary.

This approach–assessing control risk at high after performing risk assessment procedures–often creates greater audit efficiency and is compliant with audit standards. Alternatively, we should assess control risk below high and test controls if this approach takes less time.

Why Assessing Control Risk at High is (Often) More Efficient


I started this post by saying we sometimes errantly assess control risk. By this, I mean we sometimes assess control risk at low to moderate without a sufficient test of controls. If we assess control risk at less than high, then we must test controls.

What are your thoughts about assessing control risk?

Yellow Book Independence: When Should You Apply Safeguards?

Safeguards are to be applied when significant independence threats are present

When I was a kid living in Donalsonville, Georgia, my mother would drive into our open garage, leave the keys in the ignition (where they remained for the evening), and then would walk into our home (which had not been locked all day).

Over time, I noticed that she left the keys in the car less and less, and we began to lock the doors of our home. At one point we even bought deadlocks.


It seems our neighbors were, from time to time, having small thefts, and one even had a burglar in the home as they returned one afternoon.

My parents were responding to risks. The greater the thefts and burglaries, the greater the safeguards.

Safeguards Required by Yellow Book

Whenever an external auditor performs nonattest services (e.g., preparation of financial statements), then the auditor should consider whether the nonattest service adversely affects his independence.

The Government Auditing Standards (known as the Yellow Book) requires that safeguards be applied whenever independence threats are significant – but only if they are significant – in order to eliminate or reduce such threats to an acceptable level.

Yellow Book Independence Safeguards

Yellow Book Independence Safeguards

Examples of safeguards that may eliminate or reduce significant threats to an acceptable level include the following:

  • Discussing independence issues with those charged with governance of the entity
  • Assigning separate engagement personnel for the audit and nonaudit service
  • Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team (e.g., second partner review of financial statements prepared by the external audit firm)
  • Discussing the significance of the threats to management participation or self-review with the engagement team and emphasizing the risks associated with such threats
  • Educating management on the nonaudit services performed by reviewing and explaining the reason and basis for all significant transactions, as well as authoritative standards, so that management is in a position to determine or approve all assumptions and judgments and take responsibility for the nonaudit services
  • When financial statement preparation is the nonaudit service being performed, determining that there has been review of the financial statements and successful completion of a disclosure checklist by the audited entity

Not all safeguards listed would be appropriate for all significant threats identified and, often, may require combinations of more than one safeguard. When determining the type and number of safeguards to be applied, the auditor should consider the significance of the threats, both individually and in the aggregate.

Some safeguards have a higher level of mitigation of threats than others. Also safeguards that involve personnel who are independent of the audit process are generally more effective than those who are not independent.

Determining which safeguards to apply involves professional judgment and is dependent on the facts and circumstances of each specific situation.

Prohibited Services

Finally remember that safeguards cannot be used to ameliorate risk related to prohibited services (e.g., the external audit firm signs checks for the client); if the external auditor performs prohibited services, then safeguards cannot remedy the lack of independence. Examples of prohibited services follow:

  • Setting policies and the strategic direction for the audited entity
  • Directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities
  • Having custody of an audited entity’s assets
  • Accepting responsibility for designing, implementing, or maintaining internal control

Preparing Financial Statements 

 If you are an external auditor that also prepares the client’s financial statements (a nonattest service), see my post concerning Yellow Book independence.

Consulting or Agreed Upon Procedures Engagement: Which is Best?

Which should I use? Consulting or AUP

Consulting or agreed upon procedures–which should a CPA use?

Consulting or agreed upon procedures

Picture from AdobeStock.com

I am often asked, “should this be an agreed-upon-procedures (AUP) engagement or a consulting engagement?” (The question usually comes just after a client says, “I don’t need an audit. They cost too much.”)

So what’s the difference in an AUP and a consulting engagement?

Agreed Upon Procedures Engagement

The AUP option is more precise and is mainly composed of:

  1. Procedures
  2. Findings

An example follows:

Procedure – Agreed all January 2012 disbursements greater than $20,000 to checks that cleared the bank statement; compared the payee on each check to the payee per the check register.

Finding – All check payees agreed with the exception of check # 2394 for $45,000; the payee for this check was I. Cheatum,  and the check register reflected a payment to King’s Supply Company.

Consulting Engagement

A consulting engagement–based on the AICPA Consulting Standards–is less precise and does not necessarily need to follow the procedure-finding format. There are no specific reporting standards for a consulting engagement, so a CPA can more easily design the engagement to meet various needs. The consulting standards are more flexible than the attestation standards (and the requirements for agreed-upon-procedures engagements).

A consulting report might address the following:

  1. Reading of minutes
  2. Interviews of individual employees
  3. Flowcharting of internal controls
  4. Summary of production statistics
  5. Narrative of business goals and enterprise risks

As you can tell, there are no procedures and findings.

Which is Best?

It all depends on the purpose of the report. Consider the following:

  1. Will there be external parties (e.g. creditors) placing reliance on the report?
  2. Is the purpose of the report to add credibility to the information (by having the CPA attest to procedures and findings)?

If the answer to these questions is yes, then use the AUP option.

If there is no third party relying on the information, then a consulting engagement may be better. But always ask, “Who will receive the report?” The CPA needs to know who will read and potentially place reliance upon the report.

AUP Procedures (Not Appropriate and Appropriate)

The key consideration in performing an AUP is specificity.

Procedures that would not be appropriate include:

  • General review of inventory internal controls
  • Reading the minutes
  • Testing accounts payable

Procedures that would be appropriate include:

  • Examine every fifth journal entry in the month of May 2017 to determine if each is signed by the CFO.
  • Agree each balance on the May 2017 balance sheet to the general ledger.

Clarified AUP Guidance

For the new AICPA AUP guidance (including sample reports), click here. These standards are effective for reports dated on or after May 1, 2017.