Twenty Mistakes that CPAs Make

Some workplace mistakes cost us dearly

Twenty Mistakes that CPAs Make

Here are twenty mistakes that CPAs make:

  1. We hire people without sufficient knowledge and temperament
  2. We accept more work than we can possibly perform
  3. We don’t cull our bad clients (which contributes to #2.)
  4. We work without taking breaks
  5. We don’t exercise
  6. We try to be experts in too many industries
  7. We use outdated computers and software (e.g., we are not paperless)
  8. We don’t plan our continuing education (and take anything we can find at the end of the year)
  9. We have no strategy, moving from one engagement to another because it’s pressing
  10. We work sitting down all day (when standup desks are available)
  11. We bill our clients months after the service is provided (rather than a couple of weeks)
  12. We allow email to drive our day (we are reactive)
  13. We don’t express sincere appreciation to our peers and employees (those fully deserving of “thank you!”)
  14. We don’t use engagement letters to define our work
  15. We have no exit strategy, hoping someone will knock on our door and offer to buy the practice
  16. We ignore those we love (because we are overworked and irritable)
  17. We don’t stay current on evolving standards
  18. We don’t fire unproductive or difficult employees
  19. We don’t deal with problems (bad clients or employees) because doing so is awkward
  20. We never pause to evaluate our lives
Twenty Mistakes that CPAs Make

Picture is from AdobeStock.com

Since  1984, I have worked in public accounting, a profession I dearly love. One thing I’ve noticed about CPAs is we are too immersed in our work–to a point of blindness. We don’t step back and evaluate what or how we do things. Would we be better off if we intentionally removed certain responsibilities? Might we not be even more profitable and happier? 

Two things–more than anything else–will sap your energy and productivity: (1) difficult clients and (2) unproductive or difficult employees.

The 80/20 rule is applicable in our profession. We make 80% of our money from 20% of our work. And 80% of our headaches come from 20% of our clients and employees. (Were you awake last night thinking about one of these?) While the exact percentages may not be true for you, the concept is highly relevant. 

I’ve given you twenty mistakes that CPAs make. Are there others you would add?

If you found this article of interest, see my post What Keeps CPAs Awake at Night.

Understanding the New Nonprofit Accounting Standard

This is the first significant change to nonprofit accounting in over 20 years

Are you ready to implement FASB’s new nonprofit accounting standard? Back in August 2016, FASB issued ASU 2016-14, Presentation of Financial Statements of Not-for-Profit Entities. In this article, I provide an overview of the standard and implementation tips.

new nonprofit accounting

New Nonprofit Accounting – Some Key Impacts

What are a few key impacts of the new standard?

  • Classes of net assets
  • Net assets released from “with donor restrictions”
  • Presentation of expenses
  • Intermediate measure of operations
  • Liquidity and availability of resources
  • Cash flow statement presentation

Classes of Net Assets

Presently nonprofits use three net asset classifications:

  1. Unrestricted
  2. Temporarily restricted
  3. Permanently restricted

The new standard replaces the three classes with two:

  1. Net assets with donor restrictions
  2. Net assets without donor restrictions

Terms Defined

These terms are defined as follows:

Net assets with donor restrictions – The part of net assets of a not-for-profit entity that is subject to donor-imposed restrictions (donors include other types of contributors, including makers of certain grants).

Net assets without donor restrictions – The part of net assets of a not-for-profit entity that is not subject to donor-imposed restrictions (donors include other types of contributors, including makers of certain grants).

Presentation and Disclosure

The totals of the two net asset classifications must be presented in the statement of financial position, and the amount of the change in the two classes must be displayed in the statement of activities (along with the change in total net assets). Nonprofits will continue to provide information about the nature and amounts of donor restrictions.

Additionally, the two net asset classes can be further disaggregated. For example, donor-restricted net assets can be broken down into (1) the amount maintained in perpetuity and (2) the amount expected to be spent over time or for a particular purpose.

Net assets without donor restrictions that are designated by the board for a specific use should be disclosed either on the face of the financial statements or in a footnote disclosure.

Sample Presentation of Net Assets

Here’s a sample presentation:

Net Assets
Without donor restrictions
  Undesignated $XX
  Designated by Board for endowment     XX
     XX
With donor restrictions
  Perpetual in nature     XX
  Purchase of equipmentXX
  Time-restrictedXX
XX
Total Net Assets$XX

Net Assets Released from “With Donor Restrictions”

The nonprofit should disaggregate the net assets released from restrictions:

  • program restrictions satisfaction
  • time restrictions satisfaction
  • satisfaction of equipment acquisition restrictions
  • appropriation of donor endowment and subsequent satisfaction of any related donor restrictions
  • satisfaction of board-imposed restriction to fund pension liability

Here’s an example from ASU 2016-14:

nonprofit statement of activities

Presentation of Expenses

Presently, nonprofits must present expenses by function. So, nonprofits must present the following (either on the face of the statements or in the notes):

  • Program expenses
  • Supporting expenses

The new standard requires the presentation of expenses by function and nature (for all nonprofits). Nonprofits must also provide the analysis of these expenses in one location. Potential locations include:

  • Face of the statement of activities
  • A separate statement (preceding the notes; not as a supplementary schedule)
  • Notes to the financial statements

I plan to add a separate statement (like the format below) titled Statement of Functional Expenses. (Nonprofits should consider whether their accounting system can generate expenses by function and by nature. Making this determination now could save you plenty of headaches at the end of the year.)

External and direct internal investment expenses are netted with investment income and should not be included in the expense analysis. Disclosure of the netted expenses is no longer required.

Example of Expense Analysis

Here’s an example of the analysis, reflecting each natural expense classification as a separate row and each functional expense classification as a separate column.

expenses by function and nature

The nonprofit should also disclose how costs are allocated to the functions. For example:

Certain expenses are attributable to more than one program or supporting function. Depreciation is allocated based on a square-footage basis. Salaries, benefits, professional services, office expenses, information technology and insurance, are allocated based on estimates of time and effort.

Intermediate Measure of Operations

If the nonprofit provides a measure of operations on the face of the financial statements and the use of the term “operations” is not apparent, disclose the nature of the reported measure of operations or the items excluded from operations. For example:

Measure of Operations

Learning Disability’s operating revenue in excess of operating expenses includes all operating revenues and expenses that are an integral part of its programs and supporting activities and the assets released from donor restrictions to support operating expenditures. The measure of operations excludes net investment return in excess of amounts made available for operations.

Alternatively, provide the measure of operations on the face of the financial statements by including lines such as operating revenues and operating expenses in the statement of activities. Then the excess of revenues over expenses could be presented as the measure of operations.

Liquidity and Availability of Resources

FASB is shining the light on the nonprofit’s liquidity. Does the nonprofit have sufficient cash to meet its upcoming responsibilities?

Nonprofits should include disclosures regarding the liquidity and availability of resources. The purpose of the disclosures is to communicate whether the organization’s liquid available resources are sufficient to meet the cash needs for general expenditures for one year beyond the balance sheet date. The disclosure should be qualitative (providing information about how the nonprofit manages its liquid resources) and quantitative (communicating the availability of resources to meet the cash needs).

Sample Liquidity and Availability Disclosure

The FASB Codification provides the following example disclosure in 958-210-55-7:

NFP A has $395,000 of financial assets available within 1 year of the balance sheet date to meet cash needs for general expenditure consisting of cash of $75,000, contributions receivable of $20,000, and short-term investments of $300,000. None of the financial assets are subject to donor or other contractual restrictions that make them unavailable for general expenditure within one year of the balance sheet date. The contributions receivable are subject to implied time restrictions but are expected to be collected within one year.

NFP A has a goal to maintain financial assets, which consist of cash and short-term investments, on hand to meet 60 days of normal operating expenses, which are, on average, approximately $275,000. NFP A has a policy to structure its financial assets to be available as its general expenditures, liabilities, and other obligations come due. In addition, as part of its liquidity management, NFP A invests cash in excess of daily requirements in various short-term investments, including certificate of deposits and short-term treasury instruments. As more fully described in Note XX, NFP A also has committed lines of credit in the amount of $20,000, which it could draw upon in the event of an unanticipated liquidity need.

Alternatively, the nonprofit could present tables (see 958-210-55-8) to communicate the resources available to meet cash needs for general expenditures within one year of the balance sheet date.

Cash Flow Statement Presentation

A nonprofit can use the direct or indirect method to present its cash flow information. The reconciliation of changes in net assets to cash provided by (used in) operating activities is not required if the direct method is used.

Consider whether you want to incorporate additional changes that will be required by ASU 2016-18, Statement of Cash Flows–Restricted Cash. If your nonprofit has no restricted cash, then this standard is not applicable.

You can early implement ASU 2016-18. (The effective date is for fiscal years beginning after December 15, 2018.) Once this standard is effective, you’ll include restricted cash in your definition of cash. The last line of the cash flow statement might read as follows: Cash, Cash Equivalents, and Restricted Cash.

Effective Date of ASU 2016-14

The effective date for 2016-14, Not-for-Profit Entities, is for fiscal periods beginning after December 15, 2017 (2018 calendar year-ends and 2019 fiscal year-ends). The standard can be early adopted.

For comparative statements, apply the standard retrospectively. 

If presenting comparative financial statements, the standard does allow the nonprofit to omit the following information for any periods presented before the period of adoption:

  • Analysis of expenses by both natural classification and functional classification (the separate presentation of expenses by functional classification and expenses by natural classification is still required). Nonprofits that previously were required to present a statement of functional expenses do not have the option to omit this analysis; however, they may present the comparative period information in any of the formats permitted in ASU 2014-16, consistent with the presentation in the period of adoption.
  • Disclosures related to liquidity and availability of resources.

Hosting Services Impair a CPA’s Independence

Hosting services impair a CPA’s independence, so says the AICPA. And most firms are providing hosting services (though they may not know it). This article explains why your possession of client records, whether electronic or hard-copy, can affect your independence.

Hosting Services Impair a CPA’s Independence

Starting September 1, 2018, your possession of client documents (e.g., tax records) or information (e.g., the housing of QuickBooks files on our server) can, in some instances, create an independence impairment. (If you temporarily possess original documents (e.g., tax records) but return them to the client in a short period, then the possession of the original documents does not impair your independence.)

The AICPA recently adopted a new interpretation, “Hosting Services,” which appears in the Code of Conduct under nonattest services. See 1.295.143 of the Code.

Why would possessing documents or information potentially impair independence? Because you accepted the responsibility for designing, implementing or maintaining internal controls for the records in your possession. And this is considered a management function.

In effect, the AICPA is saying there is an implicit understanding that you (the CPA) will safeguard the client’s records. And to safeguard the information, you agree to create controls to ensure the safety of the information in your possession.

To understand the actions that would impair your independence, see Catherine Allen’s article in the Journal of Accountancy. Specifically, look at her examples of where independence is impaired and where it is not. 

Do You Need to Verify that Someone is a CPA?

Do you need to verify that someone is a CPA?

If yes, click here for CPAVerify.org.

Their website says:

Free and open to the public, CPAverify.org is a CPA lookup tool populated by official state regulatory data sent from Boards of Accountancy to a central database. The website represents the first ever single-source national database of licensed CPAs and CPA firms. Determine a CPA or CPA firm’s credentials without having to search each of the 55 Boards of Accountancy website individually.

Four Keys to Better Client Interviews

You can understand your clients

Many times I have interviewed accounting staff and walked away thinking, “I have no idea what they just said to me.” Do you ever have this problem? If yes, this article is for you. Below I provide four keys to better client interviews.

Better client interviews

In my early years–fresh out of college–I would think: “I must be stupid. It’s obvious, he understands what he just said, but I don’t.” Often my anxiety would increase when I realized the interviewee (e.g, accounts payable clerk) had no college degree (and me, a masters in accounting).

Reasons We Don’t Understand

After years of performing interviews, I realized that I wasn’t dense (at least, not as much as I thought), and that I was encountering what The Art of Explanation calls, the “curse of knowledge.”

What is the “curse of knowledge?” It’s when someone knows a subject very well, and, consequently, has a difficult time imagining what it is like to not know it. I was experiencing the “curse of knowledge.” Those I interviewed thought knew what they knew. As a result, they left out details.

Also, those I interviewed had years of experience doing the same job day after day. Of course they understood what they did. But I had less than an hour, in many cases, to grasp their duties.

Additionally, those I interviewed used a language unique to their office, and I, mistakenly, tried to use a different language—one I had learned in college. The result: we did not understand one another. So how can I communicate and comprehend better?

Four Keys to Interviewing

1. Pay attention to their language and use it.

If they call it a thingy, then I call it a thingy.

2. Seek understanding more than trying to impress.

I often want to impress more than I desire to understand. The remedy: Admit (maybe even out loud) I don’t know everything.

I tell the clerk, “Treat me like I don’t know anything. I’ve never been here, so I need your help in understanding what you do.”

To higher level personnel (e.g., CFO), I might say, “I have worked in this industry for fifteen years, but I need your help to understand how you guys operate.”

3. Repeat what is said to you.

For example, “May I repeat what you just said to make sure I understand? ‘The thingy is created once per week on Mondays to ensure that total receipts agree with deposits.’”

4. Use your cell phone to take pictures and to record parts of the interview.

Just last week, I reviewed a complex accounting system (for about three hours). As I did so, I used my cell phone Evernote app to take pictures of computer screens and printed reports. I also used the app to record parts of the conversation. Later, I summarized the conversation in memo form (complete with pictures).

Scanbot is another useful iPhone app if you take pictures of client information. By using your phone to take pictures, you can leave your physical scanner in your office.

Your Interviewing Ideas

Have I left out any key interviewing ideas? Please share your thoughts.

Check out my series of articles about auditing.

How to Capture and Communicate Internal Control Deficiencies

Capturing and reporting internal control weaknesses

Too many times auditors fail to capture control deficiencies in the audit process. So, today I’ll show you how to capture and communicate internal control deficiencies.

A Common End-of-Audit Problem

We’re concluding another audit, and it’s time to consider whether we will issue a letter communicating internal control deficiencies. A month ago we noticed some control issues in accounts payable, but presently we’re not clear about how to describe them. We hesitate to call the client to rehash the now-cold walkthrough. After all, the client thinks we’re done, and quite frankly, they are tired of seeing us. We know that boiler-plate language will not clearly communicate the weakness or how to fix it. Now we’re kicking ourselves for not taking more time to document the control deficiencies.

Here’s a post to help capture and document internal control issues as we audit.

How to Capture and Communicate Internal Control Deficiencies

Today, we’ll take a look at the following control weakness objectives:

  1. How to communicate them
  2. How to discover them
  3. How to capture them
how to capture and communicate internal control deficiencies

Picture is courtesy of AdobeStock.com

As we begin, let’s define three types of weaknesses:

  • Material weaknesses – A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
  • Significant deficiencies – A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  • Other deficiencies – For purposes of this blog post, we’ll define other deficiencies as those less than material weaknesses or significant deficiencies.

As we look at these definitions, we see that categorizing control weaknesses is subjective. Notice the following terms:

  • Reasonable possibility
  • Material misstatement
  • Less severe
  • Merits attention by those charged with governance

Categorizing a control weakness is not a science, but an art. With this thought in mind, let’s start our journey with how control weaknesses should be reported.

1. How to Communicate Control Weaknesses

Material weaknesses and significant deficiencies must be communicated in writing to management and those charged with governance. Other deficiencies can be given verbally to management, but you must document those discussions in your work papers.

2. How to Discover Control Weaknesses

Capture control weaknesses as you perform the audit. You might identify control weaknesses in the following audit stages:

  1. Planning – Risk assessment and walkthroughs
  2. Fieldwork – Transaction-level work
  3. Conclusion – Wrapping up

A. Planning Stage

You will discover deficiencies as you perform walkthroughs which are carried out in the early stages of the engagement. Correctly performed walkthroughs allow you to see process shortcomings and where duties are overly concentrated (what auditors refer to as a lack of segregation of duties).

Segregation of Duties

Are accounting duties appropriately segregated with regard to:

  • Custody of assets
  • Reconciliations
  • Authorization
  • Bookkeeping

Notice the first letters of these words spell CRAB (I know it’s cheesy, but it helps me remember).

Auditors often make statements such as, “Segregation of duties is not possible due to the limited number of employees.”

I fear such statements are made only to protect the auditor (should fraud occur in the future). It is better that we be specific about the control weakness and what the potential impact might be. For example:

The accounts payable clerk can add new vendors to the vendor file. Since checks are signed electronically as they are printed, there is a possibility that fictitious vendors could be added and funds stolen. Such amounts could be material.

Such a statement tells the client what the problem is, where it is, and the potential damage. 

Fraud: A Cause of Misstatements

While I just described how a lack of segregation of duties can open the door to theft, the same idea applies to financial statement fraud (or cooking the books). When one person controls the reporting process, there is a higher risk of financial statement fraud. Appropriate segregation lessens the chance that someone will manipulate the numbers.

Within each transaction cycle, accounting duties need to be performed by different people. Doing so lessens the possibility of theft. If one person performs multiple duties, ask yourself, “Is there any way this person could steal funds?” If yes, then the client should add a control in the form of a second-person review.

If possible, the client should have a second person examine reports or other supporting documentation. How often should the review be performed? Daily, if possible. If not daily, as often as possible. Regardless, a company should not allow someone with the ability to steal to work alone without review. The fear of detection lessens fraud.

If a transaction cycle lacks segregation of duties, then consider the potential impact from the control weakness. Three possible impacts exist:

  • Theft that is material (material weakness)
  • Theft that is not material but which deserves the attention of management and the board anyway (significant deficiency)
  • Theft of insignificant amounts (other deficiency)

My experience has been that if any potential theft area exists, the board wants to know about it. But this is a decision you will make as the auditor.

Errors: Another Cause of Misstatements

While auditors should consider control weaknesses that allow fraud, we should also consider whether errors can lead to potential misstatements. So, ask questions such as:

  • Do the monthly financial statements ever contain errors?
  • Are invoices mistakenly omitted from the payable system?
  • Do employees forget to obtain purchase order numbers prior to buying goods?
  • Are new employees ever unintentionally left off the payroll?
  • Do bookkeepers fail to reconcile the bank statements on a timely basis? 

B. Fieldwork Stage

While it is more likely you will discover process control weaknesses in the planning stage of an audit, the results of control deficiencies sometimes surface during fieldwork. How? Audit journal entries. What are audit entries but corrections? And corrections imply a weakness in the accounting system.

When an auditor makes a material journal entry, it’s difficult to argue that a material weakness does not exist. We know the error is “reasonably possible” (it happened). We also know that prevention did not occur on a timely basis.

C. Conclusion Stage

When concluding the audit, review all of the audit entries to see if any are indicators of control weaknesses. Also, review your internal control deficiency work papers (more on this in a moment). If you have not already done so, discuss the noted control weaknesses with management. 

Your firm may desire to have a policy that only managers or partners make these communications. Why? Management can see the auditor’s comments as a criticism of their own work. After all, they designed the accounting system (or at least they oversee it). So, these discussions can be a little challenging.

Now let’s discuss how to capture control weaknesses.

3. How to Capture Control Weaknesses

So, how do you capture the control weakness?

First, and most importantly, document internal control deficiencies as you see them.

Why should you document control weaknesses when you initially see them?

  1. You may not be on the engagement when it concludes (because you are working elsewhere) or
  2. You may not remember the issue (weeks later).

Second, create a standard form (if you don’t already have one) to capture control weaknesses. 

Internal Controls

Picture is courtesy of AdobeStock.com

Internal Control Capture Form

 What should be in the internal control form? At a minimum include the following:

  1.  Check-mark boxes for:
    • Significant deficiency
    • Material weakness
    • Other control deficiency
    • Other issues (e.g., violations of laws or regulations) 
  2. Whether the probability of occurrence is at least reasonably possible and whether the magnitude of the potential misstatement is material
    • If the probability of occurrence is at least reasonably possible and the magnitude of the potential misstatement is material, then the client has a material weakness
  3. Description of the deficiency and the verbal or written communications to the client; also the client’s response
  4. The cause of the condition
  5. The potential effect of the condition
  6. Recommendation to correct the issue
  7. Person who identified the issue and the date when the issue was identified
  8. Whether the issue is a repeat from the prior year
  9. An area for the partner to sign off that he or she agrees with the description of the deficiency and the category assigned to it (e.g., material weakness)
  10. Reference to related documentation in the audit file

Summary

The main points in capturing and communicating internal control deficiencies are:

  1. Capture control weaknesses as soon as you see them
  2. Develop a form to document the control weaknesses

How Do You Capture and Report Control Deficiencies?

Whew! We’ve covered a lot of ground today. How do you capture and report control deficiencies? I’m always looking for new ideas: Please share.

Understand and Communicate Material Weaknesses and Significant Deficiencies

This post provides guidance on distinguishing material weaknesses from significant deficiencies

In today’s post, I tell you how to understand and communicate material weaknesses and significant deficiencies.

How do you categorize a control weakness? Is the weakness a material weakness, a significant deficiency or something less? This seems to be the most significant struggle in addressing internal control issues.

understand and communicate material weaknesses and significant deficiencies

And if you’ve been in the business for any time at all, you know that management can take offense regarding control weakness communications. For instance, a CFO may believe that a material weakness reflects poorly upon him. After all, he controls the design of the accounting system. So, communicating control weaknesses can result in disagreements. Therefore, it’s even more important that these communications be correct.

Before telling you how to distinguish material weaknesses from significant deficiencies, let’s review control weakness definitions.

Definitions of Control Weaknesses

A deficiency in internal control is defined as follows: A deficiency in internal control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A deficiency in design exists when (a) a control necessary to meet the control objective is missing, or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met. A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or competence to perform the control effectively.

Now let’s define (1) material weaknesses, (2) significant deficiencies, and (3) other deficiencies.

  1. Material weakness. A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
  2. Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  3. Other deficiencies. For the purposes of this blog post, an other deficiency is a control weakness that is less than a material weakness or a significant deficiency.

How to Categorize a Control Weaknesses

Now that we have defined material weaknesses and significant deficiencies, we can discuss how to distinguish between the two.

Material Weakness

First, ask these two questions:

  1. Is there a reasonable possibility that a misstatement could occur?
  2. Could the misstatement be material?

If your answer to both questions is yes, then the client has a material weakness. (By the way, if you propose a material audit adjustment, it’s difficult to argue that there is no material weakness. As you write your control letter, examine your proposed audit entries.)

Significant Deficiency

If your answer to either of the questions is no, then ask the following:

Is the weakness important enough to merit the attention of those charged with governance? In other words, are there board members who would see the weakness as important.

If the answer is yes, then it is a significant deficiency.

If no, then it is not a significant deficiency or a material weakness.

How to Communicate Material Weaknesses and Significant Deficiencies

The following deficiencies must be communicated in writing to management and to those charged with governance:

  • Material weaknesses
  • Significant deficiencies

The written communication (according to AU-C section 265) must include:

  • the definition of the term material weakness and, when relevant, the definition of the term significant deficiency
  • a description of the significant deficiencies and material weaknesses and an explanation of their potential effects
  • sufficient information to enable those charged with governance and management to understand the context of the communication
  • the fact that the audit included consideration of internal control over financial reporting in order to design audit procedures that are appropriate in the circumstances and that the audit was not for the purpose of expressing an opinion on the effectiveness of internal control
  • the fact that the auditor is not expressing an opinion on the effectiveness of internal control
  • that the auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be material weaknesses or significant deficiencies, and therefore, material weaknesses or significant deficiencies may exist that were not identified
  • an appropriate alert, in accordance with section 905, Alert That Restricts the Use of the Auditor’s Written Communication

Next, I explain how to communicate other deficiencies (those that are less than a material weakness or a significant deficiency).

How to Communicate Other Deficiencies

Other deficiencies can be communicated in writing or orally and need only be communicated to management (and not to those charged with governance). The communication must be documented in the audit file. So if you communicate orally, then follow up with a memo to the file addressing who you spoke with, what you discussed, and the date of the discussion.

photo

Stand-alone management letters are often used to communicate other deficiencies. Since there is no authoritative guidance for management letters, you may word them as you wish. Alternatively, you can, if you like, include other deficiencies in your written communication of significant deficiencies or material weaknesses.

A Key Word of Warning

Always provide a draft of any written communications to management before final issuance. It is much better to provide a draft and find out (before issuance) that it contains an error or a miscommunication. Then, corrections can be made.

Additional Information

Writing your internal control letter is a part of the wrap-up process for audits. Click here for additional information concerning wrapping up an audit.

Seven Excuses for Unnecessary Audit Work Papers

Most audit files contain unnecessary work papers

Unnecessary audit work papers create clutter and can create legal problems.

I see two problems in most audit work paper files:

(1) Too much documentation, and
(2) Not enough documentation

I recently wrote a post tilted: Audit Documentation: If It’s Not Documented, It’s Not Done. Since I have already covered the “not enough documentation” issue, today we’ll look at the other problem, too much documentation.

unnecessary audit work papers

Seven Excuses for Unnecessary Audit Work Papers

Over the last thirty years, I have reviewed audit files for CPA firms and have commonly asked this question: Why is this work paper in the file?

Here are a few standard answers.

1. It was there last year.

But is it relevant this year? Resist the temptation just to copy or bring forward work papers from the prior year. Performing a proper audit entails risk assessment (e.g., walkthroughs, analytics), planning (i.e., creating an audit plan), and execution (i.e., carrying out the audit plan). Likewise, compilations and reviews should reflect current year planning and performance.

2. The client gave it to me.

For some reason, young auditors tend to put everything given to them in the file. I think they believe, “if the client gave it to me, it must be important.”

There is one reason to place documentation is the file: It provides audit evidence to support the opinion.

3. I may need it next year.

Then save it—somewhere other than the audit file—for next year. If the information does not provide current year engagement evidence, then it does not belong in the current year file.

Consider setting up a file for next year and placing next year’s information in that file. Or create a folder in the current year file titled: next year’s work papers; then move this section from the current year file as you wrap up the engagement.

4. I might need it this year.

Before going paperless (back in the days of moving work papers with a hand truck), I kept a manila folder titled: File 13. The physical folder was my hang-on-to-it-in-case-I-need-it repository.

Since my files are now paperless, I create an electronic folder titled “Recycle Bin” that sits at the bottom of my file. If I receive information that is not relevant to the current year work, I move it to the recycle bin, and while I am wrapping up the engagement, I dispose of the entire folder.

5. It’s an earlier version of an existing work paper.

Move earlier versions of work papers (e.g., initial financial statements) to your recycle bin.

6. I need it for my tax work.

Then it belongs in the tax file (unless it’s related to your attestation work – e.g., deferred taxes).

7. We missed a fraud ten years ago, so we always include these work papers.

Fraud procedures (and all procedures for that matter) should reflect the current year audit risk assessment and planning.

Closing Comments

The most important reason for minimizing work paper content is to reduce your legal exposure. Excess work papers may provide an attorney ammunition. “Mr. Hall, here’s a work paper from your own audit file that reveals fraud was occurring, and you didn’t see it?” (So don’t, for example, leave the full general ledger in your work papers.)

Hear my podcast based on this post.

What are your thoughts about removing unnecessary audit work papers?

Fraud Stings Auditor: Another Reason Detection is Important

Theft can adversely affect audit clients--and the audit firm

Auditors think about how fraud affects audit clients, but could it be that fraud might affect auditors? After all, auditors do have responsibility for detecting fraud. In this article, I show how undetected theft can adversely affect audit firms.

theft stings auditor

The Phone Call

An audit client discovers, through an inside tip, an employee fraud and you, the audit engagement partner, receive the following phone call:

“George, we just found out our controller has stolen about $70,000 per year for the last three years. Since you guys have been doing our audit, I thought I’d call and discuss what we need to do.” The caller does not verbally say it, but he intimates, “where were you guys?” and “how are you going to resolve this?”

Your first thought is this amount is immaterial, and you begin to explain that audits are not designed to detect immaterial fraud–the first time your client has ever heard these words. It sounds technical, evasive, and hollow. Your client is thinking, “what did I pay you for?” as you are reading his mind and thinking, “not for this.”

The First Mistake

The first mistake is not clearly explaining to your client what an audit is, and, more importantly, what it is not.

The Association of Certified Fraud Examiners’ (ACFE) biennial fraud survey notes that most frauds have a life of about 18 months before they are detected, and less than 10% of frauds are detected by external audits. Even if the external auditor is performing the engagement in accordance with generally accepted auditing standards, the procedures are designed to detect material fraud, something your client needs to know before you start the audit.

Your client files a claim with his insurance company in order to recoup the stolen funds, and, at this point, the insurance company contacts you and asks, “may we have a copy of your internal control letter?” You’ve known all along that there were significant deficiencies in controls, but you’ve been afraid to communicate the weaknesses in writing, knowing that doing so might jeopardize your relationship with management (the guys and gals who hired you).

The Second Mistake

The second mistake is not communicating all significant weaknesses and material weaknesses in writing.

Now things go from bad to worse: the insurance company sues your firm and subpoenas your work papers as they prepare to take you to court. The insurance company’s attorney obtains copies of your fraud work for the last three years, and he notes that the three respective audit files have the same fraud inquiry form. All three annual fraud forms reflect your CPA firm interviewed the same two management personnel who noted, “the company has high ethical standards and there are no known ways to commit fraud.” No other fraud work exists in the files.

In the deposition, the insurance company’s attorney asks you four times, “did you perform any fraud tests other than inquiring of management?” Now you wish you had.

The Third Mistake

The third mistake is inquiring of the same personnel year after year and not performing an annual fraud test (at least one).

Lessons Learned

You now resolve to do the following on all future audits:

  1. Resolved – I will explain to my client that an audit does not address immaterial fraud.
  2. Resolved – I will communicate all significant control deficiencies and material weaknesses in writing.
  3. Resolved – I will perform at least one new fraud test each year (and those tests will relate to control weaknesses noted in planning walk-throughs and inquiries); additionally, I will perform fraud inquiries of different personnel each year.

More Fraud-Related Articles

For more information about fraud detection and prevention, check out my list of articles here.

If you are looking for examples of fraud tests (that you can use in your audits), check out:

Disbursement Fraud Audit Tests: Five Powerful But Simple Ideas

Three Receipt Fraud Tests

Comment from Stephen Pedneault

Stephen Pedneault, the principal of Forensic Accounting Services, made the following comment about the above article:

You truly have to live through one of these phone calls from a client to appreciate what happens when this occurs. I completely concur that better auditor communications up front during the planning phase, long before fieldwork starts, would decrease the risk a client’s expectations are beyond what an audit can accomplish (and detect). Documented for your files, the conversation you had with your client will help “remind” the client, who is now enraged and reacting emotionally versus rationally due to the discovered fraud, that you discussed the associated audit risks. The representation letter your client signed will augment your defense should your client commence litigation, which is becoming more and more commonplace. Your best defense – avoidance altogether. Perform fraud-related tests as part of your audit.

Stephen has written several fraud books that are available on Amazon. Check him out here.