Using Project Management in Audits: The How and the Why

It's not enough to be effective, we must be efficient

On the first day of your audit, you’re confident you’ll deliver your report on time. You have visions of a happy client and happy firm partners. But, somewhere along the way, things break down. Your best auditor transfers to another job. You learn–as the audit progresses–that your junior staff member lacks sufficient training. Your client is not providing information as requested. And, additionally, your audit team has unearthed a fraud.

How can you lessen or respond to these problems? Project management. In this post, I’ll tell you what it is and how you can start using project management in audits, including software selection and practical implementation steps.

Using Project Management in Audits

 

Using Project Management in Audits

Auditors need to be effective (by complying with professional standards), but we also need to be efficient (if we want to make money). And project management creates efficiency.

Managing resources, identifying impediments to audit processes, responding to scope creep–these are just a few of the issues that we encounter. And these challenges can increase engagement time and decrease profits. Worse yet, that promise regarding timely completion can go unmet. 

Either we will manage our audits, or they will manage us. 

So, what are the keys to using project management in audits?

  • Audit team members
  • Project management software
  • Create a project management plan
  • Be aware
  • Be vigilant

Audit Team Members

The number one ingredient to a successful audit is your team members. Even more important is the person managing the engagement.

Have you noticed that some people–regardless of the obstacles–just get things done? If possible, get and keep people like this on your audit teams. You may be thinking–at this moment–“but our firm has a difficult time hiring and retaining great employees.” Then revisit your hiring and retention practices.

Having great team members is essential, but they need to work together. So, how do we get them to play their roles at the right time? A project management plan defined in project management software.

Project Management Software

There are plenty of useful project management software packages. They include:

Pricing varies. Some are free while others are expensive. So, you’ll need to do your research to determine which solution is best for you. Personally, I use Basecamp at $50 per month. If you want to start with a free application, try Trello or Asana. Another option is Smartsheet (an Excel-spreadsheet-based product) at $25 per month. Larger firms may desire to take a look at XCMWorkflow.

Regardless, get your feet wet. If you’ve never used a project management package, it’s hard to understand the beauty of doing so.

Basecamp

Here’s how I got my own feet wet.

Four years ago I started using Basecamp. And why did I pick this software? Mainly, because of ease of use. I can create cloud-based to-do lists for my audit teams and my clients. Also, Basecamp allows me to hide my audit team’s to-do list from my client. So, my audit team can see the client’s to-do list, but the client can’t see my audit team’s list.

Additionally, I can assign each to-do item to an audit team member or client personnel. And even better, I can assign a due date. When the to-do item is due, the designated person receives a reminder email. (As you can see, I no longer need to send a client assistance checklist to my clients. Those tasks that once resided in a Word doc now live in Basecamp.)

Basecamp provides iPad and iPhone apps so that I can see my projects on those devices. Additionally, I access my projects on my Windows desktop using the Internet. So, Basecamp is accessible from anywhere.

Here’s a video overview of Basecamp:

Once you’ve picked your project management software, you need to create a project management plan.

Create a Project Management Plan

What is a project management plan? It’s deciding what, when, and who. These three factors are dependent upon the deliverables, and in our case, the deliverable is the audit report.

Who

First, let’s start with who will perform the actions.

A partner, an in-charge, and one or two staff members often comprise an audit team. Regardless of the team size, your first decision is “who is going to work on the engagement?” and as we said above, this is the most crucial element in getting your audit done. But notice that an audit involves not only your team members but client personnel. You can’t audit unless they provide information, answer questions, and allow you to inspect documents. You might also work with specialists or attorneys

Add all persons to your project management software, including audit team members, client staff, and others. (In Basecamp, I add persons to the project by sending an invitation email from within the software.) But how do we know who we will work with? That depends on what we plan to do.

What

Second, determine what needs to be done. But how do we do this? The development of our audit plan.

The audit plan is our response to risk assessment which is performed early in the engagement. Once we perform walkthroughs, make inquiries, inspect documents, and make observations, we become aware of risks. And in response, we create an audit plan to address those risks. Now we know what needs to be done. The audit plan feeds the project management plan.

Notice the risk assessment process and audit plan informs the project management plan. Notice also that the project management plan is not the same as the audit plan; they are distinctly different. One addresses risk and the other addresses the how, when, and who of getting things done. For me, my audit plan lives in the audit programs (inside my audit software), and my project management plan lives in Basecamp in the cloud. 

Here’s an example of how the risk assessment process feeds my project management plan. As I perform my risk assessment procedures, I see that one person makes disbursements, records the payment, and reconciles the bank statement. Now I know the client lacks segregation of duties in the payables area and has a fraud risk. I will respond to those risks by performing procedures such testing disbursements. Now I know what I am to do. In my project management plan, I need to marry this audit procedure (the testing of disbursements) to a team member. So, I add the task to my project management plan and assign it to one of my people. I also specify a performance date.

Some audit tasks are performed in every audit, regardless of the audit risks, such as obtaining a signed representation letter.  These tasks can be set up in a project management template which can be used to create your initial project management plan. Then you can add the client-specific tasks as needed.

When

Thirdly, we need to specify a date for each action.

Project management software allows you to specify when an action is to occur. Once I know who is on the audit team and what is to be done, my remaining duty is to specify a date for the action. You may wonder, “how do I know when each action will occur?” You may not know precisely, but you have an idea. So, go ahead and specify a date. If later you need to change that date, you can. There is no sin in amending the plan. 

Now that I have a project management plan, I need to be aware and vigilant to keep the plan on track.

Be Aware

The purpose of project management is to enable you to control your audit. But many times the original scope and particulars of our audits change. And if our project management plan doesn’t change concurrently, we lose control.

using project management in audits

For example, if your audit team discovers a fictitious vendor fraud, then your time budget may need to expand. Let’s say we believe the audit will now take an additional 80 hours, and that we need to bring in a fraud specialist. At this point, if we don’t amend the engagement letter, we’ll eat this additional cost. So, it’s time to ask the client for an additional fee. The fraud was not anticipated in the original contract. Now, you need to amend the contract to cover the additional work. (Construction contractors do this all the time with change orders. But auditors are often hesitant to do so.)

As you perform your audit, be aware of scope creep. If your client asks you to perform additional services, then amend your contract. Otherwise, your profit realization will diminish quickly. This is especially true for bid audits such as governmental engagements.

More times than not, changes will occur during the engagement. And regardless of the cause, we must amend our plan. For me, I’m going back into Basecamp and adding additional steps.

In addition to being aware of potential changes, we need to be vigilant.

Be Vigilant

We know from experience that it is natural for the audit process to fall apart. It’s like most things in our universe. Entropy happens.

When it does, you must fight to restore order. Why is this so hard to do? Because you have so much going on. You aren’t working on one audit. You’re working on two–or three. You have office meetings, client meetings, tax deadlines. You are busy! Therefore, if you don’t have a way to maintain control, you will feel desperate.

But that’s the beauty of project management. With it, you can maintain control.

Think of your project management plans as dashboards that flash green or red lights. And those indicators allow you to see how things are progressing–or not. Moreover, this knowledge allows you to react in real time–and to stay vigilant. As you monitor your audits, you can take corrective actions to keep your projects on track.

Summary of Using Project Management in Audits

Project management is simple in concept. You plan tasks, you assign them, and you specify due dates. Then you need project management software to track the actions, assignments and due dates. Once the system is in place, you can monitor your projects and manage change.

So why do most auditors not use project management? Because many think they can do so in their heads–and I know many who feel this way. Sorry, but I have to disagree. If you’re like me (and I bet you are), you have a million things going on. So without project management, you’ll do your work by the seat of your pants. The result? Missed deadlines. Frustrated clients and disappointed partners. Not what you desire.

So, give it try. You will find yourself delivering audits on time and on budget.

Auditing Blog Series

This post is a part of my auditing series. In it, I take you from the start to the end of the audit process. Click here if you’ve missed my prior posts.

Wrapping Up Audits: The How and The Why

Why is it so hard to finish audits? They seem to go on for ever and ever.

Sometimes we think we are almost done with an audit, but then–days later–we realize we were nowhere near the finish line. Very frustrating! For our clients and us. Why does this happen? That’s the question I’ll answer in this post. Wrapping up audits is not always easy, but–in this article–you’ll learn how to finish them efficiently and effectively.

wrapping up audits

Wrapping Up Audits: An Overview

In the final stages of an audit, we are (among other things):

  • Reviewing the file
  • Updating subsequent events
  • Obtaining a management representation letter
  • Summarizing passed journal entries
  • Considering going concern
  • Creating final analytics
  • Creating management letters
  • Communicating control deficiencies

Reviewing the File

If we review our audit work as we perform the engagement, then the review process (at the end) will not be difficult. The thorns and snares come when we allow a junior staff person to work without supervision and without a timely review process. Then, when the manager or partner begins to review the file (at the end of the engagement), it’s a disaster.

The review problem starts at the beginning of the audit, namely in the scheduling of the engagement. Too many times, audit firms send an untrained person out–just to get a warm body on the job. Sure, someone is onsite with the client, but does he know what he’s doing? I said this “warm body” effort could be the result of scheduling, but look even deeper. The root problems could be poor hiring or retention practices or insufficient training. If audit firms are to properly schedule work, they must first hire, retain, and train. Only then will sufficient staff be available.

Once a firm has sufficient personnel, then it needs discipline. Review files daily (or at least weekly)–not at the end of the engagement. Why are timely reviews more efficient and effective? Because the work is still fresh in the staff member’s mind. As he receives review comments, he is better able to respond. Also, timely reviews enable junior staff members to learn as they go, and the reviews provide them with confidence as they work. But in terms of wrap-up, you are much closer to your goal of completing the engagement.

In short, review work and provide feedback as soon as possible, at least weekly.

Updating Subsequent Events

The financial statements should disclose material subsequent events such as legal settlements, the issuance of new debt, the adoption of a new benefit plan, or the sale of stock. And while disclosure is important, subsequent events–such as legal settlements–can have a bearing upon the recognition of amounts in the financial statements.

Here are common subsequent event procedures:

  • Inquire of management about subsequent events
  • Review subsequent receipts and payments
  • Consider attorneys’ responses to request for litigation information
  • Read subsequent minutes
  • Review subsequent interim financial statements
  • Obtain an understanding of management’s methods for accumulating subsequent event information

Perform these procedures so that audit evidence is obtained through the audit report date. Auditors often need to update attorney’s response to coincide with the audit report date. You want the attorney’s letter to be as close as to the audit report date as possible. How close? Usually within two weeks of the audit report date. If there are significant issues, you may want to bring the written response even closer.

Obtaining a Management Representation Letter

Another part of wrapping up in obtaining a written representation letter. The letter should address issues such as:

  • Management’s responsibility for the financial statements
  • Management’s responsibility for internal controls
  • Assurances that all transactions have been recorded
  • Whether known fraud has occurred
  • Whether known non-compliance with laws or regulations
  • The effects of uncorrected misstatements
  • Litigation
  • The assumptions used in computing estimates
  • Related party transactions
  • Subsequent events
  • Supplementary information
  • Responsibility for nonattest services

The date of the representation letter should be the same as the date of the audit report. Also, the representation letter should be for all financial statements and periods referred to in the auditor’s report. If management refuses to provide the management letter, then consider the effect upon the audit report. Such a refusal constitutes a limitation on the scope of the audit and will usually preclude the issuance of an unmodified opinion.

If your audit firm creates the financial statements, then provide them to management in a timely manner. Management needs to review the financial statements prior to signing the representation letter.

Summarizing Passed Journal Entries

Prior to creating the representation letter, the auditor needs to summarize passed journal entries. Why? You need to attach the passed entries to the representation letter. Audit standards require management to provide a written assertion regarding whether the uncorrected misstatements are material. That wording could, for example, read “the effects of uncorrected misstatements are immaterial.”

Once you summarize the uncorrected misstatements, you as the auditor should consider whether they are material. Review your audit materiality and performance materiality documentation and consider if the passed adjustments are acceptable. If the uncorrected misstatements are material, then an unmodified opinion is not appropriate.

Considering Going Concern

Even in the planning stage, auditors need to think about going concern, especially if financial weaknesses are present. But as you approach the end of the audit, the going concern evaluation should crystallize. Now you have your audit evidence, and it’s time to determine if a going concern opinion is in play. Also, consider whether the going concern disclosures are sufficient. If substantial doubt is present, then the entity should include going concern disclosures (whether doubt is alleviated by management’s plans or not).

Substantial Doubt

And what is substantial doubt? The Financial Accounting Standards Board defines it this way:

Substantial doubt about the entity’s ability to continue as a going concern is considered to exist when aggregate conditions and events indicate that it is probable that the entity will be unable to meet obligations when due within one year of the date that the financial statements are issued or are available to be issued.

So for nongovernmental entities, ask “Is it probable that the company will meet its obligations for one year from the opinion date?” If it is likely that the entity will meet its obligations, then substantial doubt does not exist. If it is not probable that the entity will meet its obligations, then substantial doubt exists.

Evaluation Period

And what is the period to be considered when assessing going concern? One year from the audit report date unless the entity is a government. If the entity is a government, then the evaluation period is one year from the financial statement date (though this period can be lengthened in certain circumstances).

Who Makes the Evaluations?

The going concern evaluation is one that management makes as it considers whether disclosures are necessary.

Then the auditor considers going concern from an audit perspective. Based on the audit evidence, the auditor could possibly issue a going concern opinion or qualify the opinion if required going concern disclosures are not included in the financial statements.

Creating Final Analytics

Another part of wrapping up is the creation and review of final analytics.

Auditors create planning analytics as a risk assessment procedure. Why? We are looking for risk. So, what is the purpose of final analytics? We are performing analytical procedures, near the end of the audit, to assist in forming an overall conclusion about whether the financial statements are consistent with our understanding of the entity.

What type of analytics should be used? Audit standards don’t specify the particular analytics. Those standards say that a wide variety of procedures can be used, including reading the financial statements. An auditor can also use analytics similar to those used in the planning stage of the engagement. Regardless of the procedures used, they should be documented. So, if you read the financial statements as an analytical procedure, you should say so in a work paper.

I commonly use the same analytics in the close of the audit that I used in the beginning. I want to know that the questions raised in the beginning have been answered by the end of the engagement.

Creating Management Letters

At the conclusion of an audit, you can provide a written management letter.

wrappping up audits

What should be included in such a letter? It’s up to the auditor, but here are some examples:

  • Communication of control weaknesses that are not significant or material
  • Recommendations concerning the implementation of new accounting standards
  • Efficiency recommendations such as how to process cash receipts
  • Warnings regarding cyber attacks and suggestions for preventing them
  • Suggestions that may expedite next year’s audit
  • Recommendations regarding procurement
  • Suggestion for the creation of a code of conduct
  • Recommendation that an accounting manual be created
  • Suggestion to use excess cash to pay off high-interest rate leases
  • Suggestion to create a more robust IT change management process

Significant internal control deficiencies and material weaknesses must be reported in writing. Other control weaknesses (those not significant or material) can be communicated in writing or orally. If such weaknesses are orally communicated, then they must be documented in some manner such as in a work paper. Alternatively, the control weaknesses can be included in a management letter.

If a management letter is provided, consider providing a draft to the client prior to issuance. Doing so will allow you to avoid the embarrassment of making inaccurate or inappropriate suggestions. Also, the auditor, if desired, can include client responses (e.g., the status of implementation) in the management letter.

Communicating Control Deficiencies

Audit standards require that significant control deficiencies and material weaknesses be reported in writing to management and to those charged with governance. As we saw in the previous section, control weaknesses that are not significant or material are normally communicated in the management letter. Significant deficiencies and material weaknesses are defined as follows:

  1. Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  2. Material weakness. A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.

Control deficiencies are often noted during the risk assessment procedures, particularly when walkthroughs are performed. They may also be noted as audit journal entries are created, especially when material adjustments are made. It is best to capture control weaknesses as they are noted. Otherwise, you may forget your notice of them. Also, if control weaknesses are material, you may desire to communicate them to management as they are discovered.

As recommended for the management letter, a draft of this internal control report should be provided to management prior to final issuance to avoid potential misunderstandings. Management can better assess the correctness of a control weakness communication once they see it in black and white. If there’s a disagreement between management and the auditor, it’s best to clear the issue prior to final issuance of the internal control weaknesses letter.

Wrapping Up Audits

Now you have an overview of how to wrap up your audits. You may have thought while reading the above, “How does an auditor make all of this happen at the appropriate time?” Sound project management.

While this article covers wrapping up audits from a professional standards perspective, you’ll find additional insights into managing your engagements by reading my Basecamp post. What is Basecamp? It’s a cloud-based project management application. As you can see in the above wrap-up article, there are a lot of moving parts. So, use of sound project management software and procedures can significantly increase your efficiency.

You’ll also find my twin brother’s article How to Identify and Manage Audit Stakeholders helpful.

Continuing Audit Series

This post is a part of my continuing audit series titled The Why and How of Auditing: A Blog Series About Basics. I have covered the planning and substantive parts of audits in earlier posts. To see an overview of the blog series, click here.

Why Higher Risks Should Result in Higher Priced Audits

Risk equals uncertainty. So, shouldn't higher risk audits cost more?

Audit risk increases uncertainty–and price. At least, it should.

audit pricing risk-adjusted

Picture is courtesy of AdobeStock

Factors that Increase Audit Risk

Factors that increase audit risk include:

  • Entity (audit client) that is about to be sold
  • Records not reconciled on a timely basis (including bank accounts, inventory, accounts receivable, and accounts payable)
  • Business with a high debt load and covenant violations
  • Known existence of fraud
  • Inexperienced management in a complicated business
  • Known legal proceedings against the company
  • Unusual estimates (e.g., environmental liabilities)
  • Complex transaction cycles with varied accounting systems (systems differ at each location)
  • Group audit situations with subsidiaries audited by other audit firms (especially if the components are foreign entities)
  • Entities with severe cash flow deficiencies

A Risk Perspective

Pretend, for a moment, that you are a representative of a professional liability insurance carrier, and you’ve been assigned the duty of reviewing an audit firm’s book of business. How would you rate–from an insurance perspective–audits of the following entities?

  1. The City of Perfect has a CPA as its finance director. For the last twenty years, they have received the financial reporting Government Finance Officer’s Certificate of Achievement. They have never had a significant fraud. The city’s net position is strong, and it has no debt.
  2. Shazaam, Incorporated, is a high-tech company funded with venture capital. Operations began two years ago. Shazaam has weak cash flow, but the company has successfully created one new whiz-bang product, making it a highly desirable acquisition target. Potential suitors have already made visits to the company’s headquarters inquiring about a purchase.
  3. Sterling Parts, Incorporated, sells auto parts mainly in the United States, but it also has manufacturing operations in Germany. The company has eight subsidiaries, one of which is the German production component. This entity has been cited for contaminating the Rhine river. The cost of cleanup and damages are not known. The foreign entity uses an accounting system that is entirely different from the other companies. A German accounting firm audits the manufacturing component.

Would you price the insurance for all three engagements the same? Certainly not. The City of Perfect is…well perfect. The second and third audits have risk elements.

So if we–as auditors–examine prospective audit clients purely with an eye on risk, there should be a premium (higher fee) for those with increased risk. Why? There is a higher probability that the audit firm will suffer loss. The inherent risks in examples 2 and 3 increase the chance of faulty financial reporting, which increases the possibility a suit against the audit firm.

From a project management perspective, will all three engagements take the same amount of time? Obviously no. The higher risk engagements will require more resources, effort, and time.

Risks Require More Time

You might think of the additional time element in this way:

Risk = Additional Time = Higher Price

Too often, CPA firms fish for audits without giving appropriate consideration to risk. Then, the flat fee creates pressure to ignore risks, because, after all, the audit firm wants to make a profit. It is critical that auditors incorporate a pricing premium for identified risks.

Unidentified Risks

But what about unknown risks (those that exist before starting the engagement)?

Well, that’s another story. Discovering fraud, for example, may require an expansion of the engagement scope. As with any project, when the scope increases, price increases. But the price increase is dependent upon the size and complexity of the theft. If the fraud is nominal and requires little additional time, then no price increase is necessary. But if the theft is broad and complex, a contract amendment may be needed.

Client Acceptance And Continuance

Does your firm use any type of risk score in your new client acceptance or in your annual continuance decision? If yes, how do you do this?

Auditing Equity: The Why and How Guide

Auditing equity is usually quite easy--until it's not

What are the keys to auditing equity correctly? In this post, we’ll answer this question, showing you how to focus on the important equity accounting issues.

how to audit equity

Auditing Equity — An Overview

In this post, we will cover the following:

  • Primary equity assertions
  • Equity walkthroughs
  • Directional risk for equity
  • Primary risks for equity
  • Common equity control deficiencies
  • Risk of material misstatement for equity
  • Substantive procedures for equity
  • Common equity work papers

Primary Equity Assertions

Before we look at assertions, consider various potential equity accounts such as:

  • Common stock
  • Paid in capital
  • Preferred stock
  • Treasury stock
  • Accumulated other comprehensive income
  • Noncontrolling interests
  • Members’ equity (for an LLC)
  • Net assets (for a nonprofit)
  • Net position (for a government)

Certain types of equity accounts are used for certain types of entities. For example, you’ll find common stock in an incorporated business, net assets in nonprofits, and members’ equity in a limited liability corporation. 

Then, the equity accounts used will depend upon what the entity does. Examples include:

  • Has the company purchased treasury stock?
  • Does a commercial entity have unrealized gains or losses on available-for-sale securities?
  • Does a nonprofit organization have restricted contributions?
  • Does a government have restricted net position?

So, it’s a must–before you determine the relevant assertions–that you understand the accounting for (1) the type of entity and (2) the particular equity-related transactions.

The primary relevant equity assertions (often) are:

  • Existence and occurrence
  • Rights and obligations
  • Classification

When a company reflects equity on its balance sheet, it is asserting that the balance exists and that the equity transactions occurred. For example, if common stock is sold, the balance of the account is based upon the actual sale of stock and the monies received. The balance is not fictitiously or erroneously stated. 

Equity instruments also have certain rights and obligations. For example, common stock provides rights to retained earnings. Also, some classes of stock provide voting privileges. Others do not.

Additionally, the classification of equity balances is important. Determining how to present equity is usually easy, but classification issues arise when an entity has equity instruments such as convertible stock. Classification is also relevant when there is a noncontrolling interest

Keep these assertions in mind as you perform your transaction cycle walkthroughs.

Equity Walkthroughs

Early in your audit, perform a walkthrough of equity to see if there are any control weaknesses. As you perform this risk assessment procedure, what questions should you ask? What should you observe? What documents should you inspect? Here are a few suggestions.

Walkthrough Questions and Actions

As you perform your equity walkthrough ask or perform the following:

  • What types of equity does the entity have?
  • How many shares are authorized? How many shares have been issued?
  • Does the company have any convertible debt?
  • Has the company declared and paid dividends?
  • Are there any state laws restricting distributions?
  • Does the company have accumulated other comprehensive income?
  • Inspect ownership documents such as stock certificates.
  • Read the minutes to determine if any new equity has been issued.
  • Does the company have classes of stock? What are the rights of each?
  • Is the entity attempting to raise additional capital?
  • Has the company sold any additional equity ownership?
  • Is there a noncontrolling interest in the company?
  • Does the company have stock compensation plan?
  • For a nonprofit, are there any restricted donations?
  • For a government, is the net position restricted?
  • For a limited liability corporation, are there differing classes of ownership? 

As you perform your walkthroughs, also consider if there are risks of material misstatement due to fraud or error.

Equity-Related Fraud and Errors

Theft seldom occurs in the sale of stock. If fraud occurs, it’s usually an intentional false equity presentation. Inflating an entity’s equity can make the organization appear healthier than it really is. 

Additionally, mistakes can lead to errors in accounting for equity. Such mistakes may occur if the entity sells complex equity instruments. Understanding the rights and obligations of ownership interests is a key to proper accounting.

Directional Risk for Equity

The directional risk for equity is that it is overstated (companies desire strong equity positions). So, audit for existence. 

Primary Risks for Equity

The primary risks for equity are:

  1. Equity is intentionally overstated
  2. Misclassified equity 

As you think about these risks, consider the control deficiencies that allow equity misstatements.

Common Equity Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

  • One person performs two or more of the following: 
    • Approves the sale of equity interests,
    • Enters the new equity in the accounting system, 
    • Deposits funds from the sale of the equity instruments
  • Accounting personnel lack knowledge regarding equity transactions

Another key to auditing equity is understanding the risks of material misstatement.

Risk of Material Misstatement for Equity

In auditing equity, the assertions that concern me the most are existence, classification, and rights. So my risk of material misstatement for these assertions is usually moderate to high. 

My response to the higher risk assessments is to perform certain substantive procedures: namely, a review of equity transactions. Why?

A company may desire to overstate its equity. Also, misclassifications occur due to misunderstandings about equity accounting.

Once your risk assessment is complete, you’ll decide what substantive procedures to perform.

Substantive Procedures for Equity

My normal substantive tests for auditing equity include:

  1. Summarizing and reviewing all equity transactions
  2. Reviewing all equity accounts for proper classification
  3. Agreeing all beginning of period balances to the prior period’s ending balances
  4. Reviewing equity disclosures for compliance with the requirements of the reporting framework (e.g., GAAP)

In light of my risk assessment and substantive procedures, what equity work papers do I normally include in my audit files?

Common Equity Work Papers

My equity work papers normally include the following:

  • An understanding of equity-related internal controls 
  • Documentation of any equity internal control deficiencies
  • Risk assessment of equity at the assertion level
  • Equity audit program
  • A copy of (sample) equity instruments 
  • Minutes reflecting the approval of new equity
  • A summary of equity activity (beginning balances plus new equity less equity distributions and ending balance)

In Summary

In summary, today we reviewed the keys to auditing equity. Those keys include risk assessment procedures, determining relevant assertions, performing risk assessments, and developing substantive procedures. The most important issues to address are usually (1) equity accounting (especially when there are more complex types of equity transactions) and (2) the classification of equity.

Look for my next post in The Why and How of Auditing

If you’ve missed my prior posts in this audit series, click here.

Forty Mistakes Auditors Make

Here are 40 technology, planning, and execution deficiencies

Here are forty mistakes auditors make. While the list is (obviously) not comprehensive, you’ll see common technology, planning, and execution mistakes.

forty mistakes auditors make

  1. We aren’t paperless.
  2. We don’t link our trial balances to our work papers.
  3. We haven’t learned to use Adobe Acrobat.
  4. We don’t use optical character recognition (OCR), so we can’t electronically search our documents.
  5. We don’t use project management software such as Basecamp.
  6. We lose team communications (i.e., emails) because we aren’t using Slack.
  7. We use old (slow) computers.
  8. We don’t properly consider and document our independence.
  9. We don’t perform continuance procedures.
  10. We don’t assign appropriate personnel to risky engagements.
  11. We don’t appropriately price the engagement which leads to unattainable time budgets.
  12. We don’t focus our efforts on particular niches (thinking we can audit anything that comes our way).
  13. We keep doing the same thing year after year after year (and then complain we have too much time in the job).
  14. We assume we already know all the risks.
  15. We perform no (real) risk assessment.
  16. We don’t perform walkthroughs because we assume nothing has changed.
  17. We don’t perform walkthroughs because we are afraid of interacting with client personnel.
  18. We don’t consider internal control weaknesses in our risk assessment and audit program development.
  19. We create preliminary analytics in a perfunctory manner, not allowing them to inform us about risks.
  20. We ask perfunctory fraud questions without truly considering fraud risks.
  21. We don’t perform retrospective reviews of estimates.
  22. We don’t link identified risks to our audit plans.
  23. We don’t (really) have an engagement team discussion.
  24. We don’t tailor our audit programs.
  25. We don’t add purpose statements or conclusions on our work papers.
  26. We don’t define our tickmarks.
  27. We receive unnecessary documents from the client and leave them in the audit file.
  28. We leave review notes in the file.
  29. We don’t sign off on work papers, so no one knows who created the document.
  30. We don’t perform post-audit reviews to document the mistakes we made (so they won’t be repeated next year).
  31. We ask clients for certain documents without showing them the prior year example (and they provide the wrong document).
  32. We get on and off the same engagement too many times, losing momentum and wasting time.
  33. We send our audit team into the field even though the client hasn’t provided requested information.
  34. We don’t educate the client regarding the importance of timely information.
  35. We use staff that are not properly trained.
  36. We don’t plan our CPE to address upcoming audits.
  37. We don’t review staff work on a timely basis, so feedback is late (or not provided at all).
  38. We don’t report significant deficiencies or material weaknesses (because of client push-back).
  39. We fail to lock down our files.
  40. We don’t add value to our audits.

Auditing Debt: The Why and How Guide

A key risk is that debt is classified as noncurrent when it should be current

What are the keys to auditing debt correctly?

While auditing debt can be simple, sometimes it gets tricky. You might even get eclipsed by the accounting! The violation of covenants can darken the sky. Also, some companies keep debt off the books by structuring leases to avoid capitalization. So, put on your shades and let’s take a look at how to audit debt.

auditing debt

Auditing Debt — An Overview

In many governments, nonprofits, and small businesses debt is a significant part of total liabilities. Consequently, it is often a significant transaction area. 

In this post, we will cover the following:

  • Primary debt assertions
  • Debt walkthroughs
  • Directional risk for debt
  • Primary risks for debt
  • Common debt control deficiencies
  • Risk of material misstatement for debt
  • Substantive procedures for debt
  • Common debt work papers

Primary Debt Assertions

The primary relevant debt assertions are:

  • Completeness
  • Classification

I believe—in general—completeness and classification are the most important debt assertions. When a company shows debt on its balance sheet, it is asserting that it is complete and classified correctly. By classification, we mean it is properly displayed as either short-term or long-term.

Keep these assertions in mind as you perform your transaction cycle walkthroughs.

Debt Walkthroughs

Early in your audit, perform a walkthrough of debt to see if there are any control weaknesses. As you perform this risk assessment procedure, what questions should you ask? What should you observe? What documents should you inspect? Here are a few suggestions.

Walkthrough Questions and Actions

As you perform your debt walkthrough ask or perform the following:

  • Are there any debt covenants?
  • Does the company have any covenant violations?
  • If the company has violations, is the debt classified appropriately (usually current)?
  • Is the company reconciling the balance sheet to a loan amortization schedule?
  • Inspect amortization schedules.
  • Does the company have any unused lines of credit or other credit available?
  • Inspect loan documents.
  • Has the company refinanced its debt with another institution? Why?
  • Who approves the borrowing of new money?
  • Inspect loan approvals.
  • How are debt service payments made (e.g., by check or wire)?
  • Are there any sinking funds? If yes, who is responsible for making deposits and how is this done?
  • Observe the segregation of duties for persons:
    • Approving new loans,
    • Receipting new loan proceeds, 
    • Recording debt in the general ledger, and 
    • Reconciling the debt on the balance sheet to the loan amortization schedules
  • Is the company required to file any periodic (e.g., quarterly) reports with the lender?
  • Inspect sample quarterly debt reports, if applicable.
  • Does the company have any capital leases?
  • Who is responsible for determining whether a lease should be capitalized?
  • What criteria is the company using to capitalize leases?
  • Has collateral been pledged? If yes, what?
  • What are the terms of the debt agreements?
  • Has all debt of the company been recorded in the general ledger?
  • Have debt issuance costs been netted against debt in the financial statements?
  • Has the company guaranteed the debt of another entity?

If control weaknesses exist, create audit procedures to respond to them. For example, if—during the walkthrough—we see that one person approves loans and deposits loan proceeds, then we will perform fraud-related substantive procedures. 

Debt-Related Fraud

Companies can intentionally omit debt from their balance sheets in order to inflate their equity total. (Since total assets equal liabilities plus equity, then equity goes up if debt is omitted.)

As we saw with Enron many years ago, some entities try to move their debt to other entities. So auditors need to consider that a company may intentionally omit debt from its balance sheet.

Another potential fraudulent presentation is showing short-term debt as long-term. When might this happen? When there is a debt covenant violation. The company may need to present the debt as current when such violations occur. Here’s how to report debt covenant violations.

Additionally, mistakes can lead to errors in debt accounting.

Debt Mistakes

Debt errors may occur when accounting personnel misclassify debt service payments. Also, debt can be mistakenly presented as long-term when it is current.

We also need to consider the directional risk for debt. 

Directional Risk for Debt

The directional risk for debt is that it is understated. So, audit for completeness (and determine that all debt is recorded).

Primary Risks for Debt

The primary risks for debt are:

  1. Debt is intentionally understated (or omitted)
  2. Debt is not classified as current though there is a covenant default that requires such treatment

As you think about these risks, consider the control deficiencies that allow debt misstatements.

Common Debt Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

  • One person performs two or more of the following: 
    • Approves the borrowing of new funds,
    • Enters the new debt in the accounting system, 
    • Deposits funds from the new debt
  • Funds are borrowed without appropriate approval
  • Debt postings are not agreed to an amortization schedule
  • The accounting personnel don’t understand the accounting standards for debt covenant violations and lease capitalization

Another key to auditing debt is understanding the risks of material misstatement.

Risk of Material Misstatement for Debt

In auditing debt, the assertions that concern me the most are classification and completeness. So my risk of material misstatement for these assertions is usually moderate to high. 

My response to the higher risk assessments is to perform certain substantive procedures: namely, a review of debt covenant compliance and a review of lease accounting. Why?

A company desires to display debt as long-term (even though it is short-term). Doing so makes working capital (current assets minus current liabilities) stronger. If a debt covenant violation causes debt to be current, working capital can tank quickly. So, the temptation is to show debt as long-term even though it is technically current.

Additionally, debt issuance costs are a deduction from debt. Review the classification of these costs which prior to ASU 2015-03 were assets. See this post for more information.

And one more thing. If capital leases are not capitalized (though they should be), the debt does not appear on the balance sheet, making the company look healthier than it is. (FASB has issued a new lease standard that will require the capitalization of all leases of more than one year, but it’s not presently effective. You can see ASU 2016-02, Leases here.)

Once your risk assessment is complete, you’ll decide what substantive procedures to perform.

Substantive Procedures for Debt

My customary tests for auditing debt are as follows:

  1. Summarize and review all debt covenants
  2. Review all leases for correct classification as capital or operating
  3. Confirm all significant debt with the lender
  4. Determine if all debt is classified appropriately (as current or noncurrent)
  5. Agree the end-of-period balances on the balance sheet to the amortization schedule
  6. Review any significant accrued interest at period-end

In light of my risk assessment and substantive procedures, what debt work papers do I normally include in my audit files?

Common Debt Work Papers

My debt work papers normally include the following:

  • An understanding of debt-related internal controls 
  • Documentation of any debt internal control deficiencies
  • Risk assessment of debt at the assertion level
  • Debt audit program
  • A copy of all significant debt agreements (including leases and line-of-credit agreements)
  • Minutes reflecting the approval of new debt
  • A summary of debt activity (beginning balance plus new debt minus principal payments and ending balance)
  • Amortization schedules for each debt

If there’s any question about debt agreements and their presentation, I include additional representation letter language to address the issue.

In Summary

In summary, today we looked at the keys to auditing debt. Those keys include risk assessment procedures, determining relevant assertions, creating risk assessments, and developing substantive procedures. The most important issues to address are usually (1) the classification of debt (especially if debt covenant violations exist) and (2) lease accounting.

Look for my next post in The Why and How of Auditing. Next week we’ll look at how to audit equity.

If you’ve missed my prior posts in this audit series, click here.

Audit Planning Analytics for First-Year Businesses

How to create planning analytics when there is no prior year

How do you create audit planning analytics for first-year businesses? We commonly compare current year numbers to the prior period, but, in this case, there are no prior year numbers. What other options are available?

Audit Planning Analytics for First Year

Courtesy of iStockphoto.com

Planning Analytics for First-Year Businesses

Audit standards don’t require the use of any particular analytics, so let’s think outside the box (of comparing current and prior year numbers). There are at least four alternatives:

  1. Nonfinancial information
  2. Ratios compared to industry averages
  3. Intraperiod totals (e.g., monthly or quarterly)
  4. Budgetary comparisons

How can we use nonfinancial information?

AU-C 315, paragraph .A7 states:

Analytical procedures performed as risk assessment procedures may include both financial and nonfinancial information (for example, the relationship between sales and square footage of selling space or volume of goods sold).

First Option

So one option is to compute expected numbers using nonfinancial information. Then compare the calculated numbers to the general ledger to search for unexpected variances.

Second Option

A second option is to calculate ratios common to the entity’s industry and compare the results to industry benchmarks. While industry analytics can be computed, I’m not sure how useful they are. An infant company often will not generate numbers comparable to more mature entities. But we’ll keep this choice in our quiver, just in case.

Third Option

A more useful option is the third–comparing intraperiod numbers. First, discuss the expected monthly or quarterly revenue trends with the client before you examine the accounting records. The warehouse foreman might say, “We shipped almost nothing the first six months. Then things caught fire. My head was spinning the last half of the year.” Does the general ledger reflect this story? Did revenues and costs of goods sold significantly increase in the latter half of the year?

Fourth Option

The last option we’ve listed is a review of the budgetary comparisons. Some entities, such as governments, lend themselves to this alternative; others, not so–those that don’t adopt budgets.

Summary

So, yes, it is possible to create useful risk assessment analytics–even for the first year of operation.

Remember: planning analytics are for the purpose of detecting risk. If the numbers don’t line up as expected, then you have a risk indicator. It is here that you may need to respond with substantive procedures.

Other Ideas?

What planning analytics do you perform for first-year audit clients?

Stay in the Know with CPA Scribo

Stay up to date with CPA Scribo. It’s free and takes less than a minute. Then, about once per week, you will receive an email with my new blog posts.

Going Concern: How to Understand the Accounting and Auditing Standards

ASU 2014-15 and SAS 132 are shaking up going concern decisions

Are you preparing financial statements and wondering whether you need to include going concern disclosures? Or maybe you’re the auditor, and you’re wondering if a going concern paragraph should be added to the audit opinion. You’ve heard there are new requirements for both management and auditors, but you’re not sure what they are.

This article summarizes (in one place) the new going concern accounting and auditing standards.

going concern

Going Concern Standards

For many years the going concern standards were housed in the audit standards–thus, the need for FASB to issue accounting guidance (ASU 2014-15). It makes sense that FASB created going concern disclosure guidance. After all, disclosures are an accounting issue. 

Accounting Standard

ASU 2014-15, Disclosure of Uncertainties about an Entity’s Ability to Continue as a Going Concern, provides guidance in preparing financial statements. This standard was effective for years ending after December 15, 2016.

GASB Statement 56, Codification of Accounting and Financial Reporting Guidance Contained in the AICPA Statements on Auditing Standards, is the relevant going concern standard for governments. GASB 56 was issued in March 2009. (GASB 56 requires financial statement preparers to evaluate whether there is substantial doubt about a governmental entity’s ability to continue as a going concern for 12 months beyond the date of the financial statements. As you will see below, this timeframe is different from the one called for under ASU 2014-15. This post focuses on ASU 2014-15 and SAS 132.)

Meanwhile, the Auditing Standards Board issued their own going concern standard in February 2017: SAS 132.

Auditing Standard

Auditors will use SAS 132, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern, to make going concern decisions. This SAS is effective for audits of financial statements for periods ending on or after December 15, 2017. SAS 132 amends SAS 126The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern.

So, let’s take a look at how to apply ASU 2014-15 and SAS 132.

Two Stages of Going Concern Decisions

In the past, the going concern decisions were made by auditors in a single step. Now, it is helpful to think of going concern decisions in two stages:

  1. Management decisions concerning the preparation of financial statements 
  2. Auditor decisions concerning the audit of the financial statements

First, we’ll consider management’s decisions.

Stage 1. Management Decisions

 

ASU 2014-15 provides guidance concerning management’s determination of whether there is substantial doubt regarding the entity’s ability to continue as a going concern.

Going Concern

What is Substantial Doubt?

So, how does FASB define substantial doubt? 

Substantial doubt about the entity’s ability to continue as a going concern is considered to exist when aggregate conditions and events indicate that it is probable that the entity will be unable to meet obligations when due within one year of the date that the financial statements are issued or are available to be issued.

What is Probable?

So, how does management determine if “it is probable that the entity will be unable to meet obligations when due within one year”?

Probable means likely to occur

If for example, a company expects to miss a debt service payment in the coming year, then substantial doubt exists. This initial assessment is made without regard to management’s plans to alleviate going concern conditions. 

But what factors should management consider?

Factors to Consider

Management should consider the following factors when assessing going concern:

  • The reporting entity’s current financial condition, including the availability of liquid funds and access to credit
  • Obligations of the reporting entity due or new obligations anticipated within one year (regardless of whether they have been recognized in the financial statements)
  • The funds necessary to maintain operations considering the reporting entity’s current financial condition, obligations, and other expected cash flows
  • Other conditions or events that may affect the entity’s ability to meet its obligations

Moreover, management is to consider these factors for one year. But from what date?

Timeframe

The financial statement preparer (i.e., management or a party contracted by management) should assess going concern in light of one year from the date “the financial statements are issued or are available to be issued.”

So, if December 31, 2017, financial statements (for a nonpublic company) are available to be issued on March 15, 2017, the preparer looks forward one year from March 15, 2017. Then, the preparer asks, “Is it probable that the company will be unable to meet its obligations through March 15, 2018?” If yes, substantial doubt is present and disclosures are necessary. If no, then substantial doubt does not exist. As you would expect, the answer to this question determines whether going concern disclosures are to be made and what should be included.

Substantial Doubt Answer Determines Disclosures

If substantial doubt does not exist, then going concern disclosures are not necessary.

If substantial doubt exists, then the company needs to decide if management’s plans alleviate the going concern issue. This decision determines the disclosures to be made. The required disclosures are based upon whether:

  1. Management’s plans alleviate the going concern issue
  2. Management’s plans do not alleviate the going concern issue

1. What if Management’s Plans Alleviate the Going Concern Issue?

If conditions or events raise substantial doubt about an entity’s ability to continue as a going concern, but the substantial doubt is alleviated as a result of consideration of management’s plans, the entity should disclose information that enables users of the financial statements to understand all of the following (or refer to similar information disclosed elsewhere in the footnotes):

  1. Principal conditions or events that raised substantial doubt about the entity’s ability to continue as a going concern (before consideration of management’s plans)
  2. Management’s evaluation of the significance of those conditions or events in relation to the entity’s ability to meet its obligations
  3. Management’s plans that alleviated substantial doubt about the entity’s ability to continue as a going concern

Management’s plans should be considered only if is it probable that they will be effectively implemented. Also, it must be probable that management’s plans will be effective in alleviating substantial doubt.

So, if management’s plans are expected to work, does the company have to explicitly state that management’s plans will alleviate substantial doubt? No. 

When management’s plans alleviate substantial doubt, companies need not use the words going concern or substantial doubt in the disclosures. And as Sears discovered, it may not be wise to do so (their shares dropped 16% after using the term substantial doubt even though management had plans to alleviate the risk). Rather than using the term substantial doubt, consider describing conditions (e.g., cash flows are not sufficient to meet obligations) and management plans to alleviate substantial doubt.

Sample Note – Substantial Doubt Alleviated

An example note follows:

Note 2 – Company Conditions

The Company had losses of $4,525,123 in the year ending March 31, 2017. As of March 31, 2017, its accumulated deficit is $11,325,354. 

Management believes the Company’s present cash flows will not enable it to meet its obligations for twelve months from the date these financial statements are available to be issued. However, management is working to obtain new long-term financing. It is probable that management will obtain new sources of financing that will enable the Company to meet its obligations for the twelve-month period from the date the financial statements are available to be issued.

Notice this example does not use the words substantial doubt.

2. What if Management’s Plans Do Not Alleviate the Going Concern Issue?

If conditions or events raise substantial doubt about an entity’s ability to continue as a going concern, and substantial doubt is not alleviated after consideration of management’s plans, an entity should include a statement in the notes indicating that there is substantial doubt about the entity’s ability to continue as a going concern within one year after the date that the financial statements are available to be issued (or issued when applicable). Additionally, the entity should disclose information that enables users of the financial statements to understand all of the following:

  1. Principal conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern
  2. Management’s evaluation of the significance of those conditions or events in relation to the entity’s ability to meet its obligations
  3. Management’s plans that are intended to mitigate the conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern

Sample Disclosure – Substantial Doubt Not Alleviated

An example disclosure follows:

Note 2 – Going Concern
 
The financial statements have been prepared on a going concern basis which assumes the Company will be able to realize its assets and discharge its liabilities in the normal course of business for the foreseeable future.  The Company had losses of $1,232,555 in the current year. The Company has incurred accumulated losses of $2,891,727 as of March 31, 2017. Cash flows used in operations totaled $555,897 for the year ended March 31, 2017.
 
Management believes these conditions raise substantial doubt about the Company’s ability to continue as a going concern within the next twelve months from the date these financial statements are available to be issued. The ability to continue as a going concern is dependent upon profitable future operations, positive cash flows, and additional financing.
 
Management intends to finance operating costs over the next twelve months with existing cash on hand and loans from its directors. Management is also working to secure new bank financing. The Company’s ability to obtain the new financing is not known at this time.
 
Notice this note includes a statement that substantial doubt is present. Though management’s plans are disclosed, the probability of success is not provided.

ASU 2014-15 Summary

ASU 2014-15 focuses on management’s assessment regarding whether substantial doubt exists. If substantial doubt exists, then disclosures are required. Here’s a short video summarizing 2014-15:

Thus far, we’ve addressed the stage 1. management decisions. As you can see management’s considerations focus on disclosures. By contrast, auditors focus on the audit opinion. Now, let’s look at what auditors must do.

Stage 2. Auditor Decisions

 

SAS 132 provides guidance concerning the auditor’s consideration of an entity’s ability to continue as a going concern.

Going Concern

Objectives of the Auditor

SAS 132, paragraph 10, states the objectives of the auditor are as follows:

  • Obtain sufficient appropriate audit evidence regarding, and to conclude on, the appropriateness of management’s use of the going concern basis of accounting, when relevant, in the preparation of the financial statements
  • Conclude, based on the audit evidence obtained, whether substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time exists
  • Evaluate the possible financial statement effects, including the adequacy of disclosure regarding the entity’s ability to continue as a going concern for a reasonable period of time
  • Report in accordance with this SAS

These objectives can be summarized as follows:

  1. Conclude about whether the going concern basis of accounting is appropriate
  2. Determine whether substantial doubt is present
  3. Determine whether the going concern disclosures are adequate
  4. Issue an appropriate opinion 

In light of these objectives, certain audit procedures are necessary.

Risk Assessment Procedures

In the risk assessment phase of an audit, the auditor should consider whether conditions or events raise substantial doubt. In doing so, the auditor should examine any preliminary management evaluation of going concern. If such an evaluation was performed, the auditor should review it with management. If no evaluation has occurred, then the auditor should discuss with management the appropriateness of using the going concern basis of accounting (the liquidation basis of accounting is required by ASC 205-30 when the entity’s liquidation is imminent) and whether there are conditions or events that raise substantial doubt. 

The auditor is to consider conditions and events that raise substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time. What is a reasonable period of time? It is the period of time required by the applicable financial reporting framework or, if no such requirement exists, within one year after the date that the financial statements are issued (or within one year after the date that the financial statements are available to be issued, when applicable). The governmental accounting standards require an evaluation period of “12 months beyond the date of the financial statements.”

Auditors should consider negative financial trends or factors such as:

  • Working capital deficiencies
  • Negative cash flows from operating activities
  • Default on loans
  • A denial of trade credit from suppliers
  • Need to restructure debt
  • Need to dispose of assets
  • Work stoppages or other labor problems
  • Need to significantly revise operations
  • Legal problems
  • Loss of key customers or suppliers
  • Uninsured catastrophes
  • The need for new capital

The risk assessment procedures are a part of planning an audit. You may obtain new information as you perform the engagement.

Remaining Alert Throughout the Audit

The auditor should remain alert throughout the audit for conditions or events that raise substantial doubt. So, after the initial review of going concern issues in the planning stage, the auditor considers the impact of new information gained during the subsequent stages of the engagement.

Audit Procedures When Substantial Doubt is Present

If events or conditions do give rise to substantial doubt, then the audit procedures should include the following (SAS 132, paragraph 16.):

  1. Requesting management to make an evaluation when management has not yet performed an evaluation
  2. Evaluating management’s plans in relation to its going concern evaluation, with regard to whether it is probable that: 
    1. management’s plans can be effectively implemented and 
    2. the plans would mitigate the relevant conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time
  3. When the entity has prepared a cash flow forecast, and analysis of the forecast is a significant factor in evaluating management’s plans: 
    1. evaluating the reliability of the underlying data generated to prepare the forecast and 
    2. determining whether there is adequate support for the assumptions underlying the forecast, which includes considering contradictory audit evidence
  4. Considering whether any additional facts or information have become available since the date on which management made its evaluation

Sometimes management’s plans to alleviate substantial doubt include financial support by third parties or owner-managers (usually referred to as supporting parties). 

Financial Support by Supporting Parties

When financial support is necessary to mitigate substantial doubt, the auditor should obtain audit evidence about the following:

  1. The intent of such supporting parties to provide the necessary financial support, including written evidence of such intent, and
  2. The ability of such supporting parties to provide the necessary financial support

If the evidence in a. is not obtained, then “management’s plans are insufficient to alleviate the determination that substantial doubt exists.”

Intent of Supporting Parties

The intent of supporting parties may be evidenced by either of the following:

  1. Obtaining from management written evidence of a commitment from the supporting party to provide or maintain the necessary financial support (sometimes called a “support letter”)
  2. Confirming directly with the supporting parties (confirmation may be needed if management only has oral evidence of such financial support)

If the auditor receives a support letter, he can still request a written confirmation from the supporting parties. For instance, the auditor may desire to check the validity of the support letter.

If the support comes from an owner-manager, then the written evidence can be a support letter or a written representation.

Support Letter

An example of a third party support letter (when the applicable reporting framework is FASB ASC) is as follows:

(Supporting party name) will, and has the ability to, fully support the operating, investing, and financing activities of (entity name) through at least one year and a day beyond [insert date] (the date the financial statements are issued or available for issuance, when applicable). 

You can specify a date in the support letter that is later than the expected date. That way if there is a delay, you may be able to avoid updating the letter.

The auditor should not only consider the intent of the supporting parties but the ability as well.

Ability of Supporting Parties

The ability of supporting parties to provide support can be evidenced by information such as:

  • Proof of past funding by the supporting party
  • Audited financial statements of the supporting party
  • Bank statements and valuations of assets held by a supporting party

After examining the intent and ability of supporting parties regarding the one-year period, you might identify potential going concern problems that will occur more than one year out.

Conditions and Events After the Reasonable Period of Time

So, should an auditor inquire about conditions and events that may affect the entity’s ability to continue as a going concern beyond management’s period of evaluation (i.e., one year from the date the financial statements are available to be issued or issued, as applicable)? Yes.

Suppose an entity knows it will be unable to meet its November 15, 2018, debt balloon payment. The financial statements are available to be issued on June 15, 2017, so the reasonable period goes through June 15, 2018. But management knows it can’t make the balloon payment, and the bank has already advised that the loan will not be renewed. SAS 132 requires the auditor to inquire of management concerning their knowledge of such conditions or events. 

Why? Only to determine if any potential (additional) disclosures are needed. FASB only requires the evaluation for the year following the date the financial statements are issued (or available to be issued, as applicable). Events following this one year period have no bearing on the current year going concern decisions. Nevertheless, additional disclosures may be merited.

Thus far, the requirements to evaluate the use of the going concern basis of accounting and whether substantial doubt is present have been explained. Now, let’s see what the requirements are for:

  • Written representations from management
  • Communications with those charged with governance
  • Documentation

Written Representations When Substantial Doubt Exists

When substantial doubt exists, the auditor should request the following written representations from management:

  1. A description of management’s plans that are intended to mitigate substantial doubt and the probability that those plans can be effectively implemented
  2. That the financial statements disclose all the matters relevant to the entity’s ability to continue as a going concern including conditions and events and management’s plans

Communications with Those Charged with Governance

Remember that you may need to add additional language to your communication with those charged with governance.

When conditions and events raise substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time, the auditor should communicate the following (unless those charged with governance manage the entity):

  1. Whether the conditions or events, considered in the aggregate, that raise substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time constitute substantial doubt
  2. The auditor’s consideration of management’s plans
  3. Whether management’s use of the going concern basis of accounting, when relevant, is appropriate in the preparation of the financial statements
  4. The adequacy of related disclosures in the financial statements
  5. The implications for the auditor’s report

Documentation Requirements

When substantial doubt exists before consideration of management’s plans, the auditor should document the following (SAS 132, paragraph 32.):

  1. The conditions or events that led the auditor to believe that there is substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time.
  2. The elements of management’s plans that the auditor considered to be particularly significant to overcoming the conditions or events, considered in the aggregate, that raise substantial doubt about the entity’s ability to continue as a going concern, if applicable.
  3. The audit procedures performed to evaluate the significant elements of management’s plans and evidence obtained, if applicable.
  4. The auditor’s conclusion regarding whether substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time remains or is alleviated. If substantial doubt remains, the auditor should also document the possible effects of the conditions or events on the financial statements and the adequacy of the related disclosures. If substantial doubt is alleviated, the auditor should also document the auditor’s conclusion regarding the need for, and, if applicable, the adequacy of, disclosure of the principal conditions or events that initially caused the auditor to believe there was substantial doubt and management’s plans that alleviated the substantial doubt.
  5. The auditor’s conclusion with respect to the effects on the auditor’s report.

Opinion – Emphasis of Matter Regarding Going Concern

If the auditor concludes that there is substantial doubt concerning the company’s ability to continue as a going concern, an emphasis of a matter paragraph should be added to the opinion.

An example of a going concern paragraph is as follows:

The accompanying financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the financial statements, the Company has suffered recurring losses from operations, has a net capital deficiency, and has stated that substantial doubt exists about the company’s ability to continue as a going concern. Management’s evaluation of the events and conditions and management’s plans regarding these matters are also described in Note 2. The financial statements do not include any adjustments that might result from the outcome of this uncertainty. Our opinion is not modified with respect to this matter.

The auditor should not use conditional language regarding the existence of substantial doubt about the entity’s ability to continue as a going concern. 

Opinion – Inadequate Going Concern Disclosures

Paragraph 26. of SAS 132 states that an auditor should issue a qualified opinion or an adverse opinion, as appropriate, when going concern disclosures are not adequate.

SAS 132 Summary 

Now, let’s circle back to where we started and review the objectives of SAS 132.

The objectives are as follows:

  • Conclude about whether the going concern basis of accounting is appropriate
  • Determine whether substantial doubt is present
  • Determine whether the going concern disclosures are adequate
  • Issue an appropriate opinion 

Conclusion

As you can see ASU 2014-15 and SAS 132 are complex. So, make sure you are using the most recent updates to your disclosure checklists and audit forms and programs.

Finally, keep in mind that going concern is also relevant to compilation and review engagements.

Group Financial Statement Audits: An Overview

When do the group audit standards apply?

Do you audit financial statements that contain subsidiaries or equity method investments? Then the group audit standards apply, even if you audit all components. Peer reviewers are looking for the required group audit documentation, and they, in many cases, are not seeing what they should.

Audits of Group Financial Statements (AU-C 600) provides guidance for group audits. This article gives an overview of those standards.

Group Audits

Made with Canva

When is AU-C 600 Applicable?

AU-C 600 applies whenever there is an audit of group financial statements (meaning financial statements that include the financial information of more than one component). A component is an entity or business activity whose financial statements are required to be included in the group financial statements under the applicable reporting framework (e.g., U.S. GAAP).

AU-C 600 does apply even if a firm audits all of the components that comprise consolidated financial statements.

What is a Component?

A component includes:

  • Subsidiary
  • Joint venture
  • Division of a company
  • Geographic or functional activity (e.g., program in a not-for-profit organization)
  • Equity-method investment

Why the Group Audit Standard?

When there are multiple components audited by different firms, the risk of error–specifically, an incorrect opinion–increases. AU-C 600 decreases this risk by providing the group audit firm with guidance for group audit situations. Here are a couple of examples where the group audit standards are in play.

Consider, for example, a group audit in which a significant unaudited subsidiary is located in California, but the parent company is in Georgia. Since the subsidiary is not audited, the group auditor does not have the option to reference another audit firm (see below). Nevertheless, he has to obtain audit evidence to support the group audit opinion. The group auditor might direct a California-based audit firm to perform certain audit procedures and provide the results. These procedures provide audit evidence for the group audit opinion.

Likewise, if the California subsidiary is audited, AU-C 600 provides the group auditor with the ability to get the information necessary to render an appropriate audit opinion. In this instance, the component auditor issues an opinion on the California subsidiary, and the group auditor can rely on that work. There is no need for the group auditor to request certain procedures of the California audit team. The group audit firm communicates with the component audit firm concerning issues such as materiality, competence, and independence.

The Auditing Standards Board created AU-C 600 to give the group audit firm and partner the resources and information to get things right.  

When multiple firms audit various components, the group auditor can assume responsibility for the related audits or he can reference the component audit firm in his audit opinion.

The Big Decision: Referencing Another Audit Firm

While AU-C 600 applies to group audits when the same firm audits all components, it also applies when the group auditor does not audit a component–for example, the group audit firm audits the parent company and another audit firm audits a subsidiary (a component).

The group engagement partner (the partner responsible for the group audit) will decide if he or she will make reference to the component auditor

If reference is made, the auditing standards state:

  1. The auditor’s report on the group financial statements should clearly indicate that the component was not audited by the auditor of the group financial statements but was audited by the component auditor.
  2. The group auditor’s report should also communicate the magnitude of the component audited by the component auditor.

If reference is not made, then the group audit firm is responsible for the full audit and related audit evidence. 

The group auditor has the option to name or not name the component audit firm. Typically the group audit firm will not name the component audit firm, but will reference the other firm with opinion language such as “those statements were audited by other auditors.”

Requirements for Referencing a Component Auditor

The group auditor can make reference to the component auditor only if the following is true:

  1. The component auditor must meet independence requirements 
  2. The group audit team must not have serious concerns about whether the component auditors will understand and comply with ethical requirements (including independence)
  3. The group audit team must not have serious concerns about the component audit team’s professional competence
  4. The component financial statements must be presented using the same financial reporting framework as the group financial statements
  5. The component auditor must audit the component in accordance with GAAS (or when required, PCAOB standards)
  6. The component auditor’s report must not be restricted as to use

Requirements to Communicate with Component Auditor 

Regardless of whether reference is made, the group audit team should obtain an understanding of the following:

  1. Whether a component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent
  2. A component auditor’s professional competence
  3. The extent, if any, to which the group engagement team will be able to be involved in the work of the component auditor
  4. Whether the group engagement team will be able to obtain information affecting the consolidation process from a component auditor
  5. Whether a component auditor operates in a regulatory environment that actively oversees auditors

Peer Review

The group audit standards are in the crosshairs of peer reviews, so make sure your audit documentation (especially your planning documents) is appropriate.

Audit Lessons from a Brain Tumor

Life teaches us unexpected lessons

I said to my wife, “Am I driving straight?” I felt as if I was weaving, not quite in control. I felt dizzy and heard clicking noises in my ears.

The mystery only increased over the next two years as I visited three different doctors. They stuck, prodded, and probed me–but no solution.

Frustrating.

Doctor Looking at Head Xray on blue

Picture is courtesy of istockphoto.com

Meanwhile, I felt a growing numbness on the right side of my face. So one night I started Googling health websites (the thing they tell you not to do) and came upon this link: Acoustic Neuroma Association. I clicked it. It was like reading my diary. It couldn’t be. A brain tumor.

The next day I handed my doctor the acoustic neuroma information and said, “I think this is what I have. I want a brain scan.”

Two days after the scan, while on the golf course, I received the doctor’s call: “Mr. Hall, you were right. You have a 2.3-centimeter brain tumor.” (I sent him a bill for my diagnosis but he never paid–just kidding.) My golfing buddies gathered around and prayed for me on the 17th green, and I went home to break the news to my wife. I had two children, two and four at the time. I was concerned.

Shortly after that, I was in a surgeon’s office in Atlanta. The doctor said they’d do a ten-hour operation; there was a 40% chance of paralysis and a 5% chance of death. The tumor was too large for radiation–or so I was told.

I didn’t like the odds, so I prayed more and went back to the Internet. There I located Dr. Jeffrey Williams at Johns Hopkins Hospital in Baltimore. I emailed the good doctor, telling him of the tumor’s size. His response: “I radiate tumors this size every day.” He was a pioneer in fractionated stereotactic radiation, one of the few physicians in the world using this procedure (at the time).

A few days later, I’m lying on an operating table in Baltimore with my head bolted down, ready for radiation. They bolt you down to ensure the cooking of the tumor (and not the brain). Fun, you should try it. Four more times I visited the table. Each time everyone left the room–a sure sign you should not try this at home.

Each day I laid there silently, talking to God and trusting Him.

Three weeks later I returned to work. Eighteen years later, I have had one sick day.

I’ve watched my children grow up. They are twenty-one and twenty-three now–both finished college. My daughter is engaged to be married. My wife is still by my side, and I’m thankful for each day.

Cades Cove, Tennessee with my wife

So what does a brain tumor story tell us about audits? (You may, at this point, be thinking: they did cook the wrong part.)

Audit Lessons Learned from a Brain Tumor

1. Pay Attention to Signs

It’s easy to overlook the obvious. Maybe we don’t want to see a red flag (I didn’t want to believe I had a tumor). It might slow us down. But an audit is not purely about finishing and billing. It’s about gathering proper evidential matter to support the opinion. To do less is delinquent and dangerous.

2. Seek Alternatives

If you can’t gain appropriate audit evidence one way, seek another. Don’t simply push forward, using the same procedures year after year. The doctor in Atlanta was a surgeon, so his solution was surgery. His answer was based on his tools, his normal procedures. If you’ve always used a hammer, try a wrench.

3. Seek Counsel

If one answer doesn’t ring true, see what someone else thinks, maybe even someone outside your firm. Obviously, you need to make sure your engagement partner agrees (about seeking outside guidance), but if he or she does, go for it. I often call the AICPA hotline. I find them helpful and knowledgeable. I also have relationships with other professionals, so I call friends and ask their opinions–and they call me. Check your pride at the door. I’d rather look dumb and be right than to look smart and wrong.

4. Embrace Change

Fractionated stereotactic radiation was new. Dr. Williams was a pioneer in the technique. The only way your audit processes will get better is to try new techniques: paperless software (we use Caseware), data mining (we use IDEA), real fraud inquiries (I use ACFE techniques), electronic bank confirmations (I use Confirmation.com), project management software (I use Basecamp). If you are still pushing a Pentel on a four-column, it’s time to change.

Postscript

Finally, remember that work is important, but life itself is the best gift. Be thankful for each moment, each hour, each day.