Key Fraud Survey Insights from the ACFE’s 2016 Report to the Nation

You can only stop fraud when you know how it occurs

If you are to prevent fraud, you must first know how it occurs. Every two years the Association of Certified Fraud Examiners issues its fraud survey titled Report to the Nation. Below you’ll see key fraud survey insights from the 2016 study.

Key Fraud Survey Insights

Key Fraud Survey Insights

  • A typical organization loses 5% of revenues in a given year as a result of fraud
  • The median loss for all cases was $150,000
  • 23% of the cases involved losses of more than $1 million
  • Asset misappropriation occurred in more than 83% of cases
  • Of the asset misappropriation cases, billing schemes and check tampering schemes pose the greatest risk
  • The median duration of the frauds was 18 months
  • Schemes that lasted more than five years caused a median loss of $850,000
  • In 94.5% of the cases, the perpetrator took some efforts to conceal the fraud (usually creating or altering documents)
  • 39% of the cases were detected by tips
  • Whistleblowers are most likely to report fraud to their direct supervisors (20.6% of cases) or company executives (18%)
  • Approximately two-thirds of the cases targeted privately held or publicly owned companies
  • Corruption is more prevalent in larger organizations
  • Check tampering, skimming, payroll, and cash larceny schemes are twice as common in small organizations when compared to larger organizations
  • Fraud is most prevalent in the following industries: Banks, governments, manufacturing 
  • The presence of anti-fraud controls correlates with both lower fraud losses and quicker detection (33% to 50% more quickly)
  • The most prominent weakness is a lack of internal controls (cited in 29.3% of cases)
  • The perpetrator’s level of authority is strongly correlated with the size of the fraud
  • More occupational frauds originate in the accounting department (16.6%) than in any other business unit
  • The more individuals involved in an occupational fraud scheme (collusion), the higher the losses tend to be
  • For schemes with five or more perpetrators, the median loss was $633,000
  • One of the more common red flags was the fraudster was living beyond his or her means
  • Only 5.2% of perpetrators had previously been convicted of a fraud-related offense
  • In 40.7% of cases, the victim organizations decided not to refer their fraud cases to law enforcement

The Dangers of a Trusted Bookkeeper

Many small businesses have unknown threats

So your business has a wonderful bookkeeper, Joan Hardison. Just last week you told your banker, “Joan does such a good job, I don’t have even think about my bookkeeping.” But does your trust create potential dangers–some that might be significant?

Dangers of a Trusted Bookkeeper

Bookkeeping Password

Is Joan the only person with the password to your bookkeeping software? If yes, why? Oh, she’s trustworthy. I see. But can she control when he dies?

If Joan is hit by a bus and passes from this earth, can you access your bookkeeping information?

If your company has years of bookkeeping information and Joan is the only person with the password, then you may lose it all. Yes, you have the printed copies of your financial statements, but the details of your financial life may be lost forever. 

Intentional Destruction of Bookkeeping Information

Here’s another threat. Joan becomes angry.

Well, now she can intentionally destroy your financial records. In some systems, this is as simple as hitting a delete key. So provide the bookkeeping password to multiple people (if the system does not allow multiple users). If a bookkeeper leaves, remove that person from the system as soon as possible. Sabotage is an ugly thing. 

Also, consider the potential for harm if your bookkeeper is the administrator in your bookkeeping software. He or she controls who gets in and who can’t. It may be wise to make someone other than the bookkeeper the administrator, or–if the system allows–set up two administrators. Main point: Don’t allow one person (the bookkeeper) to control everything.

Additionally, back up your data, or use a cloud service that does this for you. 

The Threat of Theft

Oh, and here’s one more danger: Theft.

Many small businesses trust their bookkeeper too much, not reviewing what the person is doing. This is a recipe for fraud.

If your bookkeeper prints your checks, then she can write checks to herself, can she not. And if she alone reconciles the bank statement, then you really have a problem. She may be the only person that sees cleared checks. If you’re the business owner, you may be thinking, “But I’m the only authorized check signer.” Good luck with that. I’ve seen plenty of forged checks.

As I tell my clients, “Trust your mother but cut the deck.”

Too many small business owners fail to review the work of their bookkeepers, and these businesses often are not audited. Since the bookkeeper knows no one is watching (and that no one will), it’s easy to steal. What’s the solution?

While not a silver bullet, have the bank statements mailed to the small business owner (or someone other than the bookkeeper). Have this person open the bank statements and review the cleared checks. Thereafter, provide the bank statement to the bookkeeper. This simple step can save you. Now, the bookkeeper knows someone is paying attention, and your risk of theft is diminished. 

Summary

So, if you have a trusted bookkeeper, great! But you still need to do the following:

  • Provide the bookkeeping password to more than one person
  • Backup your bookkeeping information
  • Have your bank statements mailed to someone other than the bookkeeper

Going Concern: How to Understand the Accounting and Auditing Standards

ASU 2014-15 and SAS 132 are shaking up going concern decisions

Are you preparing financial statements and wondering whether you need to include going concern disclosures? Or maybe you’re the auditor, and you’re wondering if a going concern paragraph should be added to the audit opinion. You’ve heard there are new requirements for both management and auditors, but you’re not sure what they are.

This article summarizes (in one place) the new going concern accounting and auditing standards.

going concern

Going Concern Standards

For many years the going concern standards were housed in the audit standards–thus, the need for FASB to issue accounting guidance (ASU 2014-15). It makes sense that FASB created going concern disclosure guidance. After all, disclosures are an accounting issue. 

Accounting Standard

ASU 2014-15, Disclosure of Uncertainties about an Entity’s Ability to Continue as a Going Concern, provides guidance in preparing financial statements. This standard was effective for years ending after December 15, 2016.

GASB Statement 56, Codification of Accounting and Financial Reporting Guidance Contained in the AICPA Statements on Auditing Standards, is the relevant going concern standard for governments. GASB 56 was issued in March 2009. (GASB 56 requires financial statement preparers to evaluate whether there is substantial doubt about a governmental entity’s ability to continue as a going concern for 12 months beyond the date of the financial statements. As you will see below, this timeframe is different from the one called for under ASU 2014-15. This post focuses on ASU 2014-15 and SAS 132.)

Meanwhile, the Auditing Standards Board issued their own going concern standard in February 2017: SAS 132.

Auditing Standard

Auditors will use SAS 132, The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern, to make going concern decisions. This SAS is effective for audits of financial statements for periods ending on or after December 15, 2017. SAS 132 amends SAS 126The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern.

So, let’s take a look at how to apply ASU 2014-15 and SAS 132.

Two Stages of Going Concern Decisions

In the past, the going concern decisions were made by auditors in a single step. Now, it is helpful to think of going concern decisions in two stages:

  1. Management decisions concerning the preparation of financial statements 
  2. Auditor decisions concerning the audit of the financial statements

First, we’ll consider management’s decisions.

Stage 1. Management Decisions

 

ASU 2014-15 provides guidance concerning management’s determination of whether there is substantial doubt regarding the entity’s ability to continue as a going concern.

Going Concern

What is Substantial Doubt?

So, how does FASB define substantial doubt? 

Substantial doubt about the entity’s ability to continue as a going concern is considered to exist when aggregate conditions and events indicate that it is probable that the entity will be unable to meet obligations when due within one year of the date that the financial statements are issued or are available to be issued.

What is Probable?

So, how does management determine if “it is probable that the entity will be unable to meet obligations when due within one year”?

Probable means likely to occur

If for example, a company expects to miss a debt service payment in the coming year, then substantial doubt exists. This initial assessment is made without regard to management’s plans to alleviate going concern conditions. 

But what factors should management consider?

Factors to Consider

Management should consider the following factors when assessing going concern:

  • The reporting entity’s current financial condition, including the availability of liquid funds and access to credit
  • Obligations of the reporting entity due or new obligations anticipated within one year (regardless of whether they have been recognized in the financial statements)
  • The funds necessary to maintain operations considering the reporting entity’s current financial condition, obligations, and other expected cash flows
  • Other conditions or events that may affect the entity’s ability to meet its obligations

Moreover, management is to consider these factors for one year. But from what date?

Timeframe

The financial statement preparer (i.e., management or a party contracted by management) should assess going concern in light of one year from the date “the financial statements are issued or are available to be issued.”

So, if December 31, 2017, financial statements (for a nonpublic company) are available to be issued on March 15, 2017, the preparer looks forward one year from March 15, 2017. Then, the preparer asks, “Is it probable that the company will be unable to meet its obligations through March 15, 2018?” If yes, substantial doubt is present and disclosures are necessary. If no, then substantial doubt does not exist. As you would expect, the answer to this question determines whether going concern disclosures are to be made and what should be included.

Substantial Doubt Answer Determines Disclosures

If substantial doubt does not exist, then going concern disclosures are not necessary.

If substantial doubt exists, then the company needs to decide if management’s plans alleviate the going concern issue. This decision determines the disclosures to be made. The required disclosures are based upon whether:

  1. Management’s plans alleviate the going concern issue
  2. Management’s plans do not alleviate the going concern issue

1. What if Management’s Plans Alleviate the Going Concern Issue?

If conditions or events raise substantial doubt about an entity’s ability to continue as a going concern, but the substantial doubt is alleviated as a result of consideration of management’s plans, the entity should disclose information that enables users of the financial statements to understand all of the following (or refer to similar information disclosed elsewhere in the footnotes):

  1. Principal conditions or events that raised substantial doubt about the entity’s ability to continue as a going concern (before consideration of management’s plans)
  2. Management’s evaluation of the significance of those conditions or events in relation to the entity’s ability to meet its obligations
  3. Management’s plans that alleviated substantial doubt about the entity’s ability to continue as a going concern

Management’s plans should be considered only if is it probable that they will be effectively implemented. Also, it must be probable that management’s plans will be effective in alleviating substantial doubt.

So, if management’s plans are expected to work, does the company have to explicitly state that management’s plans will alleviate substantial doubt? No. 

When management’s plans alleviate substantial doubt, companies need not use the words going concern or substantial doubt in the disclosures. And as Sears discovered, it may not be wise to do so (their shares dropped 16% after using the term substantial doubt even though management had plans to alleviate the risk). Rather than using the term substantial doubt, consider describing conditions (e.g., cash flows are not sufficient to meet obligations) and management plans to alleviate substantial doubt.

Sample Note – Substantial Doubt Alleviated

An example note follows:

Note 2 – Company Conditions

The Company had losses of $4,525,123 in the year ending March 31, 2017. As of March 31, 2017, its accumulated deficit is $11,325,354. 

Management believes the Company’s present cash flows will not enable it to meet its obligations for twelve months from the date these financial statements are available to be issued. However, management is working to obtain new long-term financing. It is probable that management will obtain new sources of financing that will enable the Company to meet its obligations for the twelve-month period from the date the financial statements are available to be issued.

Notice this example does not use the words substantial doubt.

2. What if Management’s Plans Do Not Alleviate the Going Concern Issue?

If conditions or events raise substantial doubt about an entity’s ability to continue as a going concern, and substantial doubt is not alleviated after consideration of management’s plans, an entity should include a statement in the notes indicating that there is substantial doubt about the entity’s ability to continue as a going concern within one year after the date that the financial statements are available to be issued (or issued when applicable). Additionally, the entity should disclose information that enables users of the financial statements to understand all of the following:

  1. Principal conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern
  2. Management’s evaluation of the significance of those conditions or events in relation to the entity’s ability to meet its obligations
  3. Management’s plans that are intended to mitigate the conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern

Sample Disclosure – Substantial Doubt Not Alleviated

An example disclosure follows:

Note 2 – Going Concern
 
The financial statements have been prepared on a going concern basis which assumes the Company will be able to realize its assets and discharge its liabilities in the normal course of business for the foreseeable future.  The Company had losses of $1,232,555 in the current year. The Company has incurred accumulated losses of $2,891,727 as of March 31, 2017. Cash flows used in operations totaled $555,897 for the year ended March 31, 2017.
 
Management believes these conditions raise substantial doubt about the Company’s ability to continue as a going concern within the next twelve months from the date these financial statements are available to be issued. The ability to continue as a going concern is dependent upon profitable future operations, positive cash flows, and additional financing.
 
Management intends to finance operating costs over the next twelve months with existing cash on hand and loans from its directors. Management is also working to secure new bank financing. The Company’s ability to obtain the new financing is not known at this time.
 
Notice this note includes a statement that substantial doubt is present. Though management’s plans are disclosed, the probability of success is not provided.

ASU 2014-15 Summary

ASU 2014-15 focuses on management’s assessment regarding whether substantial doubt exists. If substantial doubt exists, then disclosures are required. Here’s a short video summarizing 2014-15:

Thus far, we’ve addressed the stage 1. management decisions. As you can see management’s considerations focus on disclosures. By contrast, auditors focus on the audit opinion. Now, let’s look at what auditors must do.

Stage 2. Auditor Decisions

 

SAS 132 provides guidance concerning the auditor’s consideration of an entity’s ability to continue as a going concern.

Going Concern

Objectives of the Auditor

SAS 132, paragraph 10, states the objectives of the auditor are as follows:

  • Obtain sufficient appropriate audit evidence regarding, and to conclude on, the appropriateness of management’s use of the going concern basis of accounting, when relevant, in the preparation of the financial statements
  • Conclude, based on the audit evidence obtained, whether substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time exists
  • Evaluate the possible financial statement effects, including the adequacy of disclosure regarding the entity’s ability to continue as a going concern for a reasonable period of time
  • Report in accordance with this SAS

These objectives can be summarized as follows:

  1. Conclude about whether the going concern basis of accounting is appropriate
  2. Determine whether substantial doubt is present
  3. Determine whether the going concern disclosures are adequate
  4. Issue an appropriate opinion 

In light of these objectives, certain audit procedures are necessary.

Risk Assessment Procedures

In the risk assessment phase of an audit, the auditor should consider whether conditions or events raise substantial doubt. In doing so, the auditor should examine any preliminary management evaluation of going concern. If such an evaluation was performed, the auditor should review it with management. If no evaluation has occurred, then the auditor should discuss with management the appropriateness of using the going concern basis of accounting (the liquidation basis of accounting is required by ASC 205-30 when the entity’s liquidation is imminent) and whether there are conditions or events that raise substantial doubt. 

The auditor is to consider conditions and events that raise substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time. What is a reasonable period of time? It is the period of time required by the applicable financial reporting framework or, if no such requirement exists, within one year after the date that the financial statements are issued (or within one year after the date that the financial statements are available to be issued, when applicable). The governmental accounting standards require an evaluation period of “12 months beyond the date of the financial statements.”

Auditors should consider negative financial trends or factors such as:

  • Working capital deficiencies
  • Negative cash flows from operating activities
  • Default on loans
  • A denial of trade credit from suppliers
  • Need to restructure debt
  • Need to dispose of assets
  • Work stoppages or other labor problems
  • Need to significantly revise operations
  • Legal problems
  • Loss of key customers or suppliers
  • Uninsured catastrophes
  • The need for new capital

The risk assessment procedures are a part of planning an audit. You may obtain new information as you perform the engagement.

Remaining Alert Throughout the Audit

The auditor should remain alert throughout the audit for conditions or events that raise substantial doubt. So, after the initial review of going concern issues in the planning stage, the auditor considers the impact of new information gained during the subsequent stages of the engagement.

Audit Procedures When Substantial Doubt is Present

If events or conditions do give rise to substantial doubt, then the audit procedures should include the following (SAS 132, paragraph 16.):

  1. Requesting management to make an evaluation when management has not yet performed an evaluation
  2. Evaluating management’s plans in relation to its going concern evaluation, with regard to whether it is probable that: 
    1. management’s plans can be effectively implemented and 
    2. the plans would mitigate the relevant conditions or events that raise substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time
  3. When the entity has prepared a cash flow forecast, and analysis of the forecast is a significant factor in evaluating management’s plans: 
    1. evaluating the reliability of the underlying data generated to prepare the forecast and 
    2. determining whether there is adequate support for the assumptions underlying the forecast, which includes considering contradictory audit evidence
  4. Considering whether any additional facts or information have become available since the date on which management made its evaluation

Sometimes management’s plans to alleviate substantial doubt include financial support by third parties or owner-managers (usually referred to as supporting parties). 

Financial Support by Supporting Parties

When financial support is necessary to mitigate substantial doubt, the auditor should obtain audit evidence about the following:

  1. The intent of such supporting parties to provide the necessary financial support, including written evidence of such intent, and
  2. The ability of such supporting parties to provide the necessary financial support

If the evidence in a. is not obtained, then “management’s plans are insufficient to alleviate the determination that substantial doubt exists.”

Intent of Supporting Parties

The intent of supporting parties may be evidenced by either of the following:

  1. Obtaining from management written evidence of a commitment from the supporting party to provide or maintain the necessary financial support (sometimes called a “support letter”)
  2. Confirming directly with the supporting parties (confirmation may be needed if management only has oral evidence of such financial support)

If the auditor receives a support letter, he can still request a written confirmation from the supporting parties. For instance, the auditor may desire to check the validity of the support letter.

If the support comes from an owner-manager, then the written evidence can be a support letter or a written representation.

Support Letter

An example of a third party support letter (when the applicable reporting framework is FASB ASC) is as follows:

(Supporting party name) will, and has the ability to, fully support the operating, investing, and financing activities of (entity name) through at least one year and a day beyond [insert date] (the date the financial statements are issued or available for issuance, when applicable). 

You can specify a date in the support letter that is later than the expected date. That way if there is a delay, you may be able to avoid updating the letter.

The auditor should not only consider the intent of the supporting parties but the ability as well.

Ability of Supporting Parties

The ability of supporting parties to provide support can be evidenced by information such as:

  • Proof of past funding by the supporting party
  • Audited financial statements of the supporting party
  • Bank statements and valuations of assets held by a supporting party

After examining the intent and ability of supporting parties regarding the one-year period, you might identify potential going concern problems that will occur more than one year out.

Conditions and Events After the Reasonable Period of Time

So, should an auditor inquire about conditions and events that may affect the entity’s ability to continue as a going concern beyond management’s period of evaluation (i.e., one year from the date the financial statements are available to be issued or issued, as applicable)? Yes.

Suppose an entity knows it will be unable to meet its November 15, 2018, debt balloon payment. The financial statements are available to be issued on June 15, 2017, so the reasonable period goes through June 15, 2018. But management knows it can’t make the balloon payment, and the bank has already advised that the loan will not be renewed. SAS 132 requires the auditor to inquire of management concerning their knowledge of such conditions or events. 

Why? Only to determine if any potential (additional) disclosures are needed. FASB only requires the evaluation for the year following the date the financial statements are issued (or available to be issued, as applicable). Events following this one year period have no bearing on the current year going concern decisions. Nevertheless, additional disclosures may be merited.

Thus far, the requirements to evaluate the use of the going concern basis of accounting and whether substantial doubt is present have been explained. Now, let’s see what the requirements are for:

  • Written representations from management
  • Communications with those charged with governance
  • Documentation

Written Representations When Substantial Doubt Exists

When substantial doubt exists, the auditor should request the following written representations from management:

  1. A description of management’s plans that are intended to mitigate substantial doubt and the probability that those plans can be effectively implemented
  2. That the financial statements disclose all the matters relevant to the entity’s ability to continue as a going concern including conditions and events and management’s plans

Communications with Those Charged with Governance

Remember that you may need to add additional language to your communication with those charged with governance.

When conditions and events raise substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time, the auditor should communicate the following (unless those charged with governance manage the entity):

  1. Whether the conditions or events, considered in the aggregate, that raise substantial doubt about an entity’s ability to continue as a going concern for a reasonable period of time constitute substantial doubt
  2. The auditor’s consideration of management’s plans
  3. Whether management’s use of the going concern basis of accounting, when relevant, is appropriate in the preparation of the financial statements
  4. The adequacy of related disclosures in the financial statements
  5. The implications for the auditor’s report

Documentation Requirements

When substantial doubt exists before consideration of management’s plans, the auditor should document the following (SAS 132, paragraph 32.):

  1. The conditions or events that led the auditor to believe that there is substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time.
  2. The elements of management’s plans that the auditor considered to be particularly significant to overcoming the conditions or events, considered in the aggregate, that raise substantial doubt about the entity’s ability to continue as a going concern, if applicable.
  3. The audit procedures performed to evaluate the significant elements of management’s plans and evidence obtained, if applicable.
  4. The auditor’s conclusion regarding whether substantial doubt about the entity’s ability to continue as a going concern for a reasonable period of time remains or is alleviated. If substantial doubt remains, the auditor should also document the possible effects of the conditions or events on the financial statements and the adequacy of the related disclosures. If substantial doubt is alleviated, the auditor should also document the auditor’s conclusion regarding the need for, and, if applicable, the adequacy of, disclosure of the principal conditions or events that initially caused the auditor to believe there was substantial doubt and management’s plans that alleviated the substantial doubt.
  5. The auditor’s conclusion with respect to the effects on the auditor’s report.

Opinion – Emphasis of Matter Regarding Going Concern

If the auditor concludes that there is substantial doubt concerning the company’s ability to continue as a going concern, an emphasis of a matter paragraph should be added to the opinion.

An example of a going concern paragraph is as follows:

The accompanying financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the financial statements, the Company has suffered recurring losses from operations, has a net capital deficiency, and has stated that substantial doubt exists about the company’s ability to continue as a going concern. Management’s evaluation of the events and conditions and management’s plans regarding these matters are also described in Note 2. The financial statements do not include any adjustments that might result from the outcome of this uncertainty. Our opinion is not modified with respect to this matter.

The auditor should not use conditional language regarding the existence of substantial doubt about the entity’s ability to continue as a going concern. 

Opinion – Inadequate Going Concern Disclosures

Paragraph 26. of SAS 132 states that an auditor should issue a qualified opinion or an adverse opinion, as appropriate, when going concern disclosures are not adequate.

SAS 132 Summary 

Now, let’s circle back to where we started and review the objectives of SAS 132.

The objectives are as follows:

  • Conclude about whether the going concern basis of accounting is appropriate
  • Determine whether substantial doubt is present
  • Determine whether the going concern disclosures are adequate
  • Issue an appropriate opinion 

Conclusion

As you can see ASU 2014-15 and SAS 132 are complex. So, make sure you are using the most recent updates to your disclosure checklists and audit forms and programs.

Ten Recommended Business Books for Your Summer Reading

Looking for inspiration? Check these books out

It’s summer, so some of you are looking for books to challenage and inspire you.

Ten recommended business books

Here are ten of my favorites (click the links to see the books on Amazon):

  1. Essentialism, The Disciplined Pursuit of Less
  2. The Go-Giver
  3. The Exceptional Presenter
  4. The One Thing
  5. Rest
  6. The Power of Full Engagement
  7. Getting Things Done
  8. Necessary Endings
  9. The Power of Habit: Why We Do What We Do in Life and Business
  10. Deep Work

How to Organize Your Computer Desktop with Fences

Do you get lost looking for app or document icons on your desktop?

Most accountants like organization, yet I often see total chaos on their computer desktops.

A typical CPA’s screen looks like this.

Organize desktop

We’d be much better off if our desktops looked like this.

fences

Creating Order on Your Desktop

So how can you bring order to your desktop?

Use Fences. The cost is $9.99, but well worth the iconic bliss.

Once Fences is downloaded, you simply right-click and drag on your screen to create a new fence (see below). Above you see a fence titled “Programs.” You can arrange the icons in whatever order you wish. To add an icon to a fence, you simply drag it to the desired location.

Create Fence

Once you arrange your icons, they stay that way. When you reboot your computer the next morning, you’ll find your icons in the same order. 

Fences YouTube Video

Here’s a video that provides additional information:

My Experience with Fences

I’ve used Fences for about five years and have found it useful. I recommend it.

To see physical office setup ideas for accountants, click here.

Group Financial Statement Audits: An Overview

When do the group audit standards apply?

Do you audit financial statements that contain subsidiaries or equity method investments? Then the group audit standards apply, even if you audit all components. Peer reviewers are looking for the required group audit documentation, and they, in many cases, are not seeing what they should.

Audits of Group Financial Statements (AU-C 600) provides guidance for group audits. This article gives an overview of those standards.

Group Audits

Made with Canva

When is AU-C 600 Applicable?

AU-C 600 applies whenever there is an audit of group financial statements (meaning financial statements that include the financial information of more than one component). A component is an entity or business activity whose financial statements are required to be included in the group financial statements under the applicable reporting framework (e.g., U.S. GAAP).

AU-C 600 does apply even if a firm audits all of the components that comprise consolidated financial statements.

What is a Component?

A component includes:

  • Subsidiary
  • Joint venture
  • Division of a company
  • Geographic or functional activity (e.g., program in a not-for-profit organization)
  • Equity-method investment

Why the Group Audit Standard?

When there are multiple components audited by different firms, the risk of error–specifically, an incorrect opinion–increases. AU-C 600 decreases this risk by providing the group audit firm with guidance for group audit situations. Here are a couple of examples where the group audit standards are in play.

Consider, for example, a group audit in which a significant unaudited subsidiary is located in California, but the parent company is in Georgia. Since the subsidiary is not audited, the group auditor does not have the option to reference another audit firm (see below). Nevertheless, he has to obtain audit evidence to support the group audit opinion. The group auditor might direct a California-based audit firm to perform certain audit procedures and provide the results. These procedures provide audit evidence for the group audit opinion.

Likewise, if the California subsidiary is audited, AU-C 600 provides the group auditor with the ability to get the information necessary to render an appropriate audit opinion. In this instance, the component auditor issues an opinion on the California subsidiary, and the group auditor can rely on that work. There is no need for the group auditor to request certain procedures of the California audit team. The group audit firm communicates with the component audit firm concerning issues such as materiality, competence, and independence.

The Auditing Standards Board created AU-C 600 to give the group audit firm and partner the resources and information to get things right.  

When multiple firms audit various components, the group auditor can assume responsibility for the related audits or he can reference the component audit firm in his audit opinion.

The Big Decision: Referencing Another Audit Firm

While AU-C 600 applies to group audits when the same firm audits all components, it also applies when the group auditor does not audit a component–for example, the group audit firm audits the parent company and another audit firm audits a subsidiary (a component).

The group engagement partner (the partner responsible for the group audit) will decide if he or she will make reference to the component auditor. An example opinion can be seen here

If reference is made, the auditing standards state:

  1. The auditor’s report on the group financial statements should clearly indicate that the component was not audited by the auditor of the group financial statements but was audited by the component auditor.
  2. The group auditor’s report should also communicate the magnitude of the component audited by the component auditor.

If reference is not made, then the group audit firm is responsible for the full audit and related audit evidence. 

The group auditor has the option to name or not name the component audit firm. Typically the group audit firm will not name the component audit firm, but will reference the other firm with opinion language such as “those statements were audited by other auditors.”

Requirements for Referencing a Component Auditor

The group auditor can make reference to the component auditor only if the following is true:

  1. The component auditor must meet independence requirements 
  2. The group audit team must not have serious concerns about whether the component auditors will understand and comply with ethical requirements (including independence)
  3. The group audit team must not have serious concerns about the component audit team’s professional competence
  4. The component financial statements must be presented using the same financial reporting framework as the group financial statements
  5. The component auditor must audit the component in accordance with GAAS (or when required, PCAOB standards)
  6. The component auditor’s report must not be restricted as to use

Requirements to Communicate with Component Auditor 

Regardless of whether reference is made, the group audit team should obtain an understanding of the following:

  1. Whether a component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent
  2. A component auditor’s professional competence
  3. The extent, if any, to which the group engagement team will be able to be involved in the work of the component auditor
  4. Whether the group engagement team will be able to obtain information affecting the consolidation process from a component auditor
  5. Whether a component auditor operates in a regulatory environment that actively oversees auditors

Peer Review

The group audit standards are in the crosshairs of peer reviews, so make sure your audit documentation (especially your planning documents) is appropriate.

Audit Lessons from a Brain Tumor

Life teaches us unexpected lessons

I said to my wife, “Am I driving straight?” I felt as if I was weaving, not quite in control. I felt dizzy and heard clicking noises in my ears.

The mystery only increased over the next two years as I visited three different doctors. They stuck, prodded, and probed me–but no solution.

Frustrating.

Doctor Looking at Head Xray on blue

Picture is courtesy of istockphoto.com

Meanwhile, I felt a growing numbness on the right side of my face. So one night I started Googling health websites (the thing they tell you not to do) and came upon this link: Acoustic Neuroma Association. I clicked it. It was like reading my diary. It couldn’t be. A brain tumor.

The next day I handed my doctor the acoustic neuroma information and said, “I think this is what I have. I want a brain scan.”

Two days after the scan, while on the golf course, I received the doctor’s call: “Mr. Hall, you were right. You have a 2.3-centimeter brain tumor.” (I sent him a bill for my diagnosis but he never paid–just kidding.) My golfing buddies gathered around and prayed for me on the 17th green, and I went home to break the news to my wife. I had two children, two and four at the time. I was concerned.

Shortly after that, I was in a surgeon’s office in Atlanta. The doctor said they’d do a ten-hour operation; there was a 40% chance of paralysis and a 5% chance of death. The tumor was too large for radiation–or so I was told.

I didn’t like the odds, so I prayed more and went back to the Internet. There I located Dr. Jeffrey Williams at Johns Hopkins Hospital in Baltimore. I emailed the good doctor, telling him of the tumor’s size. His response: “I radiate tumors this size every day.” He was a pioneer in fractionated stereotactic radiation, one of the few physicians in the world using this procedure (at the time).

A few days later, I’m lying on an operating table in Baltimore with my head bolted down, ready for radiation. They bolt you down to ensure the cooking of the tumor (and not the brain). Fun, you should try it. Four more times I visited the table. Each time everyone left the room–a sure sign you should not try this at home.

Each day I laid there silently, talking to God and trusting Him.

Three weeks later I returned to work. Eighteen years later, I have had one sick day.

I’ve watched my children grow up. They are twenty-one and twenty-three now–both finished college. My daughter is engaged to be married. My wife is still by my side, and I’m thankful for each day.

Cades Cove, Tennessee with my wife

So what does a brain tumor story tell us about audits? (You may, at this point, be thinking: they did cook the wrong part.)

Audit Lessons Learned from a Brain Tumor

1. Pay Attention to Signs

It’s easy to overlook the obvious. Maybe we don’t want to see a red flag (I didn’t want to believe I had a tumor). It might slow us down. But an audit is not purely about finishing and billing. It’s about gathering proper evidential matter to support the opinion. To do less is delinquent and dangerous.

2. Seek Alternatives

If you can’t gain appropriate audit evidence one way, seek another. Don’t simply push forward, using the same procedures year after year. The doctor in Atlanta was a surgeon, so his solution was surgery. His answer was based on his tools, his normal procedures. If you’ve always used a hammer, try a wrench.

3. Seek Counsel

If one answer doesn’t ring true, see what someone else thinks, maybe even someone outside your firm. Obviously, you need to make sure your engagement partner agrees (about seeking outside guidance), but if he or she does, go for it. I often call the AICPA hotline. I find them helpful and knowledgeable. I also have relationships with other professionals, so I call friends and ask their opinions–and they call me. Check your pride at the door. I’d rather look dumb and be right than to look smart and wrong.

4. Embrace Change

Fractionated stereotactic radiation was new. Dr. Williams was a pioneer in the technique. The only way your audit processes will get better is to try new techniques: paperless software (we use Caseware), data mining (we use IDEA), real fraud inquiries (I use ACFE techniques), electronic bank confirmations (I use Confirmation.com), project management software (I use Basecamp). If you are still pushing a Pentel on a four-column, it’s time to change.

Postscript

Finally, remember that work is important, but life itself is the best gift. Be thankful for each moment, each hour, each day.