Audit Planning Analytics for First-Year Businesses

How to create planning analytics when there is no prior year

How do you create audit planning analytics for first-year businesses? We commonly compare current year numbers to the prior period, but, in this case, there are no prior year numbers. What other options are available?

Audit Planning Analytics for First Year

Courtesy of iStockphoto.com

Planning Analytics for First-Year Businesses

Audit standards don’t require the use of any particular analytics, so let’s think outside the box (of comparing current and prior year numbers). There are at least four alternatives:

  1. Nonfinancial information
  2. Ratios compared to industry averages
  3. Intraperiod totals (e.g., monthly or quarterly)
  4. Budgetary comparisons

How can we use nonfinancial information?

AU-C 315, paragraph .A7 states:

Analytical procedures performed as risk assessment procedures may include both financial and nonfinancial information (for example, the relationship between sales and square footage of selling space or volume of goods sold).

First Option

So one option is to compute expected numbers using nonfinancial information. Then compare the calculated numbers to the general ledger to search for unexpected variances.

Second Option

A second option is to calculate ratios common to the entity’s industry and compare the results to industry benchmarks. While industry analytics can be computed, I’m not sure how useful they are. An infant company often will not generate numbers comparable to more mature entities. But we’ll keep this choice in our quiver, just in case.

Third Option

A more useful option is the third–comparing intraperiod numbers. First, discuss the expected monthly or quarterly revenue trends with the client before you examine the accounting records. The warehouse foreman might say, “We shipped almost nothing the first six months. Then things caught fire. My head was spinning the last half of the year.” Does the general ledger reflect this story? Did revenues and costs of goods sold significantly increase in the latter half of the year?

Fourth Option

The last option we’ve listed is a review of the budgetary comparisons. Some entities, such as governments, lend themselves to this alternative; others, not so–those that don’t adopt budgets.

Summary

So, yes, it is possible to create useful risk assessment analytics–even for the first year of operation.

Remember: planning analytics are for the purpose of detecting risk. If the numbers don’t line up as expected, then you have a risk indicator. It is here that you may need to respond with substantive procedures.

Other Ideas?

What planning analytics do you perform for first-year audit clients?

Stay in the Know with CPA Scribo

Stay up to date with CPA Scribo. It’s free and takes less than a minute. Then, about once per week, you will receive an email with my new blog posts.

Audit Lessons from a Brain Tumor

Life teaches us unexpected lessons

I said to my wife, “Am I driving straight?” I felt as if I was weaving, not quite in control. I felt dizzy and heard clicking noises in my ears.

The mystery only increased over the next two years as I visited three different doctors. They stuck, prodded, and probed me–but no solution.

Frustrating.

Doctor Looking at Head Xray on blue

Picture is courtesy of istockphoto.com

Meanwhile, I felt a growing numbness on the right side of my face. So one night I started Googling health websites (the thing they tell you not to do) and came upon this link: Acoustic Neuroma Association. I clicked it. It was like reading my diary. It couldn’t be. A brain tumor.

The next day I handed my doctor the acoustic neuroma information and said, “I think this is what I have. I want a brain scan.”

Two days after the scan, while on the golf course, I received the doctor’s call: “Mr. Hall, you were right. You have a 2.3-centimeter brain tumor.” (I sent him a bill for my diagnosis but he never paid–just kidding.) My golfing buddies gathered around and prayed for me on the 17th green, and I went home to break the news to my wife. I had two children, two and four at the time. I was concerned.

Shortly after that, I was in a surgeon’s office in Atlanta. The doctor said they’d do a ten-hour operation; there was a 40% chance of paralysis and a 5% chance of death. The tumor was too large for radiation–or so I was told.

I didn’t like the odds, so I prayed more and went back to the Internet. There I located Dr. Jeffrey Williams at Johns Hopkins Hospital in Baltimore. I emailed the good doctor, telling him of the tumor’s size. His response: “I radiate tumors this size every day.” He was a pioneer in fractionated stereotactic radiation, one of the few physicians in the world using this procedure (at the time).

A few days later, I’m lying on an operating table in Baltimore with my head bolted down, ready for radiation. They bolt you down to ensure the cooking of the tumor (and not the brain). Fun, you should try it. Four more times I visited the table. Each time everyone left the room–a sure sign you should not try this at home.

Each day I laid there silently, talking to God and trusting Him.

Three weeks later I returned to work. Eighteen years later, I have had one sick day.

I’ve watched my children grow up. They are twenty-one and twenty-three now–both finished college. My daughter is engaged to be married. My wife is still by my side, and I’m thankful for each day.

Cades Cove, Tennessee with my wife

So what does a brain tumor story tell us about audits? (You may, at this point, be thinking: they did cook the wrong part.)

Audit Lessons Learned from a Brain Tumor

1. Pay Attention to Signs

It’s easy to overlook the obvious. Maybe we don’t want to see a red flag (I didn’t want to believe I had a tumor). It might slow us down. But an audit is not purely about finishing and billing. It’s about gathering proper evidential matter to support the opinion. To do less is delinquent and dangerous.

2. Seek Alternatives

If you can’t gain appropriate audit evidence one way, seek another. Don’t simply push forward, using the same procedures year after year. The doctor in Atlanta was a surgeon, so his solution was surgery. His answer was based on his tools, his normal procedures. If you’ve always used a hammer, try a wrench.

3. Seek Counsel

If one answer doesn’t ring true, see what someone else thinks, maybe even someone outside your firm. Obviously, you need to make sure your engagement partner agrees (about seeking outside guidance), but if he or she does, go for it. I often call the AICPA hotline. I find them helpful and knowledgeable. I also have relationships with other professionals, so I call friends and ask their opinions–and they call me. Check your pride at the door. I’d rather look dumb and be right than to look smart and wrong.

4. Embrace Change

Fractionated stereotactic radiation was new. Dr. Williams was a pioneer in the technique. The only way your audit processes will get better is to try new techniques: paperless software (we use Caseware), data mining (we use IDEA), real fraud inquiries (I use ACFE techniques), electronic bank confirmations (I use Confirmation.com), project management software (I use Basecamp). If you are still pushing a Pentel on a four-column, it’s time to change.

Postscript

Finally, remember that work is important, but life itself is the best gift. Be thankful for each moment, each hour, each day.

Disbursement Fraud Audit Tests: Five Powerful But Simple Ideas

Here are five fraud tests you can use on your audits

You are leading the audit team discussion concerning disbursements, and a staff member asks, “Why don’t we ever perform fraud tests? It seems like we never introduce elements of unpredictability.”

You respond by saying, “Yes, I know the audit standards require unpredictable tests, but I’m not sure what else to do. Any fresh ideas?”

The staff member sheepishly responds, “I’m not sure.” 

You remember a blog post addressing how fraud can sting auditors, and you think, “What can we do?”

disbursement fraud audit tests

Picture from AdobeStock.com

Five Disbursement Fraud Tests

Here are five disbursement fraud tests that you can perform on most any audit.

1. Test for duplicate payments

Why test?

Theft may occur as the accounts payable clerk generates the same check twice, stealing and converting the second check to cash. The second check may be created in a separate check batch, a week or two later. This threat increases if (1) checks are signed electronically or (2) the check-signer commonly does not examine supporting documentation and the payee name.

How to test?

Obtain a download of the full check register in Excel. Sort by dollar amount and vendor name. Then investigate same-dollar payments with same-vendor names above a certain threshold (e.g., $25,000).

2. Review the accounts payable vendor file for similar names

Why test?

Fictitious vendor names may mimic real vendor names (e.g., ABC Company is the real vendor name while the fictitious name is ABC Co.). Additionally, the home address of the accounts payable clerk is assigned to the fake vendor (alternatively, P.O. boxes may be used).

The check-signer will not recognize the payee name as fictitious.

How to test?

Obtain a download of all vendor names in Excel. Sort by name and visually compare any vendors with similar names. Investigate any near-matches.

3. Check for fictitious vendors

Why test?

The accounts payable clerk may add a fictitious vendor (one in which no similar vendor name exists, as we saw in the preceding example).

The fictitious vendor address? You guessed it: the clerk’s home address (or P.O. Box).

Pay particular attention to new vendors that provide services (e.g., consulting) rather than physical products (e.g., inventory). Physical products leave audit trails; services, less so.

How to test?

Obtain a download in Excel of new vendors and their addresses for a period of time (e.g., month or quarter). Google the businesses to check for validity; if necessary, call the vendor. Or ask someone familiar with vendors to review the list (preferably someone without vendor set-up capabilities).

4. Compare vendor and payroll addresses

Why test?

Those with vendor-setup ability can create fictitious vendors associated with their own home address. If you compare all addresses in the vendor file with addresses in the payroll file, you may find a match. (Careful – sometimes the match is legitimate, such as travel checks being processed through accounts payable.) Investigate any suspicious matches.

How to test?

Obtain a download in Excel of (1) vendor names and addresses and (2) payroll names and addresses. Merge the two files; sort the addresses and visually inspect for matches.

5. Scan all checks for proper signatures and payees

Why test?

Fraudsters will forge signatures or complete checks with improper payees such as themselves.

How to test?

Pick a period of time (e.g., two months), obtain the related bank statements, and scan the checks for appropriate signatures and payees. Also, consider scanning endorsements (if available).

Your Ideas

Those are a few of my ideas. Please share yours.

My fraud book provides more insights into why fraud occurs, how to detect it, and–most importantly–how to prevent it. Check it out on Amazon by clicking here. The book focuses on local government fraud, but most of the information is equally applicable to small businesses.

How to Create New Accounting Products and Services

Here are steps to ensure the success of your new projects

This is a guest post by Harry Hall, the Project Risk Coach. Harry is a speaker, teacher, and blogger who helps leaders and project managers get results. Harry has managed projects–mainly for insurance companies–for more than 17 years. He also teaches project management courses to CPA firms. Harry lives in Macon, Georgia with his wife Sherri. He can be found on LinkedIn.

Are you wondering how to create new accounting products and services? In this post, I’ll explain how.

how to create new accounting products and services

Imagine an accounting firm (we’ll call it Premier CPAs) that has struggled in recent years. Revenue is down, and the firm has lost several top clients. To make matters worse, the firm recently received a fail report in its peer review.

The partners recently met and were brutally honest with one another. Something has to change.

Premier CPAs has a great team of auditors. However, they are failing to understand their client’s needs, and they are not changing their business model accordingly. Over time, competing CPA firms have created superior products and services.

The partners selected a team to go offsite and develop a strategic plan. The group was challenged to perform an assessment of where the firm is and where it needs to go.

The top strategies identified were to:

  • Implement a more modern auditing software solution
  • Map and re-engineer Premier CPAs’ audit processes
  • Implement a small customer service center

How to Make Your Dreams Come True

Great ideas, but how do we make them a reality? It’s easy to talk about things, but it’s another matter to plan and execute new ideas.

Well, you could do this like many lack-luster firms. Just do the projects willy-nilly. Do it as you have time. Find a few warm bodies who are not busy to do the work. Maybe assign the activities to the IT guy.

Will you get there? Maybe, but how long will it take? How much further will you fall behind your competition?

Take a different approach. Focus on your goals and strategies. Be intentional.

How to Create New Accounting Products and Services

The following steps can put you on a fast track to greater success:

  1. Define your projects. In the initiation of your projects, define them with project charters. Spell out the problems you are attacking, your goals, what you will deliver, the assumptions of the project, the constraints of the project, key stakeholders, top risks, and who will serve on the project team.
  2. Assign project sponsors. Select partners and senior management who will define and cast the vision for the projects. These leaders should have the authority to provide resources and money to complete the projects. While the project team does most of the work, the sponsors are ultimately responsible for ensuring success (and should be held accountable).
  3. Create project teams. One of the most important things you can do for your projects is to staff the teams. Carefully select individuals who have the knowledge and skills to deliver the project in a timely manner. There will likely be some opportunity cost in this equation. You may have to assign some audit personnel to perform the project work.
  4. Kick off projects. Get your project team and key stakeholders together for the project kick-off. The sponsors should share their vision for the project. The individual leading the project (i.e., project manager) should review the project charter, ensuring that everyone understands the project and their roles.
  5. Monitor progress. The project managers should periodically meet with their team members to check the status of the project and to plan their next steps. The project managers report to the sponsors, and in some firms, the sponsors report to senior management and partners. Doing so provides transparency throughout the firm’s leadership.
  6. Celebrate success. Create a robust project culture by celebrating when teams hit milestones or complete projects on time and under budget. Thank your teams.
  7. Perform benefits realization. How do we ensure that the projects produce the desired results? Measure your results at designated times (e.g., six months and twelve months after the completion of each project).

Parting Words…This Is NOT Easy

These steps may require a significant transformation in the firm’s culture. Changing what people believe, their attitudes, and their behavior is the toughest part of creating a productive project culture.

First, leadership is required, not optional. Without a firm hand, people will fall back into old bad habits. The senior leadership team of the firm must consistently communicate their expectations and lead by example. Make sure there is a high level of accountability with appropriate rewards and recognition for high performing teams.

Second, train your teams in project management. At a minimum, identify and train individuals who will serve as project managers. You may want to get a project coach to work with your firm. Many progressive firms require their project managers to get project management certifications.

Lastly, all of these actions must be performed with an eye on your firm’s strategic goals and objectives. Make sure the changes align and support your vision, mission, and goals.

Your best days are ahead!

Wire Transfer Theft: How to Prevent It

How to steal $6.9 million in less than an hour

In one of the easiest thefts I’ve read about, a nonprofit administrative officer wired $6.9 million from an Ohio bank account to another account in Austria. The wire transfer originated with the fax of a letter (which took less than an hour to create). Since the officer was authorized to make wire transfers, no one at the bank questioned the transaction–until it was too late. The fraudster landed in Austria, called his wife and said, “I’m not coming home.” Interestingly, the wife called the police and turned her husband in; he later came back to the states of his own volition (after his wife gave him an earful). He went to jail. I guess, after a few boat rides down the Danube, he missed his family.

Preventing wire transfer theft

Picture from AdobeStock.com

Wire Transfer Theft is Easy

It’s easy for an accounting clerk (or other authorized company official) to wire funds and to cover their tracks with a journal entry – too easy in many cases. If a company  accountant or official has the ability to (1) wire funds by himself and (2) make journal entries without a second-person review, then the organization has left the fraud door wide open. Such a situation is not uncommon in small businesses, nonprofits and governments.

As you think about wire transfers, consider that they can be originated with a fax, a phone call, a personal visit to the bank, or a computer. Determine how your bank handles wire transfers and craft your internal controls based on those dynamics.

Wire Transfer Internal Controls

Organizations should do the following to mitigate wire transfer fraud:

  1. Require the bank to limit daily wire transfer amounts (e.g., $25,000 per day for each employee)
  2. Require two persons to consummate all wire transfers to external parties (the most important control in my opinion)
  3. If the wire transfer request is by phone or by fax, require the bank to call your organization back before the wire transfer is consummated
  4. The bank should require the use of unique passwords to access wire-transfer software; consider using a bank that provides bank token keys (small hand-held devices that generate unique identification numbers; these numbers are keyed into the bank software as a part of the transfer request)
  5. Restrict the bank accounts from which a wire transfer can be made (the organization may want to limit external wire transfers to just one bank account)
  6. Restrict certain bank accounts so that wire transfers can only be made to other bank accounts of the organization (e.g., transfer from operating bank account to payroll bank account)
  7. Have someone peruse the daily bank account activity (using online access); at a minimum, reconcile bank statements in a timely fashion (large organizations should consider reconciling bank accounts more frequently than once a month; some reconcile daily)
  8. Require sufficient documentation for all wire transfer journal entries; require a second-person review of these journal entries
  9. Consider using a dedicated computer for all wire transfers; do not use this computer for any other purpose (malware is often picked up by computers as they visit Internet websites)
  10. Use all bank-provided wire transfer controls
  11. Any transactions over a certain high dollar amount (e.g., $50,000) must have the approval of the business owner/CEO

Use Fraud Prevention Controls Offered by Banks

Not using controls offered by banks may make your organization liable should funds be stolen by hackers. One company sued its bank when hackers took $440,000 from its bank account with a wire transfer; the judge ruled against the company because it had opted out of control procedures offered by the bank. Also make sure your company uses appropriate firewall and antivirus protection.

Closing Words

If one person can make external wire transfers and journal entries to record those transactions, you have the makings of wire fraud–soon you may see that employee on Facebook, riding down the old Danube.

Video from Gary Zeune

You can see a news video about the nonprofit fraud mentioned above at Gary Zeune’s website: The Pros and The Cons. (If you have not heard Gary speak about fraud, you should do so. He does a great job.)

Assessing Audit Control Risk at High (and Saving Time)

Assessing control risk at high is often an efficiency decision

At times, auditors errantly assess control risk at less than high. Why? Because the (lower) assessment is not supported by a test of controls.

So can you assess control risk at high without testing controls? Yes–and you may want to. Below you’ll see why.

We have been told that “you can’t default to maximum risk.” While we can’t default to maximum (the old pre-risk-assessment standards term), we can–and in many audits should–assess control risk at high (the present risk assessment term).

assess control risk

Picture is from AdobeStock.com

Assessing Control Risk at High

First, the auditor should determine the existence and location of risks–the purpose of risk assessment procedures. Once risk assessment procedures (walkthroughs, inquiries, analytics, etc.) are performed, we know more about what the risks are and where they are. Then we can assess control risk (CR) at whatever level we desire (if CR is below high, then controls must be tested to support the lower risk assessment).

The Efficiency Decision

At this point, our assessment of control risk becomes a question of efficiency. We can:

  1. Assess control risk at high and not perform additional tests of controls, or
  2. Assess control risk at low to moderate and test the operating effectiveness of controls

The salient question is, “Which option is most efficient?”

Risk Assessment Procedures

Risk assessment procedures, such as walkthroughs, generally are not sufficient to support a low to moderate control risk assessment. A walkthrough (often a test of one transaction) allows us to see if appropriate controls are in place. They don’t, however, tell us if the controls are consistently working.

Testing Controls

AU-C Section 330.08 states: The auditor should design and perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls if the auditor’s assessment of risks of material misstatement…includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining…substantive procedures).

A test of one transaction–often performed in walkthroughs–generally is not considered “sufficient appropriate audit evidence” to assess control risk at less than high.

Back to the Efficiency Issue

image

To test and rely on controls, the auditor should examine more transactions. We might, for example, test forty disbursements for proper purchase orders. If the control is working, then we can assess control risk at low to moderate and decrease our substantive work. We could, for example, test fewer additions to plant, property and equipment.

If it takes longer to test controls (e.g., the forty purchase orders) than to perform substantive tests (e.g., vouching invoice support for additions to plant, property and equipment), then it makes more sense to assess control risk at high and perform substantive procedures. And we should do just that–if we desire to make a higher profit on the engagement (and I’m betting you do).

For example, if it takes six hours to test forty transactions for appropriate purchase orders, and it takes four hours to vouch all additions to plant, property, and equipment, then we should assess control risk at high and not perform the test of controls. We should perform the substantive procedure of vouching all significant additions to plant, property, and equipment.

Reducing Substantive Tests (Without Testing Controls)

Can we assess the risk of material misstatement (RMM) at low to moderate without testing controls?

Yes.

If the inherent risk (IR) is low to moderate, then our combined risk of material misstatement can easily be low to moderate. (Let me encourage you to assess risk at the assertion level and not at the transaction level, but I will save that topic for another post.)

For example, a low inherent risk and a high control risk can yield a low to moderate RMM. In an equation it looks like this:

 IR         CR         RMM            Audit Approach
Low X High = Moderate              Basic

This approach produces a moderate RMM without testing controls. A moderate RMM supports a basic approach, and a basic approach means we are performing fewer substantive tests (a high RMM means the auditor will perform more substantive tests).

In short, many times inherent risk is low to moderate. If you combine a low to moderate inherent risk with a high control risk, you can assess RMM at low to moderate. This low to moderate RMM comports with a basic audit approach. Continuing with our plant, property and equipment example from above, you can–with the low to moderate RMM–test fewer asset purchases. And no test of controls is necessary.

This approach–assessing control risk at high after performing risk assessment procedures–often creates greater audit efficiency and is compliant with audit standards. Alternatively, we should assess control risk below high and test controls if this approach takes less time.

Why Assessing Control Risk at High is (Often) More Efficient

Conclusion

I started this post by saying we sometimes errantly assess control risk. By this, I mean we sometimes assess control risk at low to moderate without a sufficient test of controls. If we assess control risk at less than high, then we must test controls.

What are your thoughts about assessing control risk?

Should You Perform Audit Walkthroughs Annually?

Post 4 - Corroborating your understanding of controls

Audit walkthroughs, sometimes referred to as “cradle to grave” reviews of transaction cycles, are performed for significant transaction cycles and should be performed early in the audit process. The auditor starts at the beginning of a transaction cycle and walks a transaction completely through the accounting system while observing controls. Why? To see if controls exist and are in use–and ultimately, to identify risks.

audit walkthroughs

Picture from AdobeStock.com

Are Internal Control Walkthroughs Required?

How often is the auditor required to perform a walkthrough?

Answer: Once per year, if this is how you corroborate your understanding of the cycle. Walkthroughs are not required, but you do need to verify your understanding of the accounting system and related controls–and I can think of no better way.

Recently, I was asked, “If a walkthrough is not used, what else can I do?” While questionnaires can be used, there is a risk that key internal controls will be missed. What if the questionnaire doesn’t address a critical piece of the control structure? Walking a transaction through the accounting system and reviewing related controls ensures a full understanding.

AICPA Guidance Concerning Annual Walkthroughs

TIS Section 8200.12, as issued by the AICPA, states the following:

Inquiry—AU section 314 (now AU-C 315) requires the auditor to obtain an understanding of internal control. An auditor might perform walkthroughs to confirm his or her understanding of internal control. If the auditor decides to use walkthroughs to confirm his or her understanding of internal control, how often do walkthroughs need to occur?

Reply—In accordance with AU Section 314 (now AU-C 315), the auditor is required to obtain an understanding of internal control to evaluate the design of controls and to determine whether they have been implemented. To do that, performing a walkthrough would be a good practice. Accordingly, auditors might perform a walkthrough of significant accounting cycles every year [emphasis added].

Controls Documented in Prior Period

In some situations, AU-C section 315 allows the auditor to rely on audit evidence obtained in prior periods. In those situations, the auditor is required to perform audit procedures to establish the continued relevance of the audit evidence obtained in prior periods (for example, by performing a walkthrough). So, an auditor might perform walkthroughs every year to update his or her understanding. (I know the TIS says “might,” but it does appear the AICPA encourages annual walkthroughs.)

Summary Thoughts

Remember, a walkthrough is a risk assessment procedure. As such, it should be performed early in the audit–not as we are finalizing the work paper file. Identify risks and then create audit steps to respond.

Too many auditors see walkthroughs as “something we do because we have to,” rather than as procedures that inform the audit process. That’s why some auditors document walkthroughs at the end of the audit. 

Audits should be performed in the following order:

  1. Identify risk
  2. Assess risk
  3. Create an audit plan
  4. Execute the audit plan
  5. If necessary, revise the risk assessment and audit plan (if new risks are identified during step 4.)

Walkthroughs should be performed in step 1., not after step 4.

See my prior walkthrough posts:

Post 1 – Why Should Auditors Perform Audit Walkthroughs?

Post 2 – How to Identify Risks of Material Misstatements with Audit Walkthroughs

Post 3 – How to Document Audit Walkthroughs

Omission of MD&A from Governmental Financial Statements

Governments can exclude the MD&A from their financial statements

According to AU-C 730, the auditor’s report on the financial statements should include an other-matter paragraph that refers to the required supplementary information (RSI). In governmental financial statements, the management, discussion, and analysis (MD&A) is considered RSI. Though the MD&A is “required” supplementary information, governments can–strangely enough–exclude it from the financial statements.

omission of management, discussion and analysis

Picture from AdobeStock.com

Omitting the MD&A – Effect on an Audit Opinion

If the required supplementary information is omitted, the auditor should include an other-matter paragraph in the opinion such as the following:

Management has omitted the management, discussion, and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board, who considers it to be an essential part of financial reporting for placing the basic financial statements in an appropriate operational, economic, or historical context. Our opinion on the basic financial statements is not affected by this missing information.

Notice the omission of the MD&A does not affect the opinion rendered (in other words, it does not result in a modified report).

RSI Audit Standard

AU-C 730 is the audit standard for required supplementary information. Click here for an overview of the supplementary information audit standards. The former supplementary information standards were SASs 118, 119 and 120; those standards are now–under the Clarity Standards–AU-C sections 720, 725, and 730.

Omitting the MD&A – Effect on a Compilation Report

In compilation reports, the language is as follows:

Management has omitted the management, discussion and analysis that accounting principles generally accepted in the United States of America require to be presented to supplement the basic financial statements. Such missing information, although not a part of the basic financial statements, is required by the Governmental Accounting Standards Board which considers it to be an essential part of financial reporting and for placing the basic financial statements in an appropriate operational, economic, or historical context. 

How to Identify and Manage Audit Stakeholders

Identifying your audit stakeholders can assist in identifying audit risks

This is a guest post by Harry Hall. He is a Project Management Professional (PMP) and a Risk Management Professional (PMI-RMP). He blogs at ProjectRiskCoach. You can also follow Harry on Twitter.

Some auditors perform the same procedures year after year. These individuals know the drill. Their thought is: been there; done that.

Imagine a partner or an in-charge (i.e., project manager) with this attitude. He does little analysis and makes some costly stakeholder mistakes. As the audit team starts the audit, they encounter surprises:

  • Changes in the client stakeholders – accounting personnel and management
  • Changes in accounting systems and reporting
  • Changes in business processes
  • Changes in third-party vendors
  • Changes in the client’s external stakeholders
Identifying audit stakeholders

Picture from AdobeStock.com

Furthermore, imagine the team returning to your office after the initial work is done. The team has every intention of continuing the audit; however, some members are being pulled for urgent work on a different audit.

These changes create audit risks–both the risk that the team will issue an unmodified opinion when it’s not merited and the risk that engagement profit will diminish. Given these unanticipated factors, the audit will likely take longer and cost more than planned. And here’s another potential wrinkle: Powerful, influential stakeholders may insist on new deliverables late in the project.

So how can you mitigate these risks early in your audit?

Perform a stakeholder analysis.

“Prior Proper Planning Prevents Poor Performance.” – Brian Tracy

The Why and How of Auditing Payables and Expenses

Here's an overview of common payable and expense risks and how to audit them

Are you auditing payables and expenses? In this post, we’ll answer questions such as, “how should we test accounts payable?” and “should I perform fraud-related expense procedures?” We’ll also take a look at common risks and how to respond to them.

auditing payables and expenses

Picture from AdobeStock.com

Auditing Accounts Payable and Expenses — An Overview

What is a payable? It’s the amount a company owes for services rendered or goods received. Suppose the company you are auditing receives $2,000 in legal services in the last week of December, but the law firm sends the related invoice in January. The company owes $2,000 as of December 31, 2016. The services were provided, but the payment was not made until after the period-end. Consequently, the company records the $2,000 in its year-end payables. 

In determining whether payables exist, I like to ask, “if the company closed down at midnight on the last day of the month, would it have a legal obligation to pay for a service or good?” If the answer is yes, then record the payable—even if the invoice is received after the month-end. Has the service been received by month-end? Have the goods been received by month-end? If yes and the company has not paid for the service or good by month-end, then the company has a payable.

In this post, we will cover the following:

  • Primary accounts payable and expenses assertions
  • Accounts payable and expense walkthroughs
  • Directional risk for accounts payable and expenses
  • Primary risks for accounts payable and expenses
  • Common accounts payable and expenses control deficiencies
  • Risk of material misstatement for accounts payable and expenses
  • Substantive procedures for accounts payable and expenses
  • Typical accounts payable and expense work papers