The Why and How of Auditing Payables and Expenses

Here's an overview of common payable and expense risks and how to audit them

Are you auditing payables and expenses? In this post, we’ll answer questions such as, “how should we test accounts payable?” and “should I perform fraud-related expense procedures?” We’ll also take a look at common risks and how to respond to them.

auditing payables and expenses

Picture from AdobeStock.com

Auditing Accounts Payable and Expenses — An Overview

What is a payable? It’s the amount a company owes for services rendered or goods received. Suppose the company you are auditing receives $2,000 in legal services in the last week of December, but the law firm sends the related invoice in January. The company owes $2,000 as of December 31, 2016. The services were provided, but the payment was not made until after the period-end. Consequently, the company records the $2,000 in its year-end payables. 

In determining whether payables exist, I like to ask, “if the company closed down at midnight on the last day of the month, would it have a legal obligation to pay for a service or good?” If the answer is yes, then record the payable—even if the invoice is received after the month-end. Has the service been received by month-end? Have the goods been received by month-end? If yes and the company has not paid for the service or good by month-end, then the company has a payable.

In this post, we will cover the following:

  • Primary accounts payable and expenses assertions
  • Accounts payable and expense walkthroughs
  • Directional risk for accounts payable and expenses
  • Primary risks for accounts payable and expenses
  • Common accounts payable and expenses control deficiencies
  • Risk of material misstatement for accounts payable and expenses
  • Substantive procedures for accounts payable and expenses
  • Typical accounts payable and expense work papers

The Little Book of Local Government Fraud Prevention

Whether your government is small or large, this book provides guidance in reducing theft

Do you desire to fight fraud in governments? Or maybe you are just curious about how fraudsters get away with their wily schemes. See my book The Little Book of Local Government Fraud Prevention. You can purchase it on Amazon as a paperback. Also, the ebook is available as a Kindle download.

Local Government Fraud Prevention

Fraud occurs in local governments in a multitude of ways, yet many cities, counties, school systems, authorities, and other public entities are ill-prepared to prevent or detect its occurrence. Why is this so? Some governments place too much reliance on annual audits as a cure-all, but clean audit opinions don’t mean that fraud is not occurring. And some governments fail to understand how vulnerable they are–until it’s too late.

Why is local government fraud so common? Many small governments don’t have a sufficient number of employees to segregate accounting duties. It is also these smaller governments that place too much trust in their accounting personnel. This combination of a lack of segregation of duties and too much trust in key employees often leads to significant losses from theft.

The Little Book of Local Government Fraud Prevention provides several real-life stories of fraud. The stories will inform you about how local government employees steal. Then I provide you with prevention techniques to assist you in mitigating fraud risks. In one story, for example, the book shows how a single municipal employee stole over $53 million dollars, all from a city of just 16,000 citizens.

If you audit governments, you will find this book helpful in pinpointing common areas where governmental fraud occurs. The book also includes fraud audit checklists and fraud detection procedures. Whether you are an internal or external auditor, you will find fresh ideas for prevention and detection.

The Little Book of Local Government Fraud Prevention will assist you if you are a:

1. Local government accounting employee
2. Local government elected official
3. Local government auditor
4. Local government attorney
5. Certified Public Accountant
6. Certified Fraud Examiner

Even if you don’t work with governments, you’ll find this book useful. I provide fraud prevention steps for transaction cycles such as billing and collections, payables and expenses, payroll, and capital assets.

Together we can bring down the risk of fraud and corruption in our local governments. Come join the team. We’ll all be better for it.

If you don’t desire to spend money on the book, here’s a free list of controls.

Supplementary Information Audit Opinion

You can report on supplementary information in an audit opinion or as a separate report

Are you looking for a supplementary information audit opinion example? Well, here it is.

supplementary information audit opinion

Picture from AdobeStock.com

Two Options for Reporting

You can opine on supplementary information in two ways:

  1. In the financial statement opinion or
  2. In a separate opinion that addresses just the supplementary information

Below you will see sample wording for both options.

Auditing Property: The Why and How Guide

Here's an overview of how to audit property

Are you wondering about how to audit property?

Today, we’ll answer questions such as, “how should we test additions and retirements of property?” and “what should we do in regard to fair value impairments?” 

how to audit property

Picture is from AdobeStock.com

Auditing Property — An Overview

Property is sometimes referred to as plant, property, and equipment or capital assets. In this post, I’ll use the word “property.”

We will cover the following:

  • Primary property assertions
  • Property walkthroughs
  • Directional risk for property
  • Primary risks for property
  • Common property control deficiencies
  • Risk of material misstatement for property
  • Substantive procedures for property
  • Common property work papers

Top 10 Technology Tips for Accountants

Here are tips to make your accounting life more productive

Are you looking for technology tips for accountants? Here are ten tips that will make you more productive.

Technology tips for accountants

Ten Technology Tips for Accountants

Here are my top ten technology tips in no certain order (with links to prior blog posts).

  1. Use Skitch to create annotated screenshots.
  2. Use Office 365 to jointly create Word or Excel documents with others.
  3. Use Basecamp to manage projects (such as audits).
  4. Use Scanbot as your phone scanner.
  5. Use a Livescribe pen to take notes with audio.
  6. Use Evernote as your personal digital library.
  7. Travel light as a minimalist auditor.
  8. Use your cell phone in creative ways as an accountant.
  9. Use technology to save your life.
  10. Use technology to make your office work life more efficient.

Those are my ideas. What are yours?

Elements of Unpredictability in Financial Statement Audits

Audit standards require an elements of unpredictability

The audit standards require elements of unpredictability. Why? So clients can’t guess what the auditor is going to do. Clients naturally observe and learn what auditors normally do. The client’s knowledge of what is audited (and what is not) makes it easier to steal–simply take from unaudited places. This knowledge also enables the company to manipulate numbers–do so in unaudited balances.

The purpose of the unpredictable element is to create uncertainty–in the client’s mind–about what we will audit.

elements of unpredictability

Picture from AdobeStock.com

Elements of Unpredictability – The Audit Standards

AU-C 240.29 states the following:

In determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor should…incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.

AU-C 240.A42 states:

Incorporating an element of unpredictability in the selection of the nature, timing, and extent of audit procedures to be performed is important because individuals within the entity who are familiar with the audit procedures normally performed on engagements may be better able to conceal fraudulent financial reporting. This can be achieved by, for example,

  • performing substantive procedures on selected account balances and assertions not otherwise tested due to their materiality or risk.
  • adjusting the timing of audit procedures from that otherwise expected.
  • using different sampling methods.
  • performing audit procedures at different locations or at locations on an unannounced basis.

Examples of Unpredictable Audit Procedures

To introduce elements of unpredictability, perform procedures such as these:

  • Examine payments less than your normal threshold in your search for unrecorded liabilities (e.g., in the last three years your threshold was $7,000; this year, it’s $3,000)
  • Perform a surprise unannounced review of teller cash (for a bank client)
  • Make a physical visit to the inventory location one month after the end of the year and review inventory records (assuming you don’t normally do so)
  • Review payroll salary authorization sheets for ten employees and agree to amounts in the payroll master table (in the payroll software)
  • Test a bank reconciliation for the seventh month in the year being audited (in addition to the year-end bank reconciliation)
  • Confirm an immaterial bank account that you haven’t confirmed in the past
  • Pick ten vendors at random and perform procedures to verify their existence (as a test for fictitious vendors)

Document Your Unpredictable Test

Since unpredictable tests are required in every audit, document where you performed this procedure. Reference your audit program step for unpredictable tests to the work performed. Title your work paper, “Unpredictable Test,” and then add a purpose statement such as, “Purpose: To confirm the immaterial bank account with ABC Bank as an unpredictable test.” Doing so will eliminate the potential for a peer reviewer to say, “that’s a normal procedure.” You are overtly stating the purpose of the test is to satisfy the unpredictable test requirement.

Change Your Unpredictable Tests Annually

Change your unpredictable tests annually. Otherwise, they will–over time–become predictable.

The Why and How of Audit Planning: The Audit Strategy and Plan

See how to develop your plan to be effective and efficient

In this post, we will explore how to develop your audit plan so that it is effective (in compliance with audit standards) and efficient (so you can make money). Now it’s time to link your risk assessment work to your audit strategy and plan.

AU-C 300 states, “The objective of the auditor is to plan the audit so that it will be performed in an effective manner.” We also desire—though not an objective of the audit standards—to plan for efficiency, so the engagement is profitable. As you plan, consider two words: effectiveness and efficiency. 

Audit strategy and planning

Picture from AdobeStock.com

Audit Strategy and Plan

To be in compliance with audit standards, you need to develop:

  • Your audit strategy
  • Your audit plan

Developing Your Audit Strategy

What’s in the audit strategy? The audit strategy includes the following:

  • The characteristics of the engagement that define its scope
  • The reporting objectives of the engagement 
  • The significant factors to be used in directing the engagement team
  • The results of preliminary engagement activities 
  • Whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant
  • The resources necessary to perform the engagement

Think of the audit strategy as the big picture. You are documenting:

  • The scope (the boundaries of the work)
  • The objectives (what are the deliverables?) 
  • The significant factors (e.g., is this a new or complex entity?)
  • The risk assessment (what are the risk areas?)
  • The planned resources (e.g., the engagement team) 

Strategy for Walking on the Moon

When NASA planned to put a man on the moon, they—I am sure—created a strategy for Apollo 11. It could have read as follows:

We will put a man on the moon. The significant factors of our mission include mathematical computations, gravitational pull, thrust, and mechanics. The risks include threats to our astronauts’ lives, so we need to provide sufficient food, air, sound communications, and a safe vessel. The deliverable will be the placement of one man on the moon and the safe return of our three astronauts. The engagement team will include three astronauts, launch personnel at Kennedy Space Center, and mission-control employees in Houston, Texas. 

Audit Strategy and Plan

Picture from AdobeStock.com

The strategy led to Neil Armstrong’s historic walk on July 20, 1969.

Our audit strategy—in a more pedestrian pursuit—is a summary of objectives, resources, and risk. It’s the big picture. Our strategy leads to the successful issuance of our audit opinion (not quite as exciting as walking on the moon, but still important).

Did NASA perform any risk assessments before creating its strategy and plans? You bet. The lives of Neil Armstrong, Michael Collins, and Buzz Aldrin counted on it. So, the Agency took every precaution. NASA used the risks to define the project details—what we call our audit plan (or audit program). As with all projects, you must know your risks before you develop your plan. Doing so led to “one small step for man, one giant leap for mankind,” and—more importantly—the return of three brave astronauts. In a word: Success.

What’s in an Audit Strategy?

The audit strategy doesn’t have to be complicated or long, especially for smaller entities—it can be a short memo. What are we after? A summary of risks, needed resources, and objectives.

My firm uses an internally-developed strategy form—mainly, to ensure consistency. The form contains structure, such as references to risk assessment work and blank boxes in certain areas—such as partner directions—so it is flexible. As a result, the form has structure and flexibility.

Here are the main areas we cover:

  • Deliverables and deadlines
  • A short time budget
  • The audit team
  • Key client contacts
  • New accounting standards affecting the audit
  • Problems encountered in the prior year 
  • Anticipated challenges in the current year 
  • Partner directions regarding key risk areas
  • References to work papers addressing risk

Who Creates the Audit Strategy?

Who should create the strategy? The in-charge can create it with the assistance of the engagement partner, or the partner can do so by himself. 

Audit Strategy as the Central Document

If you want to see one document that summarizes the entire audit, this is it. As you can see, the strategy is general in nature, but you also need a detailed plan to satisfy the demands of the strategy—this is the audit plan (commonly referred to as the audit program). NASA had a mission statement for Apollo 11, but—I’m sure—written guidelines directed the step-by-step execution of the project. 

Audit Plan (or Audit Program)

Now we create the detailed planning steps—the audit program. Think of the audit program as the final stage of audit planning. What have we done to get to this stage of the audit? 

  1. Performed risk assessment procedures
  2. Developed our audit strategy

Now it’s time to create the audit plan.

The audit plan is the linkage between planning and further audit procedures. What are “further audit procedures”? They are the tactical steps to address risk including substantive procedures and test of controls. The audit program links back to the identified risks and points forward to the substantive procedures and test of controls.

Creating the Audit Program

How—in a practical sense—do we create the audit programs? Most auditors tailor the prior year audit programs. That works—as long as we revise them to address the current year risks. Audit programs are not—at least, they should not be—static documents. Even so, the current year audit program can be the same as last year—as long as the risks are the same.

Sufficient Audit Steps

How do we know if we have adequate audit program steps? Look at your risks of material misstatement (RMM)—which, hopefully, are assessed at the assertion level (e.g., completeness). For material areas, audit steps should address all high and moderate RMMs. 

Integrating Risk Assessment with the Audit Program

How else can we integrate our documentation? Put the relevant assertions next to each audit step—this makes the connections between the RMMs (at the assertion level) and the audit steps clear.

AU-C 330.18 says the auditor is required to apply substantive procedures to all relevant assertions related to each material class of transactions, account balance, and disclosure. So, the audit program should reflect steps for all material areas.

Creating Efficiency in the Audit Plan

Once you complete your risk assessment work, you want to ask, “Which is the more efficient route? Testing controls or performing substantive procedures.” Then go with your instincts. 

Generally, I assess control risk at high. While we can’t default to a high control, we can—once the risk assessment work is complete—decide to assess control risk at high as an efficiency measure. Why? If we assess control risk at below high, we must test the controls as a basis for the lower risk assessment. The testing of controls can—sometimes—take longer than substantive procedures. 

For example, is it better to test the controls related to fixed asset additions or is it more efficient to vouch the invoices for significant additions? Usually, the vouching of the invoices will get you to your desired destination quicker than testing controls. Generally—at least in my opinion—this line of reasoning is less true for more complex organizations. Larger organizations process more transactions and tend to have better controls. So it can be better to test controls for larger entities.

In Summary

There you have it—the creation of the audit strategy and the audit plan. Your strategy includes the risks, needed resources, and objectives. And your audit program contains the tactical steps to address risks. You are set to go. Now it’s time to execute our audit program.

Stay with me. In my upcoming posts, I will delve into the details of auditing by transaction areas. What specific steps should an auditor perform for cash, receivables, payables—for example? In the coming weeks, I will share with you audit approaches for significant transaction cycles. Subscribe below to ensure you don’t miss out.

To see my earlier posts in this series, click here.

The Why and How of Audit Risk Assessment

Post 2 - The Why and How of Auditing

Are auditors who see audit risk assessment as a waste of time leaving money on the table? Could this be a cause of lower profit realizations?

Risk Assessment

Picture is from AdobeStock.com

Audit Risk Assessment as a Friend

Audit risk assessment can be our best friend, particularly if we desire efficiency, effectiveness, and profit—and who doesn’t? This step, when properly performed, tells us what to do—and what can be omitted. In other words, risk assessment is the doorway to maximum impact with minimal effort.

So, why do some auditors avoid audit risk assessment? Here are two reasons:

  1. We don’t understand it
  2. We’d rather continue doing what we’ve always done

Too often auditors keep doing the same as last year (commonly referred to as SALY), no matter what. It’s more comfortable than using risk assessment. But what if SALY is faulty or inefficient? Or what if the “tried and true” has blind spots. Maybe it’s better to assess risk annually and to plan our work based on present conditions.

Working Backward

The old maxim “Plan your work, work your plan” is true in audits. Audits—according to standards—should flow as follows:

  1. Determine the risks of material misstatements (plan our work)
  2. Develop a plan to address those risks (plan our work)
  3. Perform substantive procedures (work our plan)
  4. Issue an opinion (the result of planning our work and working our plan)

Auditors sometimes go directly to step 3. and use the prior year audit programs to satisfy step 2. Later, before the opinion is issued, the documentation for step 1. is created “because we have to.” In other words, we work backward. So, how can we work appropriately?

A Better Way

Audit standards—in the risk assessment process—call us to do the following:

  1. Understand the entity and its environment
  2. Understand the transaction level controls
  3. Use planning analytics to identify risk
  4. Perform fraud risk analysis
  5. Assess risk

While we may not complete these steps in order, we do need to perform our risk assessment first (1.-4.) and then assess risk as a result. Okay, so what procedures should we use to carry out the risk assessment process?

Audit Risk Assessment Procedures

AU-C 315.06 states:

The risk assessment procedures should include the following:

a.    Inquiries of management, appropriate individuals within the internal audit function (if such function exists), others within the entity who, in the auditor’s professional judgment, may have information that is likely to assist in identifying risks of material misstatement due to fraud or error

b.    Analytical procedures

c.    Observation and inspection

I like to think of risk assessment procedures as tools, all used to sift through information and aid in the identification of risk.

Risk Assessment

Picture from AdobeStock.com

Just as a good detective uses fingerprints, lab results, and photographs to paint a picture, we are doing the same. First, we need to understand the entity and its environment.

Understand the Entity and Its Environment

The audit standards require that we understand the entity and its environment.

I like to start by asking management the question, “If you had a magic wand that you could wave over the business and remove one problem, what would it be?” The answer tells us a great deal about the entity’s risk.

I want to know what the owners and management think and feel. The visceral is a flashing light saying, “Important!” Every business leader worries about something. And understanding the source of those worries illuminates risk.

Think of risks as threats to objectives. Your client’s fears tell you what the objectives and threats are. Worries shine the light on threats to objectives.

To understand the entity and its related threats, ask questions such as:

  • How is the industry faring?
  • Are there any new competitive pressures or opportunities?
  • Have key vendor relationships changed?
  • Can the company obtain necessary knowledge or products?
  • Are there pricing pressures?
  • How strong is the company’s cash flow?
  • Has the company met its debt obligations?
  • Is the company increasing in market share?
  • Who are your key personnel and why are they important?
  • What is the company’s strategy?
  • Do you have any related party transactions?

As with all risks, we respond based on their severity. The higher the risk, the greater the response. We’ll respond to risks at these levels:

  • Financial statement level
  • Transaction level

Responses to risk at the financial statement level are general, such as appointing more experienced staff for complex engagements. Specific responses to risk occur at the transaction level, such as a search for unrecorded liabilities.

Understand the Transaction Level Controls

We must do more than just understand transaction flows; we need to understand the related controls. So, as we perform walkthroughs or other risk assessment procedures, we gain an understanding of the transaction cycle, but—more importantly—we gain an understanding of controls. Without appropriate controls, the risk of material misstatement increases.

The use of walkthroughs is probably the best way to understand internal controls. As you perform your walkthroughs, you are asking questions such as:

  • Who signs checks?
  • Who has access to checks (or electronic payment ability)?
  • Who approves payments?
  • Who initiates purchases?
  • Who can open and close bank accounts?
  • Who posts payments?
  • What software is used? Does it provide an adequate audit trail? Is the data protected? Are passwords used?
  • Who receives and opens bank statements? Does anyone have online access? Are cleared checks reviewed for appropriateness?
  • Who reconciles the bank statement? How quickly? Does a second person review the bank reconciliation?
  • Who creates expense reports and who reviews them?
  • Who bills clients? In what form (paper or electronic)?
  • Who opens the mail?
  • Who receipts monies?
  • Are there electronic payments?
  • Who receives cash onsite and where?
  • Who has credit cards? What are the spending limits?
  • Who makes deposits (and how)?
  • Who keys the receipts into the software?
  • What revenue reports are created and reviewed? Who reviews them?
  • Who creates the monthly financial statements? Who receives them?
  • Are there any outside parties that receive financial statements? Who are they?

Understanding the company’s controls illuminates risk. The company’s goal is to create financial statements without material misstatement. A lack of controls threatens this objective.

So, as we perform walkthroughs, we ask the payables clerk (for example) certain questions; and—as we do—we are also making observations about the segregation of duties. Also, we are inspecting certain documents such as purchase orders. This combination of inquiries, observations, and inspections allows us to understand where the risk of material misstatement is highest.

Another significant risk identification tool is the use of planning analytics.

Planning Analytics

Use planning analytics to shine the light on risks. How? I like to use:

  • Multiple-year comparisons of key numbers (at least three years, if possible)
  • Key ratios
Risk Assessment

Picture from AdobeStock.com

In creating planning analytics, use management’s metrics. If certain numbers are important to the company, they should be to us (the auditors) as well—there’s a reason they are reviewing particular numbers so closely. (When you read the minutes, ask for a sample monthly financial report; then you’ll know what is most important to management and those charged with governance.)

Sometimes, unexplained variations in the numbers are evidence of fraud.

Fraud Risks

In every audit, inquire about the existence of theft. In performing walkthroughs, look for control weaknesses that might allow fraud to occur. Ask if any theft has occurred. If yes, how?

Also, we should plan procedures related to:

  • Management override of controls, and
  • The intentional overstatement of revenues

My next blog post—in this series—addresses fraud risk, so this is all I will say about theft for now. Sometimes the greater risk is not fraud but errors.

Same Old Errors

Have you ever noticed that some clients make the same mistakes—every year? They are usually smaller clients. In the risk assessment process, we are looking for the risk of material misstatement whether by intention (fraud) or by error (accident).

One way to identify potential misstatements due to error is to maintain a summary of the larger audit entries you’ve made over the last three years. If your client tends to make the same mistakes, you’ll know where to look for potential errors.

Now it’s time to pull all of the above information together.

Creating the Risk Picture

Once all of the risk assessment procedures are completed, we synthesize the disparate pieces of information into a composite image. We are—at this point—bringing the information into one distilled risk snapshot. What are we bringing together? Here are examples:

  • Control weaknesses
  • Unexpected variances in significant numbers
  • Entity risk characteristics (e.g., level of competition)
  • Large related-party transactions
  • Occurrences of theft

Armed with this risk picture, we can now create our audit strategy and audit plan (also called an audit program). We are focusing these plans on the areas where the risk of material misstatement is highest.

How can we determine where risk is highest? Use the risk of material misstatement (RMM) formula.

Assess the Risk of Material Misstatement

Understanding the RMM formula is key to identifying high-risk areas.

What is the RMM formula?

Put simply, it is:

Risk of Material Misstatement = Inherent Risk X Control Risk

Using the RMM formula, we are assessing risk at the assertion level. While audit standards don’t require a separate assessment of inherent risk and control risk, consider doing so anyway. I think it provides a better representation of your risk of material misstatement.

Once we have completed our risk assessment process, control risk can be assessed at high–simply as an efficiency decision.

The Input and Output

The inputs in audit planning include all of the above audit risk assessment procedures.

The outputs (sometimes called linkage) of the audit risk assessment process are:

  • Audit strategy
  • Audit plan (audit programs)

We tailor the strategy and plan according to the risk assessment.

In a nutshell, we identify risks and then respond to them.

Next in the Series

In my next post in this series, we’ll take a look at the why and how of fraud auditing. So, stay tuned. If you haven’t subscribed to my blog, consider doing so.

Ten Most Popular CPA Scribo Blog Posts for 2016

10 most shared posts during 2016

Well, 2016 is in the books for CPA Scribo.

Here are the top ten 2016 posts (starting with number 10 and moving to number 1)–based on your social shares.

CPA Scribo

Picture from AdobeStock.com

Top 10 CPA Scribo Posts

 

10. Assessing Audit Control Risk at High (and Saving Time)

9. Getting More Done with My Favorite Accountant’s Device

8. How Honest People Steal

7. A List of Online Resources for CPAs

6. How to Add Value to Audits

5. How to Steal by Double Paying a Vendor

4. 25 Ways Fraud Happens

3. How $16 Million was Stolen from a Bakery

2. Seven Deadly Audit Sins

and drum roll…..

1.  Why Should Auditors Perform Audit Walkthroughs

Your Ideas for 2017

If you have an accounting or auditing idea that you’d like for me to address in 2017, please let me know–post a comment. Thanks.

Client Acceptance and Continuance: The Why and How

Post 1 - The Why and How of Auditing

Client acceptance and continuance may be the most important step in an audit, but it’s one that gets little attention. A prospective client calls saying, “Can you audit my company?” and we respond, “sure.” While new business can be a good thing,  relationships need appropriate vetting. Not doing so can lead to significant (and sometimes diastrous) problems.

Client Acceptance and Continuance

Picture from AdobeStock.com

New Relationships

My daughter recently met a young man on Instagram. Not unusual these days. But now the relationship is entering into its third month. They talk every day for two or three hours. So far, they have not been in the same room—and not even in the same city. Skype, yes. Physical presence, no. That’s happening at the end of this month. (He lives eight hours away.)

So what do Mom and Dad think about all of this? Well, it’s fine. My wife checked him out on Facebook (I know you’ve never done this). And my daughter has told us all about the “fella” and his family. We like what we’re hearing. He has similar beliefs. He has a job (Yay!), and he has graduated from college.  His family background is like ours.

Why do we want to know all the details about the young man? Because relationships impact people—my daughter, the young man, and their family members and friends. We want what is best for my daughter because we want her to be happy.

Client Acceptance 

And that’s what good relationships create. Happiness. The same is true with clients. As Steven Covey said, “think win, win.” When the customer wins and your CPA firm wins, everyone is happy. Mutual needs are met.

Careless CPAs accept business with only one consideration: Can I get paid? 

While getting paid is important, other factors are also critical.

Here are a few things to consider:

  1. Are they ethical?
  2. Are you independent?
  3. Do you have the technical ability to serve them?
  4. Do you the capacity to serve them?

Are They Ethical?

I want my daughter to marry a guy with beliefs that correspond with who she is. Is he honest? Would he steal? Is he transparent? Who are his associates? What do others think of him? 

We ask similar questions in accepting a new client. Audit standards require us to consider whether the prospective client has integrity. If the company is not morally straight, then there’s no need to move forward. 

Are You Independent?

The time to determine your firm’s independence is the beginning—not at the conclusion of the audit. As a peer reviewer, I can tell you that some firms don’t fully vet their independence. Consider what happens—during a peer review—when a firm is not independent, and it has issued an audit opinion. The original audit report will be recalled, and I’ll bet the company asks for and receives a full refund of the fee. Oh, and there’s that impact on the peer review report.

Pay attention to nonattest services—such as preparation of financial statements—that you are requested to provide. If the client has no one with sufficient skill, knowledge, and experience to accept responsibility for such services, you may not be independent. 

Do You Have the Technical Ability to Serve Them?

If you can pick up a client in an industry in which you have no experience, should you? Possibly, but it depends on whether you can appropriately understand the client and their industry before you conduct the engagement. Some new customers may not be complicated. In those cases, CPE may get you into position to provide the audit. 

But what if the potential engagement involves a highly sophisticated industry and related accounting standards for which you are ill equipped? It may be better to let the engagement go and refer it to an audit firm that has the requisite knowledge. Or maybe you can partner with the other firm. 

Do You Have the Capacity to Serve Them?

A prospective client calls saying, “Can you audit my company? We have a December 31 year-end, and we need the audit report by March 31.” After some discussion, I think the fee will be around $75,000. But my staff is already working sixty hours a week during this time of the year. Should I take the engagement? 

My answer would be no unless I can create the capacity. How? I can hire additional personnel or maybe I can contract with another firm to assist. If I can’t create additional capacity, then I’ll let the opportunity pass. 

Far too many firms accept work without sufficient capacity. When this happens, corners are cut, and staff members and partners suffer. Stuffingeven morework into a stressful time of the year is not a wise thing to do. You’ll lose people, and if the engagement is deficient, peer review results may be subpar.

When you don’t have the capacity to accept good clients, consider whether you should discontinue service to some present customers.

The Continuance Decision

Quality controls standards call for CPAs to not only develop acceptance procedures, but we are to create continuance protocols as well. I previously said CPAs often don’t give proper attention to acceptance procedures. So, how about continuance decisions? Even worse. It’s as though—once we accept a client—we permanently retain them. 

Continuance Decision

Picture from AdobeStock.com

Each year, we should ask, “If this was a new client opportunity, would I accept them?” If the answer is no, then why do we continue serving them? 

Here are a few questions to ponder:

  • Has the client paid their prior year fees? 
  • Am I still independent?
  • Does the client demand more from me than the fee merits?
  • Do I enjoy working with this client?
  • Is the client’s financial condition creating additional risks for my firm?
  • Is the client acting in an ethical manner?

Each year, well before the audit starts, ask yourself these questions. And then consider, is the bottom 10% of my book of business keeping me from accepting better clients? My experience has been that when I have the capacity, new business appears. When the capacity is lacking, I don’t. The decision to hold on to bad clients is a decision to close the door to better clients. Don’t be afraid to let go.

Risk Assessment Starts Now

When should we start thinking about risk assessment? Now.

Whether you are going through the initial acceptance procedures or you are making your continuance decision, start thinking about risk now. Assuming you accept the client, you’ll be a step ahead as you begin to develop your audit plan. Ask questions such as:

  • How is your cash flow?
  • Do you have any debt with covenants?
  • Who receives the financial statements?
  • Has the company experienced any fraud losses?
  • How experienced is management?
  • Why are you changing auditors?

Keep these notes for future reference and audit planning. 

Next Post in this Series

The above is the first post in “The Why and How of Auditing.” My next post will be “The Why and How of Risk Assessment.”  Subscribe to my blog to make sure you don’t miss anything.