Financial Statement References (at the Bottom of the Page)

What financial statement page references are required?

What wording is required at the bottom of financial statement pages? Is there a difference in the references in audited statements and those in compilations or reviews? What wording should be placed at the bottom of supplementary pages? Below I’ll answer these questions.

financial statement references

Picture is courtesy of Dollarphotoclub.com

Audited Financial Statements and Supplementary Information

First, let’s look at financial statement references in audit reports.

While generally accepted accounting principles do not require financial page references to the notes, it is a common practice to do so. Here are examples:

  • See notes to the financial statements.
  • The accompanying notes are an integral part of these financial statements.
  • See accompanying notes.

Accountants can also–though not required–reference specific disclosures on a financial statement page. For example, See Note 6 (next to the Inventory line on a balance sheet). It is my preference to use general references such as See accompanying notes.

Audit standards do not require financial statement page references to the audit opinion.

Supplementary pages attached to audited financial statements should not include a reference to the notes or the opinion.

Preparation, Compilation, and Review Engagements

Now, let’s discuss references in preparation, compilation, and review engagements. 

Compilation and Review Engagements

SSARS 21 does not require a reference (on financial statement pages) to the compilation or review report; however, it is permissible to do so. What do I do? I do not refer to the accountant’s report. I just put See accompanying notes at the bottom of each financial statement page.

You are not required to include a reference to the accountant’s report on the supplementary information pages. SSARS 21 does suggest that such references be included in case the financial statements or supplementary information are separated from the compilation or review report. Examples include:

  • See Accountant’s Compilation Report.
  • See Independent Accountant’s Review Report.

What do I do? I include a reference to the accountant’s report on each supplementary page.

Preparation of Financial Statement Engagements

SSARS 21 provides an option (to compilations) called the preparation of financial statements (AR-C 70), a nonattest service. AR-C 70 requires that the accountant either state on each page that “no assurance is provided” or provide a disclaimer which precedes the financial statements. AR-C 70 does not require that the financial statement pages refer to the disclaimer (if provided), but it is permissible to do so. Such a reference can read See Accountant’s Disclaimer.

If your AR-C 70 work product has supplementary information, consider including this same reference (See Accountant’s Disclaimer) on the supplementary pages.

How to Identify Risk of Material Misstatements with an Audit Walkthrough

Post 2 - Knowing what risk assessment procedures to use

While we know that an audit walkthrough is an excellent way to probe accounting systems for risk, many auditors aren’t sure how to use this procedure. I hear questions such as:

  • What is an audit walkthrough?
  • Will a walkthrough allow me to assess control risk at less than high?
  • What procedures should I perform?
  • How many procedures should I perform?
  • How can I document my walkthroughs?
  • Should I perform walkthroughs annually?
  • What transaction cycles merit walkthroughs?
Audit Walkthrough

Picture from AdobeStock.com

What is an Audit Walkthrough?

An audit walkthrough is the tracking of a transaction through an accounting system while examining related controls. The purpose of the audit walkthrough is to see if controls exist and are in use (or, as the audit standards say, “implemented”). The results of our risk assessment procedures will illuminate the weaknesses in the accounting system.  And we use this information about risk to create our audit plan.

So we do the following:

  1. Identify risk
  2. Assess risk
  3. Create an audit plan to address risk

Walkthroughs fall in the “identify risk” category, and, consequently, are done early in the audit process.

What is not a Walkthrough?

Following a transaction through the system–without reviewing controls–is not an audit walkthrough. We must examine controls to see if they exist and are implemented. 

Placing a copy of the operating and accounting system manual in the audit file is not a walkthrough. While such manuals may tell you what the client intends to do, they don’t say what is done. In other words, they don’t answer the implementation question.

Lastly, asking a client, “Is everything the same as last year?” is not a walkthrough. Auditors must do more than inquire.

Will Audit Walkthroughs Allow a Lower Control Risk Assessment?

Usually, audit walkthroughs are not sufficient as support for lower control risk assessments. If the auditor assesses control risk at less than high, she is required to test the effectiveness of the control. Since audit walkthroughs are usually a test of one transaction, they typically don’t validate operating effectiveness. Regarding computer controls, a walkthrough of one transaction might be sufficient to prove effectiveness if general computer controls are working—namely, change control for software. Why? Computer controls—usually—operate consistently.

The purpose of an audit walkthrough is to test for the existence and implementation of controls rather than operating effectiveness. Remember the following:

  • Focus on implementation of controls — During risk assessment
  • Focus on effectiveness of controls — When testing controls to support lower control risk

An auditor can determine implementation of controls with a test of one transaction. Effectiveness, on the other hand, usually requires sampling tests—e.g., test of 40 transactions for appropriate purchase orders.

What Procedures and How Many Should I Perform?

There are three key procedures that auditors use in performing walkthroughs:

  1. Inquiry
  2. Observation
  3. Inspection

Inquiry alone is never sufficient in performing risk assessments. So we must marry inquiry with observation and inspection. 

The use the three procedures listed above will depend on the transaction cycle you are examining.

Debt Cycle Example

For example, in reviewing the debt cycle, you will usually focus on inquiry and inspection. Why? Well, legal agreements and approvals of debt transactions are key. So I might inspect the following (for example):

  • Debt agreement
  • Minutes showing approval of the debt
  • Approvals of debt service payments

Disbursement Cycle Example

In examining the disbursement cycle, you will typically focus on inquiry, observation, and inspection. My questions might include:

  • How are purchase orders issued?
  • What persons issue purchase orders?
  • Who receives invoices?
  • What persons approve the payments?
  • Are checks signed physically or electronically and by whom?
  • Who reconciles the bank statements?
  • What persons monitor aged payables (and how)?

As I inquire about the disbursement cycle, I also observe and inspect. Here are some procedures I might perform:

  • Examine I.T. lists of who can add vendors to the system
  • Inspect a purchase order to see who approves it
  • Observe who issues the purchase order (multiple people might release P.O.s)
  • Inspect an invoice for initials of a department head as approval for payment
  • Observe who is receiving and approving the invoices
  • Watch the processing of a check batch (I want to know who can sign checks)
  • Inspect aged accounts payable detail and one bank reconciliation to determine who reconciles the payables total and bank account to the general ledger

Knowing Which Procedures to Use

You may wonder, “How do I know which procedures to perform?” Ah, that’s the $10,000 question. Always ask, “What can go wrong?” and determine if a control is in place to lessen that threat. That question will drive your risk assessment. The diversity of accounting systems makes it all but impossible to create a checklist that covers all possible issues. What does this mean? You must use your judgment.

Look Beyond the Normal Client Procedures

Always ask who performs the control procedures when key persons are out. Why? An unknown person might have the power to carry out the role. If someone else can—even though they don’t normallyperform a key control procedure, you need to know this. Why? Well, here’s an example of what can happen: If a third person usually does not issue checks but can and that person also reconciles the bank statement, he might issue fraudulent checks. Why? He knows his fraudulent checks will not be detected through the bank reconciliation control.

Always look beyond accounting policies and routine procedures to see what can happen. I often have clients say to me, “John is the only one who approves the purchase orders,” for example. But I know this is not true because purchases would cease to occur when John is out. So I ask, “Who issues purchase orders when John in on vacation?”

More Answers Next Week

We’ll continue our discussion about walkthroughs next week. I still need to answer the following questions:

  • How can I document my walkthroughs?
  • Should I perform walkthroughs annually?
  • What transaction cycles merit walkthroughs?

If you have any questions about walkthroughs, please post them here, and I will try to respond. Also, please post any comments you have.

If you missed last week’s post about walkthroughs (Why Should Auditors Perform Audit Walkthroughs), check it out here. Subscribe to my blog to receive weekly updates. 

Why Should Auditors Perform Audit Walkthroughs?

Post 1 - Why are walkthroughs important and are they required?

Do you ever struggle with audit walkthroughs? Maybe you’re not sure what areas to review or how extensive your documentation should be. Possibly you’re not even sure how walkthroughs are helpful.

Audit Walkthroughs

Picture is from AdobeStock.com

I hear some auditors protest that professional standards don’t require walkthroughs. Right, but we have an obligation to annually corroborate the existence and use of controls, and I know of no better way to achieve this goal than walkthroughs.

What are Walkthroughs?

Walkthroughs are cradle-to-grave reviews of transaction cycles. You start at the beginning of a transaction cycle (usually a source document) and walk the transaction to the end (usually posting to the general ledger). The auditor is gaining an understanding the genesis of the transaction and then each movement through the accounting system.

As we perform the walkthrough, we also:

  • Make inquiries
  • Inspect documents
  • Make observations

By asking questions, inspecting documents, making observations, we are evaluating internal controls to see if there are weaknesses that would allow errors and fraud to occur. And audit standards do not permit the use of inquiries alone. Observations or inspections must occur.

Some auditors believe that audit walkthroughs (or documentation of controls for significant transaction cycles) are not necessary if the auditor is assessing control risk at high. This is not true. While the auditor can assess control risk at high, she must first gain an understanding of the cycle and the related controls. For more information, see my related post.

Why Audit Walkthroughs?

Accountants are often more comfortable with numbers than processes. We like things that “tie,” “foot,” or “balance.” We may not enjoy probing accounting systems for risk—it’s too touchy-feely. Even so, passing this responsibility off to lower staff is not a good choice. It’s too complicated and too important. So there’s no getting around it. The walkthrough—or something like it—must be done, especially if you are mid- to upper-level auditors. Why? You’re developing your audit plan. Screw up the plan, and you screw up the audit.

What is the purpose of the walkthrough? Identification of risk. Once you know the risks, you know where to audit.

Too often auditors do the same as last year (SALY). And why do we do this?

First, it requires no thinking.

Second, out of fear. We think, “if the audit plan was appropriate last year, why would it not be this year?” In short, we believe it’s safe. After all, the engagement partner developed this approach seven years ago. But is it safe?

Why SALY is Dangerous

Suppose the accounts payable clerk realizes he can create fictitious vendors without notice, and his scheme allows him to steal over $10 million over a four-year period.

The audit firm has performed the engagement year after year using the same approach. On the planning side, the fraud inquiry and internal control documentation look the same. Walkthroughs have not been performed in the last five years.

On the substantive side, the auditor ties the payables detail to the trial balance. He conducts a search for unrecorded liabilities. He inquires about other potential liabilities. All, as he has done for years. Even so, in this year alone, the payables clerk walks away with $3 million—and the audit firm doesn’t know it.

Processes matter. And—for the auditor—understanding those processes is imperative.

Why Walkthroughs?

I will say it again: we are looking for risk. Our audit opinion says that we examine the company’s internal controls to plan the audit. The opinion goes on to say that this review of controls is not performed to opine on the accounting system. So we are not testing to render an opinion on controls, but we are probing the accounting processes to identify weaknesses. And once we know where risks lie, we can focus in those areas.

Check Your Work Papers for Audit Walkthroughs

Pick an audit file or two and review your internal control documentation. Have you corroborated your understanding of the controls by inquiring, inspecting, and observing the significant transaction cycles? Again walkthroughs are not technically required, but the corroboration of controls is. The walkthrough process is an  effective way to achieve this objective.

Fraud Risk Assessments: How to Perform

A new fraud brainstorming idea guaranteed to generate better results

Do your fraud brainstorming sessions lack vigor. In this video, I provide an idea that will liven up your discussions and result in better identification of potential thefts. I also discuss auditor’s responsibilities with regard to fraud and–as you perform risk assessments–ways to score points with your clients.

To see my previous (written) post about how to perform fraud risk assessments, click here.

How Can You Improve Your Work Paper Documentation?

The importance of identifying characteristics

The AICPA’s April 2016 Peer Review newsletter highlights the lack of audit documentation as a continuing problem in audits.

AU-C section 230, Audit Documentation requires the auditor, in documenting the nature, timing, and extent of audit procedures performed, to record:

  1. the identifying characteristics of the specific items or matters tested;
  2. who performed the audit work and the date such
    work was completed
    ; and
  3. who reviewed the audit work performed and the date and extent of such review.
Audit Documentation

Picture is courtesy of AdobeStock.com

What does this mean? Auditors can’t, for example, just say, “I randomly selected journal entries throughout the year. All entries were appropriately made.” Either the journal entries must be included in the audit file, or–at a minimum–the journal entry numbers must be noted. A person who has never seen the file must be able to reperform the test; without the journal entry numbers, the reperformance can’t be done.

Why would the Auditing Standards Board require “identifying characteristics”? To put it bluntly: Because some auditors will say they tested journal entries when they did not. The “identifying characteristics” requirement creates accountability for the auditor.

Don’t get me wrong. Memorandums have their place, but specificity is necessary. Too often we auditors make wondering generalities rather than statements of substance. Once we detail the specific work performed, then it is appropriate to make more general statements such as “It appears the accounts payable controls are working appropriately.” But without the detailed documentation, the general statement is just filler.

The April 2016 AICPA Peer Review newsletter says:

AU-C section 230, Audit Documentation, notes that audit documentation can include audit plans and checklists. It further states that the existence of an adequately documented audit plan demonstrates that the auditor has planned the audit. However, the audit plan supports the fact that the audit was planned, not that specific procedures were performed.

Checklists can be used to facilitate audit procedures, but, using them correctly requires that they be appropriately tailored for the specific audit. Checking off a step in an audit program or a checklist will not provide sufficient documentation about the nature, timing, and extent of audit procedures performed or the identifying characteristics of the specific items or matters tested.

Identifying Characteristics

Here are examples of identifying characteristics. (These are just examples; documentation will vary based upon what the auditor is attempting to do.)

  • In fraud inquiries, the documentation of who you spoke with and when and the person’s position
  • When examining purchase orders, documentation of:
    • P.O. numbers
    • P.O. dates
  • For journal entry tests, documentation of:
    • Journal entry numbers
    • Date of the journal entries
  • When sampling check disbursements, documentation of:
    • The name of the report that the sample is coming from
    • The starting and ending numbers of the population
    • The interval being used (e.g., every 25th check)
    • All check numbers examined
    • What was examined (e.g., payee)

How to Improve

So how can we make sure our work papers possess proper identifying characteristics?

Review one or two audit files for appropriate documentation. Ask yourself, “Have I made any general statements without detailed support?” and “Am I over-relying on checklists without supporting documentation that proves the step has been performed?”

Here are some example work papers to review:

  • Fraud inquiries (have we documented who we spoke with, their position, and when we talked?)
  • Test of journal entries (have we identified the specific journal entries reviewed?)
  • Search for unrecorded liabilities (have we documented thresholds and the period of time for which the search was performed?)
  • Tests for compliance with grant requirements (have we identified the specific documents examined such as bids, invoice numbers, purchase orders, check numbers?)
  • Plant, property and equipment (for additions vouched to invoices, have we documented the invoice number and date? Have we specified any threshold such as “all amounts greater than $25,000”?)

Signing Off on Work Papers

Another common work paper deficiency is a lack of sign-offs. Who prepared the work paper and when? Who reviewed the same? While not every work paper must be reviewed, all have a preparer—documentation doesn’t just magically appear! So, at a minimum, all work papers should have a preparer sign-off. Without sign-offs, we may not be able to determine who created the work paper.

Finally reviewers should sign off on each work paper reviewed. A single sign-off at the top of the file does not provide sufficient documentation of what was reviewed. Sign-offs are a means of documenting accountability. Some auditors omit sign-offs as a means of avoiding responsibility—not a good thing. With regard to a work paper, we should either own it or discard it. 

How to Add Value to Audits

Make your audit more than a commodity

You’re finishing another audit, and it’s time to issue the audit report. Your client (namely the CFO) is not happy about the two material control weaknesses you are communicating. You try to explain that professional standards require you to communicate significant deficiencies and material weaknesses in writing, but, still, the CFO lights you up with, “We get no value from audits. You guys come in here and issue the same opinion every year, and then you criticize our accounting system. Why do we pay you for this?” If you’re shaking your head at this moment, you’ve been there. So what’s a good auditor to do?

Add value.

Picture is courtesy of DollarPhotoClub.com

Picture is courtesy of DollarPhotoClub.com

We know from our college marketing classes that profitable businesses differentiate themselves. But since audits are seen as commodities (we all issue the same opinion), how can we stand out?

Hire Pleasant People

Let’s face it. Being audited is about as much fun as seeing your proctologist. And the annual regularity makes it no more pleasant. So how can we (auditors) make the engagement more pleasing?

Hire pleasant people. Client interactions will either enhance your firm’s value or decrease it, and I have found that civility and kindness are things people have, or they don’t. Looking for these traits during the hiring process is critical. So make those phone calls to references to find out what the potential new-hires are really like.

Provide Unique Insights

Yes, we (auditors) must maintain our independence, and while we can’t make client decisions, we can and should communicate insights. For instance?

You are reviewing your client’s debt agreements, and you notice that six of their eight loans originated several years ago–all with interest rates of 3% higher than present levels. One simple management letter comment (to refinance) can save your client millions and easily pay for your audit fee. Insights like this one come from thinking as though you own the business.

Think Like You Own the Business

If you owned the business, what would you do? Are there any parts of the business you would sell? (You should be able to see trends in the numbers from your planning analytics, especially if you have five-year comparisons.)

Are there any products suffering from tighter profit margins? Maybe those sales should cease.

Does your client have excess cash in a non-interest bearing account while (at the same time) owing on a 9% interest-rate loan? Suggest paying down the loan.

Possibly you’ve noticed certain of the auditee’s customers are repeatedly late in paying their bills. Consider a management letter comment.

The company has no fidelity insurance, yet several cashiers handle cash. Win a few brownie points here.

My point: Don’t just audit. Think as though you own the business.

Audit Independence

But aren’t we (auditors) supposed to maintain our independence? Absolutely, and this is a must. Without independence, audits have no value. But, as you audit, you will observe deficiencies in the operations and internal controls. And audit standards don’t prohibit you from communicating those insights. The goal of an audit is the opinion, but a byproduct includes helpful comments. The audit opinion is usually provided for the benefit of outside parties (e.g., lenders), but management letter comments provide assistance to the auditee. And since the auditee pays the audit fee, it’s nice to give them value.

To maintain independence, the auditor must not make management decisions. So use the word “consider” when writing operational management letter comments. For example:

Consider examining the profitability of the widget division. Profit margins have decreased from 55% in 2012 to 34% in 2015.

In this example, we are communicating an observation. Contrast this with:

Sell the widget division.

Two problems with “Sell the widget division”:

  1. The comment sounds more like you are making a decision (though the client has the final say), and
  2. The comment creates a greater probability of future lawsuits — what if your client sells the division and the widget market rebounds?

How Do You Add Value?

What about you? What are some other ways that you or your firm adds value to audits?

Risk of Material Misstatement: How to Assess

Part 5: Appropriate risk assessments can put dollars in your pocket and result in higher quality audits

How do you assess the risk of material misstatement? How do you know when to assess inherent risk at high (or low)? Can you assess control risk at high for all assertions? What are significant risks? These are common questions about the risk assessment process.

Audit Risk Assessment

Picture is courtesy of DollarPhotoClub.com

Today we’ll discuss how auditors assess and document risk. We’ll cover:

  • Financial statement level risk
  • Transaction level risk
  • Risk of material misstatement
  • Inherent risk
  • Control risk

Understanding these concepts will put money in your pocket and will result in higher quality audits.

Financial Statement Level Risk

Before picking our audit team, we need a general understanding of the entity.

We must understand the business and its control environment to determine risks at the financial statement level (I think of this as the overall risk). The overall risk will dictate our broader responses such as who the audit team will be.

Consider whether the entity has:

  • Complex transactions
  • Related party transactions
  • New accounting pronouncements
  • Profit pressures
  • Problem vendor relationships
  • Going concern issues
  • Potential debt covenants violations
  • Cash flow problems

We also need to consider the risk of management override. This threat is always a possibility. If management is playing on the edges, consider how you will add muscle and insight to your audit team—or whether you should even perform the engagement.

Keep this thought in mind when considering financial statement level risk assessment: greater overall threats call for a stronger audit team.

Transaction Level Risks

In a previous post, we discussed risk assessment procedures such as walkthroughs, fraud inquiries, and planning analytics. The information gained from those steps is the basis for assessing risk at the transaction level.

Should the transaction risk assessment be performed at the assertion level or for the transaction cycle as a whole? Let’s answer this question by looking at how accounts payable risk might be documented.

If we assess our risk of material misstatement at high for payables (as a whole), what are we saying? That further audit procedures are necessary for all assertions. If we assess risk at high for all payable assertions, and we don’t perform audit procedures in response to the (high) risk assessment, we create an incongruity. We are saying that risk is high for all assertions, but our responses don’t agree.

Wouldn’t it be better to assess risk at the assertion level? For example, if we’ve historically proposed significant journal entries to record additional payables, maybe the risk of material misstatement for the completeness assertion is high. Our audit procedures will include a search for unrecorded liabilities. Now we have an appropriate risk assessment and response (what the audit standards refer to as linkage). The remaining accounts payable assertions could possibly be assessed at low.

Risk of Material Misstatement

We can express the risk of material misstatement (RMM) as:

RMM = Inherent Risk X Control Risk 

While audit standards don’t require that we assess inherent risk and control risk separately, it’s helpful to do so. In a moment, we’ll see that inherent risk often drives our audit responses.

Inherent Risk

So what is inherent risk? My simple definition is the risk that exists when no controls are present. (We are not saying controls don’t exist, just that we are disregarding them as we measure inherent risk.) 

Inherent risk can be a function of:

  • The complexity of the transaction (e.g., derivatives are harder to understand)
  • The nature of the financial statement item (e.g., cash is liquid and subject to theft)
  • The experience and knowledge of the client’s accounting personnel
  • Past audit issues in the area
  • The volume of transactions

As we assess inherent risk, we ask, “what’s the chance that material misstatement will occur assuming there are no related controls?”

Some areas are so risky that the audit standards refer to them as significant risks. These areas require special audit consideration. Significant risks relate to transactions that are complex, nonroutine, or involve judgment. For example, a bank’s allowance for loan losses—due to complexity—demands extra scrutiny. The inherent risk in such areas will always be high.

Now, let’s marry inherent risk with control risk so we can determine our risk of material misstatement.

Control Risk

For audits of smaller entities, control risk is often assessed at high—across the board. Why? To save time. While control risk can’t be assessed at high before performing our risk assessment procedures, we can do so afterward

Assessing control risk at high is permissible as an efficiency decision. (Risk assessment procedures are still required.)

If control risk is assessed at less than high, the auditor is required to test controls to support the lower risk assessment. It may be more economical to perform substantive procedures rather than testing controls. We might, for example, be able to vouch all of the additions to property and equipment in less time than it takes to test the related controls. If this is true, we will opt to use a substantive approach (vouching all significant additions to invoices), and we will assess control risk at high.

Also, it is possible to have a low to moderate risk of material misstatement if your inherent risk is low—even if your control risk is high. How? Consider the following equation.

Risk of Material Misstatement Formula

IR (low) X CR (high) = RMM (low or moderate)

What does this mean? Well, you can get to a low or moderate RMM without testing controls. Also, you may not need to perform any substantive procedures–depending on your final RMM for the area.

As an example of how this works, think about a low inherent risk assessment regarding plant, property, and equipment. 

  • What’s the inherent risk related to the existence of your client’s main office building? Low. 
  • If your client has no controls related to the existence of the building, would the lack of controls have any bearing on the overall RMM? No. 
  • Do you need to test any controls? No. 
  • Do you need to perform any substantive procedures? No.
  • Do you need any substantive audit steps (concerning the building) in your audit program? Probably not. The RMM is low, so you don’t need to do anything (other than document your risk assessment). 

Call to Action

Consider reviewing your risk assessments, and see if some of the inherent risk assessments will allow you to assess your RMMs at low to moderate–even if control risk is assessed at high.

This is the last in our series of posts about audit risk assessment. Thanks for joining in the journey.

If you have suggestions for other posts, please leave a comment with your idea. Thanks.

Nonattest Services and Independence: What Peer Reviewers are Looking For

Why we (CPAs) need to pay more attention to nonattest services

Future peer reviews will have an increased focus upon nonattest services provided to attest clients. How do we know? Well, see the new peer review checklist questions below (for an attest engagement).

nonattest services

The big “no-no” is to assume management responsibilities and then perform an attest service. Here are additional questions from the peer review checklists. Notice the first item below: Accepting responsibility for the preparation and fair presentation of the client’s financial statements. The client must assume responsibility for the financial statements, even if we (as the CPA) prepare them.

If we prepare financial statements and perform an audit, review, or compilation, we have performed a nonattest service (preparation of financial statements) and an attest service (audit, review, compilation). Why is this important? Because if we perform a nonattest service and an attest service for the same client, we must assess our independence. And if we are not independent, then we can’t perform an audit or review engagement.

nonattest1

The peer review checklists also ask for:

  • The name and title of the client personnel overseeing the nonattest service and
  • A description of the accountant’s “assessment and factors leading to your satisfaction that the client personnel overseeing the service had sufficient skills, knowledge and experience”

Interestingly, later on in the peer review checklist (the one I’m presently referring to is the Not-for-Profit checklist), the following appears:

Does the auditor’s assessment of the skills, knowledge, and experience of client personnel overseeing non-attest services appear reasonable given indications within the engagement? Consider whether the auditor performed significant reconciliations and took into consideration the extent and significance of adjustments and journal entries, the control deficiencies, and so on.

Translation: If the auditor made several significant journal entries to clean up the records, does the client possess sufficient skill, knowledge, and experience?

Documentation of Nonattest Services

So do we need a new form to document our independence?

It certainly would not hurt to add a new form to document our independence. PPC offers such a form (and I am sure other work paper providers do the same). What I like about such forms (at least the one I have seen) is they provide us with a place to document all nonattest services and then to assess and document our client’s ability to assume responsibility for the nonattest services provided.

If the client can’t–or is unwilling to–assume responsibility for the financial statements, then we are not independent, and we cannot perform an audit or a review. This assumption of responsibility does not mean the client has the ability to create the financial statements, but it does mean that:

  • that the client will oversee the nonattest service,
  • that the client will evaluate the adequacy and results of the nonattest service, and
  • that the client will accept responsibility for the nonattest service

Documentation of the above in our engagement letters is sufficient to meet standards (even though I like the idea of adding a separate independence form to the file). We should–in the engagement letter–specify the nonattest services and the responsibilities of management.

We have, for some time now, included the client responsibility language (about overseeing, evaluating, and accepting) in our engagement letters. But the language referring to nonattest services usually addressed tax preparation, depreciation schedule preparation, bookkeeping and the like. Now preparation of financial statements should be included as another nonattest service (assuming the accounting firm prepares the financials, which we usually do).

The requirement to treat financial statement preparation as a nonattest service is effective for engagements covering periods beginning on or after December 15, 2014.