Sometimes we think we are almost done with an audit, but then–days later–we realize we were nowhere near the finish line. Very frustrating! For our clients and us. Why does this happen? That’s the question I’ll answer in this post. Wrapping up audits is not always easy, but–in this article–you’ll learn how to finish them efficiently and effectively.
Wrapping Up Audits: An Overview
In the final stages of an audit, we are (among other things):
- Reviewing the file
- Updating subsequent events
- Obtaining a management representation letter
- Summarizing passed journal entries
- Considering going concern
- Creating final analytics
- Creating management letters
- Communicating control deficiencies
Reviewing the File
If we review our audit work as we perform the engagement, then the review process (at the end) will not be difficult. The thorns and snares come when we allow a junior staff person to work without supervision and without a timely review process. Then, when the manager or partner begins to review the file (at the end of the engagement), it’s a disaster.
The review problem starts at the beginning of the audit, namely in the scheduling of the engagement. Too many times, audit firms send an untrained person out–just to get a warm body on the job. Sure, someone is onsite with the client, but does he know what he’s doing? I said this “warm body” effort could be the result of scheduling, but look even deeper. The root problems could be poor hiring or retention practices or insufficient training. If audit firms are to properly schedule work, they must first hire, retain, and train. Only then will sufficient staff be available.
Once a firm has sufficient personnel, then it needs discipline. Review files daily (or at least weekly)–not at the end of the engagement. Why are timely reviews more efficient and effective? Because the work is still fresh in the staff member’s mind. As he receives review comments, he is better able to respond. Also, timely reviews enable junior staff members to learn as they go, and the reviews provide them with confidence as they work. But in terms of wrap-up, you are much closer to your goal of completing the engagement.
In short, review work and provide feedback as soon as possible, at least weekly.
Updating Subsequent Events
The financial statements should disclose material subsequent events such as legal settlements, the issuance of new debt, the adoption of a new benefit plan, or the sale of stock. And while disclosure is important, subsequent events–such as legal settlements–can have a bearing upon the recognition of amounts in the financial statements.
Here are common subsequent event procedures:
- Inquire of management about subsequent events
- Review subsequent receipts and payments
- Consider attorneys’ responses to request for litigation information
- Read subsequent minutes
- Review subsequent interim financial statements
- Obtain an understanding of management’s methods for accumulating subsequent event information
Perform these procedures so that audit evidence is obtained through the audit report date. Auditors often need to update attorney’s response to coincide with the audit report date. You want the attorney’s letter to be as close as to the audit report date as possible. How close? Usually within two weeks of the audit report date. If there are significant issues, you may want to bring the written response even closer.
Obtaining a Management Representation Letter
Another part of wrapping up in obtaining a written representation letter. The letter should address issues such as:
- Management’s responsibility for the financial statements
- Management’s responsibility for internal controls
- Assurances that all transactions have been recorded
- Whether known fraud has occurred
- Whether known non-compliance with laws or regulations
- The effects of uncorrected misstatements
- The assumptions used in computing estimates
- Related party transactions
- Subsequent events
- Supplementary information
- Responsibility for nonattest services
The date of the representation letter should be the same as the date of the audit report. Also, the representation letter should be for all financial statements and periods referred to in the auditor’s report. If management refuses to provide the management letter, then consider the effect upon the audit report. Such a refusal constitutes a limitation on the scope of the audit and will usually preclude the issuance of an unmodified opinion.
If your audit firm creates the financial statements, then provide them to management in a timely manner. Management needs to review the financial statements prior to signing the representation letter.
Summarizing Passed Journal Entries
Prior to creating the representation letter, the auditor needs to summarize passed journal entries. Why? You need to attach the passed entries to the representation letter. Audit standards require management to provide a written assertion regarding whether the uncorrected misstatements are material. That wording could, for example, read “the effects of uncorrected misstatements are immaterial.”
Once you summarize the uncorrected misstatements, you as the auditor should consider whether they are material. Review your audit materiality and performance materiality documentation and consider if the passed adjustments are acceptable. If the uncorrected misstatements are material, then an unmodified opinion is not appropriate.
Considering Going Concern
Even in the planning stage, auditors need to think about going concern, especially if financial weaknesses are present. But as you approach the end of the audit, the going concern evaluation should crystallize. Now you have your audit evidence, and it’s time to determine if a going concern opinion is in play. Also, consider whether the going concern disclosures are sufficient. If substantial doubt is present, then the entity should include going concern disclosures (whether doubt is alleviated by management’s plans or not).
And what is substantial doubt? The Financial Accounting Standards Board defines it this way:
Substantial doubt about the entity’s ability to continue as a going concern is considered to exist when aggregate conditions and events indicate that it is probable that the entity will be unable to meet obligations when due within one year of the date that the financial statements are issued or are available to be issued.
So for nongovernmental entities, ask “Is it probable that the company will meet its obligations for one year from the opinion date?” If it is likely that the entity will meet its obligations, then substantial doubt does not exist. If it is not probable that the entity will meet its obligations, then substantial doubt exists.
And what is the period to be considered when assessing going concern? One year from the audit report date unless the entity is a government. If the entity is a government, then the evaluation period is one year from the financial statement date (though this period can be lengthened in certain circumstances).
Who Makes the Evaluations?
The going concern evaluation is one that management makes as it considers whether disclosures are necessary.
Then the auditor considers going concern from an audit perspective. Based on the audit evidence, the auditor could possibly issue a going concern opinion or qualify the opinion if required going concern disclosures are not included in the financial statements.
Creating Final Analytics
Another part of wrapping up is the creation and review of final analytics.
Auditors create planning analytics as a risk assessment procedure. Why? We are looking for risk. So, what is the purpose of final analytics? We are performing analytical procedures, near the end of the audit, to assist in forming an overall conclusion about whether the financial statements are consistent with our understanding of the entity.
What type of analytics should be used? Audit standards don’t specify the particular analytics. Those standards say that a wide variety of procedures can be used, including reading the financial statements. An auditor can also use analytics similar to those used in the planning stage of the engagement. Regardless of the procedures used, they should be documented. So, if you read the financial statements as an analytical procedure, you should say so in a work paper.
I commonly use the same analytics in the close of the audit that I used in the beginning. I want to know that the questions raised in the beginning have been answered by the end of the engagement.
Creating Management Letters
At the conclusion of an audit, you can provide a written management letter.
What should be included in such a letter? It’s up to the auditor, but here are some examples:
- Communication of control weaknesses that are not significant or material
- Recommendations concerning the implementation of new accounting standards
- Efficiency recommendations such as how to process cash receipts
- Warnings regarding cyber attacks and suggestions for preventing them
- Suggestions that may expedite next year’s audit
- Recommendations regarding procurement
- Suggestion for the creation of a code of conduct
- Recommendation that an accounting manual be created
- Suggestion to use excess cash to pay off high-interest rate leases
- Suggestion to create a more robust IT change management process
Significant internal control deficiencies and material weaknesses must be reported in writing. Other control weaknesses (those not significant or material) can be communicated in writing or orally. If such weaknesses are orally communicated, then they must be documented in some manner such as in a work paper. Alternatively, the control weaknesses can be included in a management letter.
If a management letter is provided, consider providing a draft to the client prior to issuance. Doing so will allow you to avoid the embarrassment of making inaccurate or inappropriate suggestions. Also, the auditor, if desired, can include client responses (e.g., the status of implementation) in the management letter.
Communicating Control Deficiencies
Audit standards require that significant control deficiencies and material weaknesses be reported in writing to management and to those charged with governance. As we saw in the previous section, control weaknesses that are not significant or material are normally communicated in the management letter. Significant deficiencies and material weaknesses are defined as follows:
- Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
- Material weakness. A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
Control deficiencies are often noted during the risk assessment procedures, particularly when walkthroughs are performed. They may also be noted as audit journal entries are created, especially when material adjustments are made. It is best to capture control weaknesses as they are noted. Otherwise, you may forget your notice of them. Also, if control weaknesses are material, you may desire to communicate them to management as they are discovered.
As recommended for the management letter, a draft of this internal control report should be provided to management prior to final issuance to avoid potential misunderstandings. Management can better assess the correctness of a control weakness communication once they see it in black and white. If there’s a disagreement between management and the auditor, it’s best to clear the issue prior to final issuance of the internal control weaknesses letter.
Wrapping Up Audits
Now you have an overview of how to wrap up your audits. You may have thought while reading the above, “How does an auditor make all of this happen at the appropriate time?” Sound project management.
While this article covers wrapping up audits from a professional standards perspective, you’ll find additional insights into managing your engagements by reading my Basecamp post. What is Basecamp? It’s a cloud-based project management application. As you can see in the above wrap-up article, there are a lot of moving parts. So, use of sound project management software and procedures can significantly increase your efficiency.
You’ll also find my twin brother’s article How to Identify and Manage Audit Stakeholders helpful.
Continuing Audit Series
This post is a part of my continuing audit series titled The Why and How of Auditing: A Blog Series About Basics. I have covered the planning and substantive parts of audits in earlier posts. To see an overview of the blog series, click here.
Learn from the CPA Scribo newsletter!
Get my free weekly accounting and auditing digest with the latest content.