Search Results for: Lowdown

SAS 143
Feb 18

SAS 143, Auditing Accounting Estimates

By Charles Hall | Auditing

In this article, I explain SAS 143, Auditing Accounting Estimates and Related Disclosuresa new audit standard applicable for periods ending on or after December 15, 2023.   

We'll look at the objectives of SAS 143, auditor responsibilities (including risk assessment and responses), the nature of estimates, documentation requirements, and overall evaluation of your work to ensure appropriateness and completeness. 

Auditing estimates

Estimate Examples

To get us started, here are a few examples of estimates:

So, what is an accounting estimate? It's a monetary amount for which the measurement is subject to estimation uncertainty. Of course, you need to consider the financial reporting framework as you think about the estimate. For example, an estimate might be significantly different when using GAAP versus a regulatory basis. 

But what is estimation uncertainty? It's the susceptibility of an estimate to an inherent lack of precision in measurement. In layperson's terms, it's an estimate that is hard to pin down.

SAS 143 Objectives

The objective of SAS 143 is to see if the accounting estimate and related disclosures are reasonable by obtaining sufficient appropriate audit evidence. 

Nature of Estimates

Some estimates are simple, while others are difficult. For example, estimating the economic life of a vehicle is straightforward, but computing an allowance for uncollectible receivables might be complex.

But even one type of estimate, such as an allowance for uncollectible, can vary in complexity. For example, the allowance computation for uncollectible receivables is usually more complex for a healthcare entity (e.g., more payor types) than for a small business. Why? Because it is more complex and more challenging to determine. Therefore, the estimation uncertainty for a healthcare entity (with many payor types) is higher than that of a small business with one type of customer. Additionally, the volume of transactions could be higher for a healthcare entity versus a small business. 

Estimation Uncertainty

So, the inherent subjectivity of an estimate creates estimation uncertainty. 

Consider estimation uncertainty in this manner: ask twenty people to compute the allowance for a hospital and then ask them to do the same for the small business's uncollectible estimate. How much variation would you expect? Yes, much more for the hospital because the inherent risk is higher. 

SAS 143 tells us to increase our risk assessment procedures and further audit procedures as the estimation uncertainty increases. We perform more risk assessment work concerning the hospital's allowance than that of the small business. Moreover, we complete more extensive further audit procedures for the hospital's allowance than for the small business's estimate. 

More risk, more work. 

To understand SAS 143, we need to know the underlying concepts.

SAS 143 Concepts

SAS 143

Relevant Assertions

You need to assess the risk of material misstatement at the relevant assertion level. Further, you are required to assess inherent risk and control risk separately. And as you assess inherent risk, you might encounter significant risks. 

The Spectrum of Inherent Risk

Usually, a hospital's valuation assertion related to receivables is relevant, and the inherent risk is often high due to its subjectivity, complexity, and volume of transactions (i.e., inherent risk factors). Therefore, the valuation assertion's risk might fall toward the end of the spectrum of inherent risk. On a ten-point scale, we might assess the inherent risk as a nine or a ten. And if we do, it is a significant risk, affecting our professional skepticism.

Professional Skepticism and Estimates

Our professional skepticism increases as the estimation uncertainty rises (or at least, it should). Why? The potential for management bias may be present since it's easier to manipulate complex estimates. And complexity can be a smokescreen to hide bias, increasing the need for internal controls.

Estimate Controls

As estimates become more complex, entities increase internal controls (or at least, they should). And consequently, auditors need to evaluate the design and implementation of those controls. Additionally, auditors must determine whether they will test the controls for effectiveness. 

Another SAS 143 concept is the reasonableness of the estimate.

Reasonableness of Estimates

For an estimate to be reasonable, the applicable financial reporting framework must be its basis. Additionally, management should consider the facts and circumstances of the entity and the related transactions. In creating a reasonable estimate, management will often use the following:

  • A method
  • Certain assumptions
  • Data

Let's consider these elements using the allowance for uncollectible receivables. 

First, management considers the financial reporting framework. If the entity uses GAAP, it makes sense to create the estimate. No allowance is necessary if the cash basis of accounting is in use. In this example, we'll assume the company is using GAAP.

Estimate Method

In computing an allowance for uncollectible, an entity might calculate the estimate as a total of the following:

  • 20% of receivables outstanding for more than 60 days
  • 60% of receivables outstanding for more than 90 days
  • 90% of receivables outstanding for more than 120 days

Estimate Assumptions

And what assumptions might management consider? Bad debt percentages have stayed the same over time. The company needs to increase the percentages if collectible amounts erode. 

Estimate Data

Finally, consider the allowance data. In this example, it would typically be an aged receivable listing. Such a listing breaks receivables into aging categories (e.g., 0 to 30 days; 31 to 60 days; etc.). Such data should be consistent. Suppose the company purchases new software that computes the aged amounts differently using different data than previously. If this occurs, management and the auditors need to consider the reasonableness of the new data. 

Is the Estimate Reasonable?

Most importantly, estimates need to make sense (to be reasonable) in light of the circumstances. While consistent methods, assumptions, and data are desirable, change, such as a slowdown in the economy, can require new ways of computing estimates.

One more concept is that of management's point estimate and disclosure.

Management's Point Estimate and Disclosure

The auditor will examine management's point estimate and the related disclosures to see if they are reasonable. How? Review the estimate's development (how was it computed?) and the nature, extent, and sources of estimation uncertainty. 

If circumstances are similar to the prior year, then the estimate's method, assumptions, and data will typically be similar. Likewise, the disclosure will be much like the preceding period. 

But if, for example, the economy slows significantly, the percentages applied to the aged receivable categories (see above) may need to increase so that the allowance for uncollectible is higher. The auditor might question the estimate if management did not raise these percentages. 

The company should disclose how the estimate is created and the nature, extent, and sources of estimation uncertainty. 

Now, let's see what the SAS 143 requirements are.

SAS 143 Requirements

SAS 143

The requirements for estimates are conceptually the same as in any area. The auditor does the following:

  • Perform risk assessment procedures
  • Identify and assess the risk of material misstatement
  • Develop responses to the identified risks and carry those out

1. Perform Risk Assessment Procedures for Estimates

As you consider the entity and its environment, consider the following:

  • Transactions and other events that give rise to the need for estimates and changes in estimates
  • The applicable financial reporting framework as it relates to estimates
  • Regulatory factors affecting estimates, if any
  • The nature of estimates and related disclosures

Next, as you consider internal control, ask about the following:

  • Nature and extent of estimate oversight (who oversees the estimate? how often is the estimate being reviewed?)
  • How does management identify the need for specialized skills or knowledge concerning the estimate?
  • How do the entity's risk assessment protocols identify and address risks related to estimates?
  • What are the classes of transactions, events, and conditions giving rise to estimates and related disclosures?
  • How does management identify the estimate's methods, assumptions, and data sources?
  • Regarding the degree of estimation uncertainty, how does management determine the range of potential measurement outcomes?
  • How does management address the estimation uncertainty, including a point estimate and related disclosures?
  • What are the control activities relevant to the estimate? (e.g., second-person review of the computation)
  • Does management review prior estimates and the outcome of those estimates? How does management respond to that review?

Additionally, the auditor reviews the outcome of prior estimates for potential management bias

If there are any significant risks (inherent risk falling toward the end of the spectrum of risk), the auditor should understand the related controls and, after that, see if they are designed appropriately and implemented. 

And finally, the auditor considers if specialized skills or knowledge are needed to perform risk assessment procedures related to estimates. 

Of course, after you do your risk assessment work, it's time to assess the risk.

2. Identify and Assess the Risk of Material Misstatement

SAS 143, as we have already seen, requires a separate assessment of inherent risk and control risk for each relevant assertion.

In assessing inherent risk, the auditor will consider risk factors such as complexity, subjectivity, and change. It's also important to consider the estimate method and the data used in computing management's point estimate. 

Some estimates represent significant risks. So, for example, if the computation of warranty liability is complex or has a high degree of estimation uncertainty, then identify the liability as a significant risk since the valuation assertion is high risk (toward the upper end of the spectrum of inherent risk).

Auditing estimates

3. Responses to Assessed Risk of Material Misstatement

Once the assessment of risk is complete, you are in a position to create responses. As usual, document linkage from the risk level to the planned procedures. Higher risk calls for more extensive actions. 

If, for example, the auditor identifies an estimate as a significant risk, go beyond basic techniques (i.e., more than a basic audit program). 

Additionally, base those responses on the reasons for the assessments. In other words, create audit procedures based on the nature of the risk. Performing more procedures unrelated to the identified risk is of no help. 

Three Responses to Risks Related to Estimates

The audit procedures need to include one or more of the following three steps:

  1. Obtain audit evidence from events occurring up to the date of the auditor's report
  2. Test how management made the accounting estimate by reviewing the following: 
    • Methods in light of: 
      • Reporting framework
      • Potential management bias
      • The estimation computation (is it mathematically correct?)
      • Use of complex modeling, if applicable
      • Maintenance of the assumptions and data integrity (does this information have integrity?)
    • Assumptions; address the following: 
      • Whether the assumptions are appropriate
      • Whether the judgments made in selecting the assumptions give rise to potential bias
      • Whether assumptions are consistent with each other
      • When applicable, whether management has the intent and ability to carry out specific courses of action
    • Data; address the following: 
      • Whether the data is appropriate
      • Whether judgments made in selecting the data give rise to management bias
      • Whether the data is relevant and reliable
      • Whether management appropriately understands and interprets the data
    • Management's point estimate and related disclosure; address the following: 
      • How management understands estimation uncertainty
      • See if management took appropriate steps in developing the point estimate and related disclosure
      • If the auditor believes management has not sufficiently addressed estimation uncertainty, the following should occur: 
        • Request management perform additional procedures to understand the estimation uncertainty; consider disclosing more information about the estimation uncertainty
        • Develop an auditor's point estimate or range if management's response to the auditor's request in the prior step is not sufficient
        • Evaluate whether an internal control deficiency exists
  3. Develop an auditor's point estimate or range; do the following: 
    • Include procedures to evaluate whether methods, assumptions, or data are appropriate
    • When the auditor develops a range,  
      • Determine whether the range includes only amounts supported by sufficient audit evidence and are reasonable in the context of the reporting framework
      • Review disclosures related to estimation uncertainty, design and perform procedures regarding the risk of material misstatement (i.e., determine if the disclosure provides sufficient information regarding estimation uncertainty)

Once you complete your audit work related to estimates, evaluate what you've done. 

Overall Evaluation of Estimate Work

SAS 143

Evaluate the sufficiency of your estimate work by considering the following:

  • Are the risk assessments at the relevant assertion level still appropriate?
  • Do management's decisions regarding recognition, measurement, presentation, and disclosure of the estimates agree with the financial reporting framework? 
  • Has sufficient appropriate evidential matter been obtained?
  • If evidence is lacking, consider the impact on the audit opinion
  • Has management included disclosures beyond those required by the financial reporting framework when needed for fair presentation?

Here are some additional considerations in determining if your work is complete.

Documentation of Estimate Work

SAS 143 says that the auditor's documentation should include the following:

  • The auditor's understanding of the entity and its environment, including internal controls related to estimates
  • Linkage of further audit procedures with the risks of material misstatement at the assertion level
  • Auditor's responses when management has not taken appropriate steps to understand and address estimation uncertainty
  • Indicators of possible management bias related to estimates
  • Significant judgments related to estimates and related disclosures in light of the reporting framework

Governance Communication Regarding Estimates

Finally, consider whether you should communicate estimate matters to those charged with governance, especially if a high estimation uncertainty is present. 

SAS 143 Summary

While SAS 143 requires that auditors understand the estimation process and then perform procedures to ensure the reasonableness of the numbers and disclosures, there's nothing unusual about this. We gain an understanding of the estimates, assess the risk, and create responses. 

Many estimates, such as plant, property, and equipment depreciation, are simple. In those areas, there's little to do. But as always, our risk assessment and responses will increase as complexity and uncertainty increase. 

You may also be interested in my article titled SAS 145: New Risk Assessment Standard.

ASU 2016-01
Feb 14

ASU 2016-01 – Accounting for Equity Securities

By Charles Hall | Accounting

Are you aware of the coming changes in accounting for equity securities with ASU 2016-01?

In the past, FASB required that changes in the fair value of available-for-sale equity investments be parked in accumulated other comprehensive income (an equity account) until realized--that is, until the equity investment was sold. In other words, the unrealized gains and losses of equity investments were not recognized in net income until the investments were sold. This is about to change.

Changes in equity investments will generally be reflected in net income as they occur--even before the equity investments are sold. 

The guidance for classifying and measuring investments in debt securities is unchanged.

ASU 2016-01

Changes in Accounting for Equity Securities - ASU 2016-01

First, ASU 2016-01 removes the current guidance regarding classification of equity securities into different categories (i.e., trading or available-for-sale)

Secondly, the new standard requires that equity investments  generally be measured at fair value with changes in fair value recognized in net income (see exceptions below). Companies will no longer recognize changes in the value of available-for-sale equity investments in other comprehensive income (as we have in the past).

Exceptions

ASU 2016-01 generally requires that equity investments be measured at fair value with changes in fair value recognized in net income. There are some equity investments that are not treated in this manner such as equity method investments and those that result in consolidation of the investee.

Is the accounting for equity investments without readily determinable fair values different? It can be.

Equity Investments without Readily Determinable Fair Values

An entity may choose to measure equity investments that do not have readily determinable fair values at cost minus impairment.  This election should be documented at the time of adoption (for existing securities) or at the time of purchase for securities acquired subsequent to the date of adoption. The alternative can be elected on an investment-by-investment basis.

Why make the election to measure equity investments that do not have readily determinable fair values at cost minus impairment? Because of the difficulty of determining the fair value of such investments. This election will probably be used by entities that previously carried investments at cost. 

ASU 2016-01 requires that equity investments without readily determinable fair values undergo a one-step qualitative assessment to identify impairment (similar to what we do with long-lived assets and goodwill). 

At each reporting period, an entity that holds an equity security shall make a qualitative assessment considering impairment indicators to evaluate whether the investment is impaired. Impairment indicators that an entity considers include, but are not limited to, the following:

  • A significant deterioration in the earnings performance, credit rating, asset quality, or business prospects of the investee
  • A significant adverse change in the regulatory, economic, or technological environment of the investee
  • A significant adverse change in the general market condition of either the geographical area or the industry in which the investee operates
  • A bona fide offer to purchase, an offer by the investee to sell, or a completed auction process for the same or similar investment for an amount less than the carrying amount of that investment
  • Factors that raise significant concerns about the investee’s ability to continue as a going concern, such as negative cash flows from operations, working capital deficiencies, or noncompliance with statutory capital requirements or debt covenants.

So what happens if there is an impairment?

The FASB Codification (321-10-35-3) states the investment shall be written down to its fair value if a qualitative assessment indicates that the investment is impaired and the fair value of the investment is less than its carrying value.

How is the impairment reflected in the income statement?

If an equity security without a readily determinable fair value is impaired, the entity should include the impairment loss in net income equal to the difference between the fair value of the investment and its carrying amount.

Presentation of Financial Instruments

Entities are to present their financial assets and liabilities separately in the balance sheet or in the notes to the financial statements. This disaggregated information is to be presented by:

  • Measurement category (i.e., cost, fair value-net income, and fair value-OCI
  • Form of financial asset (i.e., securities or loans and receivables)

So, financial assets measured at fair value through net income are to be presented separately from assets measured at fair value through other comprehensive income.

Debt Securities Accounting 

U.S. GAAP for classification and measurement of debt securities remains the same. Show unrealized holding gains and losses on available-for-sale debt securities in other comprehensive income.

Disclosure Eliminated - Financial Instruments Measured at Amortized Cost

ASU 2016-01 removes a prior disclosure requirement. In the past, entities disclosed the fair value of financial instruments measured at amortized cost. Examples include notes receivables, notes payable, and debt securities. ASU 2016-01 removes this disclosure requirement for entities that are not public business entities

Effective Dates for ASU 2016-01

ASU 2016-01 says the following concerning effective dates:

For public business entities, the amendments in this Update are effective for fiscal years beginning after December 15, 2017, including interim periods within those fiscal years.

For all other entities including not-for-profit entities and employee benefit plans within the scope of Topics 960 through 965 on plan accounting, the amendments in this Update are effective for fiscal years beginning after December 15, 2018, and interim periods within fiscal years beginning after December 15, 2019. All entities that are not public business entities may adopt the amendments in this Update earlier as of the fiscal years beginning after December 15, 2017, including interim periods within those fiscal years.

Also, the provision exempting nonpublic entities from the requirement to disclose fair values of financial instruments can be early adopted.

Initial Accounting for ASU 2016-01

An entity should apply the ASU 2016-01 amendments by means of a cumulative-effect adjustment to the balance sheet as of the beginning of the fiscal year of adoption.

The amendments related to equity securities without readily determinable fair values (including disclosure requirements) should be applied prospectively to equity investments that exist as of the date of adoption of ASU 2016-01.

Yellow Book Independence
Feb 02

Threats to Yellow Book Independence

By Charles Hall | Auditing , Local Governments

Yellow Book independence is a big deal. And if you prepare financial statements in a Yellow Book audit, you need to be aware of the independence rules. Below I tell you how to maintain your independence—and stay out of hot water,

Yellow Book Independence

Yellow Book Independence Impairment in Peer Review

Suppose that--during your peer review--it is determined your firm lacks independence in regard to a Yellow Book engagement.

What could happen? Well, I can't say for sure, but I think it would be nasty. At a minimum, you would probably receive a finding for further consideration. The engagement is definitely nonconforming (not conforming to professional standards).

Then, you'd need to provide a response--explaining what you intend to do about the lack of independence. And this could get very interesting. Not where you want to be.

Preparation of Financial Statements is a Significant Threat

If you prepare financial statements (a nonattest service) for your audit client, you have a significant threat. Why? You are auditing something (the financial statements) that you created. There is a self-review threat. 

When there is a significant threat, you must use a safeguard (to lessen the threat). Such as? A second partner review. So, for example, you might have a second audit partner (someone not involved in the audit) review the financial statements. Since the second partner did not create the financial statement, the self-review threat is mitigated.

Notice the safeguard (the second partner review) is something the audit firm does--and not an action of the audit client. Therefore, it qualifies as a safeguard.

2018 Yellow Book

The 2018 Yellow Book states the following in paragraph 3.88:

Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors' independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level...or decline to provide the services. 

But My Client has Sufficient SKE

You've heard your audit client must have sufficient skill, knowledge and experience (SKE) and that they must oversee and assume responsibility for nonattest services. This is true and is always required when nonattest services are provided to an audit client. 

Even so, the client's SKE does not address the self-review threat

Think of the SKE issue as a minimum requirement. Do not pass "go" if the client does not assign someone (with SKE) to oversee the nonattest service. You are not independent. End of discussion. (If the client does not have sufficient SKE, see section below titled Inadequate Skill, Knowledge, and Experience.)

SKE is not a safeguard

The January AICPA Reviewer Alert distinguishes the SKE requirement from safeguards saying, "Client SKE should not be viewed as a safeguard, but rather a mandatory condition before performing any nonaudit services."

Once the client SKE issue is dealt with, consider if auditor safeguards are necessary. Why? A self-review threat may be present. 

The AICPA (in its AICPA Yellow Book Practice aid) provides examples of safeguards (again, these are actions of the audit firm) including:

  • Obtaining secondary reviews of the nonaudit services by professional personnel who were not involved in planning or supervising the audit engagement.
  • Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team.

See Appendix E of the AICPA Yellow Book Practice Aid for additional examples of safeguards and how to apply them.

Independence Documentation is Required

The Yellow Book requires that your independence be documented. If it is not, a violation of professional standards exists. 

So, document the SKE of the client and the safeguards used to address significant threats. Also, document which nonattest services are signficiant threats. Peer reviewers focus on Independence documentation.

Document Significant Threats

The January 2019 Reviewer Alert (an AICPA newsletter provided to peer reviewers) provides a scenario where an audit firm performs a Yellow Book audit and prepares financial statements. Then the firm has an engagement quality control review (EQCR) performed, but it does not identify the preparation of financial statements as a significant threat. The newsletter states "the engagement would ordinarily be deemed nonconforming for failure to document identification of a significant threat." So, even if a safeguard (e.g., a second partner review) is in use, the lack of documentation makes the engagement nonconforming.

Judging Client's SKE

Here are examples of client personnel that might be available to oversee the financial statements preparation service:
  1. A 15 year mayor who is a businessman, no accounting education, no formal training in reading governmental financial statements. He understands the fund level statements but can't grasp the reconciliation between the government-wide financial statements and the fund level financial statements.
  2. Second year finance director with no prior accounting experience, graduated from a two year college with a degree in general business.
  3. Finance director with 25 years experience and is a CPA and a member of GFOA. She trains others in governmental accounting.
  4. Finance director with a high school education but has extensive governmental accounting training from the Carl Vinson Institute. He has the ability to create the financial statements from scratch.

As you can see, the Yellow Book independence assessment will sometimes be black and white, but other times, not so. Regardless, the audit client has to have someone with sufficient skill, knowledge and experience to oversee the financial statements preparation. Why? The auditor can't assume responsibility for the statements. This is a management responsibility.

Management Responsibilities

The 2018 Yellow Book (paragraph 3.75) says the following about management responsibilities:

In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonaudit services provided, or is unwilling to perform such functions because of lack of time or desire), auditors should concluded that the provisions of these services is an impairment to independence.

Additionally, paragraph 3.73 of the Yellow Book states:

Auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them.

If the government has no one with sufficient SKE, then the external auditor is not independent and can't perform the audit.

So, is there another option when the client does not have sufficient SKE?

Inadequate Skill, Knowledge, and Experience

If the auditor can't get comfortable with the client's SKE (e.g., the client's ability to review the financial statements and assume responsibility), what can be done? The audited entity can hire someone with sufficient SKE. For example, the entity could contract with a CPA not affiliated with the external audit firm to review the financial statements on their behalf.

Many smaller governments need to contract with an outside person in order to have sufficient SKE. The problem, however, is they may not have the funds to do so. If you as the auditor make this suggestion, be prepared for this question: "Isn't this why I hired you?" Regardless, the client has to have sufficient SKE before the auditor can issue an opinion. 

In Summary

Here's the lowdown to protect your firm:

  1. Document the nonattest services you are to perform
  2. Document the client person that will oversee and assume responsibility for the nonattest service
  3. Document the SKE of the designated person
  4. Consider whether any nonattest services are significant threats 
  5. Document which, if any, nonattest services are significant threats
  6. Use (and document) a safeguard to address each significant threat (examples of safeguards include an EQCR or a second-partner review)

Looking for a tool to document Yellow Book independence? Consider the AICPA's practice aid. Here is the free PDF version. You can also purchase the fillable version here. (Cost is $39 for AICPA members.) This is the 2011 Yellow Book aid. I am thinking the AICPA will create a 2018 Yellow Book version as well. 

>