All Posts by Charles Hall

Follow

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.

Audit lessons from a brain tumor
Jan 24

Audit Lessons from a Brain Tumor

By Charles Hall | Auditing

I said to my wife, “Am I driving straight?” I felt as if I was weaving, not quite in control. I felt dizzy and heard clicking noises in my ears.

The mystery only increased over the next two years as I visited three different doctors. They stuck, prodded, and probed me–but no solution.

Frustrating.

Doctor Looking at Head Xray on blue

Picture is courtesy of istockphoto.com

Meanwhile, I felt a growing numbness on the right side of my face. So one night I started Googling health websites (the thing they tell you not to do) and came upon this link: Acoustic Neuroma Association. I clicked it. It was like reading my diary. It couldn’t be. A brain tumor.

The next day I handed my doctor the acoustic neuroma information and said, “I think this is what I have. I want a brain scan.”

Two days after the scan, while on the golf course, I received the doctor’s call: “Mr. Hall, you were right. You have a 2.3-centimeter brain tumor.” (I sent him a bill for my diagnosis but he never paid–just kidding.) My golfing buddies gathered around and prayed for me on the 17th green, and I went home to break the news to my wife. I had two children, two and four at the time. I was concerned.

Shortly after that, I was in a surgeon’s office in Atlanta. The doctor said they’d do a ten-hour operation; there was a 40% chance of paralysis and a 5% chance of death. The tumor was too large for radiation–or so I was told.

I didn’t like the odds, so I prayed more and went back to the Internet. There I located Dr. Jeffrey Williams at Johns Hopkins Hospital in Baltimore. I emailed the good doctor, telling him of the tumor’s size. His response: “I radiate tumors this size every day.” He was a pioneer in fractionated stereotactic radiation, one of the few physicians in the world using this procedure (at the time).

A few days later, I’m lying on an operating table in Baltimore with my head bolted down, ready for radiation. They bolt you down to ensure the cooking of the tumor (and not the brain). Fun, you should try it. Four more times I visited the table. Each time everyone left the room–a sure sign you should not try this at home.

Each day I laid there silently, talking to God and trusting Him.

Three weeks later I returned to work. Twenty years later, I have had two sick days.

I’ve watched my children grow up. They are twenty-four and twenty-six now–both finished college. My wife is still by my side, and I’m thankful for each day.

Cades Cove, Tennessee with my wife

So what does a brain tumor story tell us about audits? (You may, at this point, be thinking: they did cook the wrong part.)

Audit Lessons Learned from a Brain Tumor

1. Pay Attention to Signs

It’s easy to overlook the obvious. Maybe we don’t want to see a red flag (I didn’t want to believe I had a tumor). It might slow us down. But an audit is not purely about finishing and billing. It’s about gathering proper evidential matter to support the opinion. To do less is delinquent and dangerous.

2. Seek Alternatives

If you can’t gain appropriate audit evidence one way, seek another. Don’t simply push forward, using the same procedures year after year. The doctor in Atlanta was a surgeon, so his solution was surgery. His answer was based on his tools, his normal procedures. If you’ve always used a hammer, try a wrench.

3. Seek Counsel

If one answer doesn’t ring true, see what someone else thinks, maybe even someone outside your firm. Obviously, you need to make sure your engagement partner agrees (about seeking outside guidance), but if he or she does, go for it. I often contact the Center for Plain English AccountingI find them helpful and knowledgeable. I also have relationships with other professionals, so I call friends and ask their opinions–and they call me. Check your pride at the door. I’d rather look dumb and be right than to look smart and be wrong.

4. Embrace Change

Fractionated stereotactic radiation was new. Dr. Williams was a pioneer in the technique. The only way your audit processes will get better is to try new techniques: paperless software (we use Caseware), data mining (we use IDEA), real fraud inquiries (I use ACFE techniques), electronic bank confirmations (I use Confirmation.com), project management software (I use Basecamp). If you are still pushing a Pentel on a four-column, it’s time to change.

Postscript

Finally, remember that work is important, but life itself is the best gift. Be thankful for each moment, each hour, each day.

Jan 12

Five Books to Read in 2020

By Charles Hall | Accounting and Auditing

Are you looking for books to read in 2020? Here are a five suggestions. Each will make you a better CPA—and person.

five books to read in 2020

Digital Minimalism – Want to stop wasting time on Facebook, Twitter, LinkedIn and other social media platforms? Read this book. Full of helpful tips to help you regain your life.

Ultralearning – This book provides practical steps to increase your ability to learn new skills and rapidly gain knowledge. Lifetime learning is a necessary skill for CPAs.

The Bullet Journal Method – Bullet journaling is a blend of planning, journaling and project management. I have read dozens on time management books. This is one of the most interesting. All you need is a blank notebook, and you can plan your days, weeks, months and years.

The Coaching Habit – Do you want to make your employees better? Do so with questions, not answers. This short read is chock full of simple but effective questions to ask those who work for you. 

Essentialism – Are you trying to master too many things? So many that you aren’t effective in any. Greg McKeown’s book will help you focus on the important and forget the rest. This book is a classic.

SSAE 19
Jan 11

SSAE 19: Agreed-Upon Procedures Engagements

By Charles Hall | Auditing

On December 19, 2019, the AICPA released SSAE 19, Agreed-Upon Procedures Engagements. This is one of those standards that you'll want to implement early. Why? Greater flexibility. 

Greater AUP Flexibility

CPAs will find the new agreed-upon procedures (AUP) standard (SSAE 19) more flexible that the preceding guidance (SSAE 18 AT-C section 215).

How is it more flexible?

  • You no longer request an assertion from the responsible party
  • You can issue general-use reports 
  • Intended users are not required to take responsibility for the sufficiency of the procedures
  • You can develop or assist in developing the procedures over the course of the engagement

And which of these do I like the best? No requirement for assertions.

Additionally, I like the option to develop AUP procedures as the engagement progresses. In the past, the client might review the draft AUP report (at the end of the engagement) and realize it doesn't meet their needs. Sometimes it's better for practitioners to develop procedures as they perform the AUP. SSAE 19 allows you to do just that.

So, if you develop new procedures, what must you do? Prior to issuance of the AUP report, obtain the engaging party's agreement regarding the procedures. Moreover, obtain their acknowledgement that the procedures are appropriate and that they satisfy the intended purpose of the engagement. In effect, the client reviews the procedures, agrees with them, and expresses satisfaction.

Definition of an Agreed-Upon Procedures Engagement

SSAE 19 defines an agreed-upon procedures engagement as "an attestation engagement in which a practitioner performs specific procedures on subject matter and reports the findings without providing an opinion or conclusion. The subject matter may be financial or nonfinancial information." The standard goes on to say "Because the needs of engaging party may vary widely, the nature, timing, and extend of the procedures may vary, as well."

SSAE 19

Now, let's see what the AUP objectives are.

SSAE 19 Objectives

The objectives of an SSAE 19 engagement include:

  • Applying specific procedures to subject matter
  • Issuing a written practitioner's report that describes the procedures applied and the findings

Next, let's look at the structure of an AUP report.

AUP Report Structure

The structure of the AUP report should be as follows:

  • Procedures
  • Findings

So, the CPA should state what was done and then provide the findings (results). The procedures and findings are placed in the body of the AUP report. 

The description of the procedures should be simple and clear.

Good AUP Procedure and Finding

Here's an example of a good AUP procedure and finding:

Procedure - We obtained the January 2020 check register and the January operating bank account statement. We compared check numbers 2850, 2892, 2933, 2935, 2972 to cleared checks agreeing the payee and the amount. 

Findings - No exceptions were noted.

Now, let's look at a poor example:

Poor AUP Procedure and Finding

Procedure - We scanned the company's 2020 bank statements and talked with the CFO. The books seemed to be in order with the exception of July errors.

Finding - Overall, the check disbursements appear to be okay after our general review.

In this poor example, we see general words or statements. What does the word scanned mean? How about seemed to be in order ? Additionally, the finding is vague: okay after our general review.

SSAE 19 provides examples of acceptable and unacceptable wording.

Acceptable and Unacceptable AUP Wording

SSAE 19 calls the practitioner to clearly define procedures. Moreover, the standard states that practitioners should not perform procedures that are open to varying interpretations or that are vague. 

Unacceptable Terms

.A27 of the standard even provides examples of unacceptable AUP terms such as:

  • General review
  • Evaluate
  • Examine

Acceptable Terms

.A27 also provides examples of acceptable AUP terms such as:

  • Inspect
  • Compare
  • Agree
  • Recalculate

In addition to proper wording, document your engagement in accordance with SSAE 19.

AUP Documentation

SSAE 19 calls for the following documentation:

  • Written agreement with the engaging party regarding the appropriateness of the procedures performed for the intended purpose of the engagement
  • The nature, timing, and extent or procedures performed
  • The results of the procedures

You'll also need a written engagement letter (see paragraph .15 of SSAE 19 for an example) and a representation letter (see paragraph .27 of SSAE 19 for an example).

So what about dating the representation letter? The representation letter date should be the date of the AUP report. Additionally, the representation letter should address the subject matter and periods covered by the practitioner's findings.

By now you may be thinking, "Where can I find AUP report examples?"

SSAE 19 Illustrative AUP Report

SSAE 19 provides four illustrative AUP reports in its exhibit (see .A78). 

The four example AUP reports relate to:

  1. Statement of investment performance statistics
  2. Cash and accounts receivable
  3. Claims of creditors
  4. Procedures specified in regulation

If you're looking for a template to follow, see example 2. Why? The cash and accounts receivable procedures and findings are excellent. Build procedures and findings like these and you'll be in good shape.

I suggest you download SSAE 19 and keep these reports handy.

So, what about independence? Is that required?

Attestation Independence

The practitioner has to be independent in order to perform an AUP.  

One exception exists when the practitioner "is required by law or regulation to accept an agreed-upon procedures engagement and report on the procedures performed and findings obtained."

SSAE 19 Effective Date

The effective date of SSAE 19 is for AUP reports dated on or after July 15, 2021.

Early implementation is permitted.

sum of selected cells
Dec 26

Excel: The Sum of Selected Cells Saves Time

By Charles Hall | Technology

Are you using Excel’s sum of selected cells feature? You should be.

CPAs love their ten-keys.

But a roll of adding machine tape on the floor does not mean I’m efficient. The sum of selected cells feature in Excel saves time and increases accuracy. Here’s how.

 

Now, isn’t that better than using a ten-key? Notice also that Excel provides you with a count, the number of items in the selected cells. Additionally, you can see the average as well. All at the bottom right-hand corner of your spreadsheet. 

AR-C 90 review engagements
Dec 25

AR-C 90: How to Perform Review Engagements

By Charles Hall | Preparation, Compilation & Review

Review engagements provide limited assurance using AR-C 90, Review of Financial Statements. And these engagements can be done with much less effort than audits.

So, what are the requirements of a review engagement? When might a review be preferable to an audit? Must the CPA be independent? Can the CPA prepare the financial statements and perform the review engagement? Can a special purpose reporting framework be used? Who might desire a review report (rather than an audit or a compilation report)?

I'll answer these questions below, but, first here's a quick video introduction to the post.

Review Engagement Guidance

The guidance for reviews can be found in AR-C 90, Review of Financial Statements. AR-C 90 is part of  the AICPA's Statements on Standards for Accounting and Reporting Services (SSARS)..

Though this article is long, it's not intended to be comprehensive. It's an overview.

Applicability of AR-C 90

You should perform a review engagement when engaged to do so. If your client asks for this service and you accept, you are engaged.

A review engagement letter should be prepared and signed by the accountant or the accountant’s firm and management or those charged with governance. See engagement letter guidance below.

AR-C 90 Objectives

The objective of the accountant in a review engagement is to provide limited assurance regarding the financial statements. Other historical information such as supplementary information can also be included.

So how does an accountant perform a review engagement? Primarily with inquiries and analytics.

So, how does the limited assurance in a review engagement compare with compilations and audits?

In a compilation engagement, no assurance is provided. What procedures are employed in a compilation? Primarily, the accountant reads the financial statements for appropriateness. Why perform a compilation rather than a review? Economy and cost. Since procedures are minimal, it's easier to perform a compilation and less costly to the client.

In an audit, the accountant provides a high level of assurance. The accountant performs procedures beyond inquires and analytics such as confirmations. Audit risk assessment and planning requirements are much more rigorous than that of a review. While audits provide a higher level of assurance, they are more time-consuming. Consequently, the additional time raises the cost for the client. This is why reviews are sometimes performed rather than an audit.

Prior to performing a review engagement, make sure all stakeholders will accept this product. Some lenders might require an audit.

Review Reports

A review report is always required in a review engagement. That report states that no material modifications are necessary for the financial statements to be in accordance with the reporting framework. (See a sample review report below.)

If a departure from the reporting framework is present, an other-matter paragraph is added to the review report. If the effects of the departure are determined, they are disclosed in the report. If not known, the paragraph states that the effects have not been determined.  

Review Financial Statements

The accountant prepares financial statements as directed by management or those charged with governance. The financials should be prepared using an acceptable reporting framework including any of the following:

All of the above bases of accounting, with the exception of GAAP, are referred to as special purpose frameworks. When such a framework is used, a description is required and can be included in:

  • The financial statement titles
  • The notes to the financial statements, or
  • Otherwise on the face of the financial statements

The financial statement should disclose how the special purpose framework differs from generally accepted accounting principles. If, for example, a company uses accelerated depreciation in tax-basis statements, the financial statements should disclose how this method differs from straight-line (the usual GAAP method). 

The review report language changes when a company uses a special purpose reporting framework. See Exhibit C, illustration 3 in AR-90 for a tax-basis review report. 

Which Financial Statements?

Management specifies the financial statements to be prepared. Normally a company desires a balance sheet, an income statement, and a cash flow statement. The accountant can, however, issue just one financial statement (e.g., income statement). 

Who prepares the financial statements? The company or the CPA firm can prepare them.

Can the cash flow statement be omitted? GAAP requires a cash flow statement when a statement of financial condition and an income statement are included. Compilation standards allow for the omission of the GAAP cash flow statement if the omission is noted in the compilation report. Not so in a review engagement. The cash flow statement must be included when GAAP is used.

But is the cash flow statement required when the tax-basis of accounting is used? No, the cash flow statement can be omitted when the financial statements are tax-basis.

Disclosures in Reviewed Financial Statements

What about disclosures? Are they required in a review engagement?

In compilation engagements, disclosures can be omitted. Not so in a review engagement. Full disclosure is required, regardless of the reporting framework..

References to Review Report and Notes

Should a reference to the review report and the notes be included at the bottom of each financial statement page? While not required by the SSARS, it is acceptable to add a reference such as:

  • See Accountant’s Report and accompanying notes
  • See Accountant’s Review Report and accompanying notes, or
  • See Independent Accountant’s Review Report and accompanying notes

Review Engagement Documentation Requirements

The accountant should prepare and retain the following documentation:

  • Engagement letter
  • Financial statements 
  • Accountant’s review report 
  • Communications with management or others regarding fraud or noncompliance with laws or regulations
  • Communications with other accountants that reviewed or audited financial statements of significant components 
  • Emphasis-of-matter or other-matter paragraph communications with management or others
  • The representation letter (see Exhibit B of AR-C 90 for sample wording)

The review documentation should be sufficient to enable an experienced accountant, having no previous connection to the engagement to understand:

  • the nature, timing, and extent of the review procedures,
  • the results of the review procedures and evidence obtained, and
  • significant findings or issues, and the related conclusions and judgments

Review Engagement Letter

AR-C 80

While it is possible for the accountant to perform only a review and not prepare the financial statements, most review engagement letters will state that the following will be performed by the accountant:

  1. Preparation of the financial statements (a nonattest service)
  2. A review engagement (an attest service)

Since a nonattest service and an attest service are being provided, the accountant will add language to the engagement letter describing the client’s responsibility for the nonattest service. 

See illustrative engagement letters in Exhibit A of AR-C 90.

AICPA independence standards require the accountant to consider whether he is independent when the CPA performs an attest service (e.g., review) and a nonattest service (e.g., preparation of financial statements) for the same client. If management does not possess the skill, knowledge, and experience to oversee the preparation of the financial statements and accept responsibility, the accountant may not be independent.

So, must the accountant be independent? Yes, independence is required in review engagements.

AR-C 90 Review Procedures

The accountant should:

  1. Make inquiries,
  2. Perform analytical procedures, and
  3. Perform other procedures, as appropriate

Direct your procedures to areas with increased risks of material misstatement. An understanding of the entity and the industry in which the entity operates will better enable you to identify potential misstatements.

1. Review Inquiries

AR-90.22 provides a series of inquiries that should be made of management and others. Those questions includes matters such as fraud, subsequent events, related party transactions, and litigation. Additionally, once you create your analytical procedures, you may have questions regarding unexpected changes.

2. Review Analytical Procedures

Apply analytical procedures to the numbers. What kind? Well that depends. What numbers are most important? What numbers are most likely to be misstated? What types of analytics illuminate the client's business? Consideration of such factors will lead you to the right analytics.

Here are examples:

  • Comparing the current year financial statement numbers with the prior year
  • Comparing the current year trial balance numbers with the prior year
  • Ratios such as debt/equity or current assets/current liabilities or depreciation/total depreciable assets
  • Computing numbers with nonfinancial information such as the number of units sold times the average price 
  • Comparing quarterly revenues by location

As you can see, judgment is required. Moreover, you need to develop expectations prior to computing the numbers. AR-C 90 states "Develop an expectation of recorded amounts or ratios that is precise enough to provide the accountant with limited assurance that a misstatement will be identified."

Here are the five steps I use:

  1. Develop expectations
  2. Compute the numbers
  3. See if the numbers align with expectations
  4. Follow up with additional inquiries if expectations are not met
  5. Develop a conclusion

I find that many accountants fail to document their expectations. Or if expectations are documented, a second problem occurs: The numbers don't align with the expectation, and there's no documented follow up. If the numbers don't align with expectations, make sure you determine why.

Expectations

One question I often receive is, "How do I develop my expectations?"

It is helpful to have a discussion with management prior to computing your numbers. You want to know, for example, if sales rose during the year or if there were reductions in the workforce. The conversation informs your expectations.

Also, if you've previously worked with the client, you have knowledge regarding the client such as profit margins or debt levels. This prior knowledge informs your expectations.

Finally, you might also read the minutes (if there are any) before computing your numbers.

3. Other Review Procedures

AR-C 90 states that procedures include inquiry, analytics, and other procedures. The third element--other procedures-- is a general category that encompasses reading the financial statements and responding to risks. You might, for example, identify potential misstatements as you perform analytical procedures. If revenues are up 25% but you expect them to be stable, you'll perform additional procedures to see why.

Interestingly (at least to me), AR-C 90.A34 states that you can perform audit procedures in a review engagement. Though your review engagement letter states you are not performing an audit, your review file can include audit procedures. Why would the AICPA provide this latitude? To give you the ability to reach beyond your typical review procedures (inquiry and analytics). You need a basis for the limited assurance you are providing. And in some situations, you may need audit procedures to get you there.

Review Representation Letter

AR-C 90
 
 
 
 

A signed representation letter is required in all review engagements.

The date of the representation letter will agree with the date of the review report. In no event should the date of the representation letter precede the date of the review report. (The accountant is not required to have physical possession of the letter on the date of the review report. But the accountant should have the signed letter prior to releasing the financial statements.)

So, provide the draft of the financial statements to the client in a timely manner so they can review them and assume responsibility. Thereafter, the client can sign the representation letter.

Additionally, the representation letter should cover all financial statements and all periods in the report.

Exhibit B of AR-90 provides a sample representation letter.

Sample Review Report

The following is a sample review report (Exhibit C of AR-C 90 provides six illustrative review reports):

Independent Accountant's Review Report

[Appropriate Addressee]

I (We) have reviewed the accompanying financial statements of XYZ Company, which comprise the balance sheets as of December 31, 20X2 and 20X1, and the related statements of income, changes in stockholders' equity, and cash flows for the years then ended, and the related notes to the financial statements. A review includes primarily applying analytical procedures to management's (owners') financial data and making inquiries of company management (owners). A review is substantially less in scope than an audit, the objective of which is the expression of an opinion regarding the financial statements as a whole. Accordingly, I (we) do not express such an opinion.

Management's Responsibility for the Financial Statements

Management (Owners) is (are) responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement whether due to fraud or error.

Accountant's Responsibility

My (Our) responsibility is to conduct the review engagements in accordance with Statements on Standards for Accounting and Review Services promulgated by the Accounting and Review Services Committee of the AICPA. Those standards require me (us) to perform procedures to obtain limited assurance as a basis for reporting whether I am (we are) aware of any material modifications that should be made to the financial statements for them to be in accordance with accounting principles generally accepted in the United States of America. I (We) believe that the results of my (our) procedures provide a reasonable basis for my (our) conclusion.

Accountant's Conclusion

Based on my (our) reviews, I am (we are) not aware of any material modifications that should be made to the accompanying financial statements in order for them to be in accordance with accounting principles generally accepted in the United States of America.

[Signature of accounting firm or accountant, as appropriate]

[Accountant's city and state]

[Date of the accountant's review report]

Reporting When There are Other Accountants

What are your responsibilities if you are performing the review of a consolidated entity that includes a subsidiary audited or reviewed by another accountant? 

First, obtain and read the subsidiary report.

Second, decide whether to make reference to the other accountants in your review report. If reference is made, AR-C 90.79 states "the accountant should clearly indicate in the accountant's review report that the accountant used the work of other accountants and should include the magnitude of the portion of the financial statements audited or reviewed by the other accountants." See Illustration 6 in Appendix C of AR-C 90 for sample report language. If you refer to the other accountant, you will state that you did not review the subsidiary financial statements.

Third, regardless of whether you decide to make reference to the other accountants, communicate with the other accountants. This communication includes a statement that the other accountants understand the relevant reporting framework and review or auditing standards, as applicable. Advise them that you are including the subsidiary's financials in the consolidation. Additionally, communicate the ethical requirements of the engagement, mainly independence. And finally, advise that you are reviewing matters affecting the intercompany eliminations.

Going Concern in Review Engagements

If the reporting framework requires that management evaluate going concern, then you should perform review procedures in regard to that and other related information. 

If the reporting framework does not require management to evaluate going concern but you become aware of conditions or events that raise substantial doubt about the entity's ability to continue as a going concern, you should perform review procedures such as inquiries about whether the going concern basis of accounting is appropriate. 

See my article titled Going Concern in Compilation and Review Engagements.

Other Historical Information in Review Engagements

In addition to historical financial statements, AR-C 90 may be applied to the following:

  • Specified elements, accounts, or items of a financial statement, including schedules of:
    • Rents
    • Royalties
    • Profit participation, or
    • Income tax provisions
  • Supplementary information
  • Required supplementary information
  • Tax return information

Review Engagements Conclusion

There you have it. Now you know how to perform a review engagement.

The main purpose of a review is to provide limited assurance in regard to the information. Inquiries and analytics are required. A signed representation letter is also required.

If you desire to issue financial statements without a compilation or review report, consider the use of AR-C 70, Preparation of Financial Statements.

If you desire to issue financial statements without a review report, consider using AR-C 80, Compilation Engagements.

The AICPA provides the full text of AR-C 90 online. You can download the PDF if you like. Once you download the document, you can use control-f to find particular words. I find this useful.

For additional SSARS-related articles see:

1 2 3 38
>