All Posts by Charles Hall

Fraud Prevention for Small Governments

By Charles Hall | Fraud , Local Governments

Many small governments suffer losses from theft since they lack a sufficient number of employees to segregate accounting duties. There are, however, steps you can take to protect your resources. In this post, I provide ideas for fraud prevention in small governments.

Most government officials don’t realize that external audits are not designed to detect immaterial fraud (immaterial can be tens of thousands of dollars – sometimes even more). Such officials incorrectly believe that a clean opinion means no fraud is occurring in their locale – this is a mistake. External financial statement opinion audits are not designed to look for fraud at immaterial levels. Even if your government has an external audit, consider implementing fraud prevention procedures.

In a typical small government accounting setting, the city of In Between (as in between two stop lights) (population 1,202) has a mayor and three council members. The city has one bookkeeper (we’ll call him Dale) who orders and receives all purchased items; he writes all checks, reconciles bank statements, and keys all transactions into the accounting system. Dale also receipts all collections and makes all deposits. Mayor Chester signs all checks (vendor and payroll). (In a long-standing tradition, the mayor also graces the city Christmas parade float as Santa Claus.) With so little segregation of duties, what can be done?

The smaller the government, the greater the need for fraud prevention – even if Santa Claus in involved. And yet, these are the governments that most often don’t have the resources–whether the money to pay for outside assistance or employees to segregate duties–to prevent fraud. Here are few ideas for even the smallest of governments.

Low-Cost Fraud Prevention

First, let’s look at low-cost fraud prevention options:

• Have all bank statements mailed directly to Mayor Chester who will open and inspect the bank statement activity before providing the bank statements to Dale; alternatively, provide online access to Mayor Chester who reviews bank statement activity and signs a monthly memo documenting his review
• Once or twice a year, have council members pick two months at random (e.g., May and September) and review key bank statement activity (e.g., the operating and payroll accounts)
• Once or twice a year, have council members randomly select checks (e.g., ten vendor checks and ten payroll checks) and review supporting documentation (e.g., invoices and time sheets)
• Once or twice a year, have the mayor and council review receipt collections and related documentation (e.g., for two days deposits); agree receipts to bank deposits and to the general ledger
• Provide monthly budget to actual reports to mayor and council
• Provide monthly overtime summaries to mayor and council
• Do not allow Dale to sign checks
• Require two signatures on checks above a certain level (e.g., $5,000); have two of the council members (in addition to the mayor) on the bank signature cards; supporting documentation (e.g., invoice) should be provided to check signers for review
• Require Mayor Chester and Dale to authorize any wire transfers
• Have Dale provide the mayor with monthly bank reconciliations; the mayor should document (e.g., initial the reconciliation) his review
• Don’t provide Dale with a credit card
• If Dale is provided a credit card, provide him with one card; use a low maximum credit limit (e.g., $1,000); Dale’s credit card statements should be provided to the mayor when he signs the related check for payment
• Use a centralized receipting location (if possible); receipts should always be written upon collection of a payment

Higher Cost Fraud Fraud Prevention

Now let’s examine some higher cost options (that are probably more effective):

• Have an outside CPA or Certified Fraud Examiner (CFE) perform the receipting and payment tests listed above
• Have an outside CPA or CFE map your internal control system and make system-design recommendations
• Have an outside CPA or CFE make surprise unannounced visits (e.g., two per year) to examine the receipting system, payroll, and the payment system; at the beginning of the year, tell Dale that the surprise visits will occur (details of what will be tested should not be communicated to Dale)
• Install a security camera to record all of Dale’s collection and receipting activity
• Purchase fidelity bond to cover elected officials and Dale

Keep in mind that you can limit the cost of the outside CPA. The contract might read Surprise audit of vendor payments with cost limited to $1,500. Try to contract with a CPA or CFE with governmental experience. The surprise audits and the fidelity bond recommendations are, in my opinion, the most critical steps.

Some states like New York audit local governments for fraud; consequently, if your local government is frequently audited by a state agency, there may be less of a need to hire an outside CPA or CFE to perform fraud prevention procedures.

Additional Fraud Prevention Resources

Click here for a list of local government controls to consider.

For additional insights into preventing fraud in your government, get The Little Book of Local Government Fraud Prevention on Amazon.

Threats to Yellow Book Independence

By Charles Hall | Auditing , Local Governments

Yellow Book independence is a big deal. And if you prepare financial statements in a Yellow Book audit, you need to be aware of the independence rules. Below I tell you how to maintain your independence—and stay out of hot water,

Yellow Book Independence Impairment in Peer Review

Suppose that--during your peer review--it is determined your firm lacks independence in regard to a Yellow Book engagement.

What could happen? Well, I can't say for sure, but I think it would be nasty. At a minimum, you would probably receive a finding for further consideration. The engagement is definitely nonconforming (not conforming to professional standards).

Then, you'd need to provide a response--explaining what you intend to do about the lack of independence. And this could get very interesting. Not where you want to be.

Preparation of Financial Statements is a Significant Threat

If you prepare financial statements (a nonattest service) for your audit client, you have a significant threat. Why? You are auditing something (the financial statements) that you created. There is a self-review threat. 

When there is a significant threat, you must use a safeguard (to lessen the threat). Such as? A second partner review. So, for example, you might have a second audit partner (someone not involved in the audit) review the financial statements. Since the second partner did not create the financial statement, the self-review threat is mitigated.

Notice the safeguard (the second partner review) is something the audit firm does--and not an action of the audit client. Therefore, it qualifies as a safeguard.

2018 Yellow Book

The 2018 Yellow Book states the following in paragraph 3.88:

Auditors should conclude that preparing financial statements in their entirety from a client-provided trial balance or underlying accounting records creates significant threats to auditors' independence, and should document the threats and safeguards applied to eliminate and reduce threats to an acceptable level...or decline to provide the services. 

But My Client has Sufficient SKE

You've heard your audit client must have sufficient skill, knowledge and experience (SKE) and that they must oversee and assume responsibility for nonattest services. This is true and is always required when nonattest services are provided to an audit client. 

Even so, the client's SKE does not address the self-review threat. 

Think of the SKE issue as a minimum requirement. Do not pass "go" if the client does not assign someone (with SKE) to oversee the nonattest service. You are not independent. End of discussion. (If the client does not have sufficient SKE, see section below titled Inadequate Skill, Knowledge, and Experience.)

SKE is not a safeguard

The January AICPA Reviewer Alert distinguishes the SKE requirement from safeguards saying, "Client SKE should not be viewed as a safeguard, but rather a mandatory condition before performing any nonaudit services."

Once the client SKE issue is dealt with, consider if auditor safeguards are necessary. Why? A self-review threat may be present. 

The AICPA (in its AICPA Yellow Book Practice aid) provides examples of safeguards (again, these are actions of the audit firm) including:

• Obtaining secondary reviews of the nonaudit services by professional personnel who were not involved in planning or supervising the audit engagement.
• Obtaining secondary reviews of the nonaudit services by professional personnel who were not members of the audit engagement team.

See Appendix E of the AICPA Yellow Book Practice Aid for additional examples of safeguards and how to apply them.

Independence Documentation is Required

The Yellow Book requires that your independence be documented. If it is not, a violation of professional standards exists. 

So, document the SKE of the client and the safeguards used to address significant threats. Also, document which nonattest services are signficiant threats. Peer reviewers focus on Independence documentation.

Document Significant Threats

The January 2019 Reviewer Alert (an AICPA newsletter provided to peer reviewers) provides a scenario where an audit firm performs a Yellow Book audit and prepares financial statements. Then the firm has an engagement quality control review (EQCR) performed, but it does not identify the preparation of financial statements as a significant threat. The newsletter states "the engagement would ordinarily be deemed nonconforming for failure to document identification of a significant threat." So, even if a safeguard (e.g., a second partner review) is in use, the lack of documentation makes the engagement nonconforming.

Judging Client's SKE

Here are examples of client personnel that might be available to oversee the financial statements preparation service:

1. A 15 year mayor who is a businessman, no accounting education, no formal training in reading governmental financial statements. He understands the fund level statements but can't grasp the reconciliation between the government-wide financial statements and the fund level financial statements.
2. Second year finance director with no prior accounting experience, graduated from a two year college with a degree in general business.
3. Finance director with 25 years experience and is a CPA and a member of GFOA. She trains others in governmental accounting.
4. Finance director with a high school education but has extensive governmental accounting training from the Carl Vinson Institute. He has the ability to create the financial statements from scratch.

As you can see, the Yellow Book independence assessment will sometimes be black and white, but other times, not so. Regardless, the audit client has to have someone with sufficient skill, knowledge and experience to oversee the financial statements preparation. Why? The auditor can't assume responsibility for the statements. This is a management responsibility.

Management Responsibilities

The 2018 Yellow Book (paragraph 3.75) says the following about management responsibilities:

In cases where the audited entity is unable or unwilling to assume these responsibilities (for example, the audited entity does not have an individual with suitable skill, knowledge, or experience to oversee the nonaudit services provided, or is unwilling to perform such functions because of lack of time or desire), auditors should concluded that the provisions of these services is an impairment to independence.

Additionally, paragraph 3.73 of the Yellow Book states:

Auditors should determine that the audited entity has designated an individual who possesses suitable skill, knowledge, or experience and that the individual understands the services to be provided sufficiently to oversee them.

If the government has no one with sufficient SKE, then the external auditor is not independent and can't perform the audit.

So, is there another option when the client does not have sufficient SKE?

Inadequate Skill, Knowledge, and Experience

If the auditor can't get comfortable with the client's SKE (e.g., the client's ability to review the financial statements and assume responsibility), what can be done? The audited entity can hire someone with sufficient SKE. For example, the entity could contract with a CPA not affiliated with the external audit firm to review the financial statements on their behalf.

Many smaller governments need to contract with an outside person in order to have sufficient SKE. The problem, however, is they may not have the funds to do so. If you as the auditor make this suggestion, be prepared for this question: "Isn't this why I hired you?" Regardless, the client has to have sufficient SKE before the auditor can issue an opinion. 

In Summary

Here's the lowdown to protect your firm:

1. Document the nonattest services you are to perform
2. Document the client person that will oversee and assume responsibility for the nonattest service
3. Document the SKE of the designated person
4. Consider whether any nonattest services are significant threats 
5. Document which, if any, nonattest services are significant threats
6. Use (and document) a safeguard to address each significant threat (examples of safeguards include an EQCR or a second-partner review)

Looking for a tool to document Yellow Book independence? Consider the AICPA's practice aid. Here is the free PDF version. You can also purchase the fillable version here. (Cost is $39 for AICPA members.) This is the 2011 Yellow Book aid. I am thinking the AICPA will create a 2018 Yellow Book version as well. 

Statement on Standards for Forensic Services

By Charles Hall | Fraud

The AICPA has issued an exposure draft titled Statement of Standards for Forensic Services No. 1 (SSFS 1), Forensic Services: Definitions and Standards. If approved, the standard will be effective for new engagements accepted on or after May 1, 2019.

Who Created SSFS 1?

SSFS 1 was created by the AICPA’s Forensic and Valuation Services Executive Committee.

Why SSFS 1?

The purpose of the standard is to improve the consistency and quality of forensic services provided by CPAs.

It appears the AICPA is being responsive to a growing demand for forensic services. A report created by IBISWorld (a market research firm) showed that employment in forensic accounting grew at an annualized rate of 18% from 2012 to 2017.

Services Covered by SSFS 1

SSFS 1 covers the following types of forensic services (per paragraph .01 of the proposed standard):

• Litigation – an actual or potential legal or regulatory proceeding before a trier of fact or a regulatory body as an expert, consultant, neutral, mediator or arbitrator in connection with the resolution of disputes between parties.  Litigation used herein is not limited to formal litigation, but is inclusive of other alternative dispute resolution forums; 

• Investigation – a matter that is not a litigation but which may involve using the same skills and the services are performed in response to specific concern(s) of wrong doing in which the member is engaged to perform procedures to collect, analyze, evaluate or interpret certain evidential matter to assist the stakeholder (e.g. client, board of directors, independent auditor or regulator) in reaching a conclusion on the merits of the concern(s).

Prohibitions

SSFS 1 includes two prohibitions:

• A legal opinion can not be provided regarding the occurrence of fraud, and
• Forensic services can’t be provided on a contingent fee basis

Why can’t a member provide a legal opinion regarding fraud? The final determination of whether fraud exists is determined by the “trier-of-fact,” according to paragraph .08 of the standard.

Applicability

The standard would apply to all AICPA members, AICPA members firms, and employees of AICPA member firms.

Paragraph .03 of the standard states “the key consideration of this Statement’s applicability is the purpose  (e.g., Litigation or Investigation) for which the member was engaged.” The applicability is not based on a particular service provided such as data analysis. But if data analysis, for example, is performed in relation to litigation or investigative services, then the statement would apply.

Understanding with Client

The understanding with the client regarding the nature, scope, and limitations of the services can be written or oral.

Understanding the New Nonprofit Accounting Standard

By Charles Hall | Accounting

Are you ready to implement FASB’s new nonprofit accounting standard? Back in August 2016, FASB issued ASU 2016-14, Presentation of Financial Statements of Not-for-Profit Entities. In this article, I provide an overview of the standard and implementation tips.

New Nonprofit Accounting – Some Key Impacts

What are a few key impacts of the new standard?

• Classes of net assets
• Net assets released from “with donor restrictions”
• Presentation of expenses
• Intermediate measure of operations
• Liquidity and availability of resources
• Cash flow statement presentation

Classes of Net Assets

Presently nonprofits use three net asset classifications:

1. Unrestricted
2. Temporarily restricted
3. Permanently restricted

The new standard replaces the three classes with two:

1. Net assets with donor restrictions
2. Net assets without donor restrictions

Terms Defined

These terms are defined as follows:

Net assets with donor restrictions – The part of net assets of a not-for-profit entity that is subject to donor-imposed restrictions (donors include other types of contributors, including makers of certain grants).

Net assets without donor restrictions – The part of net assets of a not-for-profit entity that is not subject to donor-imposed restrictions (donors include other types of contributors, including makers of certain grants).

Presentation and Disclosure

The totals of the two net asset classifications must be presented in the statement of financial position, and the amount of the change in the two classes must be displayed in the statement of activities (along with the change in total net assets). Nonprofits will continue to provide information about the nature and amounts of donor restrictions.

Additionally, the two net asset classes can be further disaggregated. For example, donor-restricted net assets can be broken down into (1) the amount maintained in perpetuity and (2) the amount expected to be spent over time or for a particular purpose.

Net assets without donor restrictions that are designated by the board for a specific use should be disclosed either on the face of the financial statements or in a footnote disclosure.

Sample Presentation of Net Assets

Here’s a sample presentation:

Net Assets Released from “With Donor Restrictions”

The nonprofit should disaggregate the net assets released from restrictions:

• program restrictions satisfaction
• time restrictions satisfaction
• satisfaction of equipment acquisition restrictions
• appropriation of donor endowment and subsequent satisfaction of any related donor restrictions
• satisfaction of board-imposed restriction to fund pension liability

Here’s an example from ASU 2016-14:

Presentation of Expenses

Presently, nonprofits must present expenses by function. So, nonprofits must present the following (either on the face of the statements or in the notes):

• Program expenses
• Supporting expenses

The new standard requires the presentation of expenses by function and nature (for all nonprofits). Nonprofits must also provide the analysis of these expenses in one location. Potential locations include:

• Face of the statement of activities
• A separate statement (preceding the notes; not as a supplementary schedule)
• Notes to the financial statements

I plan to add a separate statement (like the format below) titled Statement of Functional Expenses. (Nonprofits should consider whether their accounting system can generate expenses by function and by nature. Making this determination now could save you plenty of headaches at the end of the year.)

External and direct internal investment expenses are netted with investment income and should not be included in the expense analysis. Disclosure of the netted expenses is no longer required.

Example of Expense Analysis

Here’s an example of the analysis, reflecting each natural expense classification as a separate row and each functional expense classification as a separate column.

The nonprofit should also disclose how costs are allocated to the functions. For example:

Certain expenses are attributable to more than one program or supporting function. Depreciation is allocated based on a square-footage basis. Salaries, benefits, professional services, office expenses, information technology and insurance, are allocated based on estimates of time and effort.

Intermediate Measure of Operations

If the nonprofit provides a measure of operations on the face of the financial statements and the use of the term “operations” is not apparent, disclose the nature of the reported measure of operations or the items excluded from operations. For example:

Measure of Operations

Learning Disability’s operating revenue in excess of operating expenses includes all operating revenues and expenses that are an integral part of its programs and supporting activities and the assets released from donor restrictions to support operating expenditures. The measure of operations excludes net investment return in excess of amounts made available for operations.

Alternatively, provide the measure of operations on the face of the financial statements by including lines such as operating revenues and operating expenses in the statement of activities. Then the excess of revenues over expenses could be presented as the measure of operations.

Liquidity and Availability of Resources

FASB is shining the light on the nonprofit’s liquidity. Does the nonprofit have sufficient cash to meet its upcoming responsibilities?

Nonprofits should include disclosures regarding the liquidity and availability of resources. The purpose of the disclosures is to communicate whether the organization’s liquid available resources are sufficient to meet the cash needs for general expenditures for one year beyond the balance sheet date. The disclosure should be qualitative (providing information about how the nonprofit manages its liquid resources) and quantitative (communicating the availability of resources to meet the cash needs).

Sample Liquidity and Availability Disclosure

The FASB Codification provides the following example disclosure in 958-210-55-7:

NFP A has $395,000 of financial assets available within 1 year of the balance sheet date to meet cash needs for general expenditure consisting of cash of $75,000, contributions receivable of $20,000, and short-term investments of $300,000. None of the financial assets are subject to donor or other contractual restrictions that make them unavailable for general expenditure within one year of the balance sheet date. The contributions receivable are subject to implied time restrictions but are expected to be collected within one year.

NFP A has a goal to maintain financial assets, which consist of cash and short-term investments, on hand to meet 60 days of normal operating expenses, which are, on average, approximately $275,000. NFP A has a policy to structure its financial assets to be available as its general expenditures, liabilities, and other obligations come due. In addition, as part of its liquidity management, NFP A invests cash in excess of daily requirements in various short-term investments, including certificate of deposits and short-term treasury instruments. As more fully described in Note XX, NFP A also has committed lines of credit in the amount of $20,000, which it could draw upon in the event of an unanticipated liquidity need.

Alternatively, the nonprofit could present tables (see 958-210-55-8) to communicate the resources available to meet cash needs for general expenditures within one year of the balance sheet date.

Cash Flow Statement Presentation

A nonprofit can use the direct or indirect method to present its cash flow information. The reconciliation of changes in net assets to cash provided by (used in) operating activities is not required if the direct method is used.

Consider whether you want to incorporate additional changes that will be required by ASU 2016-18, Statement of Cash Flows–Restricted Cash. If your nonprofit has no restricted cash, then this standard is not applicable.

You can early implement ASU 2016-18. (The effective date is for fiscal years beginning after December 15, 2018.) Once this standard is effective, you’ll include restricted cash in your definition of cash. The last line of the cash flow statement might read as follows: Cash, Cash Equivalents, and Restricted Cash.

Effective Date of ASU 2016-14

The effective date for 2016-14, Not-for-Profit Entities, is for fiscal periods beginning after December 15, 2017 (2018 calendar year-ends and 2019 fiscal year-ends). The standard can be early adopted.

For comparative statements, apply the standard retrospectively. 

If presenting comparative financial statements, the standard does allow the nonprofit to omit the following information for any periods presented before the period of adoption:

• Analysis of expenses by both natural classification and functional classification (the separate presentation of expenses by functional classification and expenses by natural classification is still required). Nonprofits that previously were required to present a statement of functional expenses do not have the option to omit this analysis; however, they may present the comparative period information in any of the formats permitted in ASU 2014-16, consistent with the presentation in the period of adoption.
• Disclosures related to liquidity and availability of resources.

Restricted Cash: The Skinny on ASU 2016-18

By Charles Hall | Auditing

FASB issued ASU 2016-18, Statement of Cash Flows, in November 2016. This standard changes the way restricted cash is shown in cash flow statements.

The standard is effective in 2019 for calendar year-end private companies. Early adoption is permitted

Here’s the skinny on the new standard. (To download the slidedeck, click here. The video below was created before I changed the name of my blog from CPA Scribo to CPA Hall Talk, but the information is current.)