All Posts by Charles Hall

Follow

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses.He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events.Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.

auditing investments
Mar 20

Auditing Investments: The Why and How Guide

By Charles Hall | Auditing

Want to know how to audit investments? You're in the right place. 

Below I provide a comprehensive look at how you can audit investments effectively and efficiently.

The complexity of auditing investments varies. For entities with simple investment instruments, auditing is easy. Your main audit procedure might be to confirm balances. Complex investments, however, require additional work such as auditing values. As investment complexity increases, so will your need for stronger audit team members (those that understand unusual investments). Regardless, you need an audit methodology.

So, here we go.

auditing investments

How to Audit Investments

In this post, we will take a look at:

  • Primary investment assertions
  • Investment walkthroughs
  • Directional risk for investments
  • Primary risks for investments
  • Common investment control deficiencies
  • Risk of material misstatement for investments
  • Substantive procedures for investments
  • Common investment work papers

Primary Investments Assertions

First, let’s look at assertions.

Primary relevant investment assertions include:

  • Existence
  • Accuracy
  • Valuation
  • Cutoff

The audit client is asserting that the investment balances exist, that they are accurate and properly valued, and that only investment activity within the period is recorded

While investment balances in the financial statements are important, disclosures are also vital, especially when the entity owns complex instruments

Investment Walkthroughs

Second, perform your risk assessment work in light of the relevant assertions.

As you perform walkthroughs of investments, you normally look for ways that investments might be overstated (though investments can be understated as well). You are asking, “What can go wrong?” whether intentionally or by mistake. You want to know if:

  • The controls were appropriately designed, and 
  • The controls were implemented (in use)

Walkthrough Questions

In performing investment walkthroughs, ask questions such as:

  • What types of investments are owned?
  • Are there any unusual investments? If yes, how are they valued?
  • Is a specialist used to determine investment values?
  • Who determines the classification of investments (e.g., trading, available for sale, held to maturity) and how
  • Do the persons accounting for investment activity have sufficient knowledge to do so?
  • Are timely investment reconciliations performed by competent personnel?
  • Are all investment accounts reconciled (from the investment statements to the general ledger)?
  • Who reconciles the investment accounts and when?
  • Are the reconciliations reviewed by a second person?
  • Are all investment accounts on the general ledger?
  • How does the entity ensure that all investment activity is included in the general ledger (appropriate cutoff)?
  • Who has the ability to transfer investment funds and what are the related controls?
  • Is there appropriate segregation of duties for:
    • Persons that record investments, 
    • Persons that buy and sell investments, and
    • Persons that reconcile the investment statements
  • What investment accounts were opened in the period?
  • What investment accounts were closed in the period? 
  • Who has the authority to open or close investment accounts?
  • Are there any investment restrictions (externally or internally)?
  • What persons are authorized to buy and sell investments?
  • Does the entity have a written investment policy? 
  • Does the company use an investment advisor? If yes, how often does management interact with the advisor? How are investment fees determined?
  • Are there any investment impairments?
  • Who is responsible for investment disclosures and do they have sufficient knowledge to carry out this duty?
  • Are there any cost or equity-method investments?

As we ask questions, we also inspect documents (e.g., investment statements) and make observations (e.g., who reconciles the investment statements to the general ledger?).

If control weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we note that there are improperly classified investments, then will plan audit procedures to address that risk.

Directional Risk for Investments

Third, consider the directional risk of investments.

The directional risk for investments is that they are overstated. So, in performing your audit procedures, perform procedures to ensure that balances are properly stated.

Primary Risks for Investments

Fourth, think about the risks related to investments.

auditing investments

Primary risks include:

  1. Investments are stolen
  2. Investments are intentionally overstated to cover up theft
  3. Investments accounts are intentionally omitted from the general ledger
  4. Investments are misstated due to errors in the investment reconciliations 
  5. Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
  6. Investments are misstated due to improper cutoff
  7. Investment disclosures are not accurate or complete

Common Investment Control Deficiencies

Fifth, think about control deficiencies noted during your walkthroughs and other risk assessment work.

It is common to have the following investment control deficiencies:

  • One person buys and sells investments, records those transactions, and reconciles the investment activity
  • The person overseeing investment accounting does not possess sufficient knowledge or skill to properly perform the duty
  • Investment reconciliations are not performed timely or improperly
  • The company does not employ sufficient assistance in valuing complex assets such as hedges or alternative investments

Risk of Material Misstatement for Investments

Sixth, now its time to assess your risks.

In my smaller audit engagements, I usually assess control risk at high for each assertion. (You may, however, assess control risk at less than high, provided your walkthrough reveals that controls are appropriately designed and that they were implemented. If control risk is assessed at below high, you must test controls for effectiveness to support the lower risk assessment.)

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate. 

Important Assertions

The assertions that concern me the most are existence, accuracy, valuation, and cutoff.

The assertions that concern me the most are existence, accuracy, valuation, and cutoff. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, confirming investments, testing investment reconciliations, testing values, and vetting investment disclosures.

Substantive Procedures for Investments

And finally, it’s time to determine your substantive procedures in light of your identified risks.

My customary audit tests include:

  1. Confirming investment balances agreeing them to the general ledger
  2. Inspecting period-end activity for proper cutoff
  3. Using an investment specialist to value complex instruments (if any)
  4. Vetting investment disclosures with a current disclosure checklist

I don’t normally test controls related to investments. If controls are tested and you determine they are effective, then some of the substantive procedures may not be necessary. 

Common Investment Work Papers

My investments work papers normally include the following:

  • An understanding of investment-related internal controls 
  • Risk assessment of investments at the assertion level
  • Documentation of any control deficiencies
  • Investment audit program
  • Investment reconciliations 
  • Investment confirmations
  • Valuations performed by specialists
  • Documentation of the specialist’s experience, competence, and objectivity
  • Disclosure checklist

Auditing Investments - A Simple Summary

  • The primary relevant investment assertions include existence, accuracy, valuation, and cutoff
  • Perform a walkthrough of investments by making inquiries, inspecting documents, and making observations
  • The directional risk for investments is an overstatement
  • Primary risks for investments include:
    • Investments are stolen
    • Investments are intentionally overstated to cover up theft
    • Investments accounts are intentionally omitted from the general ledger
    • Investments are misstated due to errors in the investment reconciliations
    • Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
    • Investments are misstated due to improper cutoff
    • Investments disclosures are not accurate or complete
  • The substantive procedures for investments should be responsive to the identified risks; common procedures include:
    • Confirming investments 
    • Inspecting period-end activity for proper cutoff
    • Using an investment specialist to value complex instruments 
    • Vetting investment disclosures with a current disclosure checklist

Now you know how to audit investments. 

Next, we’ll see how to audit plant, property and equipment.

This post is a part of my series The Why and How of Auditing. Check my other posts.

efficient CPA
Mar 17

The Efficient CPA: 10 Super Easy Ways to Increase Your Productivity

By Charles Hall | Accounting and Auditing , Technology

Are you missing out on opportunities to be even more efficient as a CPA?

Here are ten super easy ways to increase your productivity.

super easy ways to increase productivity

1. Control f

First, I see too many CPAs hen-pecking around, trying to find information in their electronic piles. Many times the quickest route to finding information is Control f (Command f on a Mac). Hold your control key down and type f. This action will usually generate a find dialog box–-then key in your search words. Control f works in Excel, Word, PowerPoint, and Adobe Acrobat.

2. OCR Long Documents

Computers can’t read all electronic documents (that is, not all documents are electronically searchable). Sometimes you need to convert the document using OCR. OCR stands for optical character recognition. So how can you make an electronic document readable and searchable?

Scan documents into Adobe Acrobat and use the OCR feature to convert bitmap images into searchable documents. Then use Control f to locate words. When should you OCR a document? Typically when it’s several pages long. Do so when you don’t want to read the entire document to find a particular word or phrase.

For example, suppose your client gives you a one-hundred-page bond document, and you need to locate the loan covenants. Rather than reading the entire document, convert it to searchable text (using Adobe Acrobat) and use Control f to locate each instance of the word covenant

3. Dispatching Paper Quickly

A clean work surface enables you to think clearly.

So make filing decisions quickly–as soon as a paper or electronic document is received. Keep your desk (and computer desktop) clean.

If you can dispatch a document in less than two minutes, do so immediately. For documents that take more than two minutes to file, electronically scan them. Then place the document in an action folder on your computer’s desktop. (If you don’t have time to scan the document at the moment, create a To Be Scanned pile in a paper tray.)

You’re thinking, “But I’ll forget about the document if it’s not physically on my desk.” Allay this fear by adding a task in Outlook to remind you of the scanned document (you can even add the document to a task). I create tasks with reminders. So, for example, the reminder pops up at 10:00 a.m. on Tuesday; attached is the relevant document. That way I don’t forget.

For more information about scanning, see my post How to Build an Accountant’s Scanning System. I also recommend David Allen’s book Getting Things Done which provides a complete system for making filing decisions.

4. Close Your Door

An open door says what? Come in.

A cracked door says what? Knock and come in.

A closed door says what? Don’t enter, especially without knocking.

I close my door for about an hour at a time. Additionally, I turn off all electronic devices and notifications. Doing so allows me to focus on the task at hand. 

5. Use a Livescribe Pen

Do you remember everything someone says in a meeting? I sure don’t. Livescribe allows me to take notes and simultaneously record the conversation. Then I can hear any part of the discussion. For example, if–in a meeting–I write the words “intangible amortization,” I can (later) touch the tip of my pen to that phrase (in my Livescribe notebook) and hear what was said at that moment. The recording plays back through my Livescribe pen. That way, I don’t have to call and ask, “What did you say about intangible amortization?”

If you have an iPad, a cheaper alternative to Livescribe is Notability

6. Take Breaks and Naps

Another idea is to take breaks and naps.

Counterintuitive? Yes, but it works.

Breaks

I come from the old school of “don’t lift your head or someone will see how lazy you are.” I’m not sure where this thinking comes from, but you will be more efficient–not less–when you take periodic breaks. I recommend a break at least once every two hours.

Naps

Naps? You may be thinking, “Are you kidding?”

Research shows you will be more productive if you take a nap during the day. It doesn’t have to be long, maybe ten or fifteen minutes after lunch. You’ll feel fresher and think more clearly. According to Dr. Sandra Mednick, author of Take a Nap, Change Your Life, napping can restore the sensitivity of sight, hearing, and taste. Napping also improves creativity.

Michael Hyatt recently listed several famous nappers:

  • Leonardo da Vinci took multiple naps a day and slept less at night.
  • The French Emperor Napoleon was not shy about taking naps. He indulged daily.
  • Though Thomas Edison was embarrassed about his napping habit, he also practiced his ritual daily.
  • Eleanor Roosevelt, the wife of President Franklin D. Roosevelt, used to boost her energy by napping before speaking engagements.
  • Gene Autry, “the Singing Cowboy,” routinely took naps in his dressing room between performances.
  • President John F. Kennedy ate his lunch in bed and then settled in for a nap—every day!
  • Oil industrialist and philanthropist John D. Rockefeller napped every afternoon in his office.
  • Winston Churchill’s afternoon nap was non-negotiable. He believed it helped him get twice as much done each day.
  • President Lyndon B. Johnson took a nap every afternoon at 3:30 p.m. to break his day up into “two shifts.”
  • Though criticized for it, President Ronald Reagan famously took naps as well.

For empirical evidence that naps help, check out the book Rest, Why You Get More Done When You Work Less.

Also, here are more ideas to create energy in your day.

7. Answer Emails and Phone Calls in Chunks

If you pause every time you get an email or a phone call, you will lose your concentration. Therefore, try not to move back and forth between activities. Do one thing at a time since multitasking is a lie.

Pick certain times of the day (e.g., once every three hours) to answer your accumulated emails or calls. 

See my article Text, Email or Call: Which is Best?

8. Exercise

I run (by myself) or walk (with my wife) six days a week–usually in the morning before work. Exercising helps my attitude and clears my mind. Also, I feel stronger late in the day.

9. Lunch at 11:30 a.m. or 1:00 p.m.

Another idea: Go to lunch at 11:30 a.m. or 1:00 p.m. Why stand in line? 

10. Take One Day Off a Week

Finally, I usually don’t work on Sundays (even in busy season). For me, it’s a day to worship, relax, see friends, and revive. I find the break gives me strength for the coming week.

Muddled minds destroy productivity.

Your Ideas?

These are my thoughts. Please share yours.

Emphasis-of-matter and other-matter paragraphs
Mar 16

Emphasis-of-Matter and Other-Matter Paragraphs: What You Need to Know

By Charles Hall | Auditing

Do you know what you need to know about emphasis-of-matter and other-matter paragraphs? Sometimes auditors elect to or are required to add an extra paragraph after the opinion paragraph. You need to know why and when.

This post gives you the leg up on emphasis-of-matter (EOM) paragraphs and other-matter (OM) paragraphs

Emphasis-of-matter and other-matter paragraphs

Definitions

First, let’s first define the two terms.

AU-C 706.05 provides the following definitions:

Emphasis-of-matter paragraph. A paragraph included in the auditor's report that is required by GAAS, or is included at the auditor's discretion, and that refers to a matter appropriately presented or disclosed in the financial statements that, in the auditor's professional judgment, is of such importance that it is fundamental to users' understanding of the financial statements.

Other-matter paragraph. A paragraph included in the auditor's report that is required by GAAS, or is included at the auditor's discretion, and that refers to a matter other than those presented or disclosed in the financial statements that, in the auditor's professional judgment, is relevant to users' understanding of the audit, the auditor's responsibilities, or the auditor's report.

Notice that an EOM refers to “a matter appropriately presented or disclosed in the financial statements,” while an OM refers to “a matter other than those presented or disclosed in the financial statements.”

Now, let's take a look at sample EOM and OM paragraphs. 

Sample EOM Paragraph

Here’s a sample EOM paragraph:

Emphasis of Matter

As discussed in Note X to the financial statements, the Company has elected to change its policy for determining cash equivalents in 20X 7. Our opinion is not modified with respect to that matter.

Sample OM Paragraph

Here is a sample OM paragraph:

Other Matter

In our report dated April 18, 20X5, we expressed a qualified opinion since the Company’s main office had a material unrecognized impairment loss. As noted in Note 12, the Company has now recognized the impairment in conformity with accounting principles generally accepted in the United States of America. Accordingly, our present opinion on the restated 20X4 financial statements, as presented herein, is different from that expressed in our previous report.

You also need to know the presentation requirements for EOM and OM paragraphs.

Presentation Requirements for an EOM

AU-C 706.06 and 706.07 provides guidance in reference to EOMs. The auditor should:

  • Refer only to information presented or disclosed in the financial statements
  • Include the EOM immediately after the opinion paragraph in the auditor’s report
  • Use the heading “Emphasis of Matter” or other appropriate heading
  • Include a clear reference to the matter being emphasized and to where relevant disclosures that describe the matter can be found
  • Indicate that the auditor’s opinion is not modified with respect to the matter emphasized

Presentation Requirements for an OM

AU-C 706.08 provides guidance in reference to OMs. The auditor should:

  • Include the OM immediately after the opinion paragraph and any EOM paragraph (or elsewhere in the auditor’s report if the content of the OM paragraph is relevant to the “Other Reporting Responsibilities” section – see AU-C 706.A6--.A11)
  • Use the heading “Other Matter” or other appropriate heading

AU-C Sections Requiring EOMs

Sometimes EOMs are required; here are examples:

  • AU-C 570.15-.16 The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern
  • AU-C 560-.16c Subsequent Events and Subsequently Discovered Facts
  • AU-C 708.08-.09 and .11-.13 Consistency of Financial Statements

See exhibit B of AU-C 706 for a complete listing of AU-C sections requiring EOM paragraphs.

An EOM is commonly required when a company has a change in an accounting principle (that has a material impact). AU-C 708 Consistency of Financial Statements paragraphs .07-.08 provides guidance on when the EOM is required.

The auditor also has an option to use an EOM to emphasize matters that are not required by audit standards. So, sometimes EOMs are included because they are required (e.g., going concern) and, other times, they are optional (e.g., to highlight a related party transaction).

AU-C Sections Requiring OMs

Sometimes OMs are required; here are examples:

  • AU-C 725.09 Supplementary Information in Relation to the Financial Statements
  • AU-C 800.20 Special ConsiderationsAudits of Financial Statements Prepared in Accordance With Special Purpose Frameworks

See exhibit C of AU-C 706 for a complete listing of AU-C sections requiring OM paragraphs.

Simple Summary

  • Use EOMs to OMs to highlight important matters
  • EOMs refer to matters presented or disclosed in the financial statements
  • OMs refer to a matter other than those presented or disclosed in the financial statements
  • EOMs and OMs are—in certain situations—required by audit standards
  • An EOM should immediately follow the opinion paragraph and should refer to the note that describes the issue; include the heading “Emphasis of a Matter” or other appropriate heading
  • An OM should immediately follow the opinion paragraph and any EOM (if one is included); include the heading “Other Matter” or other appropriate heading

Of course, creating your opinion is just a part of wrapping up your audits

audit risk model
Mar 10

Audit Risk Model: How to Understand

By Charles Hall | Accounting and Auditing

The audit risk model enables you to focus on the important--and to ignore the unimportant. It is the key to performing efficient audits. So, today, we look at how to understand the audit risk model.

audit risk model

The Good, The Bad, The Ugly

Remember the cowboy movie The Good, The Bad, The Ugly? Well, in audits we have the same.

The Good. The audit firm issues an unmodified opinion and the financial statements are fairly stated. Moreover, the audit file properly supports the opinion.

The Bad. The audit firm issues an unmodified opinion and the financial statements are fairly stated, but the work papers are weak. The audit firm just got lucky.

The Ugly. The audit firm issues an unmodified opinion but the financial statements are not fairly stated. Material error (or fraud) is present. And the audit file…well, we won’t go there. It’s ugly.

Audit failure occurs when an audit firm issues an unmodified opinion and the financial statements are not fairly stated. A material misstatement is present and the auditor doesn’t know it. 

Material misstatements occur and remain in financial statements when:

  • Internal controls (a responsibility of the company) fail or are improperly designed, and 
  • Audit work (a responsibility of the auditor) is lacking

Auditing standards (AU-C 200.14) define audit risk as “The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.”

In other words, audit risk is the result of what the company does (or does not do) and what the auditor does (or does not do).

Audit Risk Model

The audit risk model is defined as follows:

Audit Risk Model

Inherent Risk X Control Risk X Detection Risk

I like to think of these three factors as follows:

  • Inherent risk - the nature of the transaction or disclosure (risky or not risky)
  • Control risk - the chance that material misstatements will not be prevented or detected by internal controls 
  • Detection risk - the chance that material misstatement will not be detected by the auditors 

The first two (inherent risk and control risk) live in the company’s accounting system; the third (detection risk) lies with the audit firm.

As the the risk of material misstatement (the company’s risk) increases, so should the auditors work. Proper audit work decreases detection risk (the risk that the auditor will not detect material misstatements).

To understand the audit risk model, consider the tale of a villain.

A Tale of a Villain

A villain (inherently a thief) desires to make his way into your home. You have locks on your doors and an alarm system (controls, if you will). But you forget to lock your back door and you don’t set the alarm. During the night, the thief comes in and steals your money. You see the thief fleeing away, but you don't know how much you've lost. So, what’s next? You call the police. Why? To see if everything is okay.

Audit Risk Model

This is the audit risk model in physical form. 

Think of a material misstatement as a villain. Its nature is to be wrong (inherent risk). If internal controls are weak or absent (control risk), the misstatement survives. And if the auditor fails (detection risk), the villain lives on without being caught.

Inherent Risk  

Some transactions are more likely to be misstated. They are inherently risky. Why? Reasons include:

  • The complexity of the transaction (e.g., derivatives)
  • The asset is easy to steal (e.g., cash)
  • The need for judgment (e.g., a bank’s allowance for loan losses)
  • The volume of transactions is high (e.g., cash)
  • The accounting personnel are inexperienced or lack sufficient knowledge 

Inherent risk is what a transaction is (independent of related controls). There is a higher risk of misstatement—or not. And where does this risk come from? The transaction’s nature or its environment.

Control Risk

Internal controls are necessary when a transaction is risky. Why? To monitor and manage the risk. Think about the words internal control. First, internal means the control occurs within the company. Second, control means to manage.

Since some transactions are more prone to theft or error, companies need internal controls to prevent or detect misstatements.

Examples of internal controls include:

  • The reconciliation of monthly bank statements to the general ledger
  • Receipting clerks are not allowed to reconcile bank statements (to enhance segregation of duties)
  • The cash supervisor reviews the daily work of collections personnel
  • A department head reviews and approves bi-weekly time records (before payroll is processed)
  • The accounting supervisor reviews all new vendors (added by payable clerks) to ensure legitimacy

If internal controls are designed appropriately and work correctly, the financial statements should be materially correct. But if the internal controls are absent or ineffective, material misstatements can occur. What then? Well, it’s up to the auditor.

Detection Risk

The auditor is tasked with detecting material misstatements. If he or she does not, audit failure occurs. The audit firm issues an unmodified opinion but a material misstatement is present.

Auditors decrease detection risk—the risk that material misstatements will not be detected—by appropriately planning and performing their work. Consider ​pricing your riskier audits at a higher amount.

Understanding the Audit Risk Model - A Simple Summary

  • Audit failure occurs when an auditor issues an unmodified opinion and a material misstatement is present
  • Audit Risk = Inherent risk X Control risk X Detection risk
  • Inherent risk is the nature of the transaction or disclosure (is it prone to misstatement?)
  • Control risk is the chance that material misstatements will not be prevented or detected by internal controls
  • Detection risk is the chance that material misstatements will not be detected by the auditor
  • Internal controls, if designed well and working correctly, prevent or detect material misstatements
  • Audits, if designed well and performed correctly, detect material misstatements
text, email or call
Mar 10

Text, Email, or Call: Which is Best?

By Charles Hall | Technology

A CPA called me today and left a message with a question. My first thought was to call him. I knew if I phoned, one of the following would happen:

  1. No answer and we’d play phone tag.
  2. He’d answer, and we would talk about other things.
  3. He’d answer, and I would respond to his question.

The first two possibilities are not good (if you are busy like I am–and I know you are).

My next thought: I will text him. I did, and it took about 30 seconds.

With the options to text, email, or call, which is best? Let’s see.

I like to think of the choices as a sprint, a run, or a walk.

text, email or call

Text – A Sprint

If a client or firm member text me, I will text back–as long as:

  • The response is short and
  • The answer does not contain sensitive information

Why not just email or call?

In the middle of busy season, I’m looking for every moment I can save. Many times a text answers the question–and I can do so promptly (this is better than not responding at all because I’m too busy).

Email – A Run

When is an email the better option?

Mainly when you need to send attachments. Emails take longer than texts but seem to work better–at least for me–when more than one or two short answers are necessary.

If you are emailing sensitive information, consider using a secure method such as ShareFile. ShareFile offers an Outlook add-in that makes the transfer seamless.

Call – A Walk

I call when the message is essential or lengthy.

We lose something in electronic communications. Our tone of voice and inflections say a great deal. Phone calls usually take longer than a text or an email but may be warranted if the issue is important.

If my communication is lengthy (say more than three points), I usually opt for a phone call. If you are providing accounting, tax, or auditing advice, consider whether you need to document the phone conversation in a memo. I sometimes use a form (that I keep in Evernote) for this purpose. What does it address? The discussion, professional standards referenced, the advice given, who I talked with, and the date. 

Summary

Sprint, run or walk. Each has advantages and disadvantages. Regardless of your choice, it’s all about communicating clearly and timely

Check out my post An Auditor’s Cell Phone.

>