Category Archives for "Auditing"

peer reviewers focus on independence
Aug 05

Peer Reviewers Focus on Independence Documentation

By Charles Hall | Auditing , Preparation, Compilation & Review

Peer reviewers focus on independence documentation. Today I’ll provide you with examples of what peer reviewers are looking for and guidance to keep you out of hot water.

peer reviewers focus on independence

Documentation of Nonattest Services

Peer reviews focus upon nonattest services provided to attest clients. How do we know? Well, see the peer review checklist question below (for an attest engagement).

nonattest services

The big “no-no” is to assume management responsibilities and then perform an attest service. Why? Performing management responsibilities impairs your independence. 

Preparing Financial Statements

Below is another question from the peer review checklists. Notice the first item below: Accepting responsibility for the preparation and fair presentation of the client’s financial statements. The client (not the auditor) must assume responsibility for the financial statements

nonattest1

If the client can’t–or is unwilling to–assume responsibility for the financial statements, then we are not independent, and we cannot perform an audit or a review. This assumption of responsibility does not mean the client has the ability to create financial statements, but it does mean that:

  • that the client will oversee the nonattest service,
  • the client will evaluate the adequacy and results of the nonattest service, and
  • the client will accept responsibility for the nonattest service

If we prepare financial statements and perform an audit, review, or compilation, we have performed a nonattest service and an attest service. Why is this important? Because if we perform a nonattest service and an attest service for the same client, we must assess our independence. And if we are not independent, then we can’t perform an audit or review engagement. (It is permissible to perform the compilation engagement when independence is impaired, but the accountant must say–in the compilation report–that he is not independent.)

Other Peer Review Questions

The peer review checklists also ask for:

  • The name and title of the client personnel overseeing the nonattest service and
  • A description of the accountant’s “assessment and factors leading to your satisfaction that the client personnel overseeing the service had sufficient skills, knowledge and experience.”

Separate Form to Document Independence

So do we need a separate form in our file to document independence?

It certainly would not hurt, and I suggest that you do. PPC and CCH offer such forms (and I am sure other work paper providers do the same). These forms provide a place to document all nonattest services and to assess and document our client’s ability to assume responsibility for the nonattest services.

The PPC and CCH forms also address the cumulative effect of performing multiple nonattest services. The AICPA has stated that the performance of multiple nonattest services can impair independence. So you should document your consideration of whether the cumulative nonattest services create a problem. Peer review checklists ask if we documented this consideration.

Additionally, if significant threats are present, the accountant should document the safeguard(s) used to mitigate the risk. This documentation is particularly crucial in Yellow Book engagements. The PPC and CCH independence forms will assist you with this documentation. Below are peer review checklist questions:

Alignment in Independence Documentation

We should–in the engagement letter–specify the nonattest services and the responsibilities of management. If you are performing an audit or a review engagement, add additional language to the representation letter regarding the nonattest services performed and the client’s responsibility for those services.

So I am suggesting you document the nonattest services in three places:

  • Engagement letter,
  • Independence form, and
  • Representation letter (when relevant)

And when you do, please make sure the nonattest services listed in each document are the same. 

Jul 06

The Why and How of Auditing: My New Book on Amazon

By Charles Hall | Auditing

The Why and How of Auditing

Do you ever feel trapped by an audit? Like you can’t finish. It started so well, but somewhere along the way, something went wrong. The wheels came off.

Maybe it started with your acceptance of a new client that you didn’t feel good about from the beginning.

Or possibly your new staff members don’t understand risk assessment. So they blindly followed last year’s work papers. However, the auditee has new risks, and the audit team failed to address them.

Wow, the audit budget is busted. But you still need to finish the substantive and wrap-up work. Just creating financial statements will take a week.

Additionally, you’re in a peer review year.

The clock is ticking. And how do you feel? Trapped!

Want less stress? Then check out The Why and How of Auditing.

My new book explains the full audit process, from beginning to end, from client acceptance to audit opinion issuance. Also, you’ll find helpful guidance for the audit of transaction cycles such as receivables and revenue, payables and expenses, debt, payroll, and more—all in one easy-to-understand book.

Discover helpful ways to plan, execute, and complete your audit engagements.

Imagine: quality audits finished on time.

Praise for The Why and How of Auditing

Need a quick-reference audit guide? This is it. Charles walks you from the beginning of the audit process all the way to the end, an excellent plain-english guide.

Mark Wiseman, CPA, CMA, Partner
Brown, Edwards & Company, L.L.P. Roanoke, Virginia

This is a great how-to, hands-on guide that will help you conduct a quality audit and provide value to your clients. Go over a chapter a week with your audit team. The book provides the why and how behind your audit programs and workpapers.

James H. Bennett, CPA, Managing Member
Bennett & Associates, CPAs PLLC Ann Arbor, Michigan

Thanks Charles for clarifying what’s important in an audit. Recommended reading for any auditor level.

Jay Miyaki, CPA, Partner
Jay Miyaki, LLC Honolulu, Hawaii

The author steps through each audit area in a simple manner and clearly explains topics that are often complex by providing numerous examples and personal anecdotes. I highly recommended this text to anyone in the financial statement audit profession.

Jacob Gatlin, CPA, PhD
CDPA, PC Athens, Alabama

Charles Hall’s “The Why and How of Auditing” is comprehensive, yet easy to implement. This guide will enhance the effectiveness of your audit engagements.

Armando Balbin, CPA, Partner
Downey, California

I highly recommended Charles Hall’s latest book, “The Why and How of Auditing.” Charles takes a complicated subject and makes it simple. Our team found it particularly useful in the areas of questions to ask, procedures to follow, and work paper examples.

Bill Burke, CPA, Partner
Burke, Worsham and Harrell, LLC Bainbridge, Georgia

A must-read for auditors! The Why and How of Auditing is insightful, practical, and rich with ideas. Charles takes a complex topic and breaks it down into an easy to read, well-defined road map.

Kathryn Fletcher, CPA, MBA, Partner
Draffin Tucker Atlanta, Georgia

Get Your Copy Now!

Click here to see the book on Amazon.

inherent risk
Apr 26

Inherent Risk: How to Save Time by Properly Assessing

By Charles Hall | Auditing , Risk Assessment

Do you know how to assess inherent risk? Knowing when inherent risk is low is a key to efficient audits. In this article, I tell you how to assess inherent risk--and how lower risk assessments (potentially) decrease the amount of work you perform.

inherent risk

While audit standards don't require a separate assessment on inherent risk (IR) and control risk (CR), it's wise to do so. Why? So you know what drives the risk of material misstatement (RMM). 

Many auditors assess control risk at high (after performing their risk assessment procedures). Why? So they don't have to test controls. 

If control risk is high, then inherent risk is the only factor that can lower your risk of material misstatement. For example, a high control risk and a low inherent risk results in a moderate risk of material misstatement. Why is this important? Lower RMMs provide the basis for less substantive work.

The Audit Risk Model

Before we delve deeper into inherent risk assessment, let's do a quick review of the audit risk model. Auditing standards (AU-C 200.14) define audit risk as “The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.”

Audit risk is defined as follows:

Audit Risk = IR X CR X Detection Risk

Inherent risk and control risk live within the entity to be audited.

Detection risk lies with the auditor.

A material misstatement may develop within the company because the transaction is risky or complex. Then, controls may not be sufficient to detect and correct the misstatement. 

If the auditor fails to detect the material misstatement, audit failure occurs. The auditor issues an unmodified opinion when a material misstatement is present.

Risk of Material Misstatement

As we plan an audit, we assess the risk of material misstatement. It is defined as follows:

RMM = IR X CR

Auditors assess the risk of material misstatement at the assertion level so they can determine the level of substantive work. Substantive work is the response to risk.

If the RMM is high, more substantive work is needed. Why? To reduce detection risk. 

But if the RMM is low to moderate, less substantive work is needed. 

Inherent Risk

What is inherent risk? The susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.

Examples

The inherent risk of cash is greater than that of a building. Cash is easily stolen. Buildings are not.  

The inherent risk of a hedge transaction is greater than that of a trade receivable. Hedges can be complicated to compute. Trade receivables are not. 

Post-retirement liabilities are inherently risky. Why? It's a complex accounting area. The numbers usually come from an actuary. There are estimates in the form of assumptions.

Inherent Risk Factors 

Consider factors such as the following in assessing inherent risk:

  • Susceptibility to theft or fraudulent reporting
  • Complex accounting or calculations
  • Accounting personnel’s knowledge and experience
  • Need for judgment
  • Difficulty in creating disclosures
  • Size and volume of accounts balance or transactions
  • Susceptibility to obsolescence
  • Prior year period adjustments

Inherent risk is not an average of the above factors. Just one risk factor can make an account balance or transaction cycle or disclosure high risk.

Inherent Risk at Less Than High

When inherent risk is less than high, you can perform fewer or less rigorous substantive procedures.

An example of a low inherent risk is the existence assertion for payables. If experienced payables personnel accrue payables, then the existence assertion might be assessed at low. (The directional risk of payables is an understatement, not an overstatement.) The lower risk assessment for existence allows the auditor to perform little if any procedures in relation to this assertion. 

Conversely, the completeness assertion for accounts payable is commonly a high inherent risk. Businesses can inflate their profits by accruing fewer payables. Fraudulent reporting of period-end payables is possible. Therefore, the inherent risk of completeness for payables is often high. That's why auditors perform a search for unrecorded liabilities.

Base your risk assessment on factors such as those listed above. If inherent risk is legitimately low, then great. You can perform less substantive work. But if the assertion is high risk, then it should be assessed accordingly--even if that means more work. (The AICPA has included questions in peer review checklists regarding the basis for lower risk assessments. Their concern (I think) is that auditors might manipulate inherent risk in order to perform less work. I've heard no one from the AICPA say this. But I can see how they might be concerned about this possibility.)

Control Risk

So, what is the relationship between inherent risk and control risk?

Companies develop internal controls to manage areas that are inherently risky.

A business might create internal controls to lessen the risk that payables are understated. Examples of such controls include:

  • The CFO reviews the payables detail at period-end, inquiring about the completeness of the list
  • A payables supervisor reviews all invoices entered into the payables system
  • The payables supervisor inquires of all payables clerks about any unprocessed invoices at period-end
  • A budget to actual report is provided to department heads for review

Inherent risk exists independent of internal controls.

Control risk exists when the design or operation of a control does not remove the risk of misstatement. 

Video Demonstration of the Effects of Inherent Risk

auditing investments
Mar 20

Auditing Investments: The Why and How Guide

By Charles Hall | Auditing

Want to know how to audit investments? You're in the right place. 

Below I provide a comprehensive look at how you can audit investments effectively and efficiently.

The complexity of auditing investments varies. For entities with simple investment instruments, auditing is easy. Your main audit procedure might be to confirm balances. Complex investments, however, require additional work such as auditing values. As investment complexity increases, so will your need for stronger audit team members (those that understand unusual investments). Regardless, you need an audit methodology.

So, here we go.

auditing investments

How to Audit Investments

In this post, we will take a look at:

  • Primary investment assertions
  • Investment walkthroughs
  • Directional risk for investments
  • Primary risks for investments
  • Common investment control deficiencies
  • Risk of material misstatement for investments
  • Substantive procedures for investments
  • Common investment work papers

Primary Investments Assertions

First, let’s look at assertions.

Primary relevant investment assertions include:

  • Existence
  • Accuracy
  • Valuation
  • Cutoff

The audit client is asserting that the investment balances exist, that they are accurate and properly valued, and that only investment activity within the period is recorded

While investment balances in the financial statements are important, disclosures are also vital, especially when the entity owns complex instruments

Investment Walkthroughs

Second, perform your risk assessment work in light of the relevant assertions.

As you perform walkthroughs of investments, you normally look for ways that investments might be overstated (though investments can be understated as well). You are asking, “What can go wrong?” whether intentionally or by mistake. You want to know if:

  • The controls were appropriately designed, and 
  • The controls were implemented (in use)

Walkthrough Questions

In performing investment walkthroughs, ask questions such as:

  • What types of investments are owned?
  • Are there any unusual investments? If yes, how are they valued?
  • Is a specialist used to determine investment values?
  • Who determines the classification of investments (e.g., trading, available for sale, held to maturity) and how
  • Do the persons accounting for investment activity have sufficient knowledge to do so?
  • Are timely investment reconciliations performed by competent personnel?
  • Are all investment accounts reconciled (from the investment statements to the general ledger)?
  • Who reconciles the investment accounts and when?
  • Are the reconciliations reviewed by a second person?
  • Are all investment accounts on the general ledger?
  • How does the entity ensure that all investment activity is included in the general ledger (appropriate cutoff)?
  • Who has the ability to transfer investment funds and what are the related controls?
  • Is there appropriate segregation of duties for:
    • Persons that record investments, 
    • Persons that buy and sell investments, and
    • Persons that reconcile the investment statements
  • What investment accounts were opened in the period?
  • What investment accounts were closed in the period? 
  • Who has the authority to open or close investment accounts?
  • Are there any investment restrictions (externally or internally)?
  • What persons are authorized to buy and sell investments?
  • Does the entity have a written investment policy? 
  • Does the company use an investment advisor? If yes, how often does management interact with the advisor? How are investment fees determined?
  • Are there any investment impairments?
  • Who is responsible for investment disclosures and do they have sufficient knowledge to carry out this duty?
  • Are there any cost or equity-method investments?

As we ask questions, we also inspect documents (e.g., investment statements) and make observations (e.g., who reconciles the investment statements to the general ledger?).

If control weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we note that there are improperly classified investments, then will plan audit procedures to address that risk.

Directional Risk for Investments

Third, consider the directional risk of investments.

The directional risk for investments is that they are overstated. So, in performing your audit procedures, perform procedures to ensure that balances are properly stated.

Primary Risks for Investments

Fourth, think about the risks related to investments.

auditing investments

Primary risks include:

  1. Investments are stolen
  2. Investments are intentionally overstated to cover up theft
  3. Investments accounts are intentionally omitted from the general ledger
  4. Investments are misstated due to errors in the investment reconciliations 
  5. Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
  6. Investments are misstated due to improper cutoff
  7. Investment disclosures are not accurate or complete

Common Investment Control Deficiencies

Fifth, think about control deficiencies noted during your walkthroughs and other risk assessment work.

It is common to have the following investment control deficiencies:

  • One person buys and sells investments, records those transactions, and reconciles the investment activity
  • The person overseeing investment accounting does not possess sufficient knowledge or skill to properly perform the duty
  • Investment reconciliations are not performed timely or improperly
  • The company does not employ sufficient assistance in valuing complex assets such as hedges or alternative investments

Risk of Material Misstatement for Investments

Sixth, now its time to assess your risks.

In my smaller audit engagements, I usually assess control risk at high for each assertion. (You may, however, assess control risk at less than high, provided your walkthrough reveals that controls are appropriately designed and that they were implemented. If control risk is assessed at below high, you must test controls for effectiveness to support the lower risk assessment.)

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate. 

Important Assertions

The assertions that concern me the most are existence, accuracy, valuation, and cutoff.

The assertions that concern me the most are existence, accuracy, valuation, and cutoff. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, confirming investments, testing investment reconciliations, testing values, and vetting investment disclosures.

Substantive Procedures for Investments

And finally, it’s time to determine your substantive procedures in light of your identified risks.

My customary audit tests include:

  1. Confirming investment balances agreeing them to the general ledger
  2. Inspecting period-end activity for proper cutoff
  3. Using an investment specialist to value complex instruments (if any)
  4. Vetting investment disclosures with a current disclosure checklist

I don’t normally test controls related to investments. If controls are tested and you determine they are effective, then some of the substantive procedures may not be necessary. 

Common Investment Work Papers

My investments work papers normally include the following:

  • An understanding of investment-related internal controls 
  • Risk assessment of investments at the assertion level
  • Documentation of any control deficiencies
  • Investment audit program
  • Investment reconciliations 
  • Investment confirmations
  • Valuations performed by specialists
  • Documentation of the specialist’s experience, competence, and objectivity
  • Disclosure checklist

Auditing Investments - A Simple Summary

  • The primary relevant investment assertions include existence, accuracy, valuation, and cutoff
  • Perform a walkthrough of investments by making inquiries, inspecting documents, and making observations
  • The directional risk for investments is an overstatement
  • Primary risks for investments include:
    • Investments are stolen
    • Investments are intentionally overstated to cover up theft
    • Investments accounts are intentionally omitted from the general ledger
    • Investments are misstated due to errors in the investment reconciliations
    • Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
    • Investments are misstated due to improper cutoff
    • Investments disclosures are not accurate or complete
  • The substantive procedures for investments should be responsive to the identified risks; common procedures include:
    • Confirming investments 
    • Inspecting period-end activity for proper cutoff
    • Using an investment specialist to value complex instruments 
    • Vetting investment disclosures with a current disclosure checklist

Now you know how to audit investments. 

Next, we’ll see how to audit plant, property and equipment.

This post is a part of my series The Why and How of Auditing. Check my other posts.

Emphasis-of-matter and other-matter paragraphs
Mar 16

Emphasis-of-Matter and Other-Matter Paragraphs: What You Need to Know

By Charles Hall | Auditing

Do you know what you need to know about emphasis-of-matter and other-matter paragraphs? Sometimes auditors elect to or are required to add an extra paragraph after the opinion paragraph. You need to know why and when.

This post gives you the leg up on emphasis-of-matter (EOM) paragraphs and other-matter (OM) paragraphs

Emphasis-of-matter and other-matter paragraphs

Definitions

First, let’s first define the two terms.

AU-C 706.05 provides the following definitions:

Emphasis-of-matter paragraph. A paragraph included in the auditor's report that is required by GAAS, or is included at the auditor's discretion, and that refers to a matter appropriately presented or disclosed in the financial statements that, in the auditor's professional judgment, is of such importance that it is fundamental to users' understanding of the financial statements.

Other-matter paragraph. A paragraph included in the auditor's report that is required by GAAS, or is included at the auditor's discretion, and that refers to a matter other than those presented or disclosed in the financial statements that, in the auditor's professional judgment, is relevant to users' understanding of the audit, the auditor's responsibilities, or the auditor's report.

Notice that an EOM refers to “a matter appropriately presented or disclosed in the financial statements,” while an OM refers to “a matter other than those presented or disclosed in the financial statements.”

Now, let's take a look at sample EOM and OM paragraphs. 

Sample EOM Paragraph

Here’s a sample EOM paragraph:

Emphasis of Matter

As discussed in Note X to the financial statements, the Company has elected to change its policy for determining cash equivalents in 20X 7. Our opinion is not modified with respect to that matter.

Sample OM Paragraph

Here is a sample OM paragraph:

Other Matter

In our report dated April 18, 20X5, we expressed a qualified opinion since the Company’s main office had a material unrecognized impairment loss. As noted in Note 12, the Company has now recognized the impairment in conformity with accounting principles generally accepted in the United States of America. Accordingly, our present opinion on the restated 20X4 financial statements, as presented herein, is different from that expressed in our previous report.

You also need to know the presentation requirements for EOM and OM paragraphs.

Presentation Requirements for an EOM

AU-C 706.06 and 706.07 provides guidance in reference to EOMs. The auditor should:

  • Refer only to information presented or disclosed in the financial statements
  • Include the EOM immediately after the opinion paragraph in the auditor’s report
  • Use the heading “Emphasis of Matter” or other appropriate heading
  • Include a clear reference to the matter being emphasized and to where relevant disclosures that describe the matter can be found
  • Indicate that the auditor’s opinion is not modified with respect to the matter emphasized

Presentation Requirements for an OM

AU-C 706.08 provides guidance in reference to OMs. The auditor should:

  • Include the OM immediately after the opinion paragraph and any EOM paragraph (or elsewhere in the auditor’s report if the content of the OM paragraph is relevant to the “Other Reporting Responsibilities” section – see AU-C 706.A6--.A11)
  • Use the heading “Other Matter” or other appropriate heading

AU-C Sections Requiring EOMs

Sometimes EOMs are required; here are examples:

  • AU-C 570.15-.16 The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern
  • AU-C 560-.16c Subsequent Events and Subsequently Discovered Facts
  • AU-C 708.08-.09 and .11-.13 Consistency of Financial Statements

See exhibit B of AU-C 706 for a complete listing of AU-C sections requiring EOM paragraphs.

An EOM is commonly required when a company has a change in an accounting principle (that has a material impact). AU-C 708 Consistency of Financial Statements paragraphs .07-.08 provides guidance on when the EOM is required.

The auditor also has an option to use an EOM to emphasize matters that are not required by audit standards. So, sometimes EOMs are included because they are required (e.g., going concern) and, other times, they are optional (e.g., to highlight a related party transaction).

AU-C Sections Requiring OMs

Sometimes OMs are required; here are examples:

  • AU-C 725.09 Supplementary Information in Relation to the Financial Statements
  • AU-C 800.20 Special ConsiderationsAudits of Financial Statements Prepared in Accordance With Special Purpose Frameworks

See exhibit C of AU-C 706 for a complete listing of AU-C sections requiring OM paragraphs.

Simple Summary

  • Use EOMs to OMs to highlight important matters
  • EOMs refer to matters presented or disclosed in the financial statements
  • OMs refer to a matter other than those presented or disclosed in the financial statements
  • EOMs and OMs are—in certain situations—required by audit standards
  • An EOM should immediately follow the opinion paragraph and should refer to the note that describes the issue; include the heading “Emphasis of a Matter” or other appropriate heading
  • An OM should immediately follow the opinion paragraph and any EOM (if one is included); include the heading “Other Matter” or other appropriate heading

Of course, creating your opinion is just a part of wrapping up your audits

1 2 3 12
>