Category Archives for "Auditing"

Yellow Book CPE
Jul 06

2018 Yellow Book CPE Requirements

By Charles Hall | Auditing , Local Governments

What are the 2018 Yellow Book CPE requirements?

You’ve heard about the new Yellow Book (effective for audits of years ending June 30, 2020, and after). So, now you’re wondering if there are any changes in CPE requirements. This article explains the Yellow Book continuing education requirements. 

Below we will address (1) who is subject to the Yellow Book CPE requirements and (2) what CPE classes satisfy those requirements.

Yellow Book CPE

Overview

Paragraph 4.16 of the Yellow Book states “Auditors who plan, direct, perform engagement procedures for, or report on an engagement conducted in accordance with GAGAS should develop and maintain their professional competence by completing at least 80 hours of CPE in every 2-year period.”

Nevertheless, Paragraph 4.26 states “nonsupervisory auditors who charge less than 40 hours of their time annually to engagements conducted in accordance with GAGAS may be exempted by the organization from all CPE requirements in paragraph 4.16.” Additionally, paragraph 4.27 allows an audit organization to exempt “college and university students employed on a temporary basis.”

Auditors not exempted by the provisions in paragraphs 4.26 or 4.27 must take at least 20 hours of CPE in each year of the two years. 

So, there is an 80 requirement. Additionally, there are two more requirements:

  1. 56-hour (every two years)
  2. 24-hour (every two years)

Below we’ll see:

  1. Who is subject to each requirement?
  2. What classes qualify for each requirement?

Before we get into the details, you may be wondering, “How do I know if I am subject to the Yellow Book CPE requirements?” To answer that question, consider whether a Yellow Book report is to be issued (or whether one was issued in a prior engagement). If yes, then consider the requirements below. In most audit reports, you’ll see the Yellow Book report just after the notes to the financial statements. And when must an entity comply with the Yellow Book requirements? Usually when a law or a grant requires it. 

YouTube player

Now, let’s start our review of Yellow Book CPE requirements.

The 24-Hour Requirement – Who is Subject?

Who is subject to the 24-hour requirement? If you work on a Yellow Book engagement as an auditor, you are subject to the 24-hour requirement. Even so, if you are a nonsupervisory auditor that works less than forty hours annually on Yellow Book engagements, your audit organization can exempt you from Yellow Book requirements. (See paragraph 4.26 of the Yellow Book.) Additionally, audit organizations can exempt college students hired temporarily. (See paragraph 4.27 of the Yellow Book.)

Next, let’s see who is subject to the 56-hour requirement?

The 56-Hour Requirement – Who is Subject?

Who is subject to the 56-hour requirement? Auditors who are involved in:

1. Planning,
2. Directing, or
3. Reporting 

These are usually partners, managers, and in-charges. 

Additionally, the 56-hour requirement applies to auditors who are not involved in planning, directing, or reporting but charge 20 percent or more of their annual time to GAGAS engagements. This category usually includes professional staff personnel. 

So, consider this example. You have a staff member that has:

  • 2,000 hours of total time each year
  • 140 hours in two GAGAS (Yellow Book) engagements for the year
  • He is not involved in planning, directing, or reporting

He is not subject to the 56-hour requirement (his GAGAS time is less than 20% of the total hours), though he is subject to the 24-hour requirement.

But suppose he is promoted during the year and becomes a manager on the second Yellow Book engagement. Even though his time is less than 20% of his annual time, he is now subject to the 56-hour requirement. Why? He is directing the engagement. 

Now, let’s see what classes qualify for Yellow Book CPE. 

What Classes Qualify for Yellow Book CPE?

Paragraph 4.21 of the Yellow Book states, “Determining what subjects are appropriate for individual auditors to satisfy the CPE requirements is a matter of professional judgment to be exercised by auditors in consultation with appropriate officials in their audit organization.” Moreover, there are differences in the 56-hour requirement and the 24-hour requirement. Otherwise, only one category would exist. The 56-hour requirement is broader and the 24-hour requirement is more specific. 

Yellow Book CPE

Okay, let’s define the differences in the 56-hour and 24-hour requirements. 

The 56-Hour Rule – Classes that Qualify

The 56-hour rule is broad, encompassing any CPE that enhances the auditor’s professional expertise to conduct engagements.  So, CPE classes about better writing, for example, would qualify. 

Paragraph 4.24 of the Yellow Book provides the following as examples of acceptable topics:

  • Subject matter categories for the 24-hour requirement listed in paragraph 4.23 (the 24-hour requirement–see below)
  • General ethics and independence
  • Communicating clearly in writing or verbally
  • Managing time
  • Leadership
  • Political science

Now, let’s compare the general 56-hour requirements with the more specific 24-hour requirements. 

The 24-Hour Rule – Classes that Qualify

Each auditor performing work under GAGAS should complete, every two years, at least twenty-four hours of CPE that directly relates to government auditing, the government environment, or the specific or unique environment in which the audited entity operates.

Paragraph 4.23 of the Yellow Book provides the following as examples of acceptable topics:

  • GAO generally accepted government auditing standards (GAGAS)
  • AICPA Statements of Auditing Standards (SASs)
  • AICPA Statements on Standards for Attestation Services (SSAEs)
  • AICPA Statements on Accounting and Review Services (SSARS)
  • Standards issued by the Institute of Internal Auditors
  • Standards issued by the Public Company Accounting and Oversight Board
  • U.S. Generally Accepted Accounting Principles (FASB and GASB)
  • Standards for Internal Control in the Federal Government
  • COSO Internal Controls–Integrated Framework
  • Relevant audit guides (including information technology auditing and forensic auditing)
  • Fraud and abuse in a governmental environment
  • Compliance with laws and regulations
  • Topics related to the governmental environment such as financing, economics, appropriations, program performance
  • Governmental ethics and independence

Notice these topics are more directly related to auditees than those in the 56-hour requirement. But again, use judgment to determine whether a CPE class is in the 24-hour or the 56-hour bucket. 

Since the GAO, a governmental agency, issues the Yellow Book, we tend to associate Yellow Book engagements with audits of governments. But the Yellow Book can be in play for entities such as banks or electric membership corporations. 

Specific or Unique Environment in Which the Audited Entity Operates

Suppose you audit electric membership corporations (EMCs) subject to the Yellow Book. A CPE class about electric supply grids qualifies for the 24-hour requirement. Or if you audit banks subject to Yellow Book requirements (e.g., FHA loans), then a CPE class dealing with lending qualifies. These classes address issues unique to the environment in which the entity operates.

So, are there CPE classes that don’t qualify as GAGAS hours?

CPE that Does Not Qualify as Yellow Book Hours

Some CPE classes will not qualify as GAGAS hours. Paragraph 4.36 of the Yellow Book provides the following examples:

  • On-the-job training
  • Resume writing
  • Improving parent-child relations
  • Personal investments
  • Money management
  • Retirement planning

Additionally, paragraph 4.35 states that some taxation classes may not qualify such as estate planning. It is possible that a tax class would qualify if “topics relate to an objective of the subject matter of an engagement.”

Your head might be spinning from all of the above rules. So, you might be wondering, can my audit organization use a standard two-year cycle for all employees? You’d like to keep this as simple as possible. 

Two-Year Cycle

An audit organization can adopt a standard two-year period for all of its auditors to simplify the administration of CPE requirements.

But can you carry over excess CPE credit earned in the two-year period?

Carryover Credit

Auditors are not allowed to carry over hours in excess of the 24-hour or 56-hour rule to the next reporting period.

And what are the Yellow Book CPE requirements for a new employee?

Proration of Hours for New-Hires (or Those Newly Assigned to a Yellow Book Audit)

You will prorate the hourly requirements based on the remaining full 6-month intervals in your two-year reporting period. For example, you hire Joan on May 1, 2021, and the firm’s two-year cycle ends on December 31, 2021. There is one remaining full 6-month period. So, if Joan is subject to the 24-hour rule, she will multiply 25% (one six-month period divided by the four six-month periods in the two-year cycle) times 24 to compute the required hours: 6 hours.

And when is the 2018 Yellow Book effective?

Effective Date of Yellow Book Guidance

The 2018 Yellow Book is effective for audits of financial statements for periods ending on or after June 30, 2020. Early implementation is not permitted.

But, didn’t the GAO provide COVID-19 relief? Yes. 

COVID-19 GAO Guidance

The above information is provided without consideration of the COVID-19 guidance issued on February 29, 2020. See the GAO COVID-19 guidance here

Single Audit Major Program Determination
Jun 13

Single Audit Major Program Determination in 4 Steps

By Charles Hall | Auditing

Single Audit major program determination can be challenging. And if this determination is wrong, your Single Audit will be wrong. 

So in this article, I explain how you can correctly determine your major programs in four steps. 

Single Audit Major Program Determination

First, understand that Single Audits focus on major programs. This is how you know which programs to test. So if your auditee has multiple federal programs, it’s important to determine which are major and which are not. 

Here is a summary of the four steps of Single Audit major program determination:

  1. Identify Type A programs
  2. Identify Type A low-risk programs
  3. Identify Type B high-risk programs
  4. Determine major programs

(If you desire a deeper dive, watch the following video with a case study.)

YouTube player

Before you do any of these, create a list of all federal programs, similar to the schedule of expenditure of federal awards (the SEFA). The list is comprised of each federal program and the amounts expended. 

Next, apply the four steps to this list. We’ll start by identifying the type A programs.

1. Identify Type A Programs

The type A threshold is $750,000 when the total federal awards expended are $25 million or less. So if you have a federal program of $750,000 or greater, then it’s a type A program. Type B programs are those of less than $750,000. 

When total federal awards exceed $25 million, see the table below.

Total federal awards expended Type A/B threshold
≥$750,000 and ≤ $25 million

$750,000

>$25 million but ≤ $100 million

total federal awards expended times .03

>$100 million but ≤ $ 1 billion

$3 million

> $1 billion but ≤ $10 billion total federal awards expended times .003

>$10 billion but ≤ $20 billion

$30 million

>$20 billion

total federal awards expended times .0015

Remove the Large-Loan Program Distortion

Large loan programs can potentially cause some type A programs to be excluded. In other words, large loan programs can cause some programs to be deemed type B though they should be type A. Therefore, the auditor subtracts any large loan balances from the total federal programs before determining what programs are type A.

And what are large loan balances? They are loan programs that exceed four times the largest non-loan program.

So see what the largest non-loan program is and multiply that amount times four. Then see if any loan programs exceed that amount. If they do, subtract the large loan program from the total federal awards before determining the A/B thresholds. See §200.518 (b)(3) for more information. 

Clusters are One Program

Additionally, if the entity has a cluster such as student financial aid, then treat that program as one program. Clusters have multiple CFDA numbers for each grant but are treated as one program when performing a Single Audit. The Compliance Supplement states “a cluster of programs means a grouping of closely related programs that share common compliance requirements.” So if you have a cluster, add all the grants together to see if the total cluster exceeds the type A threshold. (See part 5 of the Compliance Supplement for additional information about clusters.)

No Type A Programs

What if there are no type A programs? Then go to step 4 and pick enough programs to satisfy the coverage requirement. 

Next, we’ll see how to identify low-risk type A programs. 

2. Identify Low-Risk Type A Programs

The Uniform Guidance provides the auditor with criteria in §200.518 (c) for determining whether a type A program is low risk. Type A programs that meet these criteria are low-risk. Programs that do not meet these criteria are not low-risk. 

The Uniform Guidance says,

For a Type A program to be considered low-risk, it must have been audited as a major program in at least one of the two most recent audit periods.

Consequently, a type A program will be major at least once every three years.

Additionally, the Uniform Guidance goes on to say:

in the most recent audit period, the program must have not had:

(i) Internal control deficiencies which were identified as material weaknesses in the auditor’s report on internal control for major programs as required under §200.515 Audit reporting, paragraph (c);

(ii) A modified opinion on the program in the auditor’s report on major programs as required under §200.515 Audit reporting, paragraph (c); or

(iii) Known or likely questioned costs that exceed five percent of the total Federal awards expended for the program.

Additionally, federal agencies can request that programs not be considered low-risk for certain recipients. If such a request is made, the program will not be low risk. 

But if the factors listed above don’t lead to a high-risk classification, can the auditor use inherent risk factors such as size and complexity to move the assessment to high risk? No. The auditor must use the criteria listed above. 

And what if there are no low-risk programs?

No Low-Risk Type A Programs

If there are no low-risk type A programs then step 3, identifying high-risk type B programs, is not necessary. Go directly to step 4: Determine major programs. 

Now, let’s take a look at step 3: Identifying high-risk type B programs.

3. Identifying High-Risk Type B Programs

The auditor identifies the type B programs by using their judgment and criteria such as that listed below. But how many high-risk type B programs should the auditor identify? No more than at least one-fourth the number of low-risk type A programs.

Additionally, the auditor is only required to perform risk assessments of type B programs that exceed 25% of the type A threshold (e.g., 25% of 750,000 is $187,500). If all of the type B programs are less than this amount, then none are assessed. And you skip step 3. But if you have type B programs greater than this 25% amount, perform risk assessments.

In determining whether a type B program is high-risk, the auditor should use factors such as:

  • The complexity of the program
  • The phase of the program in its life cycle (newer programs may be higher risk)
  • The degree of significant changes in the program or related statutes and regulations
  • The size of the program (programs with larger expenditures are higher risk)
  • Weaknesses in internal controls as related to compliance requirements (e.g., controls to ensure allowability of costs)
  • Prior audit findings
  • The structure of the internal control system (multiple structures tend to be higher risk)
  • Federal programs not recently audited as a major program
  • Oversight by a federal agency (if their review noted issues, then the program could be higher risk)

Other than known material control weaknesses in internal controls pertaining to compliance requirements or known compliance problems, a single risk criterion will seldom cause the program to be high risk.

But what if there are no high-risk type B programs?

No High-Risk Type B Programs

If there are no high-risk type B programs, then none are major. This is true even if there are low-risk type A programs. You can’t make a type B program high-risk just because a low-risk type A program exists (and you’re trying to meet the one-fourth of type A low-risk requirement). So, assess the program in light of the criteria. And let it be what it is, whether high-risk or low-risk.

If, however, there are multiple high-risk type B programs, a potential problem arises: identifying too many high-risk programs.

Identify Only What is Required

Don’t make the mistake of identifying more high-risk type B programs than what is necessary. If you do, then you must test them all (those you identified as high-risk). So, once you have identified the requisite number of high-risk type B programs, stop. 

If there are multiple potential type B high-risk programs and not all are identified as high-risk, then consider rotating the programs tested each year. 

Rotate Programs Tested

The Uniform Guidance (§200.518) encourages providing “an opportunity for different high-risk type B programs to be audited as major over a period of time.” So if the auditor only needs one type B high-risk program, for example, and there are multiple potential high-risk type B programs, then it is desirable to identify a different one as major each year. That way, different type B high-risk programs will be audited over time.

We’re almost done. Now, let’s determine the major programs.

4. Determine Major Programs

At a minimum, the following will be your major programs:

  • All type A programs not identified as low risk
  • All type B programs identified as high-risk
  • Any additional programs needed to comply with the percentage of coverage rule

So what is the percentage of coverage rule? It’s 20% for low-risk auditees and 40% for those that are not low-risk auditees. But what does this mean? Well, let’s look at an example to clarify.

Suppose the entity is a low-risk auditee. And suppose the entity has type A program that is not low risk (it’s a major program). It makes up 17% of the total federal awards. All other programs are type B and none is considered major. What should be done? Pick a type B program and test it. But the program picked must bring the total tested to at least 20% of the total federal awards. Now you’ve complied with the coverage rule.

The low-risk auditee criteria follows below. Though there are similarities with program risk assessment criteria shown above, there are differences as well. 

Low-Risk Auditee

An auditee must meet all of the following conditions for each of the preceding two audit periods to qualify as a low-risk auditee:

  • An annual Single Audit was performed and the reporting package was timely filed with the Federal Audit Clearinghouse
  • The auditor issued an unmodified opinion on the financial statements and on the schedule of expenditures of federal awards
  • There were no internal control material weaknesses in the Yellow Book report
  • The auditor’s opinion did not report substantial doubt about the entity’s ability to continue as a going concern
  • No federal programs had findings from any of the following in the preceding two years:
    • No material weaknesses in internal control for a major program
    • No modified opinion on a major program
    • No known or likely questioned costs that exceeded five percent of the total federal awards expended for a type A program during the audit period

So if the entity meets all of these conditions, it is a low-risk auditee and you can use the 20% threshold. If not, use 40%.

Meeting the percentage of coverage rule does not by itself permit the auditor to skip remaining steps. Suppose in step 2. that one type A program is 50% of the total federal awards and is identified as a major program, can the auditor skip step 3.? Not necessarily. Coverage does not exempt the auditor from following the remaining steps. 

Four Steps of Major Program Determination

Now you know how to determine which programs are major. These are the programs you’ll test for compliance. You’ll also test related compliance internal controls.

Additionally, you now know how to determine whether an entity is a low-risk auditee.

You may want to save this article and keep it handy. Why? Well, the four-step determination is relevant in every Single Audit. 

If you’re looking for information about whether an entity is required to have a Single Audit, see my article

Single Audit Applicability
Jun 07

Single Audit Applicability and Objectives

By Charles Hall | Auditing , Local Governments

In this article, I provide information about Single Audits for local governments and nonprofits.

Your organization received federal funds but you're not sure about Single Audit applicability. Should you engage an audit firm to perform a Single Audit or not? 

In this article, I'll help you determine whether a Single Audit is needed. I'll also explain the objectives of such an audit. Why? So you can understand what auditors are looking for.

Single Audit Applicability

Single Audit: What is it?

Many nonprofits and local governments receive federal funds from the United States government. And some of those entities are required to have a Single Audit.

But what is a Single Audit? It's just what it says: a single audit. Of what? A single audit of all federal awards received by a nonprofit or a government. 

For example, a local government might receive disaster funds from FEMA and a block grant from HUD. But rather than contracting for two separate audits, a Single Audit of both programs is performed. This audit requirement is usually triggered when total federal awards exceed $750,000 in one year.

The Uniform Guidance

So what guidance does the auditor and the nonfederal organization (government or nonprofit) follow? The Office of Management and Budget's (OMB) Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awardscommonly referred to as the Uniform Guidance.

Subpart F, Audit Requirements, provides guidance for auditors.

Next, let's dig a little deeper regarding Single Audit applicability.

Single Audit Applicability

When is a Single Audit required? The Uniform Guidance states: A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit. This is a Single Audit Requirement. (There is an exception. That's when the entity elects to have a program specific audit.)

But what does expend mean? Typically the word means that an entity spends money. But the word expend has a broader meaning in Single Audits. For example, the word includes:

  • receipt of federal property or goods (e.g., surplus property or commodities)
  • receipt and use of federal loans 
  • loan balances with the federal government (when there are continuing compliance requirements)
  • interest subsidies from the federal government

So if the government or nonprofit expends at least $750,000 in federal funds during its fiscal year, a Single Audit is necessary. If it expends less than $750,000, then a Single Audit is normally not required. States may, however, require a Single Audit even though amounts expended are less than $750,000.

Does the entity look solely at funds received directly from the federal government? No. Federal awards may come directly from a federal agency. But they may also come indirectly through a pass-through entity such as a state. The nature of the federal funds does not change as it passes through an entity (e.g., a state). It's still federal money.

In light of these facts, how does the Uniform Guidance define federal financial assistance? Let's take a look.

What is Federal Financial Assistance?

The Uniform Guidance defines federal assistance in the following manner:

§ 200.40 Federal financial assistance.

(a) Federal financial assistance means assistance that non-Federal entities receive or administer in the form of:

  (1) Grants;

  (2) Cooperative agreements;

  (3) Non-cash contributions or donations of property (including                 donated surplus property);

  (4) Direct appropriations;

  (5) Food commodities; and

  (6) Other financial assistance (except assistance listed in paragraph       (b) of this section).

(b) For § 200.202 Requirement to provide public notice of Federal financial assistance programs and Subpart F - Audit Requirements of this part, Federal financial assistance also includes assistance that non-Federal entities receive or administer in the form of:

  (1) Loans;

  (2) Loan Guarantees;

  (3) Interest subsidies; and

  (4) Insurance.

Total of Federal Assistance

The non-federal entity adds all federal financial assistance together to see if they exceed the $750,000 threshold. If, for example, a county government expends $500,000 in block grant funds and $450,000 in disaster funds during its fiscal year, then a Single Audit is necessary. 

Now that you understand Single Audit applicability, you may be wondering what the objectives are. 

Objectives of a Single Audit

The easiest way to understand the objectives of a Single Audit is to look at a Single Audit report. See example 13-1 from the AICPA. There are two main objectives. 

1. Opinion on Compliance with Federal Program Requirements

First, understand that the auditor provides an opinion regarding the entity's compliance with major federal program requirements.

A portion of that wording reads as follows:

Opinion on Each Major Federal Program
In our opinion, Example Entity complied, in all material respects, with the types of compliance requirements referred to above that could have a direct and material effect on each of its major federal programs for the year ended June 30,20X1.
2. Reporting on Internal Control Testing

Second, understand that the auditor reports on internal control testing. While no audit opinion is rendered by the auditor, the controls are tested nonetheless.  

A portion of that wording reads as follows:

Report on Internal Control Over Compliance
Management of Example Entity is responsible for establishing and maintaining effective internal control over compliance with the types of compliance requirements referred to above. In planning and performing our audit of compliance, we considered Example Entity's internal control over compliance with the types of requirements that could have a direct and material effect on each major federal program to determine the auditing procedures that are appropriate in the circumstances for the purpose of expressing an opinion on compliance for each major federal program and to test and report on internal control over compliance in accordance with the Uniform Guidance, but not for the purpose of expressing an opinion on the effectiveness of internal control over compliance. Accordingly, we do not express an opinion on the effectiveness of Example Entity's internal control over compliance.

Single Audit Applicability and Objectives

In summary, Single Audits are necessary when a local government or nonprofit expends $750,000 or more. And the objectives of the audit are to provide an opinion on compliance with federal requirements and to report on the internal control testing. 

Higher price audit
Jun 06

Higher Audit Prices Due to Higher Risk

By Charles Hall | Auditing

Audit risk increases uncertainty—and price. At least, it should.

In this post, I provide examples increased audit risk and reasons why audit prices should increase accordingly.

Higher audit price

First, let’s look at examples of increased audit risk.

Factors that Increase Audit Risk

Factors that increase audit risk include:

  • Entity is about to be sold
  • Records not reconciled on a timely basis (including bank accounts, inventory, accounts receivable, and accounts payable)
  • Business with a high debt load and covenant violations
  • Known existence of fraud
  • Inexperienced management in a complicated business
  • Known legal proceedings against the company
  • Unusual estimates (e.g., environmental liabilities)
  • Complex transaction cycles with varied accounting systems (systems differ at each location)
  • Group audit situations with subsidiaries audited by other audit firms (especially if the components are foreign entities)
  • Entities with severe cash flow deficiencies

Now, let’s think about why we might increase our audit prices based on such risks.

Your Insurance Carrier’s Perspective

Pretend, for a moment, that you are a representative of a professional liability insurance carrier, and you’ve been assigned the duty of reviewing an audit firm’s book of business. How would you rate–from an insurance perspective–audits of the following entities?

  1. The City of Perfect has a CPA as its finance director. For the last twenty years, they have received the financial reporting Government Finance Officer’s Certificate of Achievement. They have never had a significant fraud. The city’s net position is strong, and it has no debt.
  2. Shazaam, Incorporated, is a high-tech company funded with venture capital. Operations began two years ago. Shazaam has weak cash flow, but the company has successfully created one new whiz-bang product, making it a highly desirable acquisition target. Potential suitors have already made visits to the company’s headquarters inquiring about a purchase.
  3. Sterling Parts, Incorporated, sells auto parts mainly in the United States, but it also has manufacturing operations in Germany. The company has eight subsidiaries, one of which is the German production component. This entity has been cited for contaminating the Rhine river. The cost of cleanup and damages are not known. The foreign entity uses an accounting system that is entirely different from the other companies. A German accounting firm audits the manufacturing component.

Would you price the insurance for all three engagements the same? Certainly not. The City of Perfect is…well perfect. The second and third audits have risk elements.

So if we as auditors examine prospective audit clients purely with an eye on risk, there should be a premium (higher fee) for those with increased risk. Why? There is a higher probability that the audit firm will suffer loss. The inherent risks in examples 2 and 3 increase the chance of faulty financial reporting, which increases the possibility a suit against the audit firm.

From a project management perspective, will all three engagements take the same amount of time? Obviously no. The higher risk engagements will require more resources, effort, and time. (Higher risk audits can also increase your insurance rates.)

Client Risk Requires More Time

You might think of the additional time element in this way:

Risk = Additional Time = Higher Price

Too often, CPA firms fish for audits without giving appropriate consideration to risk. Then, the flat fee creates pressure to ignore risks, because, after all, the audit firm wants to make a profit. It is critical that auditors incorporate a pricing premium for identified client risk. So consider  the audit risk model even in the beginning of an audit.

Unidentified Audit Risk

But what about unknown risk (that which exists before starting the engagement)?

Well, that’s another story. Discovering fraud, for example, may require an expansion of the engagement scope. As with any project, when the scope increases, price increases. But the price increase is dependent upon the size and complexity of the theft. If the fraud is nominal and requires little additional time, then no price increase is necessary. But if the theft is broad and complex, a contract amendment may be in order.

Audit Client Acceptance And Continuance

Does your firm use any type of risk score in client acceptance or in your annual continuance decision? If no, consider scoring your clients in terms of price and risk. And while you’re at it, think about rating your entire book of business. Here’s how.

An Exercise to Evaluate Your Pricing in Light of Risk

In an Excel spreadsheet, list the following for all A&A clients:

  • Name of the client
  • The A&A service (e.g., audit, compilation)
  • Years you’ve provided the A&A service
  • Price
  • Time estimate
  • Average hourly rate
  • Describe any client risks
  • Score the client risk from 1 to 5 (with 5 being highest)

Once the list is complete, ask yourself if the pricing is appropriate. If the hourly rate is low but the risk is high, consider a price increase.

May 28

The Why and How of Auditing: Amazon

By Charles Hall | Auditing

The Why and How of Auditing

Do you ever feel trapped by an audit? Like you can’t finish. It started so well, but somewhere along the way, something went wrong. The wheels came off.

Maybe it started with your acceptance of a new client that you didn’t feel good about from the beginning.

Or possibly your new staff members don’t understand risk assessment. So they blindly followed last year’s work papers. However, the auditee has new risks, and the audit team failed to address them.

Wow, the audit budget is busted. But you still need to finish the substantive and wrap-up work. Just creating financial statements will take a week.

Additionally, you’re in a peer review year.

The clock is ticking. And how do you feel? Trapped!

Want less stress? Then check out The Why and How of Auditing.

My new book explains the full audit process, from beginning to end, from client acceptance to audit opinion issuance. Also, you’ll find helpful guidance for the audit of transaction cycles such as receivables and revenue, payables and expenses, debt, payroll, and more—all in one easy-to-understand book.

Discover helpful ways to plan, execute, and complete your audit engagements.

Imagine: quality audits finished on time.

Praise for The Why and How of Auditing

Need a quick-reference audit guide? This is it. Charles walks you from the beginning of the audit process all the way to the end, an excellent plain-english guide.

Mark Wiseman, CPA, CMA, Partner
Brown, Edwards & Company, L.L.P. Roanoke, Virginia

This is a great how-to, hands-on guide that will help you conduct a quality audit and provide value to your clients. Go over a chapter a week with your audit team. The book provides the why and how behind your audit programs and workpapers.

James H. Bennett, CPA, Managing Member
Bennett & Associates, CPAs PLLC Ann Arbor, Michigan

Thanks Charles for clarifying what’s important in an audit. Recommended reading for any auditor level.

Jay Miyaki, CPA, Partner
Jay Miyaki, LLC Honolulu, Hawaii

The author steps through each audit area in a simple manner and clearly explains topics that are often complex by providing numerous examples and personal anecdotes. I highly recommended this text to anyone in the financial statement audit profession.

Jacob Gatlin, CPA, PhD
CDPA, PC Athens, Alabama

Charles Hall’s “The Why and How of Auditing” is comprehensive, yet easy to implement. This guide will enhance the effectiveness of your audit engagements.

Armando Balbin, CPA, Partner
Downey, California

I highly recommended Charles Hall’s latest book, “The Why and How of Auditing.” Charles takes a complicated subject and makes it simple. Our team found it particularly useful in the areas of questions to ask, procedures to follow, and work paper examples.

Bill Burke, CPA, Partner
Burke, Worsham and Harrell, LLC Bainbridge, Georgia

A must-read for auditors! The Why and How of Auditing is insightful, practical, and rich with ideas. Charles takes a complex topic and breaks it down into an easy to read, well-defined road map.

Kathryn Fletcher, CPA, MBA, Partner
Draffin Tucker Atlanta, Georgia

Get Your Copy Now!

Click here to see the book on Amazon.

1 9 10 11 12 13 15
>