Auditing cash tends to be straightforward. We usually just obtain the bank reconciliations and test them. We send confirmations and vouch the outstanding reconciling items to the subsequent month’s bank statement. But are such procedures always adequate? Hardly.
Recall the Parmalat and ZZZZ Best Carpet Cleaning frauds. In those businesses, the theft of cash was covered up with fake bank statements and fake confirmation responses. Millions were lost and reputations of those audit firms were tarnished.
How to Audit Cash
In this post, we will take a look at the following:
- Primary cash assertions
- Cash walkthrough
- Directional risk for cash
- Primary risks for cash
- Common cash control deficiencies
- Risk of material misstatement for cash
- Substantive procedures for cash
- Common cash work papers
Primary Cash Assertions
The primary relevant cash assertions are:
Of these assertions, I believe existence, accuracy, and cutoff are most important. The audit client is asserting that the cash balance exists, that it’s accurate, and that only transactions within the period are included.
Classification is normally not a relevant assertion. Cash is almost always a current asset. But when bank overdrafts occur, classification can be in play. The negative cash balance can be presented as cash or as a payable depending on the circumstances.
As we perform walkthroughs of cash, we normally look for ways that cash might be overstated (though it can also be understated as well). We are asking, “What can go wrong?” whether intentionally or by mistake.
In performing cash walkthroughs, ask questions such as:
- Are timely bank reconciliations performed by competent personnel?
- Are all bank accounts reconciled?
- Are the bank reconciliations reviewed by a second person?
- Are all bank accounts on the general ledger?
- Are transactions appropriately cut off at period-end (with no subsequent period transactions appearing in the current year)?
- Is there appropriate segregation between persons handling cash, recording cash, making payments, and reconciling the bank statements
- What bank accounts were opened in the period?
- What bank accounts were closed in the period?
- Are there any restrictions on the bank accounts?
- What persons are on the bank signature cards?
- Who has the authority to open and/or close bank accounts?
- What is the nature of each bank account (e.g., payroll bank account)?
- Are there any cash equivalents (e.g., investments of less than three months)
- Were there any held checks (checks written but unreleased) at the end of the period being audited?
As we ask questions, we also inspect documents (e.g., bank reconciliations) and make observations (who is doing what?).
If controls weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we review three monthly bank reconciliations and they all have obvious errors, we will perform more substantive work to prove the year-end bank reconciliation. For example, we might vouch every outstanding deposit and disbursement.
Directional Risk for Cash
What is directional risk? It’s the potential bias that a client has regarding an account balance. A client might desire an overstatement of assets and an understatement of liabilities since each makes the balance sheet appear healthier.
The directional risk for cash is overstatement. So, in performing your audit procedures, perform procedures such as testing the bank reconciliation to ensure that cash is not overstated.
Primary Risks for Cash
The primary risks are:
- Cash is stolen
- Cash is intentionally overstated to cover up theft
- Not all cash accounts are on the general ledger
- Cash is misstated due to errors in the bank reconciliation
- Cash is misstated due to improper cutoff
Common Cash Control Deficiencies
In smaller entities, it is common to have the following control deficiencies:
- One person receipts and/or disburses monies, records those transactions in the general ledger, and reconciles the related bank accounts
- The person performing the bank reconciliation does not possess the skill to properly perform the duty
- Bank reconciliations are not timely performed
Risk of Material Misstatement for Cash
In my smaller audit engagements, I usually assess control risk at high for each assertion. If control risk is assessed at less than high, then controls must be tested to support the lower risk assessment. Assessing risks at high is usually more efficient than testing controls.
When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate.
The assertions that concern me the most are existence, accuracy, and cutoff. So my RMM for these assertions is usually moderate to high.
My response to higher risk assessments is to perform certain substantive procedures: namely, bank confirmations and testing of the bank reconciliations. As RMM increases I examine more of the period-end bank reconciliations and more of the outstanding reconciling items. Also, I am more inclined confirm the balances.
When the RMM is moderate, I use standard audit procedures.
Substantive Procedures for Cash
My customary audit tests are as follows:
- Confirm cash balances
- Vouch reconciling items to the subsequent month’s bank statement
- Ask if all bank accounts are included on the general ledger
- Inspect final deposits and disbursements for proper cutoff
The auditor should send confirmations directly to the bank. Some individuals create false bank statements to cover up theft. Those same persons provide false confirmation addresses. Then the confirmation is sent to an individual (the fraudster) rather than a bank. Once received, the company replies to the confirmation as though the bank is doing so. You can lessen the chance of fraudulent confirmations by using Confirmation.com, a company that specializes in bank confirmations. Also, you might Google the confirmation address to verify its existence.
Agree the confirmed bank balance to the period-end bank reconciliation (e.g., December 31, 20X9). Then, agree the reconciling items on the bank reconciliation to the bank statement subsequent to the period-end. For example, examine the January 20X0 bank statement activity when clearing the December 20X9 reconciling items. Finally, agree the reconciled balance to the general ledger cash balance for the period-end (e.g., December 31, 20X9).
Cut-off bank statements (e.g., January 20, 20X9 bank statement) may be used to test the outstanding items. Such statements, similar to bank confirmations, are mailed directly to the auditor. Alternatively, the auditor might examine the reconciling items by viewing online bank statements. (Read-only rights can be given to the auditor.)
Common Cash Work Papers
My cash work papers normally include the following:
- An understanding of cash-related internal controls
- Risk assessment of cash assertions at the assertion level
- Documentation of any control deficiencies
- Cash audit program
- Bank reconciliations for each significant account
- Bank confirmations
We’ve discussed how to perform cash risk assessment procedures, the relevant cash assertions, the cash risk assessments, and substantive cash procedures.
Next we’ll examine how to audit receivables and revenues.