Category Archives for "Auditing"

wrapping up audits
Jan 26

Wrapping Up Audits: The Why and How

By Charles Hall | Auditing

Do you ever have the almost-done illusion? You think you’re almost done, but you’re not—and you’re not even close. Frustrating! Completing audits is not easy, but—in this article—you’ll learn how to cross the finish line with applause.

wrapping up audits

What? I’m Not Done?

I remember my boss asking me, “what’s the status of the audit?” I answered, “oh, I’m about 90% done.” But actually I was—at best—75% through. Why the miscalculation? I mistakenly thought if the planning and transaction areas (e.g., cash) were complete, that I was nearly finished. I was wrong. Wrap-up takes (or least can take) a significant amount of time. 

Wrapping Up Audits — An Overview

In the final stages of an audit, we are (among other things):

  • Updating subsequent events
  • Considering going concern
  • Creating final analytics
  • Providing audit entries to the client
  • Summarizing passed journal entries
  • Reviewing the file
  • Creating financial statements
  • Completing the disclosure checklist
  • Reviewing financial statements
  • Obtaining a management representation letter
  • Creating your audit opinion
  • Creating a management letter
  • Communicating control deficiencies

There is no required order for these steps. The sequence provided below is simply my normal method.

Let’s start with subsequent events.

Updating Subsequent Events

The financial statements should disclose material subsequent events such as legal settlements, the issuance of debt, the adoption of a benefit plan, or the sale of stock. And while disclosure is important, subsequent events—such as legal settlements—can affect the year-end balance sheet. Some subsequent events trigger the accrual of liabilities.

Here are common subsequent event procedures:

  • Inquire of management and company attorneys about subsequent events
  • Review subsequent receipts and payments
  • Read the minutes created after period-end
  • Review subsequent interim financial statements
  • Review the subsequent year’s budget
  • Obtain an understanding of management’s methods for accumulating subsequent event information

In performing these procedures, obtain subsequent event information through the audit report date. 

If you’ve sent attorneys’ letters asking about potential litigation, you may need to get an update to coincide with the audit report date. You want the attorney’s written response to be as close to the audit report date as possible. How close? Usually within two weeks. If there are significant issues, you may want to bring the written response through the audit report date.

Another critical issue during wrap-up is going concern.

Considering Going Concern

Even in the planning stage, auditors should consider going concern, especially if the entity is struggling financially. But as you approach the end of the audit, going concern should crystallize. Now you have your audit evidence, and it’s time to determine if a going concern opinion is necessary. Also, consider whether going concern disclosures are sufficient. If substantial doubt is present, then the entity should include going concern disclosures (even if substantial doubt is alleviated by management’s plans).

And what is substantial doubt? The Financial Accounting Standards Board defines it this way:

Substantial doubt about the entity’s ability to continue as a going concern is considered to exist when aggregate conditions and events indicate that it is probable that the entity will be unable to meet obligations when due within one year of the date that the financial statements are issued or are available to be issued.

So, for nongovernmental entities, ask “Is it probable that the company will meet its obligations for one year from the opinion date?” If it is probable that the entity will meet its obligations, then substantial doubt does not exist. If it is not probable that the entity will meet its obligations, then substantial doubt exists.

And what is the period of time to be considered when assessing going concern? One year from the audit report date—unless the entity is a government. If the entity is a government, then the evaluation period is one year from the financial statement date (though this period can lengthen in certain circumstances).

The going concern evaluation is one that management makes as it considers whether disclosures are necessary. 

Then the auditor considers going concern from an audit perspective. If substantial doubt is present, the auditor issues a going concern opinion. Also, if going concern disclosures are incorrect or inadequate, the auditor may need to modify the opinion.

Wrap-up also includes the creation and review of final analytics.

Creating Final Analytics

Auditors create planning analytics—the comparison of key numbers—early in the audit. Why? To look for the risk of material misstatement. Unexpected changes in numbers are indicators of potential error or fraud. They create questions. When unexpected variations exist, auditors plan procedures to test why. 

wrapping up audits

So, what is the purpose of final analytics? To determine whether unanswered questions still exit. Auditors want to know, given the audit evidence in hand, that the numbers are fairly stated.

What analytics should you use? Audit standards don’t specify particular analytics. Some auditors read the financial statements (when comparative periods are presented). Others review key ratios. And some compare current year trial balance numbers with the prior year. 

My final analytics are often the same as those in the beginning. For example, if my planning analytics include a comparison of trial balance numbers, so will my final analytics. Why do I use the same analytics? I want to know that the questions raised in the beginning are now answered. 

In creating analytics, consider the numbers important to your client. Many auditors—in an exit conference—provide key analytics to management and board members, such as performance indicators or liquidity ratios. Consider whether these numbers should be a part of your final (and planning) analytics. 

Now, you are ready to provide your proposed audit entries.

Providing Audit Entries to the Client

Give your audit entries to your client. Hopefully, you discussed these adjustments with your client when you discovered them. If you did, this part is easy. You’re just giving your client the entries. If not, review the proposed adjustments with the client and see if they agree.

Your client may desire to pass on (not post) some immaterial entries. 

Summarizing Passed Journal Entries

Prior to creating the representation letter, the auditor needs to summarize passed journal entries. Why? Audit standards require management to provide a written assertion regarding whether the uncorrected misstatements are material. The summary assists in that determination. 

Once you summarize the uncorrected misstatements, you should consider whether they are material. Review your audit materiality and consider whether the passed adjustments are acceptable. If material uncorrected misstatements exist, consider the effect on your opinion.

In addition to all of the above, you need to review the audit file to make sure everything is in order. 

Reviewing the File

Perform your final review of the work papers and sign off as the reviewer. All preparer and reviewer dates must precede or coincide with the representation letter date (which is the opinion date). Why? Reviews are a part of your evidential matter. Documentation—including reviews—must exist no later than the opinion date. 

See my article titled Seven Excuses for Unnecessary Audit Work Papers.

Once the audit file is ready, it’s time to create the financial statements (if you’ve been engaged to do so).

Creating Financial Statements

Larger entities usually create their own financial statements, but smaller organizations sometimes outsource this work to their auditors. 

wrapping up audits

If the auditor creates the financial statements, the following needs to occur:

  • The audit firm creates the financial statements.
  • The audit firm reviews the financial statements 
  • The client reviews the financial statements 

If you (the auditor) are engaged to create the financial statements, complete them on time. Why? Management must read and take responsibility for the financial statements prior to signing the representation letter. 

Also, the auditor’s review of the financial statements needs to be completed prior to the date of management’s representation letter. Why? All evidential matter, including the audit firm’s review of the financial statements, must be complete before the opinion is issued.

So, management and the auditor must review the financial statements before the opinion is issued. We’ll discuss the financial statement review process for auditors in a moment, but before we do, let’s take a look at completing the disclosure checklist.

Completing the Disclosure Checklist

Whether you or your client creates the financial statements, a disclosure checklist helps ensure the completeness and propriety of the notes. Remember your audit opinion covers the financial statements and the disclosures. 

Since new accounting standards are issued throughout the year, make sure you use a current checklist. Otherwise, you may not be aware of new or amended disclosure requirements.

Now it’s time to review the financial statements.

Reviewing Financial Statements

If your audit firm creates the financial statements, at least two people should be involved—one creating and one reviewing. Why? Two reasons: (1) the self-review threat (an independence issue) and (2) blind spots.

So, what is a self-review threat? It’s the idea that the person creating something (e.g., the financial statements) will not be independent in reviewing the same. Why is this a problem? Well, we are issuing an independent auditor’s opinion. That’s why we need a second-person review of the financial statements—to mitigate the self review threat.

Additionally, a second-person review is useful in overcoming blind spots. If I create financial statements with errors, I may not see my own mistakes. I have a blind spots. Such errors are often readily apparent to a second person.

See my  post about reviewing financial statement on a computer screen.

Once the financial statements have been prepared and reviewed by your audit firm and your client, it’s time to obtain the management representation letter. 

Obtaining a Management Representation Letter

The management letter is usually prepared by the audit firm and is provided to the client for signing. In the letter, the client is making certain assertions regarding issues such as the following:

  • Management’s responsibility for the financial statements
  • Management’s responsibility for internal controls
  • Assurances that all transactions have been recorded
  • Whether known fraud has occurred
  • Whether known non-compliance with laws or regulations occurred
  • The effects of uncorrected misstatements
  • Litigation
  • The assumptions used in computing estimates
  • Related party transactions
  • Subsequent events
  • Supplementary information
  • Responsibility for nonattest services

The representation letter should cover all financial statements and periods referred to in the auditor’s report. If management refuses to provide the management letter, then consider the effect upon the auditor’s report. Such a refusal constitutes a scope limitation and will usually preclude the issuance of an unmodified opinion.

Another part of wrap-up is creating your audit opinion.

Creating Your Audit Opinion

You’ve planned and performed your audit. 

Now you need to consider the type of opinion you’ll issue. If an unmodified opinion is merited, no problem. Use the standard opinion. But if you are going to qualify the opinion, or issue a disclaimer or adverse opinion, there’s more work to be done. Additionally, sometimes you need to add an emphasis-of-matter paragraph or an other-matter paragraph to your opinion.

wrapping up audits

Determine which opinion is appropriate. Most CPAs use sample reports from national publishing companies. Others use sample reports directly from the auditing standards. Regardless, place a copy of the sample report in your audit file. Why? Your peer reviewer—or someone else—might question your report language. Responding to such questions is much easier with the sample report in hand.

Create your opinion and have a second person review the report, comparing the opinion to the sample report. Check and recheck your wording.

Another consideration in wrap-up is whether you’ll issue a management letter. 

Creating a Management Letter

While not required, you can provide a written management letter to your audit client. Why would you do so? To add value to the audit. 

What is a management letter? Suggestions for improving the business. 

What should you include in the letter? It’s up to you (and dependent upon your observations during the audit), but here are a few examples:

  • Suggested monthly reports for the owners or management
  • Warnings regarding cyber attacks and prevention techniques
  • A suggestion that excess cash be used to pay off high interest rate debt
  • Procurement and bidding recommendations
  • A suggestion that security cameras be installed
  • Software recommendations 
  • A recommendation that all equipment be physically inspected and reconciled to the property ledger 
  • A suggestion that the company review its property insurance coverage
  • Best practices for the implementation of new accounting standards

If you provide a management letter, give the client a draft prior to issuance. Why? To avoid the embarrassment of making inappropriate suggestions—maybe they’ve already done what you are suggesting, for example. 

In addition to the management letter, you may also need to communicate significant deficiencies and material weaknesses.

Communicating Control Deficiencies

Audit standards define significant deficiencies and material weaknesses as follows:

  1. Significant deficiency. A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  2. Material weakness. A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.

Auditing standards require a written communication of significant deficiencies and material weaknesses.

Control deficiencies are often noted during the risk assessment process, particularly as you perform walkthroughs. 

You may also note control weaknesses as you prepare audit journal entries, especially if the adjustments are material. Errors are usually the result of weak internal controls.

Regardless of how you become aware of the control weaknesses, capture them immediately. Otherwise, you may forget them later on. Also, if control weaknesses are material, you may need to communicate them to management when they are discovered (and again at the completion of the audit).

During wrap-up, you create your internal control letter based on the weaknesses noted during the audit.

Consider providing a draft of the internal control letter to management prior to final issuance. Why? To avoid potential misunderstandings. If there’s a disagreement between the client and the auditor, it’s best to clear the issue prior to final issuance of the internal control letter.

One other suggestion: if there are sensitive issues, the senior audit team member (usually the engagement partner) should make this communication. It’s a time to speak the truth with tactfulness—and experience helps.

I started this chapter by saying that wrap-up can take a significant amount of time. As we have seen, there is much to be done in this closing stage of the engagement. 

Wrapping Up Audits - A Simple Summary

  • Perform subsequent event procedures to ensure that all relevant information is included in the financial statements 
  • Consider whether going concern disclosures are necessary and, if required, complete; also consider the need for a going concern opinion
  • Create final analytics and determine if all significant variations in the numbers have been addressed
  • Provide proposed audit entries to the client 
  • Summarize and review all passed journal entries to ensure that material misstatements are not present
  • Review the work paper file 
  • Create the financial statements (if you have been engaged to do so)
  • Complete a current disclosure checklist
  • Review the financial statements 
  • Obtain a signed management representation letter 
  • Create your audit opinion 
  • Create a management letter 
  • Communicate significant deficiencies and material weaknesses 

There you have it: the wrap-up process. Now, when your boss asks, “what’s the status of the audit?” you can say, “I’m at 90 percent”—and be sure of it.

This post is a part of a series of articles title The Why and How of Auditing. Check it out. The series is being compiled into a book that will soon be sold on Amazon--but it's free here. 

audit documentation
Jan 16

Audit Documentation: If It’s Not Documented, It’s Not Done

By Charles Hall | Auditing

Peer reviewers are saying, “If it’s not documented, it’s not done.” Why? Because standards require sufficient audit documentation. And if it’s not documented, the peer reviewer can’t give credit for performance. 

But what does sufficient documentation mean? What should be in our work papers? How much is necessary? This article answers these questions.

audit documentation

In the AICPA’s Enhanced Oversight program, one in four audits is nonconforming due to a lack of sufficient documentation. This has been and continues to be a hot-button peer review issue. And it’s not going away. 

But auditors ask, “What is sufficient documentation?” That’s the problem, isn’t it? The answer is not black and white. We know good documentation when we see it–and poor as well. It’s the middle that is fuzzy. Too often audit files are poor-to-midland. Why? 

First, many times it boils down to profit. Auditors can make more money by doing less work. So, let’s go ahead and state the obvious: Quality documentation takes more time and may lessen profit. But what’s the other choice? Poor work.

Second, the auditor may not understand what the audit requirements are. So, in this case, it’s not motive (for more profit), it’s a lack of understanding.

Thirdly, another contributing factor is that firms often bid for work–and low price usually carries the day. Then, when it’s time to do the work, there’s not enough budget (time)–and quality suffers. Corners are cut. Planning is disregarded. Audit programs are poorly designed. Confirmations, walkthroughs, fraud inquiries are omitted. And yes, it’s easier–at least in the short run.

Even though these reasons may be true, we all know that quality is the foundation of every good CPA firm. And work papers tell the story–the real story–about a firm’s character. How would you rate your work paper quality? Is it excellent, average, poor? If you put your last audit file on this website and everyone could see it, would you be proud? Or does it need improvement?

Insufficient Audit Documentation

So, what is insufficient audit documentation?

First, let’s look at examples of poor documentation:

  • Signing off on audit steps with no supporting work papers (and no explanation on the audit program)
  • Placing a document in a file without explaining why (what is its purpose?)
  • Not signing off on audit steps
  • Failing to reference audit steps to supporting work papers
  • Listing a series of numbers on an Excel spreadsheet without explaining their source (where did they come from? who provided them?)
  • Not signing off on work papers as a preparer
  • Not signing off on work papers as the reviewer
  • Failing to place excerpts of key documents in the file (e.g., debt agreement)
  • Performing fraud inquiries but not documenting who was interviewed (their name) and when (the date)
  • Not documenting the selection of a sample (why and how)
  • Failing to explain the basis for low inherent risk assessments
  • Key bank accounts and debt are not confirmed
  • Not documenting the reason for not sending receivable confirmations
  • A lack of retrospective reviews
  • A failure to document the current year walkthroughs for significant transaction cycles (the file contains a generic description of controls with no evidence of a current year review)
  • Not documenting COSO deficiencies (e.g., tone at the top, management’s risk assessment procedures)
  • A failure to document risk assessments
  • Low control risk assessments without a test of controls
  • A lack of linkage from the risk assessment to the audit plan
  • No independence documentation though nonattest services are provided

This list is not comprehensive, but it provides examples to consider. This list is based on my past experiences. Probably the worst offense (at least in my mind) is signing off on an audit program with no support.

AICPA Findings

Additionally, the AICPA has identified the following deficiencies. Work papers lack:

  • Tests of controls over compliance in a single audit
  • Determinations of direct and material Single Audit compliance requirements 
  • Eligibility testing in Employee Benefit Plan audits

Sufficient Audit Documentation According to AU-C 230

Now, let’s examine what constitutes sufficient documentation.

AU-C 230 Audit Documentation defines how auditors are to create audit evidence. It says that an experienced auditor with no connection to the audit should understand:

  • Nature, timing, and extent of procedures performed
  • Results and evidence obtained
  • Significant findings, issues, and professional judgments

While most auditors are familiar with this requirement, the difficulty lies in how to accomplish this. What does it look like?

Experienced Auditor’s Understanding

Here’s the key: When an experienced auditor reviews the documentation, does she understand the work?

Any good communicator makes it her job to speak or write in an understandable way. The communicator assumes responsibility for clear messages. In creating work papers, we are the communicators. The responsibility for transmitting messages lies with us (the auditors creating work papers).  

A Fog in the Work Papers

So what creates fogginess in work papers? We forget we have an audience. Others will review the audit documentation to understand what was done. As we prepare work papers, we need to think about those who will read our work. All too often, the person creating a work paper understands what he is doing, but the reviewer doesn’t. Why? The message is not clear.

Just because I know why I am doing something does not mean that someone else will.

Creating Clarity

This is why most work papers should include the following:

  • A purpose statement (what is the reason for the work paper?)
  • The source of the information (who provided it? where did they obtain it and how?)
  • An identification of who prepared and reviewed the work paper
  • The audit evidence (what was done)
  • A conclusion (does the audit evidence support the purpose of the work paper?)

When I make these suggestions, some auditors push back saying, “We’ve already documented some of this information in the audit program.” That may be true, but I am telling you–after reviewing thousands of audit files–the message (what is being done and why) can get lost in the audit program. The reviewer often (speaking for myself) has a difficult time tieing the work back to the audit program and understanding its purpose and whether the documentation provides sufficient audit evidence.

Remember, the work paper preparer is responsible for clear communication. 

And here’s another thing to consider. You (the work paper preparer) might spend six hours on one document. So, you are keenly aware of what you did. The reviewer, on the other hand, might spend five minutes–and she is trying (as quickly as she can) to understand. 

Help Your Reviewers

To help your less informed reviewers:

  1. Tell them what you are doing (purpose statement)
  2. Do it (document the test work)
  3. Then, tell them how it went (the conclusion)

Too Much Audit Documentation

It’s funny, but many CPAs say to me, “I feel like I do too much,” meaning they believe they are auditing more than is necessary. To which I often respond, “I agree.”

In looking at audit files, I see:

  • The clutter of unnecessary work papers
  • Files received from clients that don’t support the audit opinion
  • Unnecessary work performed on these extraneous documents

For whatever reason, clients usually provide more information than we request. And then–for some other reason–we retain those documents, even if not needed.

If auditors add purpose statements to each work paper, then they will discover that some work papers are unnecessary. In writing the purpose statement, we realize it has none. Which is nice–now, we can deep-six it.

One healthy exercise is to pretend we’ve never audited the company and that we have no prior year audit files. Then, with a blank page, we plan the audit. Once done, we compare the new plan to prior year files. If there’s any fat, start cutting. 

The key to eliminating unnecessary work lies in performing the following steps (in the order presented):

  1. Perform risk assessment
  2. Plan your audit based on the identified risks
  3. Perform the audit procedures

Too often, we roll the prior year file forward and rock on. If the prior year file has extraneous audit procedures, then we repeat them. This creates waste.

Summary

In summary, audit documentation continues to be a significant peer review problem. We can enhance the quality of our work papers by remembering we are not just auditing. We are communicating. It is our responsibility to provide a clear message.

Though this article is about having too little documentation, you can have the opposite problem of having too much documentation.

Below is a short video summarizing this article.

Additional Guidance

The AICPA also provides some excellent guidance regarding work paper documentation

Also, see my article titled 10 Ways to Make Your Work Papers Sparkle.

restricted cash
Dec 05

The Skinny on ASU 2016-18, Statement of Cash Flows (Topic 230): Restricted Cash

By Charles Hall | Auditing

FASB issued ASU 2016-18, Statement of Cash Flows, in November 2016. This standard changes the way restricted cash is shown in cash flow statements.

The standard is effective in 2019 for calendar year-end private companies. Early adoption is permitted

Here’s the skinny on the new standard. (To download the slidedeck, click here. The video below was created before I changed the name of my blog from CPA Scribo to CPA Hall Talk, but the information is current.)

 

Auditing Equity
Nov 27

Auditing Equity: The Why and How Guide

By Charles Hall | Auditing

Auditing equity is easy, until it’s not. 

Auditing equity is usually one of the easiest parts of an audit. For some equity accounts, you agree the year-end balances to the prior year ending balance, and you’re done. For instance paid-in-capital seldom changes. Often, the only changes in equity are from current year profits and owner distributions. And testing those equity additions and reductions in equity takes only minutes.

Nevertheless, auditing equity can be challenging, especially for businesses that desire to attract investors. Such companies offer complicated equity instruments. Why? The desire to attract cash without giving away (too much) power. And this balancing act can lead to complex equity instruments.  

Regardless of whether a company’s equity is easy to audit or not, below I show you how to focus on important equity issues.

Auditing Equity

Auditing Equity — An Overview

In this post, we will cover the following:

  • Primary equity assertions
  • Equity walkthroughs
  • Equity-related fraud and errors
  • Directional risk for equity
  • Primary risks for equity
  • Common equity control deficiencies
  • Risk of material misstatement for equity
  • Substantive procedures for equity
  • Common equity work papers
Continue reading
Auditing Debt
Oct 28

Auditing Debt: The Why and How Guide

By Charles Hall | Auditing

What are the keys to auditing debt?

While auditing debt can be simple, sometimes it’s tricky.  For instance, classification issues can arise when debt covenant violations occur. Should the debt be classified as current or noncurrent? Likewise, some forms of debt (with detachable warrants) have equity characteristics, again leading to classification issues. Is it debt or equity—or both? Additionally, leases can create debt, even if that is not the intent. 

Most of the time, however, auditing debt is simple. A company borrows money. An amortization schedule is created. And thereafter, debt service payments are made and recorded. 

Either way, whether complicated or simple, below I show you how to audit debt.

Auditing Debt

Auditing Debt — An Overview

In many governments, nonprofits, and small businesses, debt is a significant part of total liabilities. Consequently, it is often a significant transaction area.

In this post, we will cover the following:

  • Primary debt assertions
  • Debt walkthroughs
  • Debt-related fraud
  • Debt mistakes
  • Directional risk for debt
  • Primary risks for debt
  • Common debt control deficiencies
  • Risk of material misstatement for debt
  • Substantive procedures for debt
  • Common debt work papers

Primary Debt Assertions

The primary relevant debt assertions include:

  • Completeness
  • Classification
  • Obligation

I believe, in general, completeness and classification are the most important debt assertions. When a company shows debt on its balance sheet, it is asserting that it is complete and classified correctly. By classification, I mean it is properly displayed as either short-term or long-term. I also mean the instrument is debt and recorded as such (and not equity). By obligation, I mean the debt is legally owed by the company and not another entity.

Keep these three assertions in mind as you perform your transaction cycle walkthroughs.

Debt Walkthroughs

Early in your audit, perform a walkthrough of debt to see if there are any control weaknesses. As you perform this risk assessment procedure, what questions should you ask? What should you observe? What documents should you inspect? Here are a few suggestions.

Debt Walkthrough

As you perform your debt walkthrough ask or perform the following:

  • Are there any debt covenant violations?
  • If the company has violations, is the debt classified appropriately (usually current)?
  • Is someone reconciling the debt in the general ledger to a loan amortization schedule?
  • Inspect amortization schedules.
  • Does the company have any unused lines of credit or other credit available?
  • Inspect loan documents.
  • Has the company refinanced its debt with another institution? Why?
  • Who approves the borrowing of new money?
  • Who approves new leases? Who handles lease accounting and are they competent?
  • Does the company have any leases that should be recorded as debt?
  • Inspect new loan and lease approvals. 
  • How are debt service payments made (e.g., by check or wire)? Who makes those payments?
  • Are there any sinking funds? If yes, who is responsible for making deposits and how is this done?
  • Observe the segregation of duties for persons:
    • Approving new loans,
    • Receipting loan proceeds,
    • Recording debt in the general ledger, and
    • Reconciling the debt in the general ledger to the loan amortization schedules
  • Is the company required to file periodic (e.g., quarterly) reports with the lender? Inspect sample debt-related reports, if applicable.
  • Does the company have any convertible debt or debt with detachable warrants? Are they properly recorded?
  • Is the company following reporting framework requirements (e.g., FASB Codification) for debt?
  • Has collateral been pledged? If yes, what?
  • What are the terms of the debt agreements?
  • Has all debt of the company been recorded in the general ledger?
  • Have debt issuance costs been accounted for properly based on the reporting framework requirements? (FASB requires the netting of such costs with debt.)
  • Has the company guaranteed the debt of another entity?

If control weaknesses exist, create audit procedures to address them. For example, if—during the walkthrough—we see that one person approves loans, deposits loan proceeds, and records the related debt, then we will perform fraud-related substantive procedures.

Debt-Related Fraud

A company can fraudulently inflate its equity by intentionally omitting debt from its balance sheet. (Total assets equal liabilities plus equity. Therefore, if debt is not reported, equity increases.) 

As we saw with Enron, some entities place their debt on another company’s balance sheet. (Enron did so using special purpose entities.) So auditors need to consider that companies can intentionally omit debt from their balance sheets.

Another potential fraudulent presentation is showing short-term debt as long-term. When might this happen? When debt covenant violations occur. Such violations can trigger a requirement to classify the debt as current. If accounting personnel are aware of the requirement to classify debt as current and don’t do so, then the reporting can be considered fraudulent.  

Additionally, mistakes can lead to errors in debt accounting.

Debt Mistakes

Errors in accounting for debt can occur when debt service payments are misclassified as expenses rather than a reduction of debt. Also, debt can—in error—be presented as long-term when it is current. Why? Maybe the company’s accountant doesn’t understand the accounting rules.

Some forms of debt, such as certain types of leases, can be difficult to interpret. Consequently, a company might errantly fail to record debt when required. 

So, what is the directional risk for debt? An overstatement or an understatement?

Directional Risk for Debt

Auditing Debt

The directional risk for debt is an understatement. So, audit for completeness (and determine that all debt is recorded).

Primary Risks for Debt

Primary risks for debt include:

  1. Debt is intentionally understated (or omitted)
  2. Debt is recorded as noncurrent (due more than one year from the balance sheet date) though the amount is current (due within one year of the balance sheet date)

It’s obvious why a company might want to understate its debt. The company looks healthier. But why would a business desire to classify current debt as noncurrent? For the same reason: to make the company look stronger. By recording current debt as noncurrent, the company’s working capital ratio (current assets divided by current liabilities) improves. 

As you think about the above risks, consider the control deficiencies that allow debt misstatements.

Common Debt Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

  • One person performs two or more of the following:
    • Approves the borrowing of new funds,
    • Enters the new debt in the accounting system, 
    • Deposits funds from the debt issuance
  • Funds are borrowed without appropriate approval
  • Debt postings are not agreed to amortization schedules
  • Accounting personnel don’t understand the accounting standards for debt (including lease accounting)

Another key to auditing debt is understanding the risks of material misstatement.

Risk of Material Misstatement for Debt

In auditing debt, the assertions that concern me the most are classification, completeness, and obligation. So my risk of material misstatement for these assertions is usually moderate to high. 

Auditing Debt

My response to the higher risk assessments is to perform certain substantive procedures: namely, a review of debt covenant compliance and a review of debt and lease agreements—and the related accounting. Why?

As we saw above, debt covenant violations may require the company to reclassify debt from noncurrent to current. Doing so can be significant. The loan could be called by the lender, depending on the loan agreement. So, proper classification of debt can be critical. 

Also, some leases should be recorded as debt. If such leases are not recorded, the company looks healthier than it is. Our audit should include procedures that address the completeness of debt and the obligations of the company.

Once your risk assessment is complete, decide what substantive procedures to perform.

Substantive Procedures for Debt

My customary tests for auditing debt are as follows:

  1. Summarize and test debt covenants
  2. Review new leases to determine if debt should be recorded
  3. Confirm all significant debt with lenders
  4. Determine if all debt is classified appropriately (as current or noncurrent)
  5. Agree the end-of-period balances in the general ledger to the amortization schedules
  6. Agree future debt service payment summaries to amortization schedules 
  7. Review accruals of any significant interest 
  8. Review interest expense (usually comparing current and prior year interest)

In light of my risk assessment and substantive procedures, what debt work papers do I normally include in my audit files?

Common Debt Work Papers

My debt work papers normally include the following:

  • An understanding of debt-related internal controls 
  • Documentation of any internal control deficiencies related to debt
  • Risk assessment of debt at the assertion level
  • Debt audit program
  • A copy of all significant debt agreements (including lease and line-of-credit agreements)
  • Minutes reflecting the approval of new debt
  • A summary of debt activity (beginning balance plus new debt minus principal payments and ending balance)
  • Amortization schedules for each debt
  • Summary of all debt information for disclosure purposes (e.g., future debt service to be paid, interest rates, types of debt, collateral, etc.) 

If there are questions regarding debt agreements and their presentation, I include additional language in the representation letter to address the issues. For example, if an owner loans funds to the company but there is no written  debt agreement, the owner or management might verbally explain the arrangement. In such cases, I include language in the management representation letter to cover the verbal responses.

In Summary

In this article we’ve looked at the keys to auditing debt. Those keys include risk assessment procedures, determining relevant assertions, creating risk assessments, and developing substantive procedures. The most important issues to address are usually (1) the classification of debt (especially if debt covenant violations exist) and (2) lease accounting.

Next we’ll look at how to audit equity.


>