What are the keys to auditing debt?

While auditing debt can be simple, sometimes it’s tricky.  For instance, classification issues can arise when debt covenant violations occur. Should the debt be classified as current or noncurrent? Likewise, some forms of debt (with detachable warrants) have equity characteristics, again leading to classification issues. Is it debt or equity—or both? Additionally, leases can create debt, even if that is not the intent. 

Most of the time, however, auditing debt is simple. A company borrows money. An amortization schedule is created. And thereafter, debt service payments are made and recorded. 

Either way, whether complicated or simple, below I show you how to audit debt.

Auditing Debt — An Overview

In many governments, nonprofits, and small businesses, debt is a significant part of total liabilities. Consequently, it is often a significant transaction area.

In this post, we will cover the following:

• Primary debt assertions
• Debt walkthroughs
• Debt-related fraud
• Debt mistakes
• Directional risk for debt
• Primary risks for debt
• Common debt control deficiencies
• Risk of material misstatement for debt
• Substantive procedures for debt
• Common debt work papers

Primary Debt Assertions

The primary relevant debt assertions include:

• Completeness
• Classification
• Obligation

I believe, in general, completeness and classification are the most important debt assertions. When a company shows debt on its balance sheet, it is asserting that it is complete and classified correctly. By classification, I mean it is properly displayed as either short-term or long-term. I also mean the instrument is debt and recorded as such (and not equity). By obligation, I mean the debt is legally owed by the company and not another entity.

Keep these three assertions in mind as you perform your transaction cycle walkthroughs.

Debt Walkthroughs

Early in your audit, perform a walkthrough of debt to see if there are any control weaknesses. As you perform this risk assessment procedure, what questions should you ask? What should you observe? What documents should you inspect? Here are a few suggestions.

As you perform your debt walkthrough ask or perform the following:

• Are there any debt covenant violations?
• If the company has violations, is the debt classified appropriately (usually current)?
• Is someone reconciling the debt in the general ledger to a loan amortization schedule?
• Inspect amortization schedules.
• Does the company have any unused lines of credit or other credit available?
• Inspect loan documents.
• Has the company refinanced its debt with another institution? Why?
• Who approves the borrowing of new money?
• Who approves new leases? Who handles lease accounting and are they competent?
• Does the company have any leases that should be recorded as debt?
• Inspect new loan and lease approvals. 
• How are debt service payments made (e.g., by check or wire)? Who makes those payments?
• Are there any sinking funds? If yes, who is responsible for making deposits and how is this done?
• Observe the segregation of duties for persons:
• Approving new loans,
• Receipting loan proceeds,
• Recording debt in the general ledger, and
• Reconciling the debt in the general ledger to the loan amortization schedules
• Is the company required to file periodic (e.g., quarterly) reports with the lender? Inspect sample debt-related reports, if applicable.
• Does the company have any convertible debt or debt with detachable warrants? Are they properly recorded?
• Is the company following reporting framework requirements (e.g., FASB Codification) for debt?
• Has collateral been pledged? If yes, what?
• What are the terms of the debt agreements?
• Has all debt of the company been recorded in the general ledger?
• Have debt issuance costs been accounted for properly based on the reporting framework requirements? (FASB requires the netting of such costs with debt.)
• Has the company guaranteed the debt of another entity?

If control weaknesses exist, create audit procedures to address them. For example, if—during the walkthrough—we see that one person approves loans, deposits loan proceeds, and records the related debt, then we will perform fraud-related substantive procedures.

Debt-Related Fraud

A company can fraudulently inflate its equity by intentionally omitting debt from its balance sheet. (Total assets equal liabilities plus equity. Therefore, if debt is not reported, equity increases.) 

As we saw with Enron, some entities place their debt on another company’s balance sheet. (Enron did so using special purpose entities.) So auditors need to consider that companies can intentionally omit debt from their balance sheets.

Another potential fraudulent presentation is showing short-term debt as long-term. When might this happen? When debt covenant violations occur. Such violations can trigger a requirement to classify the debt as current. If accounting personnel are aware of the requirement to classify debt as current and don’t do so, then the reporting can be considered fraudulent.  

Additionally, mistakes can lead to errors in debt accounting.

Debt Mistakes

Errors in accounting for debt can occur when debt service payments are misclassified as expenses rather than a reduction of debt. Also, debt can—in error—be presented as long-term when it is current. Why? Maybe the company’s accountant doesn’t understand the accounting rules.

Some forms of debt, such as leases, can be difficult to interpret. Consequently, a company might errantly fail to record debt when required. 

So, what is the directional risk for debt? An overstatement or an understatement?

Directional Risk for Debt

The directional risk for debt is an understatement. So, audit for completeness (and determine that all debt is recorded).

Primary Risks for Debt

Primary risks for debt include:

1. Debt is intentionally understated (or omitted)
2. Debt is recorded as noncurrent (due more than one year from the balance sheet date) though the amount is current (due within one year of the balance sheet date)

It’s obvious why a company might want to understate its debt. The company looks healthier. But why would a business desire to classify current debt as noncurrent? For the same reason: to make the company look stronger. By recording current debt as noncurrent, the company’s working capital ratio (current assets divided by current liabilities) improves. 

As you think about the above risks, consider the control deficiencies that allow debt misstatements.

Common Debt Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

• One person performs two or more of the following:
• Approves the borrowing of new funds,
• Enters the new debt in the accounting system, 
• Deposits funds from the debt issuance
• Funds are borrowed without appropriate approval
• Debt postings are not agreed to amortization schedules
• Accounting personnel don’t understand the accounting standards for debt (including lease accounting)

Another key to auditing debt is understanding the risks of material misstatement.

Risk of Material Misstatement for Debt

In auditing debt, the assertions that concern me the most are classification, completeness, and obligation. So my risk of material misstatement for these assertions is usually moderate to high. 

My response to the higher risk assessments is to perform certain substantive procedures: namely, a review of debt covenant compliance and a review of debt and lease agreements—and the related accounting. Why?

As we saw above, debt covenant violations may require the company to reclassify debt from noncurrent to current. Doing so can be significant. The loan could be called by the lender, depending on the loan agreement. So, proper classification of debt can be critical. 

Also, some leases should be recorded as debt. If such leases are not recorded, the company looks healthier than it is. Our audit should include procedures that address the completeness of debt and the obligations of the company.

Once your risk assessment is complete, decide what substantive procedures to perform.

Substantive Procedures for Debt

My customary tests for auditing debt are as follows:

1. Summarize and test debt covenants
2. Review new leases to determine if debt should be recorded
3. Confirm all significant debt with lenders
4. Determine if all debt is classified appropriately (as current or noncurrent)
5. Agree the end-of-period balances in the general ledger to the amortization schedules
6. Agree future debt service payment summaries to amortization schedules 
7. Review accruals of any significant interest 
8. Review interest expense (usually comparing current and prior year interest)

In light of my risk assessment and substantive procedures, what debt work papers do I normally include in my audit files?

Common Debt Work Papers

My debt work papers normally include the following:

• An understanding of debt-related internal controls 
• Documentation of any internal control deficiencies related to debt
• Risk assessment of debt at the assertion level
• Debt audit program
• A copy of all significant debt agreements (including lease and line-of-credit agreements)
• Minutes reflecting the approval of new debt
• A summary of debt activity (beginning balance plus new debt minus principal payments and ending balance)
• Amortization schedules for each debt
• Summary of all debt information for disclosure purposes (e.g., future debt service to be paid, interest rates, types of debt, collateral, etc.) 

If there are questions regarding debt agreements and their presentation, I include additional language in the representation letter to address the issues. For example, if an owner loans funds to the company but there is no written  debt agreement, the owner or management might verbally explain the arrangement. In such cases, I include language in the management representation letter to cover the verbal responses.

In Summary

In this article we’ve looked at the keys to auditing debt. Those keys include risk assessment procedures, determining relevant assertions, creating risk assessments, and developing substantive procedures. The most important issues to address are usually (1) the classification of debt (especially if debt covenant violations exist) and (2) lease accounting.

To understand the new lease standard (ASC 842) from the lessee’s perspective, see my lease article: Account for Finance and Operating Leases. 

Next we’ll look at how to audit equity.

Auditing investments is important, especially when an auditee has large balances. Below I provide a comprehensive look at how you can audit investments effectively and efficiently.

The complexity of auditing investments varies. For entities with simple investment instruments, auditing is easy. Your main audit procedure might be to confirm balances. Complex investments, however, require additional work such as auditing values. As investment complexity increases, so will your need for stronger audit team members (those that understand unusual investments). Regardless, you need an audit methodology.

How to Audit Investments

In this post, we will take a look at:

• Primary investment assertions
• Investment walkthroughs
• Directional risk for investments
• Primary risks for investments
• Common investment control deficiencies
• Risk of material misstatement for investments
• Substantive procedures for investments
• Common investment work papers

Primary Investments Assertions

First, let’s look at assertions.

Primary relevant assertions for investments include:

• Existence
• Accuracy
• Valuation
• Cutoff

The audit client is asserting that the investment balances exist, that they are accurate and properly valued, and that only investment activity within the period is recorded. 

While investment balances in the financial statements are important, disclosures are also vital, especially when the entity owns complex instruments. 

Investment Walkthroughs

Second, perform your risk assessment work in light of the relevant assertions.

As you perform walkthroughs of investments, you normally look for ways that investments might be overstated (though investments can be understated as well). You are asking, “What can go wrong?” whether intentionally or by mistake. You want to know if:

• The controls were appropriately designed, and 
• The controls were implemented (in use)

Walkthrough Questions

In performing investment walkthroughs, ask questions such as:

• What types of investments are owned?
• Are there any unusual investments? If yes, how are they valued?
• Is a specialist used to determine investment values?
• Who determines the classification of investments (e.g., trading, available for sale, held to maturity) and how
• Do the persons accounting for investment activity have sufficient knowledge to do so?
• Are timely investment reconciliations performed by competent personnel?
• Are all investment accounts reconciled (from the investment statements to the general ledger)?
• Who reconciles the investment accounts and when?
• Are the reconciliations reviewed by a second person?
• Are all investment accounts on the general ledger?
• How does the entity ensure that all investment activity is included in the general ledger (appropriate cutoff)?
• Who has the ability to transfer investment funds and what are the related controls?
• Is there appropriate segregation of duties for:
  • Persons that record investments, 
  • Persons that buy and sell investments, and
  • Persons that reconcile the investment statements
• What investment accounts were opened in the period?
• What investment accounts were closed in the period? 
• Who has the authority to open or close investment accounts?
• Are there any investment restrictions (externally or internally)?
• What persons are authorized to buy and sell investments?
• Does the entity have a written investment policy? 
• Does the company use an investment advisor? If yes, how often does management interact with the advisor? How are investment fees determined?
• Are there any investment impairments?
• Who is responsible for investment disclosures and do they have sufficient knowledge to carry out this duty?
• Are there any cost or equity-method investments?

As we ask questions, we also inspect documents (e.g., investment statements) and make observations (e.g., who reconciles the investment statements to the general ledger?).

If control weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we note that there are improperly classified investments, then will plan audit procedures to address that risk.

Directional Risk for Investments

Third, consider the directional risk of investments.

The directional risk for investments is that they are overstated. So, in performing your audit procedures, perform procedures to ensure that balances are properly stated.

Primary Risks for Investments

Fourth, think about the risks related to investments.

Primary risks include:

1. Investments are stolen
2. Investments are intentionally overstated to cover up theft
3. Investments accounts are intentionally omitted from the general ledger
4. Investments are misstated due to errors in the investment reconciliations 
5. Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
6. Investments are misstated due to improper cutoff
7. Investment disclosures are not accurate or complete

Common Investment Control Deficiencies

Fifth, think about control deficiencies noted during your walkthroughs and other risk assessment work.

It is common to have the following investment control deficiencies:

• One person buys and sells investments, records those transactions, and reconciles the investment activity
• The person overseeing investment accounting does not possess sufficient knowledge or skill to properly perform the duty
• Investment reconciliations are not performed timely or improperly
• The company does not employ sufficient assistance in valuing complex assets such as hedges or alternative investments

Risk of Material Misstatement for Investments

Sixth, now its time to assess your risks.

In my smaller audit engagements, I usually assess control risk at high for each assertion. (You may, however, assess control risk at less than high, provided your walkthrough reveals that controls are appropriately designed and that they were implemented. If control risk is assessed at below high, you must test controls for effectiveness to support the lower risk assessment.)

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate. 

The assertions that concern me the most are existence, accuracy, valuation, and cutoff. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, confirming investments, testing investment reconciliations, testing values, and vetting investment disclosures.

Substantive Procedures for Investments

And finally, it’s time to determine your substantive procedures in light of your identified risks.

My customary audit tests include:

1. Confirming investment balances agreeing them to the general ledger
2. Inspecting period-end activity for proper cutoff
3. Using an investment specialist to value complex instruments (if any)
4. Vetting investment disclosures with a current disclosure checklist

I don’t normally test controls related to investments. If controls are tested and you determine they are effective, then some of the substantive procedures may not be necessary. 

Common Investment Work Papers

My investments work papers normally include the following:

• An understanding of investment-related internal controls 
• Risk assessment of investments at the assertion level
• Documentation of any control deficiencies
• Investment audit program
• Investment reconciliations 
• Investment confirmations
• Valuations performed by specialists
• Documentation of the specialist’s experience, competence, and objectivity
• Disclosure checklist

Auditing Investments - A Simple Summary

• The primary relevant investment assertions include existence, accuracy, valuation, and cutoff
• Perform a walkthrough of investments by making inquiries, inspecting documents, and making observations
• The directional risk for investments is an overstatement
• Primary risks for investments include:
  • Investments are stolen
  • Investments are intentionally overstated to cover up theft
  • Investments accounts are intentionally omitted from the general ledger
  • Investments are misstated due to errors in the investment reconciliations
  • Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
  • Investments are misstated due to improper cutoff
  • Investments disclosures are not accurate or complete
• The substantive procedures for investments should be responsive to the identified risks; common procedures include:
  • Confirming investments 
  • Inspecting period-end activity for proper cutoff
  • Using an investment specialist to value complex instruments 
  • Vetting investment disclosures with a current disclosure checklist

Now you know how to audit investments. 

See my next post regarding how to audit payables and expenses.

This post is a part of my series The Why and How of Auditing. Check my other posts.