Unpaid fees can impair your independence in attest engagements. This article explains changes in the Unpaid Fees interpretation in the AICPA Code of Conduct.
Peer review checklists ask if fees have been paid prior to issuance of attest reports. Why? A loan to an attest client can impair independence. The thought here is that the CPA may have a self-interest in the client; namely, the collection of unpaid fees. And this self-interest could potentially lead the CPA to assist the client by issuing inappropriate attest reports.
So, has there been a change in the unpaid fees section of the Code of Conduct? Yes.
The old rule of just looking back one year is no longer the sole consideration in determining your independence in regard to unpaid fees; current year fees, if significant, can also affect independence.
The bolded fonts and underlines below are added by the blogger.
Unpaid Fees Interpretation
The independence interpretation (1.230.010) in the Code of Conduct says:
Threats to the covered member’s compliance with the “Independence Rule” [1.200.001] are at an acceptable level if, when the current-year attest report is issued, unpaid fees are both clearly insignificant to the covered member and relate to professional services provided less than one year prior to the date of the current-year attest report.
Alternatively, threats would not be at an acceptable level if, when the current-year attest report is issued, unpaid fees are both significant to the covered member and relate to professional services provided more than one year prior to the issue date of the current-year attest report.
That guidance provides factors to consider in evaluating your independence.
Unpaid Fees Factors to Consider
Factors to consider (ET 1.230.010.02) when evaluating whether threats are at an acceptable level include the following:
a. The significance of the unpaid fees to the covered member
b. The length of time the fees have been due from the attest client
c. The attest client’s agreement to pay the unpaid fees
d. The covered member’s assessment of factors affecting the ability of the attest client to pay the fees
So, what should you do if a significant threat is present? Consider safeguards.
Unpaid Fees Safeguards
You may use safeguards (ET 1.230.010.04) to mitigate the independence threat:
a. Have an appropriate reviewer who has not provided attest or nonattest services to the attest client review the attest work performed before the current-year attest report is issued.
b. Obtain partial payment of the unpaid fees balance before the current year attest report is issued such that the remaining unpaid balance is insignificant to the covered member.
c. Obtain an agreement from the attest client to a payment schedule before the current-year attest report is issued.
d. Suspend further work on current attest engagements and not accept new engagements with this attest client.
ET 1.230.010.05 goes on to say:
Communication with those charged with governance regarding evaluation of the unpaid fees and safeguards applied is not a sufficient safeguard when applied alone; however, it may be considered a safeguard when supplemented by other safeguard(s).
If the safeguards are not sufficient, you are not independent.
So, how do we define unpaid fees?
Unpaid Fees Defined
Unpaid fees include billed and unbilled services.
If you provide a service whereby you expect payment, it’s a fee–whether you billed it or not. The issue is whether the client owes you for the service.
Not Applicable for Attest Clients in Bankruptcy
ET 1.230.010.06 says that this interpretation does not apply to attest clients in bankruptcy.
Collection Incentive
Oddly, the potential impairment of independence may assist you (the CPA) in collecting past-due accounts. If the client needs the current year attest report, and the CPA can’t provide it without payment, then the client may find a way to come up with the money for past fees.
Still Not Sure
If after doing the above, you’re still not sure whether your independence is impaired, consider contacting the AICPA to get their thoughts. You can email them at ethics@aicpa.org.
Auditors often fail to capture and communicate internal control weaknesses, even though such communications are required by the audit standards.
But making our clients aware of control weaknesses can help them. How? It allows them to improve their accounting system. The result: prevention of future fraud and errors.
In this article, I’ll show you how to capture and communicate internal control deficiencies. By doing so, you’ll add value to your audit servicesand you’ll help your client protect their business.
At the end of the post, you’ll also see a video that summarizes this information.
A Common End-of-Audit Problem
You are concluding another audit, and it’s time to consider whether you will issue a letter communicating internal control deficiencies. A month ago you noticed some control issues in accounts payable, but presently you’re not sure how to describe them. You hesitate to call the client to rehash the now-cold walkthrough. After all, the client thinks you’re done. But you know that boiler-plate language will not clearly communicate the weakness or tell the client how to fix the problem. Now you’re kicking yourself for not taking more time to document the control weakness (back when you initially saw it).
Here’s a post to help you capture and document internal control issues as you audit.
Capture and Communicate Internal Control Deficiencies
Today, we’ll take a look at the following control weakness objectives:
How to discover them
How to capture them
How to communicate them
As we begin, let’s define three types of weaknesses:
Material weaknesses – A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
Significant deficiencies – A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
Other deficiencies – For purposes of this blog post, we’ll define other deficiencies as those less than material weaknesses or significant deficiencies.
Now let’s take a look at discovering, capturing, and communicating control weaknesses.
1. Discover Control Weaknesses
Capture control weaknesses as you perform the audit. You might identify control weaknesses in the following audit stages:
Planning – Risk assessment and walkthroughs
Fieldwork – Transaction-level work
Conclusion – Wrapping up
A. Planning Stage
You will discover deficiencies as you perform walkthroughs which are carried out in the early stages of the engagement. Correctly performed walkthroughs allow you to see process shortcomings and where duties are overly concentrated (what auditors refer to as a lack of segregation of duties).
Notice the first letters of these words spell CRAB (I know it’s cheesy, but it helps me remember).
Auditors often make statements such as, “Segregation of duties is not possible due to the limited number of employees.”
I fear such statements are made only to protect the auditor (should fraud occur in the future). It is better that we be specific about the control weakness and what the potential impact might be. For example:
The accounts payable clerk can add new vendors to the vendor file. Since checks are signed electronically as they are printed, there is a possibility that fictitious vendors could be added and funds stolen. Such amounts could be material.
Such a statement tells the client what the problem is, where it is, and the potential damage.
Fraud: A Cause of Misstatements
While I just described how a lack of segregation of duties can open the door to theft, the same idea applies to financial statement fraud (or cooking the books). When one person controls the reporting process, there is a higher risk of financial statement fraud.Appropriate segregation lessens the chance that someone will manipulate the numbers.
Within each transaction cycle, accounting duties need to be performed by different people. Doing so lessens the possibility of theft. If one person performs multiple duties, ask yourself, “Is there any way this person could steal funds?” If yes, then the client should add a control in the form of a second-person review.
If possible, the client should have a second person examine reports or other supporting documentation. How often should the review be performed? Daily, if possible. If not daily, as often as possible. Regardless, a company should not allow someone with the ability to steal to work alone without review. The fear of detection lessens fraud.
If a transaction cycle lacks segregation of duties, then consider the potential impact from the control weakness. Three possible impacts exist:
Theft that is material (material weakness)
Theft that is not material but which deserves the attention of management and the board anyway (significant deficiency)
Theft of insignificant amounts (other deficiency)
My experience has been that if any potential theft area exists, the board wants to know about it. But this is a decision you will make as the auditor.
Errors: Another Cause of Misstatements
While auditors should consider control weaknesses that allow fraud, we should also consider whether errors can lead to potential misstatements. So, ask questions such as:
Do the monthly financial statements ever contain errors?
Are invoices mistakenly omitted from the payable system?
Do employees forget to obtain purchase order numbers prior to buying goods?
Do bookkeepers fail to reconcile the bank statements on a timely basis?
B. Fieldwork Stage
While it is more likely you will discover process control weaknesses in the planning stage of an audit, the results of control deficiencies sometimes surface during fieldwork. How? Audit journal entries. What are audit entries but corrections? And corrections imply a weakness in the accounting system.
When an auditor makes a material journal entry, it’s difficult to argue that a material weakness does not exist. We know the error is “reasonably possible” (it happened). We also know that prevention did not occur on a timely basis.
C. Conclusion Stage
When concluding the audit, review all of the audit entries to see if any are indicators of control weaknesses. Also, review your internal control deficiency work papers (more on this in a moment). If you have not already done so, discuss the noted control weaknesses with management.
Your firm may desire to have a policy that only managers or partners make these communications. Why? Management can see the auditor’s comments as a criticism of their own work. After all, they designed the accounting system (or at least they oversee it). So, these discussions can be a little challenging.
Now let’s discuss how to capture control weaknesses.
2. Capture Internal Control Weaknesses
So, how do you capture the control deficiencies?
First, and most importantly, document internal control deficiencies as you see them.
Why should you document control weaknesses when you initially see them?
You may not be on the engagement when it concludes (because you are working elsewhere) or
You may not remember the issue (weeks later).
Second, create a standard form (if you don’t already have one) to capture control weaknesses.
Internal Control Capture Form
What should be in the internal control form? At a minimum include the following:
Check-mark boxes for:
Significant deficiency
Material weakness
Other control deficiency
Other issues (e.g., violations of laws or regulations)
Whether the probability of occurrence is at least reasonably possible and whether the magnitude of the potential misstatement is material
Description of the deficiency and the verbal or written communications to the client; also the client’s response
The cause of the condition
The potential effect of the condition
Recommendation to correct the issue
Person identifying the issue and the date of discovery
Whether the issue is a repeat from the prior year
An area for the partner to sign off that he or she agrees with the description of the deficiency and the category assigned to it (e.g., material weakness)
Reference to related documentation in the audit file
After capturing the weaknesses, it’s time to communicate them.
3. Communicate Control Weaknesses
Material weaknesses and significant deficiencies must be communicated in writing to management and those charged with governance. Other deficiencies can be given verbally to management, but you must document those discussions in your work papers.
Provide a draft of any written communications to management before issuing your final letter. That way if something is incorrect (your client will let you know), you can make it right–before it’s too late. Additionally, discuss the control weakness with relevant personnel when you initially discover it. You don’t want to surprise the client with adverse communications in the written internal control letter.
Internal Control Video Summary
Here’s a video that summarizes the information above.
Summary
The main points in capturing and communicating internal control deficiencies are:
Capture control weaknesses as soon as you see them
Develop a form to document the control weaknesses
Communicate significant deficiencies and material weaknesses in writing
These communications can be somewhat challenging since you’re telling management they need to make improvements. So make sure all information is correct and let your senior personnel do the communicating.
How Do You Capture and Report Control Deficiencies?
Whew! We’ve covered a lot of ground today. How do you capture and report control deficiencies? I’m always looking for new ideas: Please share.
This video provides an overview of the four opinions:
1. Unmodified Opinion
If there are no material misstatements, then you will issue an unmodified opinion. The unmodified opinion says the financial statements are presented fairly.
Example SAS 134 Unmodified Opinion
A sample unmodified audit opinion follows:
[Date]
INDEPENDENT AUDITOR’S REPORT
[Appropriate Addressee]
[Entity Name]
Opinion
We have audited the financial statements of [Entity Name], which comprise the balance sheets as of December 31, 2020 and 2019, and the related statements of income, changes in stockholders’ equity, and cash flows for the years then ended, and the related notes to the financial statements.
In our opinion, the accompanying financial statements present fairly, in all material respects, the financial position of [Entity Name] as of December 31, 2020 and 2019, and the results of its operations and its cash flows for the year then ended in accordance with accounting principles generally accepted in the United States of America.
Basis for Opinion
We conducted our audits in accordance with auditing standards generally accepted in the United States of America (GAAS). Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are required to be independent of [Entity Name] and to meet our other ethical responsibilities, in accordance with the relevant ethical requirements relating to our audit. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Responsibilities of Management for the Financial Statements
Management is responsible for the preparation and fair presentation of the financial statements in accordance with accounting principles generally accepted in the United States of America, and for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is required to evaluate whether there are conditions or events, considered in the aggregate, that raise substantial doubt about [Entity Name]’s ability to continue as a going concern for one year after the date that the financial statements are available to be issued.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not absolute assurance and therefore is not a guarantee that an audit conducted in accordance with GAAS will always detect a material misstatement when it exists. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. Misstatements are considered material if there is a substantial likelihood that, individually or in the aggregate, they would influence the judgment made by a reasonable user based on the financial statements.
In performing an audit in accordance with GAAS, we:
Exercise professional judgment and maintain professional skepticism throughout the audit.
Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, and design and perform audit procedures responsive to those risks. Such procedures include examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements.
Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of [Entity Name]’s internal control. Accordingly, no such opinion is expressed.
Evaluate the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluate the overall presentation of the financial statements.
Conclude whether, in our judgment, there are conditions or events, considered in the aggregate, that raise substantial doubt about [Entity Name]’s ability to continue as a going concern for a reasonable period of time.
We are required to communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit, significant audit findings, and certain internal control-related matters that we identified during the audit.
Firm Signature
Modified Opinions
If material misstatements are present, then a modified audit opinion is necessary. Modifications can also occur when you are unable to obtain sufficient appropriate audit evidence; for instance, when a scope limitation is present.
Definitions
AU-C 705 defines a modified opinion as a (1) qualified opinion, (2) an adverse opinion, or (3) a disclaimer of opinion.
Another key definition in AU-C 705 is that of pervasiveness. This term is used in the context of misstatements; so if a material misstatements are present, you’ll want to know if they are pervasive. Two factors–material misstatements and pervasiveness–affect the type of opinion to be issued. Additionally, the ability or inability to obtain sufficient appropriate audit evidence affects the type of opinion to be issued. A misstatement (or possible misstatement) is pervasive if:
It’s not confined to specific accounts or items of the financial statement, or
If confined, the amount represents a substantial portion of the financial statements, or
If in relation to disclosures, the information is fundamental to the users’ understanding of the financial statements
For example, if material misstatements are present for inventory, receivables, and debt, they are pervasive. Or if, in another example, inventory makes up 60% of total assets and a material misstatement is present in that area, then it’s pervasive. Lastly, if key disclosures are not appropriately communicated or if they are omitted, then that is pervasive.
Now, let’s look at the three modified opinions: (1) qualified, (2) adverse, and (3) disclaimer.
2. Qualified Opinion
Suppose your audit reveals inventories are materially misstated, the client does not record your proposed audit adjustment, and there are no other material misstatements. If this is your situation (a material misstatement exists that is not pervasive), then audit standards allow for the issuance of a qualified opinion.
Here is sample qualified opinion language (this is not the full opinion):
Qualified Opinion
We have audited the financial statements of ABC Company, which comprise the balance sheets as of December 31, 20X1 and 20X0, and the related statements of income, changes in stockholders’ equity, and cash flows for the years then ended, and the related notes to the financial statements.
In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion section of our report, the accompanying financial statements present fairly, in all material respects, the financial position of ABC Company as of December 31, 20X1 and 20X0, and the results of its operations and its cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America.
Basis for Qualified Opinion
The Company has property with impaired value. The impairment occurred in 20X9. Accounting principles generally accepted in the United States of America require that impaired assets be written down to their fair market value. The Company continues to reflect the property at cost. If the property was stated at fair value upon impairment, total assets and stockholder’s equity would have been reduced by $X,XXX,XXX as of December 31, 20X1 and 20X0, respectively.
3. Adverse Opinion
Now let’s suppose that you are auditing a consolidated entity, and your client is not willingto include a material subsidiary and which, if included, would have a pervasive impact on the statements.
Here is sample adverse opinion language (this is not the full opinion):
Adverse Opinion
We have audited the consolidated financial statements of ABC Company and its subsidiaries, which comprise the consolidated balance sheet as of December 31, 20X1, and the related consolidated statements of income, changes in stockholders’ equity, and cash flows for the year then ended, and the related notes to the financial statements.
In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion section of our report, the accompanying consolidated financial statements do not present fairly the financial position of ABC Company and its subsidiaries as of December 31, 20X1, or the results of their operations or their cash flows for the year then ended in accordance with accounting principles generally accepted in the United States of America.
Basis for Adverse Opinion
As described in Note X, The Golfing Company has not consolidated the financial statements of its subsidiary Easy-Go Company that it acquired during 20X1. This investment is accounted for on a cost basis by The Golfing Company. Under accounting principles generally accepted in the United States of America, the subsidiary should have been consolidated. Had Easy-Go Company been consolidated, many elements in the accompanying consolidated financial statements would have been materially affected. The effects on the consolidated financial statements of the failure to consolidate have not been determined.
4. Disclaimer of Opinion
Finally, let’s suppose you are performing an audit in which insufficient audit information is provided with regard to receivables and inventories (both of which are material) and that the misstatements have a pervasive impact on the financial statements as a whole.
Here is sample disclaimer of opinion language (this is not the full opinion):
Disclaimer of Opinion
We were engaged to audit the financial statements of ABC Company, which comprise the balance sheet as of December 31, 20X1, and the related statements of income, changes in stockholders’ equity, and cash flows for the year then ended, and the related notes to the financial statements.
We do not express an opinionon the accompanying financial statements of ABC Company. Because of the significance of the matters described in the Basis for Disclaimer of Opinion section of our report, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion on these financial statements.
Basis for Disclaimer of Opinion
The Company’s accounting system was hacked during the year by an unknown party, resulting in a series of changes in accounting entries. Additionally, the Company was unable to restore the accounting system. As a result of these matters, we were unable to determine the adjustments that were necessary to correct the balance sheet, statement of income, changes in stockholder’s equity, and cash flow statement as of and for the year ended December 31, 20X1.
Effective Date of SAS 134
The new SAS 134 opinions are required for periods ending on or after December 15, 2021.
Resolving Conflict with Clients
If, as described above, you have a client that is unwilling to post a material audit adjustment, consider creating a draft of the opinion and providing it to them. This is not a threat, just a way to clearly communicate the effect of not posting the adjustment.
Before doing anything, allow the client to fully explain their position. A modified opinion may not be necessary once you understand the facts. But if after the discussion, the you are still convinced there is a material misstatement, a modified opinion may be necessary.
In some cases, you may want to consider withdrawing from the engagement. Consult with your legal counsel before doing so.
Audit Opinion Research
Deciding on the opinion is often the most important decision you will make in an audit. So, do your research, and, if needed, consult with others to gain assurance about your decisions. AU-C 705: Modifications to the Opinion in the Independent Auditor’s Report provides several sample opinions; so refer to those as you create any modified opinions including qualified, adverse, or disclaimer. See AU-C 700: Forming an Opinion and Reporting on Financial Statements for information about unmodified opinions.
Auditing equity is usually one of the easiest parts of an audit. For some equity accounts, you agree the year-end balances to the prior year ending balance, and you’re done. For instance paid-in-capital seldom changes. Often, the only changes in equity are from current year profits and owner distributions. And testing those equity additions and reductions in equity takes only minutes.
Nevertheless, auditing equity can be challenging, especially for businesses that desire to attract investors. Such companies offer complicated equity instruments. Why? The desire to attract cash without giving away (too much) power. And this balancing act can lead to complex equity instruments.
Regardless of whether a company’s equity is easy to audit or not, below I show you how to focus on important equity issues.
Did you know you can learn audit lessons from a brain tumor? Here’s my story.
One day while driving, I said to my wife, “Am I weaving?” I did not feel in control, and I was hearing clicking noises in my ears. My conditions worsened and the mystery grew over the next two years as I visited three doctors. They stuck, prodded, and probed me, but no solution.
Frustrating.
As time passed, I felt a growing numbness on the right side of my face. So one night I started Googling health websites (the thing they tell you not to do) and came upon this link: Acoustic Neuroma Association. I clicked and read, having never heard of an acoustic neuroma. While reading about the symptoms, it was as though I was staring at my diary. My next thought was “it can’t be a brain tumor.” I turned to my wife behind me and said, “this is what I have.”
The next day I handed the acoustic neuroma information to my doctor, asking, “Would you please order a brain scan?”
Two days after the MRI, I received my doctor’s call while on a golf course. He said, “Mr. Hall, you were right. You have a 2.3-centimeter brain tumor.” (I sent him a bill for my diagnosis, but was never paid–just kidding.) My golfing buddies gathered around and prayed for me on the 17th green, and I went home to break the news to my wife. We had two children at the time, ages two and four. Having just started my own CPA business six years before, I was forty-one years old. So, as you can imagine, I was concerned about my family and business, but strangely, I was completely at peace.
Shortly after that, I was in a surgeon’s office in Atlanta. The doctor said they’d do a ten-hour operation; there was a 40% chance of paralysis and a 5% chance of death. The tumor was too large for radiation–or so I was told.
I didn’t like the odds, so I prayed more and went back to the Internet. There I located Dr. Jeffrey Williams at Johns Hopkins Hospital in Baltimore. I emailed the good doctor, telling him of the tumor’s size. His response: “I radiate tumors like yours every day.” He was a pioneer in fractionated stereotactic radiation, one of the few physicians in the world (at that time) using this procedure.
A few days later, I’m lying on an operating table in Baltimore with my head bolted down, ready for radiation. They bolt you down to ensure the cooking of the tumor (and not your brain). Fun, you should try it. Four more times I visited the table, and I kept noticing everyone left the room–a sure sign you should not try this at home.
Each day I laid there silently, talking to God and trusting in Him. And my wife sat outside, lifting me up in prayer.
Three weeks later I returned to work. Twenty-two years later, I have had two sick days.
I’ve watched my children grow up. They are twenty-six and twenty-eight now–both finished college at the University of Georgia (Go Dawgs!). And a year and a half ago, my daughter had our first grandchild. My wife is still by my side, and I’m thankful for each day. Here’s a recent picture of my family at one of our favorite places: Cades Cove, Tennessee.
So what does a brain tumor story tell us about audits? (You may, at this point, be thinking, “they did cook his brain.”)
Audit Lessons Learned from a Brain Tumor
1. Pay Attention to Signs
It’s easy to overlook the obvious.Maybe we don’t want to see a red flag (I didn’t want to believe I had a tumor). It might slow us down. But an audit is not purely about finishing and billing. It’s about gathering proper evidential matter to support the opinion. To do less is delinquent and dangerous.
2. Seek Alternatives
If you can’t gain appropriate audit evidence one way, seek another. Don’t simply push forward, using the same procedures year after year. The doctor in Atlanta was a surgeon, so his solution was surgery. His answer was based on his tools, his normal procedures. If you’ve always used a hammer, try a wrench.
3. Seek Counsel
If one answer doesn’t ring true, see what someone else thinks, maybe even someone outside your firm. Obviously, you need to make sure your engagement partner agrees (about seeking outside guidance), but if he or she does, go for it. I often contact the Center for Plain English Accounting. I find them helpful and knowledgeable. I also have relationships with other professionals, so I call friends and ask their opinions–and they call me. Check your pride at the door. I’d rather look dumb and be right than to look smart and be wrong.
4. Embrace Change
Fractionated stereotactic radiation was new. Dr. Williams was a pioneer in the technique. The only way your audit processes will get better is to try new techniques: paperless software (we use CCH Prosystem Engagement), data mining (we use TeamMate Analytics), real fraud inquiries (I use ACFE techniques), electronic bank confirmations (I use Confirmation.com), project management software (I use Basecamp). If you are still pushing a Pentel on a four-column, it’s time to change.
Postscript
Finally, remember that work is important, but life itself is the best gift. Be thankful for each moment, each hour, each day.
