Category Archives for "Auditing"

Auditing Debt
Apr 25

Auditing Debt: The Why and How Guide

By Charles Hall | Auditing

What are the keys to auditing debt?

While auditing debt can be simple, sometimes it’s tricky.  For instance, classification issues can arise when debt covenant violations occur. Should the debt be classified as current or noncurrent? Likewise, some forms of debt (with detachable warrants) have equity characteristics, again leading to classification issues. Is it debt or equity—or both? Additionally, leases can create debt, even if that is not the intent. 

Most of the time, however, auditing debt is simple. A company borrows money. An amortization schedule is created. And thereafter, debt service payments are made and recorded. 

Either way, whether complicated or simple, below I show you how to audit debt.

Auditing Debt

Auditing Debt — An Overview

In many governments, nonprofits, and small businesses, debt is a significant part of total liabilities. Consequently, it is often a significant transaction area.

In this post, we will cover the following:

  • Primary debt assertions
  • Debt walkthroughs
  • Debt-related fraud
  • Debt mistakes
  • Directional risk for debt
  • Primary risks for debt
  • Common debt control deficiencies
  • Risk of material misstatement for debt
  • Substantive procedures for debt
  • Common debt work papers

Primary Debt Assertions

The primary relevant debt assertions include:

  • Completeness
  • Classification
  • Obligation

I believe, in general, completeness and classification are the most important debt assertions. When a company shows debt on its balance sheet, it is asserting that it is complete and classified correctly. By classification, I mean it is properly displayed as either short-term or long-term. I also mean the instrument is debt and recorded as such (and not equity). By obligation, I mean the debt is legally owed by the company and not another entity.

Keep these three assertions in mind as you perform your transaction cycle walkthroughs.

Debt Walkthroughs

Early in your audit, perform a walkthrough of debt to see if there are any control weaknesses. As you perform this risk assessment procedure, what questions should you ask? What should you observe? What documents should you inspect? Here are a few suggestions.

Debt Walkthrough

As you perform your debt walkthrough ask or perform the following:

  • Are there any debt covenant violations?
  • If the company has violations, is the debt classified appropriately (usually current)?
  • Is someone reconciling the debt in the general ledger to a loan amortization schedule?
  • Inspect amortization schedules.
  • Does the company have any unused lines of credit or other credit available?
  • Inspect loan documents.
  • Has the company refinanced its debt with another institution? Why?
  • Who approves the borrowing of new money?
  • Who approves new leases? Who handles lease accounting and are they competent?
  • Does the company have any leases that should be recorded as debt?
  • Inspect new loan and lease approvals. 
  • How are debt service payments made (e.g., by check or wire)? Who makes those payments?
  • Are there any sinking funds? If yes, who is responsible for making deposits and how is this done?
  • Observe the segregation of duties for persons:
    • Approving new loans,
    • Receipting loan proceeds,
    • Recording debt in the general ledger, and
    • Reconciling the debt in the general ledger to the loan amortization schedules
  • Is the company required to file periodic (e.g., quarterly) reports with the lender? Inspect sample debt-related reports, if applicable.
  • Does the company have any convertible debt or debt with detachable warrants? Are they properly recorded?
  • Is the company following reporting framework requirements (e.g., FASB Codification) for debt?
  • Has collateral been pledged? If yes, what?
  • What are the terms of the debt agreements?
  • Has all debt of the company been recorded in the general ledger?
  • Have debt issuance costs been accounted for properly based on the reporting framework requirements? (FASB requires the netting of such costs with debt.)
  • Has the company guaranteed the debt of another entity?

If control weaknesses exist, create audit procedures to address them. For example, if—during the walkthrough—we see that one person approves loans, deposits loan proceeds, and records the related debt, then we will perform fraud-related substantive procedures.

Debt-Related Fraud

A company can fraudulently inflate its equity by intentionally omitting debt from its balance sheet. (Total assets equal liabilities plus equity. Therefore, if debt is not reported, equity increases.) 

As we saw with Enron, some entities place their debt on another company’s balance sheet. (Enron did so using special purpose entities.) So auditors need to consider that companies can intentionally omit debt from their balance sheets.

Another potential fraudulent presentation is showing short-term debt as long-term. When might this happen? When debt covenant violations occur. Such violations can trigger a requirement to classify the debt as current. If accounting personnel are aware of the requirement to classify debt as current and don’t do so, then the reporting can be considered fraudulent.  

Additionally, mistakes can lead to errors in debt accounting.

Debt Mistakes

Errors in accounting for debt can occur when debt service payments are misclassified as expenses rather than a reduction of debt. Also, debt can—in error—be presented as long-term when it is current. Why? Maybe the company’s accountant doesn’t understand the accounting rules.

Some forms of debt, such as leases, can be difficult to interpret. Consequently, a company might errantly fail to record debt when required. 

So, what is the directional risk for debt? An overstatement or an understatement?

Directional Risk for Debt

Auditing Debt

The directional risk for debt is an understatement. So, audit for completeness (and determine that all debt is recorded).

Primary Risks for Debt

Primary risks for debt include:

  1. Debt is intentionally understated (or omitted)
  2. Debt is recorded as noncurrent (due more than one year from the balance sheet date) though the amount is current (due within one year of the balance sheet date)

It’s obvious why a company might want to understate its debt. The company looks healthier. But why would a business desire to classify current debt as noncurrent? For the same reason: to make the company look stronger. By recording current debt as noncurrent, the company’s working capital ratio (current assets divided by current liabilities) improves. 

As you think about the above risks, consider the control deficiencies that allow debt misstatements.

Common Debt Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

  • One person performs two or more of the following:
    • Approves the borrowing of new funds,
    • Enters the new debt in the accounting system, 
    • Deposits funds from the debt issuance
  • Funds are borrowed without appropriate approval
  • Debt postings are not agreed to amortization schedules
  • Accounting personnel don’t understand the accounting standards for debt (including lease accounting)

Another key to auditing debt is understanding the risks of material misstatement.

Risk of Material Misstatement for Debt

In auditing debt, the assertions that concern me the most are classification, completeness, and obligation. So my risk of material misstatement for these assertions is usually moderate to high. 

Auditing Debt

My response to the higher risk assessments is to perform certain substantive procedures: namely, a review of debt covenant compliance and a review of debt and lease agreements—and the related accounting. Why?

As we saw above, debt covenant violations may require the company to reclassify debt from noncurrent to current. Doing so can be significant. The loan could be called by the lender, depending on the loan agreement. So, proper classification of debt can be critical. 

Also, some leases should be recorded as debt. If such leases are not recorded, the company looks healthier than it is. Our audit should include procedures that address the completeness of debt and the obligations of the company.

Once your risk assessment is complete, decide what substantive procedures to perform.

Substantive Procedures for Debt

My customary tests for auditing debt are as follows:

  1. Summarize and test debt covenants
  2. Review new leases to determine if debt should be recorded
  3. Confirm all significant debt with lenders
  4. Determine if all debt is classified appropriately (as current or noncurrent)
  5. Agree the end-of-period balances in the general ledger to the amortization schedules
  6. Agree future debt service payment summaries to amortization schedules 
  7. Review accruals of any significant interest 
  8. Review interest expense (usually comparing current and prior year interest)

In light of my risk assessment and substantive procedures, what debt work papers do I normally include in my audit files?

Common Debt Work Papers

My debt work papers normally include the following:

  • An understanding of debt-related internal controls 
  • Documentation of any internal control deficiencies related to debt
  • Risk assessment of debt at the assertion level
  • Debt audit program
  • A copy of all significant debt agreements (including lease and line-of-credit agreements)
  • Minutes reflecting the approval of new debt
  • A summary of debt activity (beginning balance plus new debt minus principal payments and ending balance)
  • Amortization schedules for each debt
  • Summary of all debt information for disclosure purposes (e.g., future debt service to be paid, interest rates, types of debt, collateral, etc.) 

If there are questions regarding debt agreements and their presentation, I include additional language in the representation letter to address the issues. For example, if an owner loans funds to the company but there is no written  debt agreement, the owner or management might verbally explain the arrangement. In such cases, I include language in the management representation letter to cover the verbal responses.

In Summary

In this article we’ve looked at the keys to auditing debt. Those keys include risk assessment procedures, determining relevant assertions, creating risk assessments, and developing substantive procedures. The most important issues to address are usually (1) the classification of debt (especially if debt covenant violations exist) and (2) lease accounting.

To understand the new lease standard (ASC 842) from the lessee’s perspective, see my lease article: Account for Finance and Operating Leases

Next we’ll look at how to audit equity.


auditing investments
Apr 04

Auditing Investments: A Guide

By Charles Hall | Auditing

Auditing investments is important, especially when an auditee has large balances. Below I provide a comprehensive look at how you can audit investments effectively and efficiently.

The complexity of auditing investments varies. For entities with simple investment instruments, auditing is easy. Your main audit procedure might be to confirm balances. Complex investments, however, require additional work such as auditing values. As investment complexity increases, so will your need for stronger audit team members (those that understand unusual investments). Regardless, you need an audit methodology.

auditing investments

How to Audit Investments

In this post, we will take a look at:

  • Primary investment assertions
  • Investment walkthroughs
  • Directional risk for investments
  • Primary risks for investments
  • Common investment control deficiencies
  • Risk of material misstatement for investments
  • Substantive procedures for investments
  • Common investment work papers

Primary Investments Assertions

First, let’s look at assertions.

Primary relevant assertions for investments include:

  • Existence
  • Accuracy
  • Valuation
  • Cutoff

The audit client is asserting that the investment balances exist, that they are accurate and properly valued, and that only investment activity within the period is recorded

While investment balances in the financial statements are important, disclosures are also vital, especially when the entity owns complex instruments

Investment Walkthroughs

Second, perform your risk assessment work in light of the relevant assertions.

As you perform walkthroughs of investments, you normally look for ways that investments might be overstated (though investments can be understated as well). You are asking, “What can go wrong?” whether intentionally or by mistake. You want to know if:

  • The controls were appropriately designed, and 
  • The controls were implemented (in use)
Walkthrough of investments

Walkthrough Questions

In performing investment walkthroughs, ask questions such as:

  • What types of investments are owned?
  • Are there any unusual investments? If yes, how are they valued?
  • Is a specialist used to determine investment values?
  • Who determines the classification of investments (e.g., trading, available for sale, held to maturity) and how
  • Do the persons accounting for investment activity have sufficient knowledge to do so?
  • Are timely investment reconciliations performed by competent personnel?
  • Are all investment accounts reconciled (from the investment statements to the general ledger)?
  • Who reconciles the investment accounts and when?
  • Are the reconciliations reviewed by a second person?
  • Are all investment accounts on the general ledger?
  • How does the entity ensure that all investment activity is included in the general ledger (appropriate cutoff)?
  • Who has the ability to transfer investment funds and what are the related controls?
  • Is there appropriate segregation of duties for:
    • Persons that record investments, 
    • Persons that buy and sell investments, and
    • Persons that reconcile the investment statements
  • What investment accounts were opened in the period?
  • What investment accounts were closed in the period? 
  • Who has the authority to open or close investment accounts?
  • Are there any investment restrictions (externally or internally)?
  • What persons are authorized to buy and sell investments?
  • Does the entity have a written investment policy? 
  • Does the company use an investment advisor? If yes, how often does management interact with the advisor? How are investment fees determined?
  • Are there any investment impairments?
  • Who is responsible for investment disclosures and do they have sufficient knowledge to carry out this duty?
  • Are there any cost or equity-method investments?

As we ask questions, we also inspect documents (e.g., investment statements) and make observations (e.g., who reconciles the investment statements to the general ledger?).

If control weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we note that there are improperly classified investments, then will plan audit procedures to address that risk.

Directional Risk for Investments

Third, consider the directional risk of investments.

The directional risk for investments is that they are overstated. So, in performing your audit procedures, perform procedures to ensure that balances are properly stated.

Primary Risks for Investments

Fourth, think about the risks related to investments.

auditing investments

Primary risks include:

  1. Investments are stolen
  2. Investments are intentionally overstated to cover up theft
  3. Investments accounts are intentionally omitted from the general ledger
  4. Investments are misstated due to errors in the investment reconciliations 
  5. Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
  6. Investments are misstated due to improper cutoff
  7. Investment disclosures are not accurate or complete

Common Investment Control Deficiencies

Fifth, think about control deficiencies noted during your walkthroughs and other risk assessment work.

It is common to have the following investment control deficiencies:

  • One person buys and sells investments, records those transactions, and reconciles the investment activity
  • The person overseeing investment accounting does not possess sufficient knowledge or skill to properly perform the duty
  • Investment reconciliations are not performed timely or improperly
  • The company does not employ sufficient assistance in valuing complex assets such as hedges or alternative investments

Risk of Material Misstatement for Investments

Sixth, now its time to assess your risks.

In my smaller audit engagements, I usually assess control risk at high for each assertion. (You may, however, assess control risk at less than high, provided your walkthrough reveals that controls are appropriately designed and that they were implemented. If control risk is assessed at below high, you must test controls for effectiveness to support the lower risk assessment.)

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate. 

Important Assertions

The assertions that concern me the most are existence, accuracy, valuation, and cutoff.

The assertions that concern me the most are existence, accuracy, valuation, and cutoff. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, confirming investments, testing investment reconciliations, testing values, and vetting investment disclosures.

Substantive Procedures for Investments

And finally, it’s time to determine your substantive procedures in light of your identified risks.

My customary audit tests include:

  1. Confirming investment balances agreeing them to the general ledger
  2. Inspecting period-end activity for proper cutoff
  3. Using an investment specialist to value complex instruments (if any)
  4. Vetting investment disclosures with a current disclosure checklist

I don’t normally test controls related to investments. If controls are tested and you determine they are effective, then some of the substantive procedures may not be necessary. 

Investment work papers

Common Investment Work Papers

My investments work papers normally include the following:

  • An understanding of investment-related internal controls 
  • Risk assessment of investments at the assertion level
  • Documentation of any control deficiencies
  • Investment audit program
  • Investment reconciliations 
  • Investment confirmations
  • Valuations performed by specialists
  • Documentation of the specialist’s experience, competence, and objectivity
  • Disclosure checklist

Auditing Investments - A Simple Summary

  • The primary relevant investment assertions include existence, accuracy, valuation, and cutoff
  • Perform a walkthrough of investments by making inquiries, inspecting documents, and making observations
  • The directional risk for investments is an overstatement
  • Primary risks for investments include:
    • Investments are stolen
    • Investments are intentionally overstated to cover up theft
    • Investments accounts are intentionally omitted from the general ledger
    • Investments are misstated due to errors in the investment reconciliations
    • Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
    • Investments are misstated due to improper cutoff
    • Investments disclosures are not accurate or complete
  • The substantive procedures for investments should be responsive to the identified risks; common procedures include:
    • Confirming investments 
    • Inspecting period-end activity for proper cutoff
    • Using an investment specialist to value complex instruments 
    • Vetting investment disclosures with a current disclosure checklist

Now you know how to audit investments. 

See my next post regarding how to audit payables and expenses.

This post is a part of my series The Why and How of Auditing. Check my other posts.

Auditing Receivables and Revenues
Mar 23

What You Need to Know About Auditing Receivables & Revenues

By Charles Hall | Auditing

Today we take a look at auditing receivables and revenues.

Revenues are the lifeblood of any organization. Without cash inflows, the entity may cease to exist. So, it’s important that each business generate sales or some type of revenue. For you, the auditor, it’s important to verify the revenue.

Along with revenues, auditors need to prove receivables. Why? Some companies manipulate their earnings by inflating their period-end receivables.  When trade receivables increase, revenues increase. So, a company can increase its net income by recording nonexistent receivables.

In this post, we’ll answer questions such as, “should I confirm receivables or examine subsequent receipts?” and “why should I assume that revenues are overstated?”

Auditing Receivables and Revenues

How to Audit Receivables and Revenues — An Overview

In this post, we will cover the following:

  1. Primary accounts receivable and revenue assertions
  2. Accounts receivable and revenue walkthrough
  3. Directional risk for accounts receivable and revenues
  4. Primary risks for accounts receivable and revenues
  5. Common accounts receivable and revenue control deficiencies
  6. Risk of material misstatement for accounts receivable and revenues
  7. Substantive procedures for accounts receivable and revenues
  8. Common accounts receivable and revenue work papers

Primary Assertions

First, let’s look at assertions.

YouTube player

 

The primary relevant accounts receivable and revenue assertions are:

  • Existence and occurrence
  • Completeness
  • Accuracy
  • Valuation
  • Cutoff

Of these assertions, I believe—in general—existence (of receivables), occurrence (of revenues) and valuation (of receivables) are most important. So, clients assert that:

  • Receivables exist
  • Receivables are properly valued, and
  • Revenues occurred

Accuracy comes into play if the customer has complex receivable transactions. Additionally, the cutoff assertion is often relevant, especially if the client has incentives to inflate the receivables balance (e.g., bonuses triggered at certain income levels).

When auditing receivables and revenues, consider these assertions.

Accounts Receivable and Revenue Walkthrough

Second, think about performing your risk assessment work in light of the relevant assertions.

As we perform walkthroughs of accounts receivable and revenue, we are looking for ways they are overstated (though they can also be understated as well). We are asking, “What can go wrong, whether intentionally or by mistake?”

Revenue walkthrough

In performing accounts receivable and revenue walkthroughs, ask questions such as:

  • Are receivables subsidiary ledgers reconciled to the general ledger?
  • Is a consistent allowance methodology used?
  • What method is used to compute the allowance and is it reasonable?
  • Who records and approves the allowance?
  • Who reviews aged receivables?
  • What controls ensure that revenues are recorded in the right period?
  • Is there adequate segregation of duties between persons recording, billing, and collecting payments? Who reconciles the related records?
  • What software is used to track billings and collections?
  • Are there any decentralized collection locations?
  • When are revenues recognized and is the recognition in accordance with the reporting framework?
  • What receivables and revenue reports are provided to the owners or the governing body?

As we ask questions, we also inspect documents (e.g., aged receivable reports) and make observations (e.g., who collects the payments?).

If controls weaknesses exist, we create audit procedures to respond to them. For example, if—during the walkthrough—we see inconsistent allowance methods, we will perform more substantive work to prove the allowance balances.

Directional Risk for Accounts Receivable and Revenues

Third, consider directional risk when auditing receivables and revenues.

How to audit receivables

The directional risk for accounts receivable and revenue is an overstatement. So, in performing your audit procedures, perform procedures to ensure that accounts receivables and revenues are not overstated. For example, review the cutoff procedures at period-end. Be sure that no subsequent period revenues are recorded in the current fiscal year. 

Audit standards require that auditors review estimates for management bias. So, consider the current year allowance and bad debt write-offs in light of the prior year allowance. This retrospective review allows the auditor to see if the current estimate is fair. The threat is that management might reduce allowances to inflate earnings.

Moreover, the audit standards state there is a presumption (unless rebutted) that revenues are overstated. Therefore, we are to assume revenues are overstated, unless we can explain why they are not.

Primary Risks for Accounts Receivable and Revenues

Fourth, think about the risks related to receivables and revenues.

The main risks are:

  1. The company intentionally overstates accounts receivable and revenue 
  2. Company employees steal collections 
  3. Without proper cutoff, an overstatement of accounts receivables and revenue occurs 
  4. Allowances are understated
  5. Revenue recognition

Risks related to revenue also vary from company to company. For example, one telecommunications company might sell bundled services while another may not. Revenue recognition is more complex (risky) for the company selling bundled services.

Also, revenue risks vary from industry to industry. For example, the allowance for uncollectible is normally a high risk area for healthcare entities, but may not be so for other industries.

Common Accounts Receivable and Revenue Control Deficiencies

Fifth, think about the control deficiencies noted during your walkthroughs and other risk assessment work.

In smaller entities, the following control deficiencies are common:

  • One person performs one or more of the following: 
    • bills customers
    • receipts monies
    • makes deposits 
    • records those payments in the general ledger
    • reconciles the related bank account
  • The person computing allowances doesn’t possess sufficient knowledge to do so correctly
  • No surprise audits of receivables and revenues 
  • Multiple people work from one cash drawer
  • Receipts are not appropriately issued
  • Receipts are not reconciled to daily collections
  • Daily receipts are not reviewed by a second person
  • No one reconciles subsidiary receivable ledgers to the general ledger
  • Individuals with the ability to adjust customer receivable accounts (with no second-person approval or review) also collect cash 
  • Inconsistent bad debt recognition with no second-person review process
  • The revenue recognition policy may not be clear and may not be in accordance with the reporting framework

Risk of Material Misstatement for Accounts Receivable and Revenues

Sixth, now it’s time to assess your risks.

In smaller engagements, I usually assess control risk at high for each assertion. Controls must be tested to support any lower control risk assessments. Assessing risks at high is often more efficient than testing controls.

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (inherent risk X control risk = risk of material misstatement). The assertions that concern me the most (those with higher inherent risks) are existence, occurrence, and valuation. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, receivable confirmations and tests of subsequent collections. As RMM increases, I send more confirmations and examine more subsequent collections.

Additionally, I thoroughly test management’s allowance computation. I pay particular attention to uncollected amounts beyond 90 days. Uncollected amounts beyond 90 days should usually be heavily reserved. And amounts beyond 120 days should—generally—be fully reserved.  

Substantive Procedures

And finally, it’s time to determine your substantive procedures in light of your identified risks.

how to audit receivables

My customary audit procedures when auditing receivables and revenues are as follows:

  1. Confirm accounts receivable balances (especially larger amounts)
  2. Vouch subsequent period collections, making sure the subsequent collections relate to the period-end balances (sampling can be used)
  3. Thoroughly review allowance computations to see if they are consistent with prior years; compare allowance percentages to industry averages; agree to supporting documentation (e.g., histories of uncollectible amounts); recompute the related numbers
  4. Create comparative summaries of all significant revenue accounts, comparing the current year amounts with historical data (three or more years if possible)
  5. Create summaries of average per customer income and compare with prior years (you may want to do this by specific revenue categories)
  6. Compute average profit margins by sales categories and compare with previous years

Additionally, I add extended procedures to my audit program if there are high risks of material misstatement such as significant risks. For example, if a company sells bundled goods, I test how the company apportions the revenue recognition. Or if there are no segregation of duties, I add fraud-related procedures such as testing daily cash collections. The additional procedures address the root of the identified risks.

Revenue work papers

Common Work Papers

My accounts receivable and revenue work papers frequently include the following:

  • An understanding of accounts receivable and revenue-related internal controls
  • Risk assessment of accounts receivable and revenue at the assertion level
  • Documentation of any control deficiencies
  • Accounts receivable and revenue audit program
  • A detail of receivables comprising amounts on the general ledger
  • Copies of confirmations sent
  • A summary of confirmations received
  • Subsequent collections work papers
  • Allowance work paper
  • Revenue comparison work papers

In Summary

In this chapter, we’ve looked at the following for receivables and revenues:

  • How to perform risk assessment procedures,
  • Relevant assertions,
  • Risk assessments (as a result of the risk assessment procedures), and
  • Substantive procedures

Next, we’ll see how to audit investments.

Get Your Copy of The Why and the How of Auditing

Click the book cover below to see the book on Amazon.

The Why and How of Auditing

Get your copy on Amazon; click the book image.

auditing cash
Mar 11

Auditing Cash: The Why and How Guide

By Charles Hall | Auditing

Auditing cash tends to be straightforward. We usually just obtain the bank reconciliations and test them. We send confirmations and vouch the outstanding reconciling items to the subsequent month’s bank statement. But are such procedures always adequate? Hardly. 

Recall the Parmalat and ZZZZ Best Carpet Cleaning frauds. In those businesses, the theft of cash was covered up with fake bank statements and fake confirmation responses. Millions were lost and reputations we’re sullied.

How to Audit Cash

In this post, we will take a look auditing cash including:

  • Primary cash assertions
  • Cash walkthrough
  • Directional risk for cash
  • Primary risks for cash
  • Common cash control deficiencies
  • Risk of material misstatement for cash
  • Substantive procedures for cash
  • Common cash work papers

Primary Cash Assertions

The primary relevant cash assertions are:

  • Existence
  • Completeness
  • Rights
  • Accuracy
  • Cutoff

 

YouTube player

 

Of these assertions, I believe existence, accuracy, and cutoff are most important. The audit client is asserting that the cash balance exists, that it’s accurate, and that only transactions within the period are included.

Classification is normally not a relevant assertion. Cash is almost always a current asset. But when bank overdrafts occur, classification can be in play. The negative cash balance can be presented as cash or as a payable depending on the circumstances.

Cash Walkthrough

As we perform walkthroughs of cash, we normally look for ways that cash might be overstated (though it can also be understated as well). We are asking, “What can go wrong?” whether intentionally or by mistake.

 

YouTube player

 

In performing cash walkthroughs, ask questions such as:

  • Are timely bank reconciliations performed by competent personnel?
  • Are all bank accounts reconciled?
  • Are the bank reconciliations reviewed by a second person?
  • Are all bank accounts on the general ledger?
  • Are transactions appropriately cut off at period-end (with no subsequent period transactions appearing in the current year)?
  • Is there appropriate segregation between persons handling cash, recording cash, making payments, and  reconciling the bank statements
  • What bank accounts were opened in the period?
  • What bank accounts were closed in the period?
  • Are there any restrictions on the bank accounts?
  • What persons are on the bank signature cards?
  • Who has the authority to open and/or close bank accounts?
  • What is the nature of each bank account (e.g., payroll bank account)?
  • Are there any cash equivalents (e.g., investments of less than three months)
  • Were there any held checks (checks written but unreleased) at period-end?

As we ask questions, we also inspect documents (e.g., bank reconciliations) and make observations (who is doing what?).

If controls weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we review three monthly bank reconciliations and they all have obvious errors, we will perform more substantive work to prove the year-end bank reconciliation. For example, we might vouch every outstanding deposit and disbursement.

Directional Risk for Cash

What is directional risk in auditing cash? It’s the potential bias that a client has regarding an account balance. A client might desire an overstatement of assets and an understatement of liabilities  since each makes the balance sheet appear healthier.

The directional risk for cash is overstatement. So, in performing your audit procedures, perform procedures such as testing the bank reconciliation to ensure that cash is not overstated.

Primary Risks for Cash

The primary risks are:

  1. Cash is stolen
  2. Cash is intentionally overstated to cover up theft
  3. Not all cash accounts are on the general ledger
  4. Cash is misstated due to errors in the bank reconciliation
  5. Cash is misstated due to improper cutoff

Auditing cash

Common Cash Control Deficiencies

In smaller entities, it is common to have the following control deficiencies:

  • One person receipts and/or disburses monies, records those transactions in the general ledger, and reconciles the related bank accounts
  • The person performing the bank reconciliation does not possess the skill to perform the duty
  • Bank reconciliations are not timely performed

Risk of Material Misstatement for Cash

In my smaller audit engagements, I usually assess control risk at high for each assertion. If control risk is assessed at less than high, then controls must be tested to support the lower risk assessment. Assessing risks at high is usually more efficient than testing controls.

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate.

The assertions that concern me the most are existence, accuracy, and cutoff. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, bank confirmations and testing of the bank reconciliations. As RMM increases I examine more of the period-end bank reconciliations and more of the outstanding reconciling items. Also, I am more inclined confirm the balances.

Substantive Procedures for Cash

My customary audit tests are as follows:

  1. Confirm cash balances
  2. Vouch reconciling items to the subsequent month’s bank statement
  3. Ask if all bank accounts are included on the general ledger
  4. Inspect final deposits and disbursements for proper cutoff

The auditor should send confirmations directly to the bank. Some individuals create false bank statements to cover up theft. Those same persons provide false confirmation addresses. Then the confirmation is sent to an individual (the fraudster) rather than a bank. Once received, the fraudster replies to the confirmation as though the bank is doing so. You can lessen the chance of fraudulent confirmations by using Confirmation.com, a company that specializes in bank confirmations. Alternatively, you might Google the confirmation address to verify its existence.

Agree the confirmed bank balance to the period-end bank reconciliation (e.g., December 31, 20X7). Then, agree the reconciling items on the bank reconciliation to the bank statement subsequent to the period-end. For example, examine the January 20X8 bank statement activity when clearing the December 20X7 reconciling items. Finally, agree the reconciled balance to the general ledger cash balance for the period-end (e.g., December 31, 20X7).

Cut-off bank statements (e.g., January 20, 20X8 bank statement) may be used to test the outstanding items. Such statements, similar to bank confirmations, are mailed directly to the auditor. Alternatively, the auditor might examine the reconciling items by viewing online bank statements. (Read-only rights can be given to the auditor.)

Common Cash Work Papers

My cash work papers normally include the following:

  • An understanding of cash-related internal controls
  • Risk assessment of cash assertions at the assertion level
  • Documentation of any control deficiencies
  • Cash audit program
  • Bank reconciliations for each significant account
  • Bank confirmations

Auditing Cash 

We’ve discussed how to perform cash risk assessment procedures, the relevant cash assertions, the cash risk assessments, and substantive cash procedures.

Next we’ll examine how to audit receivables and revenues.

Get Your Copy of The Why and How of Auditing

Click the book below to see it on Amazon.

Click the book cover to see The Why and How of Auditing on Amazon.

Preliminary analytical procedures
Mar 11

Preliminary Analytical Procedures

By Charles Hall | Auditing

Preliminary analytical procedures are used to identify material misstatements in financial statements. In this article, I explain how to create planning analytics and how to use them to identify potential misstatements. I also provide documentation tips. 

Preliminary analytical procedures

Preliminary Analytical Procedures

The auditing standards provide four risk assessment procedures: 

  1. Inquiry
  2. Observation
  3. Inspection
  4. Analytical procedures

I previously provided you with information about the first three risk assessment procedures. Today, I provide you with the fourth, analytical procedures.

While analytical procedures should occur at the beginning and the end of an audit, this post focuses on preliminary analytical procedures (sometimes called a preliminary analytical review).

Below I provide the quickest and best way to develop audit planning analytics

What are Analytics?

If you're not an auditor, you may be wondering, "what are analytics?" Think of analytics as the use of numbers to determine reasonableness. For example, if a company's cash balance at December 31, 2020, was $100 million, is it reasonable for the account to be $5 million at December 31, 2021? Comparisons such as this one assist auditors in their search for errors and fraud.

Preliminary Analytical Procedures Overview

We'll cover the following:

  • The purpose of preliminary analytical procedures 
  • When to create planning analytics (at what stage of the audit)
  • Developing expectations 
  • The best types of planning analytics
  • How to document preliminary analytical procedures
  • Developing conclusions 
  • Linkage to the audit plan

(The following video comes from my Audit Risk Assessment Made Easy YouTube playlist. These videos correspond to my book of the same name. See it on Amazon.)

Purpose of Preliminary Analytical Procedures

Analytical procedures used in planning an audit should focus on identifying risks of material misstatement. Your goal as an auditor is to render an opinion regarding the fairness of the financial statements. So, like a good sleuth, you are surveying the accounting landscape to see if material misstatements exist.

A detective investigates a crime scene using various tools: fingerprints, forensic tests, interviews, timelines. Auditors have their own tools: inquiry, observation, inspection, analytical procedures. Sherlock Holmes looks for the culprit. The auditor (and I know this isn't as sexy) looks for material misstatements. 

The detective and the auditor are both looking for the same thing: evidence. And the deft use of tools can lead to success. A key instrument (procedure) available to auditors is preliminary analytical procedures.

When to Create Planning Analytics

Create your preliminary analytics after gaining an understanding of the entity. Why? Context determines reasonableness of numbers. And without context (your understanding of the entity), changes in numbers from one year to the next may not look like a red flag--though maybe they should.

Therefore, learn about the entity first. Are there competitive pressures?  What are the company's objectives? Are there cash flow issues? What is the normal profit margin percentage? Does the organization have debt? Context creates meaning.

Additionally, create your comparisons of numbers prior to creating your risk assessments. After all, the purpose of the analytical comparisons is to identify risk.

But before creating your planning analytics, you first need to know what to expect.

Developing Expectations 

Knowing what to expect provides a basis for understanding the changes in numbers from year to year. 

Expectations can include:

  • Increases in numbers
  • Decrease in numbers
  • Stable numbers (no significant change)

In other words, you can have reasons to believe payroll (for example) will increase or decrease. Or you might anticipate that salaries will remain similar to last year.

Examples of Expectations Not Met

Do you expect sales to decrease 5% based on decreases in the last two years? If yes, then an increase of 15% is a flashing light.

Or maybe you expect sales to remain about the same as last year? Then a 19% increase might be an indication of financial statement fraud.

But where does an auditor obtain expectations?

Sources of Expectations

Expectations of changes can come from (for example):

  • Past changes in numbers 
  • Discussions with management about current year operations
  • Reading the company minutes
  • Staffing reductions
  • Non-financial statistics (e.g., decrease the number of widgets sold)
  • A major construction project

While you'll seldom know about all potential changes (and that's not the goal), information--such as that above--will help you intuit whether change (or a lack of change) in an account balance is a risk indicator.

Now, let's discuss the best types of planning analytics. 

The Best Types of Planning Analytics

Auditing standards don't specify what types of planning analytics to use. But some, in my opinion, are better than others. Here's my suggested approach (for most engagements). 

Audit Planning Analytics

Comparative Numbers

First, create your planning analytics at the financial statement reporting level. Why? Well, that's what the financial statement reader sees. So, why not use this level (if you can)? (There is one exception in regard to revenues. See Analytics for Fraudulent Revenue Recognition below.)

The purpose of planning analytics is to ferret out unexpected change. Using more granular information (e.g., trial balance) muddies the water. Why? There's too much information. You might have three hundred accounts in the trial balance and only fifty at the financial statement level. Chasing down trial-balance-level changes can be a waste of time. At least, that's the way I look at it.

Comparative Ratios

Second, add any key industry ratios tracked by management and those charged with governance. Often, you include these numbers in your exit conference with the board (maybe in a slide presentation). If those ratios are important at the end of an audit, then they're probably important in the beginning.

Examples of key industry ratios include:

  • Inventory turnover
  • Return on equity
  • Days cash on hand
  • Gross profit 
  • Debt/Equity 

Other Metrics

Other metrics such as earnings before interest, taxes, depreciation, and amortization (EBITDA) are consequential for some companies. If relevant, include those.

Hence, create planning analytics that align with the company’s focal points. And how do you know what those are? Read the company’s minutes before you create your preliminary analytics. Most of the time you’ll see the tracked numbers there. 

One last thought about analytical types. When relevant, use nonfinancial information, such as the number of products sold. If a company sells just three or four products and you have the sales statistics, why not compute the estimated revenue and compare it to the recorded revenue? It makes sense to do so. After all, the auditing standards say that preliminary analytics may include both financial and nonfinancial information. 

Okay, so we know what analytics to create, but how should we document them?

Analytics for Fraudulent Revenue Recognition

AU-C 240 says the auditor should include preliminary analytics relating to revenue accounts.

AU-C 240 suggests a more detailed form of analytics for revenues such as:

  • a comparison of sales volume with production capacity
  • a trend analysis of revenues by month and sales returns by month 
  • a trend analysis of sales by month compared with units shipped to customers

In light of these suggested procedures, it may be prudent to create revenue analytics at a more granular level than that shown in the financial statements.

How to Document Preliminary Planning Analytics

Here are my suggestions for documenting preliminary planning analytics.

  1. Document overall expectations.
  2. Include comparisons of prior-year/current-year numbers at the financial statement level. (You might also include multiple prior year comparisons if you have that information.)
  3. Document key industry ratio comparisons.
  4. Summarize your conclusions. Are there indicators of increased risks of material misstatement? Is yes, say so. If no, say so.

Once you create your conclusions, place any identified risks on your summary risk assessment work paper (where you assess risk at the transaction level--e.g., inventory).

Use Filtered Analytical Reports with Caution (if at all)

Some auditors use filtered trial balance reports for their analytics. For instance, all accounts with changes of greater than $30,000. There is a danger in using such thresholds. 

What if  you expect a change in sales of 20% (approximately $200,000) but your filters include:

  •  all accounts with changes greater than $50,000, and 
  • all accounts with changes of more than 15%

If sales remain constant, then this risk of material misstatement (you expected change of 20%, but it did not happen) fails to appear in the filtered report. The filters remove the sales account because the change was minimal. Now, the risk may go undetected.

Developing Conclusions

I am a believer in documenting conclusions on key work papers. So, how do I develop those conclusions? And what does a conclusion look like on a planning analytics work paper?

First, develop your conclusions. How? Scan the comparisons of prior year/current year numbers and ratios. We use our expectations to make judgments concerning the appropriateness of changes and of numbers that remain stable. Remember this is a judgment, so, there's no formula for this.

No Risk Identified

Now, you'll document your conclusions. But what if there are no unexpected changes? You expected the numbers to move in the manner they did. Then no identified risk is present. Your conclusion will read, (for example):

Conclusion: I reviewed the changes in the accounts and noted no unexpected changes. Based on the planning analytics, no risks of material misstatement were noted.

Risk Identified

Alternatively, you might see unexpected changes. You thought certain numbers would remain constant, but they moved significantly. Or you expected material changes to occur, but they did not. Again, document your conclusion. For example:

Conclusion: I expected payroll to remain constant since the company's workforce stayed at approximately 425 people. Payroll expenses increased, however, by 15% (almost $3.8 million). I am placing this risk of material misstatement on the summary risk assessment work paper at 0360 and will create audit steps to address the risk.

Now, it's time to place the identified risks (if there are any) on your summary risk assessment form.

Linkage to the Audit Plan

I summarize all risks of material misstatements on my summary risk assessment form. These risks might come from walkthroughs, planning analytics or other risk assessment procedures. Regardless, I want all of the identified risks--those discovered in the risk assessment process--in one place.

The final step in the audit risk assessment process is to link your identified risks to your audit program

Overview of Risk Assessment and Linkage

Now, I tailor my audit program to address the risks. Tailoring the audit program to respond to identified risks is known as linkage.

Audit standards call for the following risk assessment process:

  • Risk assessment procedures (e.g., planning analytics)
  • Identification of the risks of material misstatement
  • Creation of audit steps to respond to the identified risks (linkage)

Summary of Preliminary Analytical Procedure Considerations

So, now you know how to use planning analytics to search for risks of material misstatement--and how this powerful tool impacts your audit plan.

Let's summarize what we've covered:

  1. Planning analytics are created for the purpose of identifying risks of material misstatement
  2. Develop your expectations before creating your planning analytics (learn about the entity's operations and objectives; review past changes in numbers for context--assuming you've performed the audit in prior years)
  3. Create analytics at the financial statement level, if possible
  4. Use key industry ratios 
  5. Conclude about whether risks of material misstatement are present
  6. Link your identified risks of material misstatement to your audit program

So there you are. I hope you've found this article useful. For more information about risk assessment, check out my book Audit Risk Assessment Made Easy, available on Amazon. 

First-Year Businesses and Planning Analytics

You may be wondering, "but what if I my client is new?" New entities don't have prior numbers. So, how can you create planning analytics? 

First Option

One option is to compute expected numbers using non-financial information. Then compare the calculated numbers to the general ledger to search for unexpected variances.

Second Option

A second option is to calculate ratios common to the entity’s industry and compare the results to industry benchmarks.

While industry analytics can be computed, I’m not sure how useful they are for a new company. An infant company often does not generate numbers comparable to more mature entities. But we’ll keep this choice in our quiver--just in case.

Third Option

A more useful option is the third: comparing intraperiod numbers. 

Discuss the expected monthly or quarterly revenue trends with the client before you examine the accounting records. The warehouse foreman might say, “We shipped almost nothing the first six months. Then things caught fire. My head was spinning the last half of the year.” Does the general ledger reflect this story? Did revenues and costs of goods sold significantly increase in the latter half of the year?

Fourth Option

The last option we’ve listed is a review of the budgetary comparisons. Some entities, such as governments, lend themselves to this alternative. Others, not so–those that don’t adopt budgets.

Summary

So, yes, it is possible to create useful risk assessment analytics–even for a first-year company.

1 3 4 5 6 7 15
>