Category Archives for "Accounting and Auditing"

how to review financial statements
Feb 10

How to Review Financial Statements

By Charles Hall | Accounting and Auditing

Most CPA firms create financial statements for their clients. This blog post tells you how to create and review financial statements efficiently and effectively.

how to review financial statements

Create Financial Statements

First, where possible, electronically link the trial balance to the financial statements. (Linking is often done from the trial balance to Excel. Then the Excel document is embedded into a Word document.) Doing so will expedite the financial statement process and enhance the integrity of the numbers.

Do the following:

  • Prepare the initial draft of the statements
  • Create clear disclosures
  • Complete a current financial statement disclosure checklist 
  • Research any nonstandard opinion or report language (place sample reports from PPC or other sources in the file). Later the partner or manager will compare this supporting document to the opinion or report
  • Research any additional reports (e.g., Yellow Book, Single Audit). Place a copy of such reports in the file. Later the partner or manager will compare the supporting document to the opinion or report. 
  • The staff person should review the audit planning document to see if any new standards are to be incorporated into this to year’s financial statements

Next you’ll need to proof the financial statements.

Proof the Financial Statements

Proof your financial statements. The proofer usually does the following before the partner or managers’ review:

  • Add (foot the numbers for) all statements, notes, schedules
  • Tick and tie numbers such as:
    • Total assets equal total liabilities and equity
    • Ending cash on the cash flow statement agrees with the balance sheet
    • Net income on the income statement agrees with the beginning number of an indirect method cash flow statement
    • Numbers in the notes agree with the financial statements
    • Numbers in the supplementary schedules agree with the financial statements
  • Review financial statements for compliance with firm formatting standard 
  • Read financial statements for appropriate grammar and punctuation (consider using Grammarly)
  • Compare the table of contents to all pages in the report
  • Review page numbers

Partner or Manager Review

Finally, the partner or manager reviews the financial statements. Having the proofer do their part will minimize the review time for this final-stage review.

Here are tips for the final review:

  • Scan the complete set of financials to get a general feel for the composition of the report (e.g., Yellow Book report, supplementary information, the industry, etc.). This is a cursory review taking three or four seconds per page.
  • Read the beginning part of the summary of significant accounting policies taking note of the reporting framework (e.g., GAAP), type of entity (e.g., nonprofit), and whether the statements are consolidated or combined. Doing so early provides context for the remaining review of the financials.
  • Read the opinion or report noting any nonstandard language (e.g., going concern paragraph)
    • Agree named financial statement titles in the opinion or report to the financial statements
    • Agree the dates (e.g., year-end) in the opinion or report to the statements
    • Compare supporting sample report (as provided by your staff member and noted above) to the opinion or report
    • Compare representation letter date to the opinion or review report date
  • Review the balance sheet making mental notes of line items that should have related notes (retain those thoughts for review of the notes)
  • Review the income statement
  • Review the statement of changes in equity (if applicable)
  • Review the cash flow statement
  • Review the notes (making mental notes regarding sensitive or important disclosures so you can later see if the communication with those charged with governance appropriately contains references to these notes)
  • Return to the balance sheet to see if there are additional disclosures needed (since you just read the notes, you will be more aware of omissions — e.g., intangibles are not disclosed)
  • Review supplementary information (and related opinion for this information if applicable)
  • Review other reports such as Yellow Book and Single Audit (the staff member preparing the financial statements should have placed supporting examples in the file; refer to the examples as necessary)
  • If the review is performed with a printed copy of the statements, use yellow highlighter to mark reviewed sections and numbers
  • If you review a paper copy, pencil in corrections and provide corrected pages to the staff member for amendments to be made
  • If the review is performed on the computer, take screenshots of pages needing corrections and provide to the staff member
  • Better yet, review electronically. See my related post Review Financial Statements on Computer Screens

Last Step

Destroy all drafts. Or at a minimum, don’t leave them in the file. Once the financial statements are complete, there is no reason to retain drafts.

Your Suggestions

What other review procedures do you use?

Use of a specialist
Jan 23

Use of a Specialist: How to Document

By Charles Hall | Auditing

As an auditor, you often use the work of specialists such as actuaries, appraisers, and engineers. Such work can seem mystical, like something conjured up from a mathematical soup. And since we don’t always understand their incantations, we wonder, “Can we rely on the information?” and “How do I document my use of an expert?” Thankfully, the audit standards provide guidance in AU-C 500 (management’s specialist) and AU-C 620 (auditor’s specialist). Below I unpack these requirements. 

Use of a specialist

Picture is courtesy of DollarPhotoClub.com

Who Hires the Specialist?

A specialist can be hired by your audit firm or by management. If you audit banks, you might hire an appraiser to assist with loan collateral reviews–an example of an auditor’s specialist. If your client uses an actuary, then you will obtain audit evidence from a specialist hired by management.

As we begin our look into the use of experts, here are two definitions to help differentiate the types.

Specialist Definitions

AU-C 620 defines an auditor’s specialist and management’s specialist. Both definitions include “expertise in a field other than accounting and auditing.” 

An auditor’s specialist can include an internal person such as a partner or staff member or an external contract person. This person works for the audit firm. 

Information from a management specialist is used by the entity in the preparation of their financial statements. This person works for the audit client. 

Now, let’s take a look at each.

1. Auditor’s Specialist

AU-C Section 620–Using the Work of an Auditor’s Specialist provides guidance.

Is the Specialist Needed?

AU-C 620 states that auditors should consider the use of a specialist when expertise in a field other than accounting or auditing is needed. Before using the services of a specialist, consider the significance of the information for which you might need such a person. If the information has little impact on the financial statements, then usage of their reports or skills is of less importance.

AU-C 620 Considerations

AU-C 620 also says the auditor should evaluate the competence, capability, and objectivity of the specialist. So if you hire an investment pricing expert, you want to know if she is reputable, what her experience is, whether she can perform the work appropriately, and whether she is objective.

Use of a Specialist

Picture is courtesy of Adobe Stock

According to AU-C 620, information regarding the competence, capabilities, and objectivity may come from sources such as the following:

  • Personal experience with previous work of the expert
  • By talking to the specialist
  • Talking with other auditors or others who are familiar with their work
  • Knowledge of their qualifications, professional memberships, licenses to practice, or other forms of recognition (often available on their website)
  • Books or other publications of the expert

If you’ve previously worked with the aforementioned pricing expert, you have personal experience with her work. This helps. You might call her with regard to current year issues, and since you already know her, you probably know her qualifications.

Regarding objectivity, the auditor should inquire about any relationships that the specialist may have with the client. And if necessary, obtain a signed representation letter concerning their objectivity. Continuing with our pricing expert example, you want to ask her if she has any business relationships with the auditee. Are there any family relationships? Is there anything that might impair her objectivity?

Additionally, if the expert is hired by your firm, consider an engagement letter. 

Engagement Letter with Specialist

Though not required, the auditor can use a written engagement letter to define the work of the specialist. AU-C 620 provides suggestions for the engagement letter such as:

  • Nature, scope, and objectives of the assistance
  • The roles and responsibilities of the auditor and the specialist
  • How information will be communicated
  • The need for confidentiality

Document the specialist’s work in a memorandum if an engagement letter is not obtained.

Adequacy of  Work

Auditors must evaluate the adequacy of the work.

AU-C 620 requires that you evaluate the adequacy of the work, including the reasonableness of the findings and conclusions, the reasonableness of assumptions and methods, and the relevance and accuracy of the information. 

Bottom line: Does the work of the expert provide sufficient and appropriate audit evidence with regard to the issue at hand (e.g., investment pricing)?

When should an auditor begin thinking about specialist usage? Before the engagement is accepted. Why? If we accept an audit without the necessary skill sets, we have a problem. As you consider the acceptance of an audit engagement, think about whether a specialist is needed, and whether such a person is available at a reasonable price.

Reference to a Specialist in an Auditor’s Opinion

AU-C 620 states that an auditor should not refer to the work of an auditor’s specialist in an unmodified audit opinion. The auditor can, however, make reference to a specialist when the opinion is modified (to explain the reason for the modification). But, if reference is made, the audit opinion should state the auditor’s responsibility is not lessened. 

What does this mean? Regardless of the situation, the opinion is the auditor’s (and not the specialist’s). We may use the expert’s work as audit evidence, but the audit opinion (and the corresponding responsibility) belongs to us.

Confidentiality Language in the Client Engagement Letter

When an auditor hires an external specialist, should the audit engagement letter change?

When an audit firm hires an external specialist, the firm should follow the Code of Conduct section ET 1.700.040, Disclosing Information to a Third-Party Service Provider. How can you comply with this ethical requirement? By including additional language in your engagement letter advising the client that you might provide confidential information to an outside party. In effect, you are gaining consent to share client information. If you are not using an outside person, but someone who works for your firm, then no such consent is necessary.

Now, let’s take a look at management’s specialist. 

2. Management’s Specialist

AU-C Section 500, Audit Evidence, provides guidance on the use of information from a management specialist.

Your audit client might use their own expert such as a pension plan actuary. To rely on the actuary, you need to know if she is competent and objective. You also need to understand–at least in a general sense–what the actuary does. You do not need to recompute the actuarial computations, for example. But a review of assumptions for reasonableness is appropriate.

AU-C 500 Considerations

AU-C 500 requires considerations similar to those of an auditor’s specialist. For instance, you need to evaluate the competence and objectivity of management’s expert. Obtain an understanding of their work, and evaluate it in light of relevant assertions. For example, is the pension disclosure, based on actuarial information, understandable and accurate?

As with an auditor’s specialist, the sources of information regarding a management specialist can come from prior experience with the person, discussions with the expert, and knowledge of their certifications and experience. 

Additionally, consider including relevant language in management’s representation letter.

Representation Letter

AU-C 580, Written Representations, provides the following example of language that an auditor might include in the representation letter:

We agree with the findings of specialists in evaluating the [describe assertion] and have adequately considered the qualifications of the specialists in determining the amounts and disclosures used in the financial statements and the underlying accounting records. We did not give or cause any instructions to be given to specialists with respect to the values or amounts derived in an attempt to bias their work, and we are not otherwise aware of any matters that have had an effect on the independence or objectivity of the specialists.

Conclusion

So how do you document your use of these experts? As you can tell, the audit standards provide a framework, and the documentation will vary depending on the type of specialist used and the importance of the information. At a minimum, consider documenting:

  1. Why you need the expert (or their work product)
  2. What they are doing
  3. Their abilities, reputation, and experience 
  4. Their objectivity 
  5. The adequacy of the work provided

Peer review checklists include questions regarding your documentation of such information. Therefore, you need to make sure you do so. 

At the end of the day, auditing is all about obtaining reasonable assurance by obtaining audit evidence. As you consider the use of these experts, ask yourself how their work impacts your risk assessment, your audit procedures, and finally your opinion.

Cash overdraft
Jan 21

Cash Overdrafts: Negative Cash Accounting

By Charles Hall | Accounting

How should you account for cash overdrafts (also called negative cash balances) on a balance sheet and in a cash flow statement? There are different ways to do so. I explain those accounting methods below. 

It is year-end and your audit client has three bank accounts at the same bank. Two of the accounts have positive balances (the first with $50,000 and the second with $200,000). The third account has a negative cash balance of $400,000. Since a net overdraft of $150,000 exists, how should we present cash in the financial statements?

Cash overdraft

Cash Overdraft in Balance Sheet

In the balance sheet, show the negative cash balance as Cash Overdraft in the current liabilities. Or you can also include the amount in accounts payable.

If you are netting the three bank accounts, consider using the Cash Overdraft option. If you bury the overdraft in accounts payable, the financial statement reader may think, “there is a mistake, where is cash?” Using Cash Overdraft communicates more clearly. (The right of offset must exist in order to net bank accounts. The right of offset commonly exists for multiple bank accounts with one bank.)

Some companies have multiple bank accounts with multiple banking institutions. In such cases, the net balance of one bank might be positive and the net balance of the second bank might be negative. Then the company would reflect the positive balance as cash and the negative cash balance (of the second bank) as an overdraft.  

Suppose a company has bank accounts with two different banks and the net balance of the first bank is $1,350,000 and the net balance of the second bank is an overdraft of $5,000. Then show cash as one amount on the balance sheet ($1,345,000). The $5,000 is not material.

Cash Overdraft in Cash Flow Statement

Some companies do not include overdrafts in the definition of cash; instead, they include it in accounts payable. Consequently, the company treats the overdraft as an operating activity (change in accounts payable). So, the company includes the negative cash as a change in a liability in the operating section of the cash flow statement. (Some accountants treat overdrafts as a financing activity, but they clear quickly. Therefore, an operating activity classification is more appropriate.)

Alternatively, include the negative cash in the definition of cash (rather than in accounts payable). In doing so, you combine the cash overdraft with other cash (that with positive balances) in the cash flow statement. The beginning and ending cash–in the cash flow statement–should include the negative cash amounts.

FASB ASC 230-10-45-4 requires that the total amounts of cash and cash equivalents in the cash flow statement agree with similarly titled line items or subtotals in the balance sheet. If negative cash is included in the definition of cash, the cash captions in the statement of cash flows should be revised accordingly (e.g., Cash (Cash Overdraft) at end of year).

If the balance sheet contains a positive cash balance in assets and a cash overdraft in liabilities, provide a reconciliation at the bottom of the cash flow statement (or in a disclosure). In the reconciliation, show the composition of the balance–one line titled Cash, one line titled Cash Overdraft, and a total line titled Total Cash (Cash Overdraft)

One Other Consideration

If checks are created but not released by year-end, reverse the payment. Merely printing checks does not relieve payables. Payables are relieved when payment is made (checks are printed and mailed, or electronic payments are processed).

See my post about auditing cash.

Unpredictable audit procedure
Jan 13

Unpredictable Audit Procedures

By Charles Hall | Auditing

In this article I explain how you can use unpredictable audit procedures.

The audit standards require elements of unpredictability. Why? So clients can’t guess what the auditor is going to do. Clients naturally observe and learn what auditors normally do. The client’s knowledge of what is audited (and what is not) makes it easier to steal. The client takes from unaudited areas. This knowledge also enables the company to manipulate numbers. The client alters unaudited balances.

The purpose of the unpredictable element is to create uncertainty–in the client’s mind–regarding audit procedures. We do so by using unpredictable audit procedures.

Unpredictable audit procedureElements of Unpredictability – The Audit Standards

AU-C 240.29 states the following:

In determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor should…incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.

AU-C 240.A42 states:

Incorporating an element of unpredictability in the selection of the nature, timing, and extent of audit procedures to be performed is important because individuals within the entity who are familiar with the audit procedures normally performed on engagements may be better able to conceal fraudulent financial reporting. This can be achieved by, for example,

  • performing substantive procedures on selected account balances and assertions not otherwise tested due to their materiality or risk.
  • adjusting the timing of audit procedures from that otherwise expected.
  • using different sampling methods.
  • performing audit procedures at different locations or at locations on an unannounced basis.

Unpredictable Audit Procedures 

To introduce elements of unpredictability, perform procedures such as these:

  • Examine payments less than your normal threshold in your search for unrecorded liabilities (e.g., in the last three years your threshold was $7,000; this year, it’s $3,000)
  • Perform a surprise unannounced review of teller cash (for a bank client)
  • Make a physical visit to the inventory location one month after the end of the year and review inventory records (assuming you don’t normally do so)
  • Review payroll salary authorization sheets for ten employees and agree to amounts in the payroll master table (in the payroll software)
  • Test a bank reconciliation for the seventh month in the year being audited (in addition to the year-end bank reconciliation)
  • Confirm an immaterial bank account that you haven’t confirmed in the past
  • Pick ten vendors at random and perform procedures to verify their existence (as a test for fictitious vendors)

Document Your Unpredictable Audit Procedures

Since unpredictable tests are required in every audit, document where you performed this procedure. Reference your audit program step for unpredictable tests to the work performed. Title your work paper, “Unpredictable Test,” and then add a purpose statement such as, “Purpose: To confirm the immaterial bank account with ABC Bank as an unpredictable test.” Doing so will eliminate the potential for a peer reviewer to say, “that’s a normal procedure.” You are overtly stating the purpose of the test is to satisfy the unpredictable test requirement.

Change Your Unpredictable Tests Annually

Change your unpredictable tests annually. Otherwise, they will–over time–become predictable.

enterprise risk management
Dec 05

Enterprise Risk Management: Empowering Your Clients

By Harry Hall | Accounting and Auditing

Today’s article comes from my twin brother, Harry Hall. He is a certified PMP®, PMI-RMP®, and has his Associate in Risk Management (ARM-E).

Many organizations do not have an enterprise risk management (ERM) program. Therefore, these entities lack the policies and procedures to manage enterprise risks (i.e., threats and opportunities) and achieve their objectives. In this article, we’ll look at how CPAs can suggest an ERM program to their clients.

Enterprise Risk Management

Imagine that you’ve completed an audit of an organization. One way you can help your client is to provide a management letter that provides ideas to make the organization better. And one of the suggestions you can make is for them to implement an ERM program, or you can provide ways to improve the existing program. (Of course, as the auditor, you can’t make management decisions, but you can make suggestions.)

Think about it. Has one of your clients encountered a surprise event or condition in the last few years? Imagine if the client had identified and managed the risk better. That single failure may have caused your client to miss their annual objectives, resulting in weaker financial and operating positions. It’s even possible they no longer exist.

A sound ERM program can improve–and even save–your client.

What is ERM?

First, let’s define ERM. It is a program whereby an organization identifies and manages all of its risks in order to achieve its objectives. 

How does ERM differ from traditional risk management? Well, traditional risk management focuses on pure risks. These are risks where there is the possibility of loss or no loss, but no chance of gain. Hazard or insurable risks are pure risks. 

ERM includes pure risks, but also includes speculative risks. Speculative risks are risks where there is a chance of loss, no loss, or gain. So, speculative risks have the potential for gain. Examples of speculative risks include financial risks, strategic risks, and some operational risks.

So, let’s see how ERM helps businesses.

Four Benefits of ERM

There are several ways that an organization may benefit from ERM. The benefits include, but are not limited to, the following:

First, an ERM Champion can help their organization implement strategic risk management, a component of ERM. Here, we can clarify enterprise objectives and improve strategic planning, analysis, and alignment.

Second, ERM helps organizations identify risks between departments. Many departments live in siloes. And most people think solely about their department’s risk. But the actions taken by one department may impact other parts of the organization.

Third, ERM can boost collaboration. As risk owners from different departments focus on enterprise objectives together, these individuals begin to better understand other departmental processes. And these can be analyzed and improved to realize greater enterprise benefits.

Fourth, organizations with ERM programs are in a better position to meet the demands from external parties such as investors, rating agencies, and regulators.

To make this work, your client needs to leverage an ERM framework.

ERM Framework

ERM programs include risk management processes that are used throughout the enterprise. Some organizations use a framework like COSO or the ISO 31000. Others develop their own framework. In general, here are the ERM processes, regardless of the framework.

  1. Plan risk management. Define an ERM policy that guides the behavior of individuals in the organization. The ERM policy includes elements such as the risk governance structure, risk categories, ERM methodology, roles and responsibilities, risk appetite, risk tolerance, risk limits, ERM activities, ERM reports, and a glossary. This policy should be reviewed and updated each year. And the Board should approve the revisions.
  2. Identify risks. Determine the risk identification tools and techniques that will be used. For example, these could include brainstorming, interviews, checklists, and cause-and-effect diagrams.
  3. Evaluate risks. Once risks are identified, ERM stakeholders should assess the risks. Risk owners may perform qualitative and quantitative risk assessments. The risk assessments result in a prioritized risk list. The benefit: you know which risks matter most.
  4. Respond to risks. Next, risk owners develop and implement risk response plans to lessen these risks.
  5. Monitor risks. Of course, risks change over time. Threats and opportunities may (and probably will) increase or decrease. Therefore, client’s must monitor risks. Are the risks managed according to the risk appetite and risk tolerance? Are the ERM processes providing value? Are the processes economical and efficient?

As a CPA, have you ever wondered how ERM and Internal Audit differ?

ERM vs. Internal Audit

Organizations may have an ERM department or group led by an ERM Champion or Chief Risk Officer (CRO). This group facilitates the development of an ERM policy, trains employees on ERM processes, and facilitates periodic risk reviews. 

Internal Audit ensures that the risk controls are working as designed within the organization and makes recommendations for improvement where there are internal control deficiencies. (Traditionally, internal auditors have focused on accounting processes. Their role is expanding into other areas such as ERM.)

So, how does ERM and Internal Audit work together? First, the ERM Champion engages Internal Audit when developing the ERM policy. Second, Internal Audit uses the ERM risk register as input into the annual audit plan. Think about it – wouldn’t it be great to see the most significant enterprise threats and opportunities as Internal Audit develops the audit plan? Third, Internal Audit inspects the ERM processes, in addition to other organizational processes, to ensure they are efficient and economical.

Audit Management Letter Suggestion: ERM Program

In your next audit, think about the risk management practices in the organization.  

Does your client have a written ERM policy? Are the risk processes being performed consistently throughout the enterprise? How are risks being identified and assessed? Does the enterprise risk register include financial risks, strategic risks, operational risks, and other risks? Has the risk appetite and risk tolerance been defined and communicated to the Board, management, and risk owners?

At the conclusion of your audit, consider including ERM recommendations in your management letter. Doing so might save your client a great deal of pain–and you’ll add value to your audit.

Harry Hall

Guest Author

Harry Hall, the Project Risk Coach, is a speaker, teacher, author, and blogger. He has implemented project management offices (PMOs) and enterprise risk management (ERM) programs in the financial, healthcare, and agricultural industries. Harry is a graduate of the University of Georgia and is a certified PMP®, PMI-RMP®, and has his Associate in Risk Management (ARM-E).

1 12 13 14 15 16 27
>