Category Archives for "Accounting and Auditing"

CPA Ethics
Jan 23

CPA’s Ethics: Four Questions for Better Decisions

By Charles Hall | Accounting and Auditing

In this article, I address CPA’s ethics and the benefits of making good decisions.

Men are alike in their promises. It is only in their deeds that they differ. Molière

CPA Ethics

We’ve all been there.

Your client wants you to sign off on an issue, one that is in the land of gray–you know, that place where there is no black or white. And, of course, the issue has significant dollars attached to it, so it’s important.

Your anguish rises, so you try to see the Great Oz, but he’s hiding behind that curtain, smoke billowing, lighting crashing–but no advice. Since the wizard has no wise words of wisdom, you need someone, or at least something, to help you. Here are four questions you can ask yourself when you face ethical decisions.

CPA Ethics: Four Questions for Better Decisions

Here are four questions to ask:

  1. How would I feel if my choice was placed on the front-page of the local newspaper (or in the Journal of Accountancy)?
  2. What would my father do (or anyone else I greatly respect)?
  3. What would I advise my child to do? (If your child is three, pretend she is thirty.)
  4. What’s the worst thing that could happen? 

Can questions such as these really help? Let’s see. 

County Fires Auditor

Many years ago I was doing an audit of a local county government. I discovered the county commission chairman had arranged for a material purchase of property from his son without using the required bid process, and the transaction was illegal in our state. (I had recently started a CPA firm, so this was one of my few clients. I needed the audit fee.) When I discovered the irregularity, I met with the county commission chairman and told him I would report the transaction in the audit report. He leaned over and quietly said to me, “if you do, you’ll no longer be the auditor.” No one else was in the room.

Later I was physically threatened, and for some time I feared what might happen to me. The decision of what to do, however, had already been made. In asking myself questions such as those above, the right course of action was obvious. 

I reported the illegal transaction and was immediately fired. It cost me, but I knew it was the right thing to do. (Interestingly, when the news broke, a reporter contacted the county commission chairman and the county manager. The county manager stated that I had “my hand in the till,” and that the auditor–that’s me–had stolen money, though they never said how.)

Because of situations like this one, client acceptance has become important to me. We need clients with integrity. Yes, we do. 

When you face a decision such as this one, here are four actions that may help. 

CPA’s Ethics: Four Actions for Better Decisions

Here are four actions to take:

  1. Call the AICPA Ethics Hotline or the AICPA Technical Hotline (877-242-7212). (They are independent of the issue, so they will give you a straight-up answer.)
  2. Call a CPA with knowledge in the area of concern, and ask his or her opinion.
  3. Create a memo supporting your proposed decision, and share it with a partner, quality control department, or whoever is in charge. (I find that writing creates clarity.)
  4. Sit on it (if you can). I gain clarity as I allow the issue to percolate, and as I pray about it. I try not to make a high-stakes decision quickly. Hurried decision are usually poor ones.

Do the Right Thing

As you consider this article, remember, a clear conscience is a precious commodity. If you believe a particular course of action is going to keep you awake at night, your conscience is talking to you. Listen, even if it means less money–especially if it means less money.  

Do the right thing. You’ll be glad you did.

A CPA’s ethics are, and will always be, important.

Use of a specialist
Jan 23

Use of a Specialist: How to Document

By Charles Hall | Auditing

As an auditor, you often use the work of specialists such as actuaries, appraisers, and engineers. Such work can seem mystical, like something conjured up from a mathematical soup. And since we don’t always understand their incantations, we wonder, “Can we rely on the information?” and “How do I document my use of an expert?” Thankfully, the audit standards provide guidance in AU-C 500 (management’s specialist) and AU-C 620 (auditor’s specialist). Below I unpack these requirements. 

Use of a specialist

Picture is courtesy of DollarPhotoClub.com

Who Hires the Specialist?

A specialist can be hired by your audit firm or by management. If you audit banks, you might hire an appraiser to assist with loan collateral reviews–an example of an auditor’s specialist. If your client uses an actuary, then you will obtain audit evidence from a specialist hired by management.

As we begin our look into the use of experts, here are two definitions to help differentiate the types.

Specialist Definitions

AU-C 620 defines an auditor’s specialist and management’s specialist. Both definitions include “expertise in a field other than accounting and auditing.” 

An auditor’s specialist can include an internal person such as a partner or staff member or an external contract person. This person works for the audit firm. 

Information from a management specialist is used by the entity in the preparation of their financial statements. This person works for the audit client. 

Now, let’s take a look at each.

1. Auditor’s Specialist

AU-C Section 620–Using the Work of an Auditor’s Specialist provides guidance.

Is the Specialist Needed?

AU-C 620 states that auditors should consider the use of a specialist when expertise in a field other than accounting or auditing is needed. Before using the services of a specialist, consider the significance of the information for which you might need such a person. If the information has little impact on the financial statements, then usage of their reports or skills is of less importance.

AU-C 620 Considerations

AU-C 620 also says the auditor should evaluate the competence, capability, and objectivity of the specialist. So if you hire an investment pricing expert, you want to know if she is reputable, what her experience is, whether she can perform the work appropriately, and whether she is objective.

Use of a Specialist

Picture is courtesy of Adobe Stock

According to AU-C 620, information regarding the competence, capabilities, and objectivity may come from sources such as the following:

  • Personal experience with previous work of the expert
  • By talking to the specialist
  • Talking with other auditors or others who are familiar with their work
  • Knowledge of their qualifications, professional memberships, licenses to practice, or other forms of recognition (often available on their website)
  • Books or other publications of the expert

If you’ve previously worked with the aforementioned pricing expert, you have personal experience with her work. This helps. You might call her with regard to current year issues, and since you already know her, you probably know her qualifications.

Regarding objectivity, the auditor should inquire about any relationships that the specialist may have with the client. And if necessary, obtain a signed representation letter concerning their objectivity. Continuing with our pricing expert example, you want to ask her if she has any business relationships with the auditee. Are there any family relationships? Is there anything that might impair her objectivity?

Additionally, if the expert is hired by your firm, consider an engagement letter. 

Engagement Letter with Specialist

Though not required, the auditor can use a written engagement letter to define the work of the specialist. AU-C 620 provides suggestions for the engagement letter such as:

  • Nature, scope, and objectives of the assistance
  • The roles and responsibilities of the auditor and the specialist
  • How information will be communicated
  • The need for confidentiality

Document the specialist’s work in a memorandum if an engagement letter is not obtained.

Adequacy of  Work

Auditors must evaluate the adequacy of the work.

AU-C 620 requires that you evaluate the adequacy of the work, including the reasonableness of the findings and conclusions, the reasonableness of assumptions and methods, and the relevance and accuracy of the information. 

Bottom line: Does the work of the expert provide sufficient and appropriate audit evidence with regard to the issue at hand (e.g., investment pricing)?

When should an auditor begin thinking about specialist usage? Before the engagement is accepted. Why? If we accept an audit without the necessary skill sets, we have a problem. As you consider the acceptance of an audit engagement, think about whether a specialist is needed, and whether such a person is available at a reasonable price.

Reference to a Specialist in an Auditor’s Opinion

AU-C 620 states that an auditor should not refer to the work of an auditor’s specialist in an unmodified audit opinion. The auditor can, however, make reference to a specialist when the opinion is modified (to explain the reason for the modification). But, if reference is made, the audit opinion should state the auditor’s responsibility is not lessened. 

What does this mean? Regardless of the situation, the opinion is the auditor’s (and not the specialist’s). We may use the expert’s work as audit evidence, but the audit opinion (and the corresponding responsibility) belongs to us.

Confidentiality Language in the Client Engagement Letter

When an auditor hires an external specialist, should the audit engagement letter change?

When an audit firm hires an external specialist, the firm should follow the Code of Conduct section ET 1.700.040, Disclosing Information to a Third-Party Service Provider. How can you comply with this ethical requirement? By including additional language in your engagement letter advising the client that you might provide confidential information to an outside party. In effect, you are gaining consent to share client information. If you are not using an outside person, but someone who works for your firm, then no such consent is necessary.

Now, let’s take a look at management’s specialist. 

2. Management’s Specialist

AU-C Section 500, Audit Evidence, provides guidance on the use of information from a management specialist.

Your audit client might use their own expert such as a pension plan actuary. To rely on the actuary, you need to know if she is competent and objective. You also need to understand–at least in a general sense–what the actuary does. You do not need to recompute the actuarial computations, for example. But a review of assumptions for reasonableness is appropriate.

AU-C 500 Considerations

AU-C 500 requires considerations similar to those of an auditor’s specialist. For instance, you need to evaluate the competence and objectivity of management’s expert. Obtain an understanding of their work, and evaluate it in light of relevant assertions. For example, is the pension disclosure, based on actuarial information, understandable and accurate?

As with an auditor’s specialist, the sources of information regarding a management specialist can come from prior experience with the person, discussions with the expert, and knowledge of their certifications and experience. 

Additionally, consider including relevant language in management’s representation letter.

Representation Letter

AU-C 580, Written Representations, provides the following example of language that an auditor might include in the representation letter:

We agree with the findings of specialists in evaluating the [describe assertion] and have adequately considered the qualifications of the specialists in determining the amounts and disclosures used in the financial statements and the underlying accounting records. We did not give or cause any instructions to be given to specialists with respect to the values or amounts derived in an attempt to bias their work, and we are not otherwise aware of any matters that have had an effect on the independence or objectivity of the specialists.

Conclusion

So how do you document your use of these experts? As you can tell, the audit standards provide a framework, and the documentation will vary depending on the type of specialist used and the importance of the information. At a minimum, consider documenting:

  1. Why you need the expert (or their work product)
  2. What they are doing
  3. Their abilities, reputation, and experience 
  4. Their objectivity 
  5. The adequacy of the work provided

Peer review checklists include questions regarding your documentation of such information. Therefore, you need to make sure you do so. 

At the end of the day, auditing is all about obtaining reasonable assurance by obtaining audit evidence. As you consider the use of these experts, ask yourself how their work impacts your risk assessment, your audit procedures, and finally your opinion.

Cash overdraft
Jan 21

Cash Overdrafts: Accounting for Negative Cash

By Charles Hall | Accounting

How should you account for cash overdrafts (also called negative cash balances) on a balance sheet and in a cash flow statement?

It is year-end and your audit client has three bank accounts at the same bank. Two of the accounts have positive balances (the first with $50,000 and the second with $200,000). The third account has a negative cash balance of $400,000. Since a net overdraft of $150,000 exists, how should we present cash in the financial statements?

Cash overdraft

Cash Overdraft in Balance Sheet

In the balance sheet, show the negative cash balance as Cash Overdraft in the current liabilities. Or you can also include the amount in accounts payable.

If you are netting the three bank accounts, consider using the Cash Overdraft option. If you bury the overdraft in accounts payable, the financial statement reader may think, “there is a mistake, where is cash?” Using Cash Overdraft communicates more clearly. (The right of offset must exist in order to net bank accounts. The right of offset commonly exists for multiple bank accounts with one bank.)

Some companies have multiple bank accounts with multiple banking institutions. In such cases, the net balance of one bank might be positive and the net balance of the second bank might be negative. Then the company would reflect the positive balance as cash and the negative cash balance (of the second bank) as an overdraft.  

Suppose a company has bank accounts with two different banks and the net balance of the first bank is $1,350,000 and the net balance of the second bank is an overdraft of $5,000. Then show cash as one amount on the balance sheet ($1,345,000). The $5,000 is not material.

Cash Overdraft in Cash Flow Statement

Some companies do not include overdrafts in the definition of cash; instead, they include it in accounts payable. Consequently, the company treats the overdraft as an operating activity (change in accounts payable). So, the company includes the negative cash as a change in a liability in the operating section of the cash flow statement. (Some accountants treat overdrafts as a financing activity, but they clear quickly. Therefore, an operating activity classification is more appropriate.)

Alternatively, include the negative cash in the definition of cash (rather than in accounts payable). In doing so, you combine the cash overdraft with other cash (that with positive balances) in the cash flow statement. The beginning and ending cash–in the cash flow statement–should include the negative cash amounts.

FASB ASC 230-10-45-4 requires that the total amounts of cash and cash equivalents in the cash flow statement agree with similarly titled line items or subtotals in the balance sheet. If negative cash is included in the definition of cash, the cash captions in the statement of cash flows should be revised accordingly (e.g., Cash (Cash Overdraft) at end of year).

If the balance sheet contains a positive cash balance in assets and a cash overdraft in liabilities, provide a reconciliation at the bottom of the cash flow statement (or in a disclosure). In the reconciliation, show the composition of the balance–one line titled Cash, one line titled Cash Overdraft, and a total line titled Total Cash (Cash Overdraft)

One Other Consideration

If checks are created but not released by year-end, reverse the payment. Merely printing checks does not relieve payables. Payables are relieved when payment is made (checks are printed and mailed, or electronic payments are processed).

See my post about auditing cash.

risk of material misstatement at the assertion level
Jan 16

Risk of Material Misstatement at the Assertion Level

By Charles Hall | Accounting and Auditing

In this post, I address whether auditors should assess the risk of material misstatement at the assertion level. 

Assertion Level or Transaction Level Assessments

Should auditors assess the risk of material misstatement at the assertion level? Or is it better assess risk at the transaction level (for example, all cash assertions are assigned a moderate level of risk)? Those who assess risk at the transaction level think they are saving time. But are they? It might be more effective and economical to assess risk for each individual assertion. 

risk of material misstatement at the assertion level

Assess the Risk of Material Misstatement at the Assertion Level

Why should you assess the risk of material misstatement at the assertion level? In two words: effectiveness and efficiency. 

We know the purpose of risk assessment is to design responsive audit procedures. When the auditor identifies risk at the assertion level, that person is better able to build effective responses. Therefore, it is wise to avoid assessing risk at the transaction level.

Why? 

  • Assessing risk at the transaction level may lead to unnecessary work
  • Assessing risk at the transaction level results in assessing irrelevant assertions

Risk Assessment for Accounts Payable — An Example

Suppose, for example, the auditor assesses risk at the transaction level, assessing all accounts payable assertions with a high risk of material misstatement. What does this mean? It means the auditor should perform further audit procedures to respond to the high risk assessments for all assertions. Why? The risk assessment for valuation, existence, rights and obligations, completeness, and all other assertions is high. Logically, substantive procedures must now address all of those risks. And, obviously, this is not efficient. Moreover, some of the assertions might not be relevant such as valuation. So why create audit steps for irrelevant assertions?

Alternatively, what if the accounts payable completeness assertion is assessed at high and all other assertions are at low to moderate? How does this impact the audit plan? Now the auditor will create substantive procedures that respond to the risk that payables are not complete such as conducting a search for unrecorded liabilities. (This is normally appropriate since the directional risk for liabilities is an understatement.) Additionally, the auditor may not perform some existence procedures such as sending vendor confirmations. Why? The existence assertion deals with potential overstatement issues, not understatement. 

Do you see the advantage? Rather than using a scattered approach—let’s audit everything—the auditor pinpoints his audit procedures. Assertion level risk leads you to assertion level procedures. This is more effective and efficient. 

Assertion Level Risk

Before we delve deeper, let’s answer two questions: What is the definition of assertion level risk? And what is a relevant assertion?

Assertion level risk is the probability that a risk of material misstatement is present for a particular assertion. The risks are the result of the nature of the account balance, transaction balance, and disclosure (inherent risk) and the related controls (control risk). Complex transaction areas without appropriate controls, for example, are more likely to be misstated. 

A relevant assertion is one that has a meaningful bearing upon whether the account balance, transaction balance, and disclosure is appropriately stated or communicated. The existence assertion for cash has a meaningful bearing upon whether the balance is properly stated. It is therefore, relevant. The valuation assertion, by contrast, is normally not relevant when a company has no foreign currencies.  

Now, let’s examine assertion level risk in light of a receivables example. 

Assessing Risk at Assertion Level for Receivables — An Example

Each financial statement account balance, transaction cycle, and disclosure has relevant assertions. For example, a company asserts that its accounts receivable balance is correctly stated at $2,105,012. This means the company asserts at least two things: the existence of the balance is real and the valuation of the balance is correct. Thus, we have at least two assertions in play: existence and valuation. Since these two assertions are relevant, we need to define the assertion level risk for each. 

The assertion level risk for existence is that not all of the receivable balance is real. Maybe $300,000 of the total is an intentional overstatement by management. This is a fraud risk, and it affects the assertion level risk assessment for existence. 

The assertion level risk for valuation is that the allowance for uncollectible is improperly stated. Maybe the valuation is intentionally understated at $100,000 but the true amount is $350,000. This is a fraud risk, and it affects the assertion level risk assessment for valuation. 

The risk of material misstatement for each assertion is made up of two risks: inherent risk and control risk. Let’s pretend, in this receivables example, that control risk is assessed at high. Based on the fraud risks mentioned in the previous two paragraphs, the auditor would assess inherent risk at high. So control risk and inherent risk are assessed at high, resulting in a high risk of material misstatement for the existence and valuation assertions. This is an example of assessing risk at the assertion level.

But, as we are about to see, some auditors bypass risk assessment, thinking it a waste of time.

Planners or Doers

Some auditors are planners. Some are doers

The planners like to perform risk assessment procedures—such as reviewing internal controls and preliminary analytics. They want to know where the risks are before they plan and perform substantive procedures. 

But the doers say, “Let’s get on with it.” These folks like a balance sheet audit approach. They see value in procedures such as sending debt confirmations, searching for unrecorded liabilities, and vouching additions to fixed assets. 

If I, on the first day of the audit, perform substantive procedures such as reviewing year-end bank reconciliations or sending receivable confirmations, then I am a doer. The audit standards do not smile upon this disposition. Why? Because those standards call for the following (and in this order):

  1. Perform risk assessment procedures
  2. Assess risks of material misstatement
  3. Create an audit plan
  4. Perform the audit plan
  5. Consider whether the initial risk assessment and audit plan is appropriate (if not, amend it)

Many auditors start with step 4. Why? Because we think we already know what the risks are. Or worse yet, we are just doing the same as last year without considering current-year risk.

And some of the hurry to perform substantive procedures leads to a lack of regard for risk assessment. 

Linkage with Further Audit Procedures

So why do auditors assess risk at the transaction level and not the assertion level? Sometimes, it’s because we plan to do the same as last year without considering risks. And we think it’s a waste of time to document risk assessments. Such thinking is dangerous and not in the spirit of the audit standards.

Some firms say to me, “I know I over-audit, but I’m not sure how to lessen what I do.” And then they say, “How can I reduce my time and still perform a quality audit?” 

My answer: “Perform real risk assessments and document the risk of material misstatement at the assertion level. Then tailor—yes, change the audit program—to address the risks. And slap yourself every time you even think about same as last year.”

After your risk assessment is complete, link it to your further audit procedures.

A good auditor does the following: identify, assess, plan, perform. First, we identify risk with risk assessment procedures. Second, we assess the risks, whether they are high or low, so we can see what needs attention. Third, we plan our response by preparing our audit program and linking it to our risk assessment. And fourth, we perform the planned procedures. That’s auditing in a nutshell.

Part of risk assessment is assessing risks at the assertion level (the focus of this article) so we can properly plan the audit.

And what are the benefits of assessing risk at the assertion level

  • We think more and work less
  • We make higher profits in our engagements
  • We audit in conformity with professional standards

In addition to assertion level risks, consider financial statement level risks. 

Risks at the Financial Statement Level

Financial statements have financial statement level risks such as management override or the intentional overstatement of revenues. These sometimes affect assertion level risk. For example, the intentional overstatement of revenues has a direct effect upon the existence assertion for receivables and the occurrence assertion for revenues. Therefore, even when you identify financial statement level risks, consider whether they might affect assertion level risks as well. 

Your Files

Look at two or three of your audit files and review your risk assessments. Are you assessing risk at the transaction level or at the assertion level? Plan to spend more time in performing risk assessment procedures and documenting risks at the assertion level. The payoff: potentially less time performing substantive procedures, but, at a minimum, you are auditing in conformity with professional standards. 

Unpredictable audit procedure
Jan 13

Unpredictable Audit Procedures

By Charles Hall | Auditing

In this article I explain how you can use unpredictable audit procedures.

The audit standards require elements of unpredictability. Why? So clients can’t guess what the auditor is going to do. Clients naturally observe and learn what auditors normally do. The client’s knowledge of what is audited (and what is not) makes it easier to steal. The client takes from unaudited areas. This knowledge also enables the company to manipulate numbers. The client alters unaudited balances.

The purpose of the unpredictable element is to create uncertainty–in the client’s mind–regarding audit procedures. We do so by using unpredictable audit procedures.

Unpredictable audit procedureElements of Unpredictability – The Audit Standards

AU-C 240.29 states the following:

In determining overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level, the auditor should…incorporate an element of unpredictability in the selection of the nature, timing, and extent of audit procedures.

AU-C 240.A42 states:

Incorporating an element of unpredictability in the selection of the nature, timing, and extent of audit procedures to be performed is important because individuals within the entity who are familiar with the audit procedures normally performed on engagements may be better able to conceal fraudulent financial reporting. This can be achieved by, for example,

  • performing substantive procedures on selected account balances and assertions not otherwise tested due to their materiality or risk.
  • adjusting the timing of audit procedures from that otherwise expected.
  • using different sampling methods.
  • performing audit procedures at different locations or at locations on an unannounced basis.

Unpredictable Audit Procedures 

To introduce elements of unpredictability, perform procedures such as these:

  • Examine payments less than your normal threshold in your search for unrecorded liabilities (e.g., in the last three years your threshold was $7,000; this year, it’s $3,000)
  • Perform a surprise unannounced review of teller cash (for a bank client)
  • Make a physical visit to the inventory location one month after the end of the year and review inventory records (assuming you don’t normally do so)
  • Review payroll salary authorization sheets for ten employees and agree to amounts in the payroll master table (in the payroll software)
  • Test a bank reconciliation for the seventh month in the year being audited (in addition to the year-end bank reconciliation)
  • Confirm an immaterial bank account that you haven’t confirmed in the past
  • Pick ten vendors at random and perform procedures to verify their existence (as a test for fictitious vendors)

Document Your Unpredictable Audit Procedures

Since unpredictable tests are required in every audit, document where you performed this procedure. Reference your audit program step for unpredictable tests to the work performed. Title your work paper, “Unpredictable Test,” and then add a purpose statement such as, “Purpose: To confirm the immaterial bank account with ABC Bank as an unpredictable test.” Doing so will eliminate the potential for a peer reviewer to say, “that’s a normal procedure.” You are overtly stating the purpose of the test is to satisfy the unpredictable test requirement.

Change Your Unpredictable Tests Annually

Change your unpredictable tests annually. Otherwise, they will–over time–become predictable.

>