steps to delightful presentation
Feb 03

Four Steps to Delightful Accounting Presentations

By Charles Hall | Technology

In this article, I provide you with four steps to delightful accounting presentations–even if you are a CPA. Yes, this can be done!

four steps to delightful accounting presentations

If you’ve read the book Presentation Zen, you know that many speakers–without intending to–hide their message. In watching CPE presentations and board presentations, I have noticed that (we) CPAs unwittingly hide our message. How? We present slide decks that look like intermediate accounting textbooks–chock full of facts, but too much to digest. And do we really believe that those attending will take those slides back to the office and study them?

Probably not.

My experience has been those slides end up in the office dungeon, never to be seen again. We have one chance to communicate–in the session.

Four Steps to Delightful Accounting Presentations

It is the presenter’s duty to cause learningSo how can we  engage our audience (even those sitting on the back row playing with their cell phones)? Let’s start with the slide deck.

1. Make Simple Slides

Make simple slides.

I try to have no more than two points per slide, and I leave out references to professional standards (at least on the slides).

What happens when you see a slide that looks like it contains the whole of War and Peace? If you’re like me, you may think, “Are you kidding? You want me to consume all of that in the next three minutes. Forget it. I will not even try.” And then you begin to think about your golf game or your next vacation. So, how much information should you include on a slide?

Nancy Duarte recommends the glance test for each slide. “People should be able to comprehend it in three seconds.”

2. Include a picture related to the topic

Include a picture.

For example, if I am presenting to auditors, I might display a picture of someone being bribed. Verbal information is remembered about ten percent of the time. If a picture is included, the figure goes up to sixty-five percent. Quite a difference.

power of pictures

3. Tell a story (and ask questions)

Tell a story and ask questions.

People love stories. If your presentation is about bribes and you have not audited a bribery situation, Google bribes, and you will find all the stories you need. If you can’t find a story, use a hypothetical. Why? You are trying to draw your audience in–then maybe they will put that cell phone down (your most triumphant moment as a speaker!).

Telling your story at the right pace and volume is also important.

Also engage your audience with questions. Stories get the juices going; questions make them dig. And, if they answer you, there is dialog. And what’s the result? Those talking learn, the audience learns, and, yes, you learn.

4. Move

Move. Not too much, but at least some.

A statue is not the desired effect. Moving like Michael Jackson is also not what you desire (moonwalking was never in my repertoire anyway). But movement, yes. I walk slowly from side to side (without moonwalking) and will, at times, move toward the audience when I want to make a point. So, am I constantly roaming? No. Balance is important.

Now, let me provide a few thoughts about presentation software and handouts.

Presentation Software and Handouts

Presentation Software

If you have an Apple computer, let me recommend Keynote as your presentation software. I do think PowerPoint (for you Windows users) has improved, but personally, I prefer Keynote.

Another option—though there is a cost—is using Canva to create your slide deck. Your creativity is almost unlimited with this software—pictures, graphics, templates, colors, resizing, and more. Once the slides are created, you can download them as a PDF. Then present the slides (in the PDF) using the full screen option in Adobe Acrobat. I’ve done this a lot lately. Love it. 

Here’s a sample Canva slide:

Canva

Handouts

If you need to provide detailed information, give your participants handouts (examples of what you are discussing).

I prefer not to provide copies of slides. Why? Your participants will read ahead. You want to keep your powder dry. If they already know what you’re going to say, they’ll stop listening.

Your Presentation Tips

What do you do to make your presentations sizzle?

Client Acceptance and Continuance
Feb 01

Client Acceptance: How to Do It Right

By Charles Hall | Auditing

Client acceptance and continuance may be the most critical step in an audit, but it’s one that gets little attention. A prospective client calls saying, “Can you audit my company?” and we respond, “sure.” While new business can be a good thing, relationships need appropriate vetting. Not doing so can lead to significant (and sometimes disastrous) consequences.

New Relationships

My daughter recently met a young man on Instagram. Not unusual these days. But now the relationship is entering into its third month. They talk every day for two or three hours. So far, they have not been in the same room—and not even in the same city. Skype, yes. Physical presence, no. That’s happening at the end of this month. (He lives eight hours away.)

So what do Mom and Dad think about all of this? Well, it’s fine. My wife checked him out on Facebook (I know you’ve never done this). And my daughter has told us all about the “fella” and his family. We like what we’re hearing. He has similar beliefs. He has a job (Yay!), and he has graduated from college. His family background is like ours.

Why do we want to know all the details about the young man? Because relationships impact people—my daughter, the young man, his family members, and yes, my wife and I. We want everyone to be happy.

Client Acceptance 

And that’s what good relationships create. Happiness. The same is true with clients. As Steven Covey said, “think win, win.” When the customer wins, and your CPA firm wins, everyone is happy. Mutual needs are met.

Careless CPAs accept business with only one consideration: Can I get paid? 

While getting paid is important, other factors are also critical.

Before accepting an audit engagement consider:

  1. Are they ethical?
  2. Are you independent?
  3. Do you have the technical ability to serve them?
  4. Do you the capacity to serve them?

Are They Ethical?

I want my daughter to marry a guy with beliefs that correspond with who she is. Is he honest? Would he steal? Is he transparent? Who are his associates? What do others think of him? 

We ask similar questions about accepting a new client. Audit standards require us to consider whether the prospective client has integrity. If the company is not morally straight, then there’s no need to move forward. Ethics is a key to client acceptance.

(The predecessor auditor can provide information about their interactions with the company. Audit standards require contact with the predecessor auditor prior to acceptance. This is an initial year consideration.)

Are You Independent?

Independence is another key to client acceptance. And the time to determine your firm’s independence is the beginning—not at the conclusion of the audit.

Consider what happens—during a peer review—when a firm is not independent, and it has issued an audit opinion. The original audit report will be recalled, and I’ll bet the company asks for and receives a full refund of your audit fee. Now, the company needs to be re-audited.  (Oh, and there’s that impact on the peer review report.)

Pay attention to requested nonattest services—such as preparation of financial statements. If the client has no one with sufficient skill, knowledge, and experience to accept responsibility for such services, you may not be independent. See the AICPA’s Plain English Guide to Independence for more information. (You can see additional help-aids in my list of online resources for CPAs. )

Do You Have the Technical Ability to Serve Them?

If you can pick up a client in an industry in which you have no experience, should you? Possibly, but it depends on whether you can appropriately understand the client and their industry before you conduct the engagement. Some new customers may not be complicated. In those cases, CPE may get you into position to provide the audit. 

But what if the potential engagement involves a highly sophisticated industry and related accounting standards for which you are ill-equipped? It may be better to let the engagement go and refer it to an audit firm that has the requisite knowledge. Or maybe you can partner with the other firm. 

Do You Have the Capacity to Serve Them?

A prospective client calls saying, “Can you audit my company? We have a December 31 year-end, and we need the audit report by March 31.” After some discussion, I think the fee will be around $75,000. But my staff is already working sixty hours a week during this time of the year. Should I take the engagement? 

My answer would be no unless I can create the capacity. How? I can hire additional personnel or maybe I can contract with another firm to assist. If I can’t build additional capacity, then I may let the opportunity pass. 

Far too many firms accept work without sufficient capacity. When this happens, corners are cut, and staff members and partners suffer. Stuffingeven morework into a stressful time of the year is not (always) a wise thing. We lose staff. And if the engagement is deficient, peer review results may take a hit.

When you don’t have the capacity to accept new good clients, consider whether you should discontinue service to existing bad customers.

The Continuance Decision

Quality controls standards call for CPAs to not only develop acceptance procedures, but we are to create continuance protocols as well.

I previously said CPAs often don’t give proper attention to acceptance procedures. So, how about continuance decisions? Even worse. 

Each year, we should ask, “If this was a new client opportunity, would I accept them?” If the answer is no, then why do we continue serving them? 

Here are a few questions to ponder:

  • Has the client paid their prior year fees? 
  • Am I still independent (consider the new Hosting Services interpretation)?
  • Does the client demand more from me than the fee merits?
  • Do I enjoy working with this client?
  • Is the client’s financial condition creating additional risks for my firm?
  • Is the client acting ethically?

Each year, well before the audit starts, ask these questions.

And then consider, is the bottom 10% of my book of business keeping me from accepting better clients? My experience has been that when I have the capacity, new business appears. When capacity is lacking, I don’t. The decision to hold on to bad clients is a decision to close the door to better clients. Don’t be afraid to let go.

Risk Assessment Starts Now

When should we start thinking about risk assessment? Now.

Whether you are going through the initial acceptance procedures or you are making your continuance decision, start thinking about risk assessment now. Assuming you accept the client, you’ll be a step ahead as you begin to develop your audit plan. Ask questions such as:

  • How is your cash flow?
  • Do you have any debt with covenants?
  • Who receives the financial statements?
  • Has the company experienced any fraud losses?
  • How experienced is management?
  • Why are you changing auditors?

Keep these notes for future reference and audit planning. 

The Strangest Audit Ever

As I close this post, I thought I’d share an old war story. One where I did not perform client acceptance correctly. You’ll find this story hard to believe. But it’s true.

YouTube player
church theft
Jan 22

Preventing Church Theft: Tips and Best Practices

By Charles Hall | Asset Misappropriation

Church theft happens, and it’s not uncommon–though I wish it was.

Pastors, deacons, church members, priests, and even nuns steal. Yes, they do. Every time I see an article about this, I shake my head. But they are flawed human beings just like me. So theft happens in churches, synagogues, and other places of worship.

In this article, I explain why fraud is (more) common in the places you least expect. And I provide tips for preventing theft. 

church theft

Theft of Church Offerings

My mother gave me nickels and dimes to put in the offering plate as a kid, but I never thought about where they went. In my mind, maybe to God or Heaven. But no, they went to a church bank account to pay the expenses of our place of worship. And, thankfully, there were no thefts (that I know of).

But over the years, I’ve seen thefts from churches, synagogues, parishes, church schools, seminaries, campus ministries, relief agencies, and Bible colleges.

Why?

People are Flawed

As I said earlier, first, people are flawed, even religious folks. As I’m fond of saying, “Why is ‘Thou shalt not steal’ one of the Ten Commandments? Because people steal.”

Too Much Trust

Secondly, religious persons (and I’m one) tend to be too trusting. We think that because someone works for a ministry or a church-affiliated organization, they are always honest. While this is largely true, some religious people steal, especially when no one is paying attention to what they do. In other words, when there are no internal controls and no oversight.

Ironically, when religious bodies place too much trust in people, they tempt those pastors, priests, deacons, and others. Religious people usually don’t plan to steal but realize–after years of being in a position–they can. After all, no one is watching because trust is over-abundant. And since we can rationalize our actions, we do things we know we should not. No different than any other temptation.

Don’t Tempt Your People

Religious bodies do their people a favor by creating and maintaining proper internal controls. Yes, a favor. Temptation goes down because there are multiple eyes on the processes, as there should be.

I sometimes hear people say that a church is not a business, but a ministry, as though sound business practices are not necessary in a religious environment. My rejoinder is we need to be good stewards of the funds entrusted to us (funds that can be used for wonderful purposes). Ministries lose the trust of their contributors when theft occurs. So, churches need to institute sound internal controls. 

Church theft is common due to the nature of cash flowing into a place of worship. 

The Church Cash Problem

Most religious institutions receive cash contributions to support their missions. And that’s wonderful, but if you’re a fraud prevention guy like me, that’s problematic. Cash, especially physical currencies (like that received during church services), is easily stolen. So, all religious bodies need to review how cash comes into a church body to see if there are internal controls all along the way.

Monies coming in during church services, mail, or any other way need to make it to the bank account safely. So, consider how funds come into your places of worship or support organizations. And make sure multiple people are involved in the collection and deposit process, what we commonly refer to as segregation of duties.

For instance, multiple people (e.g., ushers or deacons) should count funds collected during a church service, and a count sheet should be signed by those present. Later, someone other than the count team should compare the count sheet to the bank deposit. Enter all contributions in the accounting software and periodically provide statements to those persons. The person making these bookkeeping entries should not be on the count team or have any access to cash. Why? The church bookkeeper could steal money but still make entries to the contributions software. Then, the contributor receives a periodic statement reflecting the amount given, but the money doesn’t make it into the church bank account.

In addition to considering regular church services receipts, think about those that are outside your normal processes. For instance, people might drop by the church during the week and provide a contribution to the bookkeeper. 

Church Cash Outflows

While theft of cash inflows is more common, funds can be stolen as they are disbursed. So, be sure you review your payment controls. Again, you want multiple people involved in the process. For example, the persons signing the checks should not be the person entering those transactions in the bookkeeping system. And it’s preferable for the person reconciling the bank account to not sign checks. Then, the person reconciling the bank statement can review the cleared checks for appropriate payees. 

Additionally, make sure your controls over credit cards are strong as well. Support (e.g., receipts) should be provided for each credit card charge, and the person using the card should not be the same person reviewing transactions for appropriateness. 

Obviously, religious bodies also need appropriate payroll controls to ensure those funds are paid to the right persons and in the correct amount.  

Church Theft

In summary, religious bodies need internal controls, just like any entity that receives and spends money. Placing too much trust in religious people is a mistake and can increase church theft. So, protect your church and your people by implementing sound internal controls for funds flowing into and out of your place of worship.  

Single Audit overview
Dec 24

Single Audit Overview: In Five Minutes

By Charles Hall | Accounting and Auditing , Single Audit

Here’s a Single Audit overview in five minutes. This video provides an overview of what a Single Audit is and what an auditor does in performing such an engagement.

YouTube player

Single Audit Overview

First, understand that some entities receive multiple federal grants. Rather than performing an audit of each individual, the Uniform Guidance allows one audit (a Single Audit) based on risk. So, if a city receives seven federal grants in one year, an auditor can perform a single audit that addresses the riskier programs. The video explains how the auditor determines major programs, the riskier grants of the seven received. Those are the ones that will be audited. 

The applicability of the Single Audit to a grantee is based on the entity’s federal expenditures. Audit the entity using the Uniform Guidance when more than $750,000 in federal funds are expended. 

Compliance Supplement

In the video, I also explain how auditors use the Compliance Supplement to audit federal programs. The Compliance Supplement provides a summary of the applicable compliance provisions for federal grants. You can locate a particular grant by searching the Compliance Supplement by its federal assistance listing number. For example, 14.321 is HUD’s Emergency Systems Grant Program.

Single Audit Compliance Areas

Potential compliance areas for federal programs include:

  • Allowability
  • Eligibility
  • Procurement
  • Special Reporting
  • Sub-recipient monitoring
  • And more

Auditors choose the compliance areas that are direct and material, those that are most important. These areas are audited for each major program.

Single Audit Reports

Additionally, Single Audit reports are created by the auditor to communicate the results of the audit. That way, financial statement readers can see if the grantee (e.g., city) used the grant funds appropriately and whether the entity had proper internal controls. The auditor opines upon the major program grant compliance. If noncompliance is present or if related internal controls were not in use, the auditor reports the noncompliance or deficiencies in the Single Audit report. 

Moreover, Single Audit reports include a schedule of expenditures of federal awards (SEFA). The SEFA includes a listing of expended federal awards. 

Federal Audit Clearinghouse

Finally, the Single Audit report is filed with the federal audit clearinghouse once completed. The report is publicly available, so anyone can see the results of the audit. 

Watch the video for the Single Audit overview in five minutes. 

test of controls
Dec 18

Test of Controls: When is It Required?

By Charles Hall | Auditing

Most auditors don’t perform a test of controls? But should they? Below I explain when such a test is required. I also explain why some auditors choose to use this test even when not required. 

test of controls

Once risk assessment is complete, auditors have three further audit procedures they can use to respond to identified risks:

  1. Test of details 
  2. Substantive analytics
  3. Test of controls

This article focuses on the third option.

Below you will see:

  • The Right Response
  • Not Testing Controls (including video about the same)
  • The Decision Regarding Testing 
  • How to Test Controls
  • Required Tests
  • Which Controls to Test
  • Three-year Rotation of Testing
  • Interim or Period-End Testing

The Right Response 

Which responses to risks of material misstatement are best? That depends on what you discover in risk assessment.

If, for example, your client consistently fails to record payables, then assess control risk for completeness at high and perform a search for unrecorded liabilities (a substantive procedure).

By contrast, if the internal controls for receivables are strong, then assess control risk for the existence assertion at less than high, and test controls for effectiveness. (You do, however, have the option to perform substantive tests rather than test controls, even when controls are appropriate. More about this in a moment.)

Not Testing Controls

Many auditors assess control risk at high (after risk assessment is complete) and use a fully substantive approach. That is fine, especially in audits of smaller entities. Why? Because smaller entities tend to have weaker controls. As a result, controls may not be effective. Therefore, you may not be able to assess control risk at less than high. 

Control risk assessments of less than high must be supported with a test of controls to prove their effectiveness. But if controls are not effective, you must assess control risk at high. This is one reason why you might bypass testing controls: you know, either from prior experience or from current-year walkthroughs, that controls are not effective. If your test reveals ineffectiveness, you are back to square one: a control risk assessment of high. Then substantive procedures are your only option. In such a situation, the initial test was a waste of time. 

The Decision Regarding Testing 

But if controls are effective, why not test them? Doing so allows you to reduce your substantive procedures. There is one reason, however, why you might not test controls even though they appear appropriate: substantive tests may take less time.

Once risk assessment is complete, your responses—the further audit procedures—are based on efficiency and effectiveness. If control testing takes less time, then use this option. If substantive procedures takes less time, then perform a test of details or use substantive analytics. But, regardless of efficiency considerations, address all risks with appropriate responses.

YouTube player

How to Test Controls 

Suppose you’ve decided to test controls for effectiveness. But how? Let’s look at an example starting with risk assessment.

Risk Assessment

Your approach to testing controls depends on risk. 

For example, suppose your billing and collections walkthrough reveals appropriate segregation of duties. You see that authorized personnel issue receipts for each payment received. Additionally, you determine that total daily cash inflows are reconciled by the collections supervisor to the online bank statement, and she signs off on a reconciliation sheet as evidence of this procedure. Lastly, you note that a person not involved in cash collections reconciles the monthly bank statement. In other words, controls are properly designed and in use. 

Furthermore, you believe completeness is a relevant assertion. Why? Theft of incoming cash is a concern since the business handles a high volume of customer checks. If checks are stolen, cash collections would not be complete. Consequently, the inherent risk for completeness is high. The fraud risk is a significant risk which requires a test of details in addition to the test of controls.

Test Supports Effectiveness

Now it’s time to test for effectiveness. 

Test the receipt controls on a sample basis. But before doing so, document the controls you desire to test and the sample size determinations. (See AICPA’s Audit Sampling standard, AU-C 530.)

The first control you are testing is the issuance of receipts by an authorized person and your sample size might be sixty. 

The second control you are testing is the daily reconciliation of cash to the bank statement. For example, you could agree total daily receipts to the bank statement for twenty-five days. As you do so, you review the daily sign-offs on the reconciliation sheets. Why? The collection supervisor’s sign-off is the evidence that the control was performed. 

The third control you are reviewing is the reconciliation of the bank account by a person not involved in the receipting process. So, you review the year-end bank reconciliation and confirm that the person that reconciled the bank statement was not involved in cash collections. 

Once the tests are performed, determine whether the controls are effective. If they are, assess control risk for the completeness assertion at less than high. Now you have support for that lower assessment. 

And what about substantive tests?

You need to perform a test of details since a significant risk (the fraud risk) is present. You might, for example, reconcile the daily total receipts to the general ledger for a month.

Test Doesn’t Support Effectiveness

If your tests do not support effectiveness, expand your sample size and examine additional receipts. Or skip the tests (if you believe the controls are not effective) and move to a fully substantive approach. Regardless, if controls are not effective, consider the need to communicate the control deficiency to management and those charged with governance. 

So, when should you test controls? First let’s look at required tests and then optional ones. 

Required Audit Tests of Controls

Here are two situations where you must test controls:

  • When there is a significant risk and you are placing reliance on controls related to that risk
  • When substantive procedures don’t properly address a risk of material misstatement

Let me explain.

Auditing standards allow a three-year rotation for control testing, as long as the area tested is not a significant risk. But if the auditor plans to rely on a test of controls related to a significant risk, operating effectiveness must be tested annually. 

Also a test of controls is necessary if substantive procedures don’t properly address a risk of material misstatement. For example, consider the controls related to reallocation of investments in a 401(k). The participant goes online and moves funds from one account to another. Other than the participant, there are no humans involved in the process. When processes are fully automated, substantive procedures may not provide sufficient audit evidence. If that is your situation, you must test of controls. Thankfully, a type 2 service organization control report is usually available in audits of 401(k)s. Such a report provides evidence that controls have already been tested by the service organization’s auditor. And you can place reliance upon those tests. In most cases, substantive procedures can properly address risks of material misstatement. So this test requirement is usually not relevant. 

Optional Audit Test of Controls

We just covered the two situations when testing is required. All other control testing is optional.

internal controls

Prior to making the decision about testing, consider the following:

  • Do you anticipate effectiveness? There’s no need to test an ineffective control. 
  • Does the control relate to an assertion for which you desire a lower control risk? 
  • Will it take less time to test the control than to perform a substantive procedure? Sometimes you may not know the answer to this question until you perform the test of controls. If the initial test does not prove effectiveness, then you have to expand your sample or just punt—in other words, use a fully substantive approach. 
  • Will you use the control testing in conjunction with a test of details or substantive analytics? How would effective controls reduce these substantive tests? In other words, how much substantive testing time would you save if the control is effective?
  • Is the control evidence physical or electronic? For example, are the entity’s receipts in a physical receipt book or in a computer? It’s usually easier to test electronic evidence.
  • How large will your sample size be? Some controls occur once a month. Others, thousands of times in the period. The larger the population, the larger the sample. And, of course, the larger the sample size, the more time it will take to perform the test. 
  • Can you test the population as a whole without sampling? Data analytics software—in some instances—can be used to test the entire population. For example, if a purchase order is required for all payments above $5,000, it might be easy to compare all payments above the threshold to purchase orders, assuming the purchase orders are electronic. 

Three-Year Rotation of Testing

As I said earlier, audit standards allow a three-year rotation for testing. For example, if you test accounts payable controls in 2020, then you can wait until 2023 to test them again. In 2021 and 2022, you need to ensure that these controls have not changed. You also want to determine that those controls have continuing relevance in the current audit. How? See if the controls continue to address a risk of material misstatement. And as you perform your annual walkthroughs, inquire about changes, observe the controls, and inspect documents. Why? You want to know that everything is working as it was in 2020, when the initial test was performed. And, yes, you do need to perform those walkthroughs annually, if that is how you corroborate your understanding of controls.

In short, testing for effectiveness can, in most cases, occur every three years. But walkthroughs are necessary each year. If you tested sixty transactions for an appropriate purchase order in 2020, then you can wait until 2023 to do so again. But review of the purchase order process each year in your annual walkthroughs. 

So should you test controls at interim or after year-end?

Interim or Period-End Testing

Some auditors test controls after the period-end (after year-end in most cases). Others at interim. Which is best?

It depends.

interim audit test

Perform interim tests if this fits better in your work schedule. Here’s an example: You perform an interim test on November 1, 2021. Later, say in February 2022, consider whether controls have changed during the last two months of the year. See if the same people are performing those controls. And consider performing additional tests for the November 1 to December 31 period. Once done, determine if the controls are effective. 

Testing on an interim date is not always the answer. For example, if management is inclined to manipulate earnings near year-end, then interim tests may not be appropriate

If you choose to test after period-end, then do so for the full period being audited. Your sample should be representative of that timeframe.

So should you ever test controls at a point in time and not over a period of time? Yes, sometimes. For example, test inventory count controls at year-end only. Why? Well those controls are only relevant to the year-end count, a point in time. Most controls, however, are in use throughout the period you are auditing. Therefore, you need to test those controls over that period of time (e.g., year).

Conclusion

As I said above, many auditors tend to rely fully on substantive responses to the risks of material misstatement. But, in some cases, that may not be the best or wisest approach. If controls are designed well and functioning, why not test them? Especially if it takes less time than substantive procedures.

Finally, take a look at my two related articles regarding responses to the risk of material misstatement: (1) Test of Details: Substantive Procedures and (2) Substantive Analytical Procedures: Power Up.

>