audit risk assessment
Feb 15

Audit Risk Assessment: The Why and the How

By Charles Hall | Auditing

Today we look at one of most misunderstood parts of auditing: audit risk assessment.

Are auditors leaving money on the table by avoiding risk assessment? Can inadequate risk assessment lead to peer review findings? This article shows you how to make more money and create higher quality audit documentation.

risk assessment

Audit Risk Assessment as a Friend

Audit risk assessment can be our best friend, particularly if we desire efficiency, effectiveness, and profit—and who doesn’t?

This step, when properly performed, tells us what to do—and what can be omitted. In other words, risk assessment creates efficiency.

So, why do some auditors (intentionally) avoid audit risk assessment? Here are two reasons:

  1. We don’t understand it
  2. We're creatures of habit

Too often auditors continue doing the same as last year (commonly referred to as SALY)--no matter what. It’s more comfortable than using risk assessment.

But what if SALY is faulty or inefficient?  

Maybe it’s better to assess risk annually and to plan our work accordingly (based on current conditions).

Are We Working Backwards?

The old maxim “Plan your work, work your plan” is true in audits. Audits—according to standards—should flow as follows:

  1. Determine the risks of material misstatements (plan our work)
  2. Develop a plan to address those risks (plan our work)
  3. Perform substantive procedures (work our plan)
  4. Issue an opinion (the result of planning and working)

Auditors sometimes go directly to step 3. and use the prior year audit programs to satisfy step 2. Later, before the opinion is issued, the documentation for step 1. is created “because we have to.”

In other words, we work backwards.

So, is there a better way?

A Better Way to Audit

Audit standards—in the risk assessment process—call us to do the following:

  1. Understand the entity and its environment
  2. Understand the transaction level controls
  3. Use planning analytics to identify risk
  4. Perform fraud risk analysis
  5. Assess risk

While we may not complete these steps in this order, we do need to perform our risk assessment first (1.-4.) and then assess risk.

Okay, so what procedures should we use?

Audit Risk Assessment Procedures

AU-C 315.06 states:

The risk assessment procedures should include the following:

  • Inquiries of management, appropriate individuals within the internal audit function (if such function exists), others within the entity who, in the auditor's professional judgment, may have information that is likely to assist in identifying risks of material misstatement due to fraud or error
  • Analytical procedures
  • Observation and inspection

I like to think of risk assessment procedures as detective tools used to sift through information and identify risk.

Risk assessment

Just as a good detective uses fingerprints, lab results, and photographs to paint a picture, we are doing the same.

First, we need to understand the entity and its environment.

Understand the Entity and Its Environment

The audit standards require that we understand the entity and its environment.

I like to start by asking management this question: "If you had a magic wand that you could wave over the business and fix one problem, what would it be?"

The answer tells me a great deal about the entity's risk.

I want to know what the owners and management think and feel. Every business leader worries about something. And understanding fear illuminates risk.

Think of risks as threats to objectives. Your client's fears tell you what the objectives are--and the threats. 

To understand the entity and its related threats, ask questions such as:

  • How is the industry faring?
  • Are there any new competitive pressures or opportunities?
  • Have key vendor relationships changed?
  • Can the company obtain necessary knowledge or products?
  • Are there pricing pressures?
  • How strong is the company’s cash flow?
  • Has the company met its debt obligations?
  • Is the company increasing in market share?
  • Who are your key personnel and why are they important?
  • What is the company’s strategy?
  • Does the company have any related party transactions?

As with all risks, we respond based on severity. The higher the risk, the greater the response.

Audit standards require that we respond to risks at these levels:

  • Financial statement level
  • Transaction level

Responses to risk at the financial statement level are general, such as appointing more experienced staff for complex engagements.

Responses to risk at the transaction level are more specific such as a search for unrecorded liabilities.

But before we determine responses, we must first understand the entity's controls.

Understand Transaction Level Controls

We must do more than just understand transaction flows (e.g., receipts are deposited in a particular bank account). We need to understand the related controls (e.g., Who enters the receipt in the general ledger? Who reviews receipting activity?). 

So, as we perform walkthroughs or other risk assessment procedures, we gain an understanding of the transaction cycle, but—more importantly—we gain an understanding of controls. Without appropriate controls, the risk of material misstatement increases.


 AU-C 315.14 requires that auditors evaluate the design of their client's controls and to determine whether they have been implemented. However, AICPA Peer Review Program statistics indicate that many auditors do not meet this requirement. In fact, noncompliance in this area is nearly twice as high as any other requirement of AU-C 315 - Understanding the Entity and Its Environment and Assessing the Risk of Material Misstatement.


Some auditors excuse themselves from this audit requirement saying, "the entity has no controls."  


All entities have some level of controls. For example, signatures on checks are restricted to certain person. Additionally, someone usually reviews the financial statements. And we could go on.


The AICPA has developed a practice audit that you'll find handy in identifying internal controls in small entities.


The use of walkthroughs is probably the best way to understand internal controls.

Sample Walkthrough Questions 

As you perform your walkthroughs, ask questions such as:

  • Who signs checks?
  • Who has access to checks (or electronic payment ability)?
  • Who approves payments?
  • Who initiates purchases?
  • Who can open and close bank accounts?
  • Who posts payments?
  • What software is used? Does it provide an adequate audit trail? Is the data protected? Are passwords used?
  • Who receives and opens bank statements? Does anyone have online access? Are cleared checks reviewed for appropriateness?
  • Who reconciles the bank statement? How quickly? Does a second person review the bank reconciliation?
  • Who creates expense reports and who reviews them?
  • Who bills clients? In what form (paper or electronic)?
  • Who opens the mail?
  • Who receipts monies?
  • Are there electronic payments?
  • Who receives cash onsite and where?
  • Who has credit cards? What are the spending limits?
  • Who makes deposits (and how)?
  • Who keys the receipts into the software?
  • What revenue reports are created and reviewed? Who reviews them?
  • Who creates the monthly financial statements? Who receives them?
  • Are there any outside parties that receive financial statements? Who are they?

Understanding the company’s controls illuminates risk. The company’s goal is to create financial statements without material misstatement. And a lack of controls threatens this objective.

So, as we perform walkthroughs, we ask the payables clerk (for example) certain questions. And—as we do—we are also making observations about the segregation of duties. Also, we are inspecting certain documents such as purchase orders.

This combination of inquiries, observations, and inspections allows us to understand where the risk of material misstatement is highest.

In a recent AICPA study regarding risk assessment deficiencies, 40% of the identified violations related to a failure to gain an understanding of internal controls.

40%
failure to gain understanding of internal controls

Need help with risk assessment walkthroughs?

See my article Audit Walkthroughs: The What, Why, How, and When.

Another significant risk identification tool is the use of planning analytics.

Planning Analytics

Use planning analytics to shine the light on risks. How? I like to use:

  • Multiple-year comparisons of key numbers (at least three years, if possible)
  • Key ratios

In creating planning analytics, use management’s metrics. If certain numbers are important to the company, they should be to us (the auditors) as well—there’s a reason the board or the owners are reviewing particular numbers so closely. (When you read the minutes, ask for a sample monthly financial report; then you’ll know what is most important to management and those charged with governance.)

You may wonder if you can create planning analytics for first-year businesses. Yes, you can. Compare monthly or quarterly numbers. Or you might compute and compare ratios (e.g., gross profit margin) with industry benchmarks. (For more information about first-year planning analytics, see my planning analytics post.)

Sometimes, unexplained variations in the numbers are fraud signals.

Identify Fraud Risks

In every audit, inquire about the existence of theft. In performing walkthroughs, look for control weaknesses that might allow fraud to occur. Ask if any theft has occurred. If yes, how?

Also, we should plan procedures related to:

  • Management override of controls, and
  • The intentional overstatement of revenues

My next post—in The Why and How of Auditing series—addresses fraud, so this is all I will say about theft, for now. Sometimes the greater risk is not fraud but errors.

Same Old Errors

Have you ever noticed that some clients make the same mistakes—every year? (Johnny--the controller--has worked there for the last twenty years, and he makes the same mistakes every year. Sound familiar?) In the risk assessment process, we are looking for the risk of material misstatement whether by intention (fraud) or by error (accident).

One way to identify potential misstatements due to error is to maintain a summary of the larger audit entries you’ve made over the last three years. If your client tends to make the same mistakes, you’ll know where to look.

Now it’s time to pull the above together.

Creating the Risk Picture

Once all of the risk assessment procedures are completed, we synthesize the disparate pieces of information into a composite image

Synthesis of risks

What are we bringing together? Here are examples:

  • Control weaknesses
  • Unexpected variances in significant numbers
  • Entity risk characteristics (e.g., level of competition)
  • Large related-party transactions
  • Occurrences of theft

Armed with this risk picture, we can now create our audit strategy and audit plan (also called an audit program). Focus these plans on the higher risk areas.

How can we determine where risk is highest? Use the risk of material misstatement (RMM) formula.

Assess the Risk of Material Misstatement

Understanding the RMM formula is key to identifying high-risk areas.

What is the RMM formula?

Put simply, it is:

Risk of Material Misstatement = Inherent Risk X Control Risk

Using the RMM formula, we are assessing risk at the assertion level. While audit standards don’t require a separate assessment of inherent risk and control risk, consider doing so anyway. I think it provides a better representation of your risk of material misstatement.

Here's a short video about assessing inherent risk.

And another video regarding control risk assessment.

Once you have completed the risk assessment process, control risk can be assessed at high--simply as an efficiency decision. See my article Assessing Audit Control Risk at High and Saving Time

The Input and Output

The inputs in audit planning include all of the above audit risk assessment procedures.

The outputs (sometimes called linkage) of the audit risk assessment process are:

  • Audit strategy
  • Audit plan (audit programs)
Linking risk assessment to audit planning

We tailor the strategy and plan based on the risks..

In a nutshell, we identify risks and respond to them.

(In a future post in this series, I will provide a full article concerning the creation of audit strategy and plans.)

Next in the Audit Series

In my next post, we’ll take a look at the Why and How of Fraud Auditing. So, stay tuned.

If you haven’t subscribed to my blog, do so now. See below.


changes in accounting for equity securities
Feb 14

ASU 2016-01 – Changes in Accounting for Equity Securities

By Charles Hall | Accounting

Are you aware of the coming changes in accounting for equity securities?

In the past, FASB required that changes in the fair value of available-for-sale equity investments be parked in accumulated other comprehensive income (an equity account) until realized--that is, until the equity investment was sold. In other words, the unrealized gains and losses of equity investments were not recognized in net income until the investments were sold. This is about to change.

Changes in equity investments will generally be reflected in net income as they occur--even before the equity investments are sold. 

The guidance for classifying and measuring investments in debt securities is unchanged.

changes in accounting for equity securities

Changes in Accounting for Equity Securities

First, ASU 2016-01 removes the current guidance regarding classification of equity securities into different categories (i.e., trading or available-for-sale)

Secondly, the new standard requires that equity investments  generally be measured at fair value with changes in fair value recognized in net income (see exceptions below). Companies will no longer recognize changes in the value of available-for-sale equity investments in other comprehensive income (as we have in the past).

Exceptions

ASU 2016-01 generally requires that equity investments be measured at fair value with changes in fair value recognized in net income. There are some equity investments that are not treated in this manner such as equity method investments and those that result in consolidation of the investee.

Is the accounting for equity investments without readily determinable fair values different? It can be.

Equity Investments without Readily Determinable Fair Values

An entity may choose to measure equity investments that do not have readily determinable fair values at cost minus impairment.  This election should be documented at the time of adoption (for existing securities) or at the time of purchase for securities acquired subsequent to the date of adoption. The alternative can be elected on an investment-by-investment basis.

Why make the election to measure equity investments that do not have readily determinable fair values at cost minus impairment? Because of the difficulty of determining the fair value of such investments. This election will probably be used by entities that previously carried investments at cost. 

ASU 2016-01 requires that equity investments without readily determinable fair values undergo a one-step qualitative assessment to identify impairment (similar to what we do with long-lived assets and goodwill). 

At each reporting period, an entity that holds an equity security shall make a qualitative assessment considering impairment indicators to evaluate whether the investment is impaired. Impairment indicators that an entity considers include, but are not limited to, the following:

  • A significant deterioration in the earnings performance, credit rating, asset quality, or business prospects of the investee
  • A significant adverse change in the regulatory, economic, or technological environment of the investee
  • A significant adverse change in the general market condition of either the geographical area or the industry in which the investee operates
  • A bona fide offer to purchase, an offer by the investee to sell, or a completed auction process for the same or similar investment for an amount less than the carrying amount of that investment
  • Factors that raise significant concerns about the investee’s ability to continue as a going concern, such as negative cash flows from operations, working capital deficiencies, or noncompliance with statutory capital requirements or debt covenants.

So what happens if there is an impairment?

321-10-35-3 of the FASB Codification states, "An equity security without a readily determinable fair value that does not qualify for the practical expedient to estimate fair value in accordance with paragraph 820-10-35-59...shall be written down to its fair value if a qualitative assessment indicates that the investment is impaired and the fair value of the investment is less than its carrying value." (820-10-35-59 deals with measuring the fair value of investments in certain entities that calculate net asset value per share.)

How is the change in value to be reflected in the income statement?

If an equity security without a readily determinable fair value is impaired, the entity should include the impairment loss in net income equal to the difference between the fair value of the investment and its carrying amount.

Presentation of Financial Instruments

Entities are to present their financial assets and liabilities separately in the balance sheet or in the notes to the financial statements. This disaggregated information is to be presented by:

  • Measurement category (i.e., cost, fair value-net income, and fair value-OCI
  • Form of financial asset (i.e., securities or loans and receivables)

So, financial assets measured at fair value through net income are to be presented separately from assets measured at fair value through other comprehensive income.

Debt Securities Accounting 

U.S. GAAP for classification and measurement of debt securities remains the same. Show unrealized holding gains and losses on available-for-sale debt securities in other comprehensive income.

Disclosure Eliminated - Financial Instruments Measured at Amortized Cost

ASU 2016-01 removes a prior disclosure requirement. In the past, entities disclosed the fair value of financial instruments measured at amortized cost. Examples include notes receivables, notes payable, and debt securities. ASU 2016-01 removes this disclosure requirement for entities that are not public business entities

Effective Dates for ASU 2016-01

ASU 2016-01 says the following concerning effective dates:

For public business entities, the amendments in this Update are effective for fiscal years beginning after December 15, 2017, including interim periods within those fiscal years.

For all other entities including not-for-profit entities and employee benefit plans within the scope of Topics 960 through 965 on plan accounting, the amendments in this Update are effective for fiscal years beginning after December 15, 2018, and interim periods within fiscal years beginning after December 15, 2019. All entities that are not public business entities may adopt the amendments in this Update earlier as of the fiscal years beginning after December 15, 2017, including interim periods within those fiscal years.

Also, the provision exempting nonpublic entities from the requirement to disclose fair values of financial instruments can be early adopted.

Initial Accounting

An entity should apply the amendments by means of a cumulative-effect adjustment to the balance sheet as of the beginning of the fiscal year of adoption.

The amendments related to equity securities without readily determinable fair values (including disclosure requirements) should be applied prospectively to equity investments that exist as of the date of adoption of ASU 2016-01.

readers digest - information for CPAs
Feb 14

Reader’s Digest: Information for CPAs

By Charles Hall | Accounting and Auditing , Technology

Here are a few articles (and one TED talk) that I believe you will find of interest as a CPA.

readers digest - information for CPAs

What AI Is--and Isn't

This TED talk provides you with a better understanding of artificial intelligence (AI). Educator and entrepreneur Sebastian Thrun is interviewed by Chris Anderson. Watch What AI Is--And Isn't. In the talk, Sebastian discusses how Udacity students created self-driving code in forty-eight hours.. In another AI example, he demonstrates the use of AI to diagnose skin cancer--even better than board-certified dermatologists. 

Revenue Recognition: A Private Company Disclosure Guide

Many of you are in the middle of adopting ASC 606 - Revenue from Contracts with Customers. As you have discoverd, there are many new disclosures to include in your financial statements. If you're looking for 606 disclosure examples for private companies, you'll find them here. Liz Gantnier with Dixon Hughes Goodman has created a wonderful guide. See section D. 

Langley Air Force Base Secretary Faked Payroll for 17 Years, Giving Herself an Extra $1.46 Million

This articles proves again that fraud schemes don't have to be complicated to be successful. In 2017, the fraudster's base pay was $51,324 but she took home $119,585. Between 2001 and 2018, she falsely claimed 47,8247 overtime hours. Read the article here.

Lease Accounting: Bus Example

This article provides a great summary of GASB 87 lease journal entries. It also shows you how to compute the right-of-use asset and lease liability. Check out Lease Accounting: Bus Example from BakerTilly. (You'll see a link to download the presentation.) If you audit governments or work for one, you'll find this article useful. The effective date of GASB 87 is years beginning after December 15, 2018. 

White House proposes folding PCAOB into SEC by 2022

The White House is proposing to fold the PCAOB into the SEC. Read about it here in an Accounting Today article.

Book Recommendations

If you missed my book recommendations last month, you'll see five that I recommend here. They will make you a better CPA--and person.

Save Time with Online Meetings
Feb 10

CPAs Save Time with Online Meetings: Getting Started

By Charles Hall | Technology

CPAs save time with online meetings. At least, they do if they know how.

Are you tired of driving hours to see clients? Or maybe you drive two hours to meet with a customer and realize you left files on your office computer. Online meetings solve these problems and make you more accessible. Below I show you how to get started. 

Save Time with Online Meetings

Pick an Online Meeting Solution

First, you need to choose a video conferencing solution.

Some popular alternatives include:

Here is a PC Magazine article that compares these products (and others). All of these packages offer free trial versions. And they all provide similar abilities. The main thing is they allow me to share what’s on my computer monitor and my voice. 

So, what video conferencing software do I use? Zoom. Why? It is easy to use and reliable. While Zoom offers a free version, I use their paid Pro version. Below I demonstrate a Zoom session so you can see just how easy online meetings are.

 

The point of this article is not to sell you on a particular online meeting product (though I do like Zoom), but to sell you on the concept. I have spent years of my life (at least it feels that way) driving to and from clients’ offices. So when I heard about online meetings, I gave it a try.

My First Online Meeting

My first online meeting sold me. A few years ago I was assisting an attorney with a forensic project. My final report was several hundred pages long. Rather than making a 4.5-hour trip to meet with my client, I did the following:

  • Opened the draft report on my center computer screen
  • Opened supporting documents on my two side computer screens
  • Shared my center computer screen using my online meeting software—the attorney, once he clicked the link I emailed him (see the next bullet), could see my screen
  • Sent the attorney an email (with a hyperlink) to join the meeting—my online software automatically created the email as I invited him 
  • Called the attorney with my cell phone and went hands-free so I could use my mouse (you can use your computer audio, I just prefer using my phone)
  • When the attorney answered my call, I told him I had sent him an invitation email, and I walked him through connecting (which took less than two minutes)
  • We reviewed the draft report from my center computer screen
  • When needed, I moved supporting documents from my two side screens to the center display (and then moved them off as needed)—think of this as moving information on and off stage

The meeting lasted one hour. Once done, the attorney said to me, “This is one of the best meetings I’ve ever attended.” 

So rather than taking 5.5 hours (4.5 hours of driving and the 1-hour session), the meeting took 1.5 hours (including setup time). I saved four hours—and I didn’t even have to sit in the attorney’s lobby and wait for him. Also, I didn’t have to stop and refuel my vehicle—or file an expense report.

If sharing video works with an out-of-town client, does it work with in-the-office staff?

Online Conferencing in My Office

Yes, online meetings work with others in your office as well. Why? For the same reasons. I can share any information from my computer screen. And I can invite several people to the meeting at the same time. They can view what I am sharing from the comfort of their offices. Believe me, it’s better than several people huddling around one computer.

Other Online Meeting Thoughts

Here are some additional thoughts about online meetings.

Though I don’t do so often, I can record my online meetings in Zoom. Then if I need to watch the session, I can.

Once you are in a Zoom meeting you can share your mouse. This allows your client to control your computer. I find this useful when my client wants to show me something. Rather than the client telling me where to click, I simply hand the mouse control over to her. Then she can move around in the documents we are viewing.

Are there any downsides to online meetings? Yes. Some people don’t want to be seen. Perhaps they are working from home and are still in their pajamas. If they have their camera on, you will see them, and if your camera is on, guess what? Yep. They can see you. You can, however, turn your camera off. And they can as well.

For a more professional look, consider buying a video camera. I use a Logitech 930e (cost is $71.50). It sits on top of my right monitor. Why buy a camera? For higher quality video. Additionally, the camera has a microphone. If you’re wondering about the quality of the video from this device, see the recording above. I used the Logitech 930e for that one.

Sharing Video with a Client

What if your client is too busy for an online meeting? Record a video and share it. I can do so from Zoom, but I use Camtasia to record my videos. (A single license is $249.)

Say you need to explain the details in a lease document. And you want to show and explain the related journal entries. Turn Camtasia on and shoot the recording with your Logitech camera. Whatever appears on your monitor (e.g., lease agreement in a PDF; journal entries in Excel) is captured in the video. Once done, save the video and send a link to your client. And why do this? So your client can watch the presentation at her convenience.

Don’t want to be seen on video? Then turn it off. Camtasia provides that option. You can record what you present on your monitor and your voice narration–with no video.

I store my videos on Screencast. The cost is $99.95 per year.

You may wonder why I use Camtasia and Screencast, especially when I can record and store video with Zoom. The short answer is I create training videos. Camstasia gives me better editing capabilities. And Screencast was built for the purpose of sharing videos. So the two products (both made by TechSmith) work well together for the creation and sharing of video.

Sharing Video with Your CPA Firm Members

I create and share videos with my partners and staff. Once a video is created, I store it on my Screencast site. Then I share the video link on our firm intranet. That way I can demonstrate something once and share it with everyone. 

Your Thoughts

Do you already use online meeting or video capture software? If yes, what solutions do you use? Share your suggestions below.

Client Acceptance and Continuance
Feb 09

Client Acceptance and Continuance: The Why and How

By Charles Hall | Auditing

Client acceptance and continuance may be the most critical step in an audit, but it’s one that gets little attention. A prospective client calls saying, “Can you audit my company?” and we respond, “sure.” While new business can be a good thing, relationships need appropriate vetting. Not doing so can lead to significant (and sometimes disastrous) consequences.

New Relationships

My daughter recently met a young man on Instagram. Not unusual these days. But now the relationship is entering into its third month. They talk every day for two or three hours. So far, they have not been in the same room—and not even in the same city. Skype, yes. Physical presence, no. That’s happening at the end of this month. (He lives eight hours away.)

So what do Mom and Dad think about all of this? Well, it’s fine. My wife checked him out on Facebook (I know you’ve never done this). And my daughter has told us all about the “fella” and his family. We like what we’re hearing. He has similar beliefs. He has a job (Yay!), and he has graduated from college. His family background is like ours.

Why do we want to know all the details about the young man? Because relationships impact people—my daughter, the young man, his family members, and yes, my wife and I. We want everyone to be happy.

Client Acceptance 

And that’s what good relationships create. Happiness. The same is true with clients. As Steven Covey said, “think win, win.” When the customer wins, and your CPA firm wins, everyone is happy. Mutual needs are met.

Careless CPAs accept business with only one consideration: Can I get paid? 

While getting paid is important, other factors are also critical.

Here are a few things to consider:

  1. Are they ethical?
  2. Are you independent?
  3. Do you have the technical ability to serve them?
  4. Do you the capacity to serve them?

Are They Ethical?

I want my daughter to marry a guy with beliefs that correspond with who she is. Is he honest? Would he steal? Is he transparent? Who are his associates? What do others think of him? 

We ask similar questions about accepting a new client. Audit standards require us to consider whether the prospective client has integrity. If the company is not morally straight, then there’s no need to move forward. 

(The predecessor auditor can provide information about their interactions with the company. Audit standards require contact with the predecessor auditor prior to acceptance.)

Are You Independent?

The time to determine your firm’s independence is the beginning—not at the conclusion of the audit.

Consider what happens—during a peer review—when a firm is not independent, and it has issued an audit opinion. The original audit report will be recalled, and I’ll bet the company asks for and receives a full refund of your audit fee. Now, the company needs to be re-audited.  (Oh, and there’s that impact on the peer review report.)

Pay attention to requested nonattest services—such as preparation of financial statements. If the client has no one with sufficient skill, knowledge, and experience to accept responsibility for such services, you may not be independent. See the AICPA’s Plain English Guide to Independence for more information. (You can see additional help-aids in my list of online resources for CPAs. )

Do You Have the Technical Ability to Serve Them?

If you can pick up a client in an industry in which you have no experience, should you? Possibly, but it depends on whether you can appropriately understand the client and their industry before you conduct the engagement. Some new customers may not be complicated. In those cases, CPE may get you into position to provide the audit. 

But what if the potential engagement involves a highly sophisticated industry and related accounting standards for which you are ill-equipped? It may be better to let the engagement go and refer it to an audit firm that has the requisite knowledge. Or maybe you can partner with the other firm. 

Do You Have the Capacity to Serve Them?

A prospective client calls saying, “Can you audit my company? We have a December 31 year-end, and we need the audit report by March 31.” After some discussion, I think the fee will be around $75,000. But my staff is already working sixty hours a week during this time of the year. Should I take the engagement? 

My answer would be no unless I can create the capacity. How? I can hire additional personnel or maybe I can contract with another firm to assist. If I can’t build additional capacity, then I may let the opportunity pass. 

Far too many firms accept work without sufficient capacity. When this happens, corners are cut, and staff members and partners suffer. Stuffingeven morework into a stressful time of the year is not (always) a wise thing. We lose staff. And if the engagement is deficient, peer review results may take a hit.

When you don’t have the capacity to accept new good clients, consider whether you should discontinue service to existing bad customers.

The Continuance Decision

Quality controls standards call for CPAs to not only develop acceptance procedures, but we are to create continuance protocols as well.

I previously said CPAs often don’t give proper attention to acceptance procedures. So, how about continuance decisions? Even worse. 

Continuance Decision

Picture from AdobeStock.com

Each year, we should ask, “If this was a new client opportunity, would I accept them?” If the answer is no, then why do we continue serving them? 

Here are a few questions to ponder:

  • Has the client paid their prior year fees? 
  • Am I still independent (consider the new Hosting Services interpretation)?
  • Does the client demand more from me than the fee merits?
  • Do I enjoy working with this client?
  • Is the client’s financial condition creating additional risks for my firm?
  • Is the client acting ethically?

Each year, well before the audit starts, ask these questions.

And then consider, is the bottom 10% of my book of business keeping me from accepting better clients? My experience has been that when I have the capacity, new business appears. When capacity is lacking, I don’t. The decision to hold on to bad clients is a decision to close the door to better clients. Don’t be afraid to let go.

Risk Assessment Starts Now

When should we start thinking about risk assessment? Now.

Whether you are going through the initial acceptance procedures or you are making your continuance decision, start thinking about risk assessment now. Assuming you accept the client, you’ll be a step ahead as you begin to develop your audit plan. Ask questions such as:

  • How is your cash flow?
  • Do you have any debt with covenants?
  • Who receives the financial statements?
  • Has the company experienced any fraud losses?
  • How experienced is management?
  • Why are you changing auditors?

Keep these notes for future reference and audit planning. 

Next Post in this Series

The above is the first post in The Why and How of Auditing. My next post will be Audit Risk Assessment: The Why and How. Subscribe to my blog (see below) to make sure you don’t miss anything.

Review Quiz

>