audit documentation
Jan 16

Audit Documentation: If It’s Not Documented, It’s Not Done

By Charles Hall | Auditing

Peer reviewers are saying, “If it’s not documented, it’s not done.” Why? Because standards require sufficient audit documentation. And if it’s not documented, the peer reviewer can’t give credit for performance. 

But what does sufficient documentation mean? What should be in our work papers? How much is necessary? This article answers these questions.

audit documentation

In the AICPA’s Enhanced Oversight program, one in four audits is nonconforming due to a lack of sufficient documentation. This has been and continues to be a hot-button peer review issue. And it’s not going away. 

But auditors ask, “What is sufficient documentation?” That’s the problem, isn’t it? The answer is not black and white. We know good documentation when we see it–and poor as well. It’s the middle that is fuzzy. Too often audit files are poor-to-midland. Why? 

First, many times it boils down to profit. Auditors can make more money by doing less work. So, let’s go ahead and state the obvious: Quality documentation takes more time and may lessen profit. But what’s the other choice? Poor work.

Second, the auditor may not understand what the audit requirements are. So, in this case, it’s not motive (for more profit), it’s a lack of understanding.

Thirdly, another contributing factor is that firms often bid for work–and low price usually carries the day. Then, when it’s time to do the work, there’s not enough budget (time)–and quality suffers. Corners are cut. Planning is disregarded. Audit programs are poorly designed. Confirmations, walkthroughs, fraud inquiries are omitted. And yes, it’s easier–at least in the short run.

Even though these reasons may be true, we all know that quality is the foundation of every good CPA firm. And work papers tell the story–the real story–about a firm’s character. How would you rate your work paper quality? Is it excellent, average, poor? If you put your last audit file on this website and everyone could see it, would you be proud? Or does it need improvement?

Insufficient Audit Documentation

So, what is insufficient audit documentation?

First, let’s look at examples of poor documentation:

  • Signing off on audit steps with no supporting work papers (and no explanation on the audit program)
  • Placing a document in a file without explaining why (what is its purpose?)
  • Not signing off on audit steps
  • Failing to reference audit steps to supporting work papers
  • Listing a series of numbers on an Excel spreadsheet without explaining their source (where did they come from? who provided them?)
  • Not signing off on work papers as a preparer
  • Not signing off on work papers as the reviewer
  • Failing to place excerpts of key documents in the file (e.g., debt agreement)
  • Performing fraud inquiries but not documenting who was interviewed (their name) and when (the date)
  • Not documenting the selection of a sample (why and how)
  • Failing to explain the basis for low inherent risk assessments
  • Key bank accounts and debt are not confirmed
  • Not documenting the reason for not sending receivable confirmations
  • A lack of retrospective reviews
  • A failure to document the current year walkthroughs for significant transaction cycles (the file contains a generic description of controls with no evidence of a current year review)
  • Not documenting COSO deficiencies (e.g., tone at the top, management’s risk assessment procedures)
  • A failure to document risk assessments
  • Low control risk assessments without a test of controls
  • A lack of linkage from the risk assessment to the audit plan
  • No independence documentation though nonattest services are provided

This list is not comprehensive, but it provides examples to consider. This list is based on my past experiences. Probably the worst offense (at least in my mind) is signing off on an audit program with no support.

AICPA Findings

Additionally, the AICPA has identified the following deficiencies. Work papers lack:

  • Tests of controls over compliance in a single audit
  • Determinations of direct and material Single Audit compliance requirements 
  • Eligibility testing in Employee Benefit Plan audits

Sufficient Audit Documentation According to AU-C 230

Now, let’s examine what constitutes sufficient documentation.

AU-C 230 Audit Documentation defines how auditors are to create audit evidence. It says that an experienced auditor with no connection to the audit should understand:

  • Nature, timing, and extent of procedures performed
  • Results and evidence obtained
  • Significant findings, issues, and professional judgments

While most auditors are familiar with this requirement, the difficulty lies in how to accomplish this. What does it look like?

Experienced Auditor’s Understanding

Here’s the key: When an experienced auditor reviews the documentation, does she understand the work?

Any good communicator makes it her job to speak or write in an understandable way. The communicator assumes responsibility for clear messages. In creating work papers, we are the communicators. The responsibility for transmitting messages lies with us (the auditors creating work papers).  

A Fog in the Work Papers

So what creates fogginess in work papers? We forget we have an audience. Others will review the audit documentation to understand what was done. As we prepare work papers, we need to think about those who will read our work. All too often, the person creating a work paper understands what he is doing, but the reviewer doesn’t. Why? The message is not clear.

Just because I know why I am doing something does not mean that someone else will.

Creating Clarity

This is why most work papers should include the following:

  • A purpose statement (what is the reason for the work paper?)
  • The source of the information (who provided it? where did they obtain it and how?)
  • An identification of who prepared and reviewed the work paper
  • The audit evidence (what was done)
  • A conclusion (does the audit evidence support the purpose of the work paper?)

When I make these suggestions, some auditors push back saying, “We’ve already documented some of this information in the audit program.” That may be true, but I am telling you–after reviewing thousands of audit files–the message (what is being done and why) can get lost in the audit program. The reviewer often (speaking for myself) has a difficult time tieing the work back to the audit program and understanding its purpose and whether the documentation provides sufficient audit evidence.

Remember, the work paper preparer is responsible for clear communication. 

And here’s another thing to consider. You (the work paper preparer) might spend six hours on one document. So, you are keenly aware of what you did. The reviewer, on the other hand, might spend five minutes–and she is trying (as quickly as she can) to understand. 

Help Your Reviewers

To help your less informed reviewers:

  1. Tell them what you are doing (purpose statement)
  2. Do it (document the test work)
  3. Then, tell them how it went (the conclusion)

Too Much Audit Documentation

It’s funny, but many CPAs say to me, “I feel like I do too much,” meaning they believe they are auditing more than is necessary. To which I often respond, “I agree.”

In looking at audit files, I see:

  • The clutter of unnecessary work papers
  • Files received from clients that don’t support the audit opinion
  • Unnecessary work performed on these extraneous documents

For whatever reason, clients usually provide more information than we request. And then–for some other reason–we retain those documents, even if not needed.

If auditors add purpose statements to each work paper, then they will discover that some work papers are unnecessary. In writing the purpose statement, we realize it has none. Which is nice–now, we can deep-six it.

One healthy exercise is to pretend we’ve never audited the company and that we have no prior year audit files. Then, with a blank page, we plan the audit. Once done, we compare the new plan to prior year files. If there’s any fat, start cutting. 

The key to eliminating unnecessary work lies in performing the following steps (in the order presented):

  1. Perform risk assessment
  2. Plan your audit based on the identified risks
  3. Perform the audit procedures

Too often, we roll the prior year file forward and rock on. If the prior year file has extraneous audit procedures, then we repeat them. This creates waste.

Summary

In summary, audit documentation continues to be a significant peer review problem. We can enhance the quality of our work papers by remembering we are not just auditing. We are communicating. It is our responsibility to provide a clear message.

Though this article is about having too little documentation, you can have the opposite problem of having too much documentation.

Below is a short video summarizing this article.

Additional Guidance

The AICPA also provides some excellent guidance regarding work paper documentation

Also, see my article titled 10 Ways to Make Your Work Papers Sparkle.

Statement on Standards for Forensic Services No. 1
Jan 14

Statement on Standards for Forensic Services No. 1: An Exposure Draft

By Charles Hall | Fraud

The AICPA has issued an exposure draft titled Statement of Standards for Forensic Services No. 1 (SSFS 1), Forensic Services: Definitions and Standards. If approved, the standard will be effective for new engagements accepted on or after May 1, 2019. 

Statement on Standards for Forensic Services No. 1

Who Created SSFS 1?

Why SSFS 1?

The purpose of the standard is to improve the consistency and quality of forensic services provided by CPAs. 

It appears the AICPA is being responsive to a growing demand for forensic services. A report created by IBISWorld (a market research firm) showed that employment in forensic accounting grew at an annualized rate of 18% from 2012 to 2017.  

Services Covered by SSFS 1

Prohibitions

SSFS 1 includes two prohibitions:

  • A legal opinion can not be provided regarding the occurrence of fraud, and
  • Forensic services can't be provided on a contingent fee basis

Why can't a member provide a legal opinion regarding fraud? The final determination of whether fraud exists is determined by the "trier-of-fact," according to paragraph .08 of the standard. 

Applicability

The standard would apply to all AICPA members, AICPA members firms, and employees of AICPA member firms.

Paragraph .03 of the standard states "the key consideration of this Statement's applicability is the purpose  (e.g., Litigation or Investigation) for which the member was engaged." The applicability is not based on a particular service provided such as data analysis. But if data analysis, for example, is performed in relation to litigation or investigative services, then the statement would apply.

Understanding with Client

The understanding with the client regarding the nature, scope, and limitations of the services can be written or oral

Adding a blank page to a PDF
Jan 10

How to Add a Blank Page to a PDF

By Charles Hall | Technology

Sometimes you may need to add a blank page to a PDF document. For instance, you might desire to add a summary audit memo explaining your use of the information that follows. Once you add a blank page, you can then type your summary on the new page.

Here’s a video demonstration of how to add a bank a page to a PDF document using Adobe Acrobat DC.

nonprofit accounting
Jan 01

Understanding the New Nonprofit Accounting Standard

By Charles Hall | Accounting

Are you ready to implement FASB’s new nonprofit accounting standard? Back in August 2016, FASB issued ASU 2016-14, Presentation of Financial Statements of Not-for-Profit Entities. In this article, I provide an overview of the standard and implementation tips.

Nonprofit accounting

New Nonprofit Accounting – Some Key Impacts

What are a few key impacts of the new standard?

  • Classes of net assets
  • Net assets released from “with donor restrictions”
  • Presentation of expenses
  • Intermediate measure of operations
  • Liquidity and availability of resources
  • Cash flow statement presentation

Classes of Net Assets

Presently nonprofits use three net asset classifications:

  1. Unrestricted
  2. Temporarily restricted
  3. Permanently restricted

The new standard replaces the three classes with two:

  1. Net assets with donor restrictions
  2. Net assets without donor restrictions

Terms Defined

These terms are defined as follows:

Net assets with donor restrictions – The part of net assets of a not-for-profit entity that is subject to donor-imposed restrictions (donors include other types of contributors, including makers of certain grants).

Net assets without donor restrictions – The part of net assets of a not-for-profit entity that is not subject to donor-imposed restrictions (donors include other types of contributors, including makers of certain grants).

Presentation and Disclosure

The totals of the two net asset classifications must be presented in the statement of financial position, and the amount of the change in the two classes must be displayed in the statement of activities (along with the change in total net assets). Nonprofits will continue to provide information about the nature and amounts of donor restrictions.

Additionally, the two net asset classes can be further disaggregated. For example, donor-restricted net assets can be broken down into (1) the amount maintained in perpetuity and (2) the amount expected to be spent over time or for a particular purpose.

Net assets without donor restrictions that are designated by the board for a specific use should be disclosed either on the face of the financial statements or in a footnote disclosure.

Sample Presentation of Net Assets

Here’s a sample presentation:

Net Assets
Without donor restrictions
  Undesignated $XX
  Designated by Board for endowment     XX
     XX
With donor restrictions
  Perpetual in nature     XX
  Purchase of equipmentXX
  Time-restrictedXX
XX
Total Net Assets$XX

Net Assets Released from “With Donor Restrictions”

The nonprofit should disaggregate the net assets released from restrictions:

  • program restrictions satisfaction
  • time restrictions satisfaction
  • satisfaction of equipment acquisition restrictions
  • appropriation of donor endowment and subsequent satisfaction of any related donor restrictions
  • satisfaction of board-imposed restriction to fund pension liability

Here’s an example from ASU 2016-14:

nonprofit statement of activities

Presentation of Expenses

Presently, nonprofits must present expenses by function. So, nonprofits must present the following (either on the face of the statements or in the notes):

  • Program expenses
  • Supporting expenses

The new standard requires the presentation of expenses by function and nature (for all nonprofits). Nonprofits must also provide the analysis of these expenses in one location. Potential locations include:

  • Face of the statement of activities
  • A separate statement (preceding the notes; not as a supplementary schedule)
  • Notes to the financial statements

I plan to add a separate statement (like the format below) titled Statement of Functional Expenses. (Nonprofits should consider whether their accounting system can generate expenses by function and by nature. Making this determination now could save you plenty of headaches at the end of the year.)

External and direct internal investment expenses are netted with investment income and should not be included in the expense analysis. Disclosure of the netted expenses is no longer required.

Example of Expense Analysis

Here’s an example of the analysis, reflecting each natural expense classification as a separate row and each functional expense classification as a separate column.

expenses by function and nature

The nonprofit should also disclose how costs are allocated to the functions. For example:

Certain expenses are attributable to more than one program or supporting function. Depreciation is allocated based on a square-footage basis. Salaries, benefits, professional services, office expenses, information technology and insurance, are allocated based on estimates of time and effort.

Intermediate Measure of Operations

If the nonprofit provides a measure of operations on the face of the financial statements and the use of the term “operations” is not apparent, disclose the nature of the reported measure of operations or the items excluded from operations. For example:

Measure of Operations

Learning Disability’s operating revenue in excess of operating expenses includes all operating revenues and expenses that are an integral part of its programs and supporting activities and the assets released from donor restrictions to support operating expenditures. The measure of operations excludes net investment return in excess of amounts made available for operations.

Alternatively, provide the measure of operations on the face of the financial statements by including lines such as operating revenues and operating expenses in the statement of activities. Then the excess of revenues over expenses could be presented as the measure of operations.

Liquidity and Availability of Resources

FASB is shining the light on the nonprofit’s liquidity. Does the nonprofit have sufficient cash to meet its upcoming responsibilities?

Nonprofits should include disclosures regarding the liquidity and availability of resources. The purpose of the disclosures is to communicate whether the organization’s liquid available resources are sufficient to meet the cash needs for general expenditures for one year beyond the balance sheet date. The disclosure should be qualitative (providing information about how the nonprofit manages its liquid resources) and quantitative (communicating the availability of resources to meet the cash needs).

Sample Liquidity and Availability Disclosure

The FASB Codification provides the following example disclosure in 958-210-55-7:

NFP A has $395,000 of financial assets available within 1 year of the balance sheet date to meet cash needs for general expenditure consisting of cash of $75,000, contributions receivable of $20,000, and short-term investments of $300,000. None of the financial assets are subject to donor or other contractual restrictions that make them unavailable for general expenditure within one year of the balance sheet date. The contributions receivable are subject to implied time restrictions but are expected to be collected within one year.

NFP A has a goal to maintain financial assets, which consist of cash and short-term investments, on hand to meet 60 days of normal operating expenses, which are, on average, approximately $275,000. NFP A has a policy to structure its financial assets to be available as its general expenditures, liabilities, and other obligations come due. In addition, as part of its liquidity management, NFP A invests cash in excess of daily requirements in various short-term investments, including certificate of deposits and short-term treasury instruments. As more fully described in Note XX, NFP A also has committed lines of credit in the amount of $20,000, which it could draw upon in the event of an unanticipated liquidity need.

Alternatively, the nonprofit could present tables (see 958-210-55-8) to communicate the resources available to meet cash needs for general expenditures within one year of the balance sheet date.

Cash Flow Statement Presentation

A nonprofit can use the direct or indirect method to present its cash flow information. The reconciliation of changes in net assets to cash provided by (used in) operating activities is not required if the direct method is used.

Consider whether you want to incorporate additional changes that will be required by ASU 2016-18, Statement of Cash Flows–Restricted Cash. If your nonprofit has no restricted cash, then this standard is not applicable.

You can early implement ASU 2016-18. (The effective date is for fiscal years beginning after December 15, 2018.) Once this standard is effective, you’ll include restricted cash in your definition of cash. The last line of the cash flow statement might read as follows: Cash, Cash Equivalents, and Restricted Cash.

Effective Date of ASU 2016-14

The effective date for 2016-14, Not-for-Profit Entities, is for fiscal periods beginning after December 15, 2017 (2018 calendar year-ends and 2019 fiscal year-ends). The standard can be early adopted.

For comparative statements, apply the standard retrospectively. 

If presenting comparative financial statements, the standard does allow the nonprofit to omit the following information for any periods presented before the period of adoption:

  • Analysis of expenses by both natural classification and functional classification (the separate presentation of expenses by functional classification and expenses by natural classification is still required). Nonprofits that previously were required to present a statement of functional expenses do not have the option to omit this analysis; however, they may present the comparative period information in any of the formats permitted in ASU 2014-16, consistent with the presentation in the period of adoption.
  • Disclosures related to liquidity and availability of resources.
restricted cash
Dec 05

The Skinny on ASU 2016-18, Statement of Cash Flows (Topic 230): Restricted Cash

By Charles Hall | Auditing

FASB issued ASU 2016-18, Statement of Cash Flows, in November 2016. This standard changes the way restricted cash is shown in cash flow statements.

The standard is effective in 2019 for calendar year-end private companies. Early adoption is permitted

Here’s the skinny on the new standard. (To download the slidedeck, click here. The video below was created before I changed the name of my blog from CPA Scribo to CPA Hall Talk, but the information is current.)

 

>