|
|
 |
      |
      |
|
UNDERSTANDING
AUDITING AND THE AUDIT PROCESS (September
1999) Every
organization incorporated without share capital under the Ontario
Corporations Act and the Canada Corporations Act must have an audit. There
is no statutory exemption from audit for not-for-profit organizations
incorporated under the acts. Also, many organizations must have an audit
as a condition for receiving funding from government and private sources. Market
research by the accounting profession reveals that most people have only a
vague idea of the scope and objectives of an audit. Fewer people have any
idea of the limitations of the process. As a result, the public is often
understandably surprised and disillusioned when learning of corporate
failures such as Livent Inc., YBM and Philips Services. The question
"Where were the auditors?" is often asked. With
this article we hope to shed some light on the audit process. We will
examine some of the factors that affect the nature and extent of audit
testing and we will look at what communication you might reasonably expect
from your auditor. The
Concept and Process of Auditing What
is the concept and process of auditing? During the 1960’s and 1970’s,
audit professionals in many countries independently developed theories of
auditing that could be applied to examination of many different areas,
including financial statements. While practitioners may have differences
of opinion as to the application of certain of the underlying concepts,
the basic framework is generally accepted by auditors and the public. This
framework has been codified in many countries around the world and is
often called Generally Accepted Auditing Standards ("GAAS"). The
fundamental responsibility of an auditor of a not-for-profit organization
is to obtain evidence to determine the degree to which assertions in the
financial statement under audit compare to established generally accepted
accounting criteria. The four concepts in the above statement that require
an explanation are:
To
comprehend the audit process it is important to understand each of these
concepts and the relationship between them.
A
set of financial statements is created by management to communicate
information to a variety of readers about a series of financial
transactions occurring in a prior period, most often a year. The
information in the financial statements contains certain assertions made
by management. Assertions include:
To
help clarify the concept of an assertion, take as an example the caption
"cash" in a statement of financial position. As cash is
classified as an asset, the reader is entitled to assume that the cash
both exists and is owned by the organization. Existence and ownership are
key accounting assertions relating to the asset category of cash. As
another example, the assertions for "accounts payable" and
"accrued liabilities" would be those of completeness, that all
the liabilities that should be recorded have been recorded, and valuation,
that the liabilities recorded are valued correctly (i.e. they are not over
or under stated). The assertions for a revenue item such as membership
fees would include: occurrence, that the revenue was earned by the
organization; ownership, that the fees did not belong to another
organization; and completeness, that all the revenue that was earned was
recorded. The
assertions contained in financial statements come from the accounting
process. Accounting paints a picture of past financial transactions and
communicates this to the reader. The auditing process, on the other hand,
uses generally accepted criteria to provide an objective opinion as to
whether the financial statements accurately reflect the accounting
assertions.
The
criteria used to generate financial statements have been developed through
a quasi-legislative process over the last forty years in a number of
countries including Canada, the UK , the USA and Australia. The criteria
are called GAAP - Generally Accepted Accounting Principles. GAAP in Canada
at the present time includes:
The
auditor's job, in short, is to provide a professional opinion on the
relationship between the assertions in the financial statements and those
embodied by generally accepted accounting principles. The auditor must
obtain evidence to support his or her opinion on these financial statement
assertions. Evidence can come in many forms including:
An
auditor does not obtain all of these types of evidence for every financial
statement assertion. For example, when attempting to verify an amount
receivable the auditor may rely on direct confirmation from the debtor and
evidence of payment made after the year end to provide assurance that the
receivable both existed and was collectable. The auditor might decide that
additional evidence would not be required to prove the assertions.
The
auditor obtains evidence and subsequently evaluates whether that evidence
is sufficient and appropriate. The evidence gathered must be sufficient
and appropriate to permit the auditor to express an opinion on the
financial statement assertions. Techniques used to gather evidence
include:
The
auditor will not necessarily employ all these verification techniques to
establish whether financial statement assertions agree with generally
accepted accounting principles for every assertion. The degree to which an
auditor collects evidence and applies verification techniques is based on
the auditors professional judgment. The auditor must use judgment to
minimize the risk of arriving at an incorrect conclusion. This brings us
to the concept of audit risk. The
Audit Risk Model Audit
risk can be thought of as the risk that the auditor will fail to express a
reservation in his or her opinion on financial statements that are
materially misstated. A misstated financial statement is one where the
accounting assertions are not in accordance with those prescribed by
generally accepted accounting principles. Take, as an example, a statement
of financial position with a caption for term deposits with a value of
$100,000 where the organization did not have any term deposits. The
assertion regarding the existence of these assets implied by the
statements would be false. If this is not brought to the reader's
attention in the auditor's report as a result of the auditor's negligence
then an audit failure would have occurred. An
auditor’s goal is to reduce the risk of audit failure to an
appropriately low level. Auditors must use professional judgment in
selecting appropriate verification techniques to reach their goal all
within an acceptable level of risk. Auditing procedures are designed to
minimize three types of risk:
Inherent
risk relates to the nature of the transactions, assets and liabilities
being audited. Some financial statement items are inherently more
susceptible to error or fraud. For example, cash is more susceptible to
theft than prepaid expenses or goodwill. Inherent risk is generally
identified during the planning process by obtaining or updating knowledge
of the organization's business and industry and significant events and
transactions occurring during the year under audit.
Control
risk relates to the effectiveness of the organization’s internal
controls and financial reporting. The organization has the responsibility
for establishing sufficient internal control to prevent or detect, on a
timely basis, errors resulting from problems in the processing of
transactions and the maintenance of accounting records. If the auditor
identifies effective internal controls and performs tests to provide
evidence of the effectiveness of those controls then he or she can reduce
the amount of verification on detailed balances and transactions. The
auditor will typically only test internal controls where doing so would
reduce the cost of performing the audit or where testing of detailed
transactions and balances is not feasible.
Detection
risk is the risk that the auditor will not identify misstatements in the
financial statements. An auditor only reviews a sample of transactions and
balances as to test all would be both impractical and prohibitively
expensive. Therefore, it is possible for an auditor to fail to identify
misstatements despite having performed audit testing. Inadequate
verification (i.e. drawing the wrong conclusion from evidence obtained or
failure to obtain evidence identified as necessary in the planning
process) can also cause a failure to detect misstatements. The
impact of fraud One
of the underlying axioms of auditing in Canada is that the auditor can
assume, in the absence of evidence to the contrary, that management will
act in good faith (i.e. management will not deliberately act to defraud
the organization). Consequently, auditors in Canada do not carry out audit
procedures designed specifically to uncover the existence of fraud as part
of every audit engagement. However, if the auditor, in the course of an
audit, does uncover evidence of fraud or evidence indicating that a fraud
might exist then the auditor would expand his/her verification procedures
to determine whether a fraud has occurred and has created a misstatement
in the financial statements. Materiality
Financial
statements are prepared by management using many judgmental evaluations.
As a result it is not possible or economically feasible for an
organization to produce financial statements that are absolutely precise.
As an example, management estimates the collectability of accounts
receivable and provides an allowance for doubtful accounts based, not on
absolute certainty, but on management’s best estimate of the likelihood
of collecting the accounts. Similar judgments are made when determining
amounts of revenue unearned at a period end and in calculating over what
period to amortize capital assets . How
precise should financial statements be? The concept of materiality is
recognized in accounting literature. A misstatement in financial
statements would be considered material if a person with a reasonable
knowledge of the business and its economic activities would have reached a
different opinion about the organization had he or she received a set of
financial statements correcting for the material misstatement. Auditors
must recognize the concept of materiality in planning their audit. If an
audit were designed to identify every possible misstatement in the
financial statements, it would quickly become prohibitively expensive.
Therefore, audits are generally designed to identify only material
misstatements in the financial statements. Setting
materiality is a judgment call by the auditor. The auditor must consider
both quantitative and qualitative measures in a arriving at a number. An
appropriate level of audit materiality depends, in part, on the
sensitivity of the readers to the accuracy of the financial statements.
For many not-for-profit organizations a misstatement of 2% or more of
gross revenue would be considered material. However, in many circumstances
materiality is determined by qualitative rather than quantitative
measures. For example, an organization having to return every dollar of
unspent funding might consider an error of $1,000 material, even if their
gross revenue is $650,000, if that error results in a dollar-for-dollar
refund to the funding body. Objectivity
Objectivity
is critical to the audit process. Generally accepted auditing standards
state that an audit must be performed by an auditor with an objective
state of mind. An objective state of mind means that the auditor
expressing an opinion must hold himself or herself free of any influence
or relationship with the organization or any related party that might
impair the auditor's professional judgment or objectivity. A consequence
of the objectivity standard is that audits generally may not be carried
out by individuals who are directly involved with the not-for-profit
organization in any capacity other than that of auditor. For example, a
treasurer of a church congregation who is also a qualified auditor would
not be permitted under professional regulations to perform the church's
audit. This is because a reasonable observer might view the
treasurer-as-auditor's judgment and objectivity as being impaired. Reporting
to users Once
the auditor has gathered sufficient and appropriate evidence, he or she
will then conclude whether the assertions in the financial statements
being audited are in accordance with GAAP. If the auditor concludes they
are then he or she will issue an opinion without reservation . If, in the
auditors opinion, the assertions are not in accordance with GAAP then the
auditors report will state this, indicate what the differences are and, if
possible, quantify the financial impact on the statements. You
will note that an auditor does not report on whether or not the
organization is in good financial health. If an organization is in
financial difficulty then the financial statements should reflect that;
the auditor does not point it out separately. Except in the most serious
circumstances an auditor’s job is not to comment directly on whether an
organization is in financial difficulty. Rather, he or she will report
whether the statements "tell it like it is" in accordance with
GAAP. During
audits, issues are sometimes identified that may be of interest to
management and Boards of Directors in discharging their responsibilities.
At the conclusion of an audit the auditor may prepare a management letter
to report on issues, including improvements in the safeguarding of assets,
the improving of controls and increasing the efficiency and effectiveness
of an organization’s financial systems. It is important to understand
that preparation of the management letter is a by-product of the audit and
is not an obligation of the auditor. An audit would not usually identify
all matters that may be of interest to management in discharging their
responsibilities. In other words, just because an auditor has not brought
any recommendations to the attention of management does not mean that
there is no room for improvement or that additional requirements are not
needed for the safeguarding of assets. Organizations wanting a separate
opinion as to the adequacy of internal control and procedures to safeguard
assets would have to engage an auditor to expressly provide an opinion on
that aspect of the organization. In
a formal management letter auditors will typically only comment on items
they consider significant. An auditor will often communicate matters of
lesser significance directly to persons responsible for financial systems
(e.g. bookkeepers and accounting personnel) either orally or in writing
during the audit. These items of a lesser nature are generally not
communicated directly to an organization's Board of Directors. Summary In
summary, an audit is a cumulative process that starts with planning and
moves to gathering and evaluating of evidence. In determining the amount
of evidence to be obtained in the verification procedures, the auditor
must specifically assess the risk that a material misstatement in the
financial statements will not be identified during the audit process. Once
the auditor has obtained sufficient evidence and performed sufficient
verification then he or she will draw a conclusion as to whether the
financial statements are, in all material respects, fairly presented in
accordance with generally accepted accounting principles. This opinion
will be presented to readers in the auditor's report. Bibliography The
following sources were essential for the preparation of this article:
|
|
 |
