AUDIT PLANNING FOR PROFITS IN TOUGH TIMES By Larry L. Perry, CPA CPA Firm Support Services, LLC A FOUNDATION OF LITERATURE Planning and Supervision, SAS No. 108, requires the auditor to: Obtain an engagement letter. Evaluate client continuance. Develop an overall audit strategy. Develop a written audit plan (audit program). Determining the extent of involvement of professionals possessing specialized skills Inform assistants of their responsibilities. Review the work of assistants. Engagement planning is an on-going process; it takes place throughout an engagement. Original plans are often modified as additional information and unusual matters come to our attention while performing the engagement. SAS No.108 requires these specific components of the audit plan: A description of the nature, extent and timing of planned risk assessment procedures considering the requirements of: SAS No. 107—Audit Risk and Materiality in Conducting an Audit SAS No. 109—Understanding the Entity and its Environment and Assessing the Risks of Material Misstatements A description of the nature, extent and timing of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance and disclosure as determined under: SAS No. 110—Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained A description of other audit procedures to be carried out for the engagement to comply with generally accepted auditing standards. Statements on Quality Control Standards (SQCS), applicable to audits, compilations and reviews, require that a firm’s quality control policies and procedures cover all phases of a firm’s engagements, including planning. The peer review and quality review processes monitor and evaluate compliance with these requirements. SQCS No.7, A Firm’s System of Quality Control, effective January 1, 2009, requires a firm to document each element of its quality control system. The extent of the documentation will depend on the size, structure and nature of the firm’s practice. Illustrative guidance is included in the AICPA’s publication, Establishing and Maintaining a System of Quality Control for a CPA Firm’s Accounting and Auditing Practice, which is available for purchase from the AICPA. 1 Do We Really Have to Plan Small Audits? We used to do our audit planning in the back seat of the car on the way to the client’s office. I once worked for one partner who planned the audit of a bank located in our office building as we rode the elevator to the first floor! In my early years, we didn’t do much planning because audit procedures were designed on the fly. By that I mean we obtained an understanding of a client’s business and industry, internal controls and operations and targeted the areas where risks were high. Sure, we wrote programs but mostly after the audit was done! But then times began to change. SAS No. 22, Planning and Supervision, said we should plan the audit before it began. Most of us continued to follow the audit approaches of the past and, again, filled out the required planning forms after the audit was done (we had to pass peer review you know!). It wasn’t long, however, until peer reviewers began to ask us when we filled out those planning forms and we could not tell a lie! So we began to plan a little. SAS No. 99 on fraud risk assessment accelerated our planning pace. We had to “brainstorm” fraud risks. Most people, except for some of us sole practitioners, have to meet with another person to brainstorm. If you’re a sole practitioner like me, we’re used to talking to ourselves anyway (now we can call it brainstorming)! So we brainstormed and planned some more. Only when the so-called risk assessment standards became effective in 2007 did some of us finally become believers. We began to recognize that effective planning actually reduced engagement performance time! Now we’re at the bottom of the barrel with our headline question, “Do We Really Have to Plan Small Audits?” The answer is a resounding “yes.” Not only do we have to plan to satisfy the requirements of SASs, we have to plan if we are to have hope of engagement profits! The Root of Audit Requirements and Documentation There is good news and bad news. First, the good news: for over two decades, publishers of auditing practice aids have supplied us with forms, checklists and programs to comply with existing professional standards. The bad news: the volumes of accounting and auditing pronouncements have increased exponentially causing huge stacks of paper or long lists of electronic forms for even the smallest audits. When the new audit risk assessment standards were effective in 2007, the length and number of audit practice aids from most publishers increased substantially. Because it became very difficult to determine which documentation was required to comply with the new standards, conservatism ruled and many auditors used all the practice aids available. Audit quality was good but budget overrun was high! 2 Here is a foundational principle of audit efficiency. The root of audit requirements is not the practice aids purchased from a provider. Audit requirements for non-public and nonprofit entities are rooted in the Statements on Auditing Standards (SASs) published by the Auditing Standards Board of the AICPA. Audit efficiency begins with choosing documentation that, first, satisfies the applicable requirements in SASs and, second, is the most efficient considering engagement circumstances. Small Audit Documentation that Satisfies SASs For all audit engagements, documentation must evidence compliance with the requirements of applicable SASs. Because SASs are written to be applicable audit engagements of all sizes, compliance for a small audit will likely be different than for a large audit. Audit documentation of compliance, therefore, is also likely to be different. Here is a list of annual “key” documentation that will support most small audit strategies: Client acceptance and retention evaluations General ledger analysis worksheet Small audit internal control questionnaire, flowcharts or memos by financial statement classification Systems walk-through memo or other documentation Analytical procedures worksheets for engagement planning and review Risk of material misstatements evaluation by financial statements classification Linking working paper to guide the selection of tests of controls and tests of balances procedures based on risk Tolerable misstatements calculation by financial statements classification Sampling and non-sampling decisions worksheet Audit planning document summarizing audit strategies Small audit programs tailored for audit risk Small audit client representation letter It’s important to note that as we begin to think outside the box in planning, performing and documenting small audits our CPA firm’s quality control document must give us the authority to make modifications that are tailored to the nature, size and complexity of a small client entity. The engagement performance section should not be written with reference to a major publisher’s practice aids as the firm’s system of quality control. Instead, this section should specify that the top line authority on each engagement has the latitude to design and use audit strategies, plans and documentation that is appropriate in the engagement’s circumstances. This section should also specify any audit guides or practice aids from major publishers that firm personnel use for reference. The Foundation for Audit Documentation Underpinning the small audit documentation outlined above, a CPA firm’s operating philosophies can contribute significantly to engagement efficiency. First on the list is the involvement of leadership on engagements. 3 Involvement on audit engagements for many CPA firm partners or sole practitioners is often limited to a brief meeting with staff personnel before the engagement begins and a review of the working papers and report after the engagement is finished. While this may limit the executive’s time charges on an audit, it also limits the opportunities to train personnel, to set the tone at the top, to ensure audit quality and to deal with engagement problems throughout the job. Limited executive participation usually results in increased time charges during the wrap-up phase to clean up review points and resolve problems after the fieldwork is finished. Auditing standards now require participation of the top line authority in planning meetings on all audit engagements. Many executives also require in-charge accountants to communicate the status and problems of engagements throughout the performance phase. Some executives perform their engagement reviews in stages to avoid last minute problems. The result of all these practices is that engagement problems are dealt with early and engagement procedures are done correctly the first time! On large or small audits, much wasted time is eliminated and higher profitability is achieved when executives are involved in all phases of engagements. Approaches to Planning In the table that follows, approaches and responsibilities for on-going planning have been presented for audit engagements. This table identifies some of the forms published by Practitioners Publishing Company (PPC) and descriptions of small audit documentation discussed in this webcast series. The accompanying SAS Compliance Matrix for Small Audits provides lists of additional documentation from PPC and related small audit alternative documentation. 4 APPROACH TO PLANNING TABLE RESPONSIBILITY FUNCTION IN-CHARGE EXECUTIVE SMALLER AUDITS DOCUMENTATION Preplanning: 1. Pre-engagement planning conference. 2. Understand client’s business and industry and internal control system design and operation. 1. Discuss prior year results and general strategy for current audit engagement. 2a. Review prior year’s working papers, report and internal control communication letter. 1. Advise incharge of any current developments. 1. In-charge important issues memo. 2a. Discuss. 2. In-charge important issues memo. 2b. Prepare or update Engagement Acceptance and/or Continuance Forms—CX1.1 and 1.2. 2b. Review and approve Engagement Acceptance and/ or Continuance Forms. 2c. Review and approve engagement risk assessment at the financial statement level. 3. Meet with management, discuss letter and obtain signature. Communicate with those charged with governance. 2bi. Client Acceptance and Continuance Form. 2bii. Fraud Risk Memorandum. 2biii. Small Audits Engagement Letter 4a. Review documentation. 4ai. General Ledger Analysis Worksheet. 4aii. Internal Control Flowcharts, Memos, Systems Walk-through Documentation Form and/or Small Audits Internal Control Questionnaire. 2c. Assess engagement risk at the financial statement level—CX-7.1. 3. Engagement letter and communication with persons changed with governance. Planning: 4a. Obtain an understanding of client’s business and industry and internal control. 3. Identify the nature of the engagement and additional services to be performed. Prepare letter. 4a. Complete Client Info Form--CX-3.1, Fraud Risk ID Form—CX-6.1 and/or Control Activities Forms—CX-5. 2ci. Planning Document. 2cii. Fraud Risk Memorandum. 3i. Small Audits Engagement Letter. 3ii. Planning Document. 3iii. Partner Participation Memorandum. 3iv. Small Audits Governance Communication Letter. 5 5a. Risk Assessment Summary 6. Establish financial statement materiality limits and tolerable misstatement by financial statement classification.. 7a.Determine audit plan and make sampling decisions. 4b. Complete Financial Reporting System Documentation Form—CX-4.2 and/or flowcharts and system walkthrough memos or table. 5a. Perform preliminary analytical procedures— CX-9.1/9.2. 5b. Complete Risk Assessment Forms— CX-4.1, 7.1, 7.2. 6. Complete Financial Statement Materiality Work sheet—CX-2 7a. Complete Sampling Planning and Evaluation Form—Substantive Tests— CX-8.1. 5a. Review documentation. 5ai. Risk of Material Misstatements Form. 5aii. Linking Working Paper. 6. Review and approve limits. 6a.. Tolerable Misstatements Computation Form. 7a. Review all documentation. 7a. Sampling Analysis Worksheet. 7b. Determine affect of risk on decisions to sample; prepare detailed audit program. 7c. Complete Test of Controls Form—CX10.1, Test of Controls Sampling Planning and Evaluation Form—CX10.2, as in audit strategy. 7bi. Risk of Material Misstatements Form. 7bii. Linking Working Paper. 7biii. Small Audits Standard Program. 7biv. Standard Working Papers. 7c. Small Audits Tests of Controls Form. 6 8. Time budget preparation. 8. Prepare Audit Budget and Status Form. 8. Review and approve budget. 8. Budget preparation as directed by executive. 9. Document planning decisions. 9. Prepare Planning Memorandum. 9. Review and approve Planning Memorandum. 9a. Update Fraud Risk Assessment Memorandum. 9b. Update Planning Document. 10. Pre-interim or yearend work conference with engagement team, including engagement executive. 10. Discuss numbers 2-9 with engagement team including executive. 10. Discuss numbers 2-9 with engagement team. 10a. Finalize Fraud Risk Assessment Memorandum. 10b. Finalize Planning Document. 11. Pre-interim or pre-yearend meeting with engagement staff . 11. Discuss staff work responsibilities and provide onthe-job training. 11. Observe. 11. Larger audits only. 12. Test of controls. 12. Perform tests of controls if a part of audit strategy. Review work of assistants. 12. Discuss results. 12. Modify Small Audits Standard Program. 13. Communicate significant deficiencies and material weaknesses in internal control. 13. Prepare Management Point Development Worksheet—CX-15. 13. Review results. 13a. Control Deficiencies Worksheet. 13b. Small Audits Internal Control Communication Letter. 7 14. Perform substantive analytical procedures. 14. Prepare trend analysis worksheets and perform other proced-ures linked to risk assess-ment. 14. Discuss results and any resulting audit program modification. 14. Small Audits Analytical Procedures Worksheet. 15. Yearend work. 15a.. Complete Audit Programs and review work of assistants. 15b. Complete Audit Difference Evaluation Form—CX 12.2 16. Discuss evidence collected and resulting conclusions with executive. 15. Review results of procedures and Audit Difference Eval-uation Form.. 15a. Small Audits Standard Program. 15b. Small Audits Error Analysis Form. 15c. Working Papers and Memos. 16. Discuss same with incharge. 16. Complete Partner Participation Memorandum. 17a. Prepare management representation letter. 17b. Tie up loose ends, finalize working papers, prepare reports and tax returns. 18. Post-engagement meeting with staff. 17. Complete engagement, obtain executive final review, client approval of financials and signed representation letter. 18. Discuss engagement results and plans for next year. 17. Make final review of engagement and deliver draft of financials to client. 17a. Small Audits Management Representation Letter. 17b. Subsequent Events Review Memorandum. 18. Observe. 18. In-charge memo of plans for next year. 19. Internal control communication and meeting with persons charged with governance. 19. Prepare internal control letter for manage-ment and communicate with persons charged with governance. 19. Review letter and deliver to management and persons charged with governance. 19a. Finalize Small Audits Internal Control Communication Letter. 19b. Finalize Small Audits Governance Communication Letter. 16. End-offieldwork confernce and executive review. 8 THE PARAMOUNT PICTURE OF QUALITY CONTROL In the planning section of these materials, we discussed times at which the in-charge accountant should meet with the engagement executive: 1. Before the planning begins to discuss the engagement, anticipated problems and a tentative audit strategy. 2. During an engagement team planning meeting, before the main fieldwork is begun. 3. After procedures have been performed, during the executive’s review of working papers. These “key points” represent the pinnacle of the quality control system for a CPA firm. They provide opportunities for the executive to input his/her expertise at crucial times during the engagement. Without these meetings at appropriate times, engagement problems become reasons for time budget overruns! Documentation of timely meetings will provide evidence of performance of the executive’s quality control functions on engagements. In fact, the more evidence of the executive’s involvement throughout the engagement, the less working paper documentation of standard procedures that may be necessary! The more executive involvement the greater the compliance with the substance of the quality-control standards. Using the Planning Document The Planning Document is a vehicle for guiding planning activities and the engagement team’s brainstorming meeting. A standardized format, such as outlined in the illustrations at the end of this section, ensures uniformity of the planning activities among engagements and provides executives assurance that the in-charge has considered all aspects of planning. The Planning Document can be presented to the executive during or after the engagement team meeting or, to save time, a draft can be submitted in advance for the executive’s reading. During the meeting, changes in information or approaches can be reflected in the document for the executive’s final approval before fieldwork begins. Creating the planning document on a word-processing template will facilitate its revision and completion. In the remainder of this section, we’ll discuss how to “fine-tune” the planning process to maximize engagement profitability. PLANNING FOR TIME-SAVINGS OPPORTUNITIES The final phase of engagement planning should include a review of planned procedures to determine the required amount of work will be accomplished in the least time. Here are some suggestions that will pay enormous dividends: 9 Finding alternative methods for performing clerical tasks can result in cumulative time savings on every engagement. A few examples: Use a rubber stamp to imprint the client’s name on hardcopy working papers. Use adding machine tapes taped to working papers instead of detail lists. Photocopy client schedules and documents and tape to standard paper. Use computer software to prepare memoranda, prepare “to do” lists, write review notes, write letters or prepare other written documentation. Use computer software to prepare working papers that will replace working papers prepared with pencil and paper. Scan client documents into electronic file container systems. Request and use client-prepared working papers and/or electronic files. Be careful to request only those papers that are necessary for the evidence requirements of each engagement. Working papers prepared by the client and later found to be unnecessary should be discarded, preferably at our office not theirs! During the review of the prior year’s working papers, the necessity of each paper should be challenged. If a paper is necessary, our question should be, “Is there a faster way to accomplish the objectives it documents?” Remember that the “SALY” method can also become the “MILY” method (missed it last year!). Determine the auditing procedures that can be performed prior to the engagement date: Performing various risk assessment procedures. Performing tests of controls if necessary. Reading minutes of directors’ meetings. Substantive tests for such accounts as property and equipment, longterm debt, deferred charges, expenses, etc.. Analytical procedures based on interim information. Cycle counts of inventories maintained on perpetual systems. Accounts receivable confirmations. Other special procedures relative to certain industries, e.g., loan file exams for banks and site inspections for construction contractors. Various other procedures. Paraprofessional persons, either temporary or permanent employees, should be used for performing accounting services (providing independence is not impaired under ET 101-3), preparing trial balances and working paper schedules and other clerical functions on engagements when client personnel are not available. Paraprofessionals can also assist engagement personnel by performing many clerical tasks such as loading data into auditing software, checking calculations on client-prepared schedules and records, pulling client documents for inspection and performing compliance tests such as loan file examinations for banks. Under no circumstances, however, should the paraprofessional person perform judgmental auditing procedures. Full-charge 10 bookkeepers, accounting technical school graduates or persons with degrees in fields other than accounting or business may be considered for these purposes. Prioritize procedures in engagement areas by performing the most important first to accommodate ongoing planning. For example, perform any required procedures for the largest general and payroll accounts first so increases or decreases in procedures for other accounts can be made based on the results of tests of the larger accounts. Coordinate work in related areas, such as inventories and accounts payable to prevent duplication of work effort by different persons. Encourage the client to minimize supplementary information included with the financial statements. Plan to issue the lowest level of assurance on supplementary information whenever possible. Teach staff to thoroughly self-review all work. Frequently accumulate time spent on engagements, make estimates of time to complete and compare to budgeted time. Staff personnel should be taught to communicate progress to the in-charge at least halfway through the budgeted time for an engagement area (more beneficial on larger audits). Consider using the client’s computer system, data extraction software or service bureau to perform certain tests, to prepare engagement schedules or to select and print confirmations. Make sure all time spent on tax or accounting functions is identified and coded specifically to facilitate billing these charges separately. Use the “ten-minute rule” on all engagements; i.e., don’t do any work that doesn’t provide specific evidence to verify financial statement assertions or to comply with other professional standards, even if it only takes ten minutes! Plan for all levels of review to be conducted in the field whenever possible. As I’m sure you sense by this time, increasing profits through effective planning is much more than a few techniques designed to save time. It is a holistic approach to planning that depends on performing every engagement procedure in the most efficient way. The Planning Document is the tool that will help us accomplish this objective. 11 PLANNING DOCUMENT Client: _________________________________________________________________ Engagement Date: _______________________________________________________ INSTRUCTIONS: This document should be completed by the engagement in-charge accountant and reviewed by the engagement executive before engagement personnel begin fieldwork. It should describe engagement procedures accomplished or planned. I. ENGAGEMENT ADMINISTRATION: A. Delivery of Engagement Letter: The engagement letter is one of our primary tools for obtaining client understanding of their responsibilities and ours. A good understanding before the engagement begins will prevent misunderstandings from arising later. To accomplish a good understanding, the engagement executive should deliver the letter and discuss its contents with the client’s CEO or owner. Discussion of the letter with the client’s owner or manager, president, superintendent or director should be one of the primary sources for discovering potential misstatements, fraud or illegal acts. B. Use of Client Assistance or Paraprofessionals: We should use client assistance to the maximum extent possible on every engagement. When client personnel are unavailable, we should consider firm paraprofessionals to perform accounting services and clerical work in connection with the engagement. (See Possible Client Assistance at end of this section) C. Planning for Proper Workspace: The engagement in-charge has responsibility to arrange adequate workspace before the fieldwork begins. Poor lighting, lack of adequate heat or air conditioning, desks or tables that are too small or work locations that are not near client accounting personnel are examples of situations that hinder the efficient completion of an engagement and that should be avoided. D. Assignment of Staff Personnel: 12 A basic element of a good quality control system is assigning personnel to engagements and tasks that are commensurate with their capabilities. A primary audit response to risk at the financial statement level is also assigning experienced staff persons to the high-risk area or providing more supervision to lesser experienced persons. Assigning the right people to engagements also helps complete the engagements in the minimum amount of time. SQCS No. 7, effective January 1, 2009, requires CPA firm documentation of this element of quality control. E. Target Dates: Setting target dates during planning is the first step to achieving timely engagement completion. These target dates should also become the input to the firm’s staff scheduling system. F. Use of Specialists: We should consider using outside specialists whenever we perform any auditing procedures in circumstances outside our firm expertise. Such circumstances may include actuarial computations for pension funds, questions of law, observations of inventories of products or materials, required tests of client accounting software, and complex accounting and auditing problem situations. When the auditor out sources any services in connection with an engagement, the engagement letter should contain a paragraph notifying the client. The auditor is also required to obtain a confidentiality agreement from the person or organization performing out sourced services. G. Electronic Auditing Opportunities: Trial balance and financial statement preparation software, electronic practice aids, file container software, spreadsheets, word processing software, document scanners and data extraction software should be used to the maximum extent possible on all engagements. This section should list the specific, planned applications for discussion with the engagement executive. H. Audit Budgets: The audit budget should be prepared during engagement planning. The budget should be based on circumstances, not fees. The budget should be summarized here for discussion with the executive. II. TECHNICAL AUDIT PLANNING DECISIONS: A. Risk of misstatement at the financial statement level: Use of Statements: High-risk uses of statements should be described. 13 Potential for Going-Concern Problems: Continued losses, high debt and external situations that threaten the continued existence of the company should be described. Integrity of Management: Specific information that could cast doubt on management’s integrity, or lack thereof, should be discussed here. An overall evaluation of risk at the financial statement level should be made and the subjective impact on engagement procedures should be recorded for use in audit program modification. A1. The risk of misstatements evaluation at the assertion level, and the impact on the audit strategy, by major financial statement classification should be documented in this document. B. Materiality Judgments: A summary of the tolerable misstatement calculations and reasoning should be presented here. C. Sampling Decisions: This section should describe the reasons for making decisions to sample or not sample. If decisions are made to sample, the rationale for sample size calculations should be explained. D. Audit Strategies: Detailed substantive tests of balances, risk assessment procedures, tests of controls and/or extensive analytical procedures are options for the general audit strategy. E. Nature of Procedures: Descriptions of the nature, extent and timing of tests of balances procedures and analytical procedures for material financial statement classifications should be described here. F. Significant Time-Savings Opportunities: Opportunities to save time on the engagement not discussed elsewhere should be detailed here. G. Engagement Team Meeting: This section should document the significant potential risks of misstatement due to error or fraud, planned audit responses and other matters discussed at the team meeting. All engagement personnel, including partners or directors, are required to attend this meeting. 14 I. Potential Risks of Misstatement due to Errors or Fraud: From risk assessment procedures: Potential risks of misstatement discovered during the risk assessment procedures, and the planned audit responses, should be documented here. From reading the general ledger account activity and performing other analytical procedures: Unusual matters, variances or other potential risks, and the planned audit responses, should be documented here. Factors discovered throughout the engagement, along with audit responses and their results: From inquiries of management personnel: From inquiries of staff personnel: From communication with persons charged with governance: From performing fieldwork and other auditing procedures: Prepared by:________________________________Date:_________________________ Reviewed by:_______________________________ Date:_________________________ 15 POSSIBLE CLIENT ASSISTANCE CHECKLIST _______ _______ _______ _______ _______ Working trial balance of general ledger or leadsheets. _______ _______ _______ _______ _______ Schedule of cash on hand. _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ Schedule of receivables from, or payable to related parties. _______ _______ _______ _______ _______ Schedule of notes receivable. _______ _______ _______ _______ _______ Schedule of prepaid insurance and insurance in force. (Have policies ready for inspection) _______ _______ _______ _______ _______ Letter to insurance company regarding cash surrender value of life insurance (preprinted forms). _______ _______ _______ _______ _______ Inventory sheets including pricing and extensions that tie into the general ledger. _______ _______ _______ _______ _______ Letter to attorney regarding claims against the client and fees owing to him. _______ _______ _______ _______ _______ Schedules of marketable securities. _______ _______ _______ _______ _______ Letter to brokers asking for detailed list of securities held by them. _______ _______ _______ _______ _______ Schedules of investments and other assets. _______ _______ _______ _______ _______ Schedule of officers’ life insurance. _______ _______ _______ _______ _______ Schedule of current year fixed asset additions and disposals. _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ Bank reconciliation for each bank account. Aged trial balance of accounts receivable: Current; 31 to 60 days; 61 to 90 days; over 90 days. 16 _______ _______ _______ _______ _______ Depreciation schedules. _______ _______ _______ _______ _______ Schedule of accounts payable (Save all regular statements as of engagement date.) _______ _______ _______ _______ _______ Schedules of accrued expenses other than income taxes. _______ _______ _______ _______ _______ Schedule of notes payable and long-term debt. _______ _______ _______ _______ _______ Analysis of the following income and expense accounts: _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _________________________ ____ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ _________________________ ____ _______ _______ _______ _______ _______ _______ _______ _______ _______ _______ a. Investment income. b. Miscellaneous income. c. Repairs, maintenance and supplies. d. Taxes paid. e. Contributions. f. Miscellaneous expense. g. Schedules of rental income and expense account payments. h. Bad debts expense. i. Officer’s salaries and expense account payments. j. Professional fees. Others: _________________________ ____ Personnel available to: Pull invoices, prepare confirmations, reconcile accounts receivable and payable confirmations under our control, etc. Typing assistance for engagement correspondence. 17 FRAUD RISK ASSESSMENT MEMORANDUM Client: ___________________________________ Date: ____________________________________ (Instructional Copy) INSTRUCTIONS: This memorandum can be used to facilitate compliance with SAS No. 99 and the fraud risk assessment process that should continue throughout an engagement. Potential fraud risks that are documented in this memorandum should be used to formulate audit responses that will result in audit program modification. This memorandum may be used as the primary documentation of the fraud risk assessment process and supplemented by PPC Fraud Risk Assessment Forms, PPC Inherent and Combined Risk Assessment Form, Risk of Potential Errors Form, Systems Walk-Through Procedure Form, Analytical Procedures Program, Planning Memorandum and/or Planning Matrix. This memorandum can also be used to support or complement any of the documents listed above. Each section should describe the fraud risk assessment activities utilized on the engagement. If no activities were conducted, or there were no fraud risk factors discovered, the auditor should document this fact in the applicable sections of the memorandum. PARTNER’S (DIRECTOR’S) DELIVERY OF ENGAGEMENT LETTER: Delivery of the engagement letter provides opportunity for discussing the terms and responsibilities of the engagement, the significant client events that occurred during the year and potential fraud risk factors with the client’s owner/manager, president, superintendent or director. This section should document the questions asked and issues discussed, as well as any matters that require an audit response. Exhibit 2-2 in the Appendix to these materials contains illustrative inquiries for management about fraud risks that may be appropriate for use at this meeting. ENGAGEMENT TEAM MEETING: Exhibit 2-1 in the Appendix to Chapter Six contains examples of questions for use during the engagement team discussion. This section should document the significant potential fraud risks and planned audit responses discussed during the meeting. If the applicable PPC form is not also prepared to document this meeting, the date of the meeting, how and where it took place and who attended should be documented here. 18 POTENTIAL FRAUD RISKS FROM UNDERSTANDING CLIENT ACTIVITIES: Potential fraud risks discovered during preparation of the Engagement Acceptance and Continuance Forms, the Audit Planning Form and the System’s Walk-Through Procedures, and their planned audit responses, should be documented here for use on the PPC Fraud Risk Assessment Form, the PPC Inherent and Combined Risk Form or the System’s Walk-through Working Paper (see Appendix to these materials). Planned audit responses can be included here or referenced to the above-mentioned documentation depending upon your firm’s policies. POTENTIAL FRAUD RISKS FROM PRELIMINARY ANALYTICAL PROCEDURES: Preliminary analytical procedures performed before the fieldwork begins, and analytical procedures performed throughout the engagement, may reveal unusual relationships among financial data or other unusual matters that may be potential fraud risks. The potential risks and their impact on planned auditing procedures should be described here. FRAUD RISK FACTORS DISCOVERED THROUGHOUT THE ENGAGEMENT: This section provides space to document the results of our ongoing fraud risk assessment process. Potential fraud risks discovered during the course of the engagement, along with planned audit responses, should be recorded in the appropriate space below. Inquiries of Management Personnel: Inquiries of Staff Personnel: Test of Controls Procedures: 19 Discussions with Audit Committee: Discussions with Board of Directors: FIELDWORK PROCEDURES: Potential fraud risk factors discovered during the conduct of the fieldwork, along with planned audit responses, should be documented here. If possible, the factors and planned responses should be grouped by financial statement classifications, i.e., cash, receivables, inventories, etc. RESULTS OF PLANNED AUDIT RESPONSES: The results of planned audit responses from each of the sections above should be documented here in detail or referenced to a working paper or other memo that describes the results of the planned audit responses. This section should also contain an overall conclusion that, based on the audit response procedures performed for potential fraud risks, the financial statements contain an acceptable level of misstatements due to fraud. 20 CONCERN ABOUT GOING CONCERN As the effects of the widening economic recession on businesses and other organizations become more apparent with the news of each day, many CPAs are increasingly concerned about some of their clients. One practitioner shared that he is concerned about not only the obvious effects of the economic downturn on his clients but is extremely concerned about the effects on their customers, suppliers and lenders that may not be readily apparent. These concerns are important considerations for planning every yearend engagement. After a brief summary of the FASB’s exposure draft, Going Concern, we’ve included several considerations that may be crucial for all calendar year-end and future engagements. FASB Exposure Draft The FASB has issued an exposure draft, Going Concern, which can be downloaded from the Exposure Drafts sidebar on www.fasb.org. We recommend you provide a copy of this exposure draft to all audit and review engagement personnel in your CPA firm. The objective of this proposed Statement is to (1) provide guidance on the preparation of financial statements as a going concern and on management’s responsibility to evaluate a reporting entity’s ability to continue as a going concern and (2) require disclosures when either financial statements are not prepared on a going concern basis or there is substantial doubt as to an entity’s ability to continue as a going concern. It would apply to business entities and not-for-profit entities that prepare financial statements in accordance with generally accepted accounting principles (GAAP) and apply to both interim and annual financial statements. It may also be necessary to apply the contents of the pronouncement to financial statements prepared in accordance with an other comprehensive basis of accounting to prevent them from being misleading. Proposed Significant Change Existing guidance in SAS No. 59 requires an auditor’s consideration of the going-concern assumption for 12 months following an entity’s fiscal yearend. This proposed Statement would require that management of a reporting entity consider all available information about the future which is at least, but is not limited to, 12 months from the end of the reporting period when assessing whether the going concern assumption is appropriate. An accountant or auditor reporting on such financial statements would, of course, be responsible for evaluating management’s representations regarding the entity’s ability to continue as a going concern. Presentation The exposure draft requires management to assess the reporting entity’s ability to continue as a going concern. An entity is required to prepare financial statements on a going concern basis unless management either intends to liquidate the entity or to cease operations, or has no realistic alternative but to do so. 21 Management may identify information about certain conditions or events that, if considered in the aggregate, indicate there could be substantial doubt about the reporting entity’s ability to continue as a going concern. The significance of such conditions and events will depend on the circumstances, and some may have significance only when viewed in conjunction with other conditions or events. If, after considering the information in the aggregate, management believes that there is substantial doubt about the reporting entity’s ability to continue as a going concern, management shall consider its plans for dealing with the adverse effects of those conditions and events and whether those plans will mitigate the adverse effects and whether they can be effectively implemented. Accountants and auditors reporting on financial statements and footnotes when there is substantial doubt about continued existence will be required to evaluate the adequacy and effects of management’s plans. Footnotes Disclosures When management is aware of material uncertainties about events or conditions that may cast substantial doubt upon the entity’s ability to continue as a going concern, the entity shall disclose those uncertainties in the footnotes to its financial statements, along with their plans to overcome the threat to continued existence. When an entity does not prepare financial statements on a going concern basis, it shall disclose that fact, together with the preparation basis and the reasons why the entity is not regarded as a going concern. Our Planning Suggestions Here are some practical questions you may wish to incorporate in the planning documentation of every audit and review engagement for the foreseeable future. Does our understanding of the client’s business and industry reveal any information contrary to the going-concern assumption? Such information may include current and expected recurring operating losses, cash flow problems, defaults on debt obligations, inability to obtain financing or renewals of existing credit lines, an industry significantly affected by the recession, customers and vendors with going-concern problems, decreasing assets valuations, statutory noncompliance, and external matters such as lawsuits, loss of franchise or licenses, etc. Does management have any concerns about the entity’s ability to continue in business for at least a year or possibly longer? What are management’s plans to mitigate any revealed threat to continued existence? Are management’s plans realistic and are they capable of carrying them out? What procedures will be necessary for the engagement team to evaluate management’s plans to overcome going-concern problems? 22 What effects are the going-concern issues likely to have on the basis of preparation of the entity’s financial statements? What effects are the going-concern issues likely to have on the accountant’s or auditor’s report? The threats to the continued existence of some entities may be more significant than any we’ve considered since the 1980s. Our audits and reviews will continue to be evaluated based on the effectiveness of our engagement planning and procedures. Identifying and evaluating going-concern issues must be an integral part of every engagement performed by CPA firms. Are You Ready? While presenting a series of seminars recently, I had occasion to visit with three CPAs that had each made significant business decisions a year ago. These proactive decisions had earned them hundreds of thousands of dollars, millions in one case. While the signs of the times a year ago had begun to indicate the need for conservatism in business practices, these CPAs were all looking beyond what they could see happening in the economy and marketplace and paying attention to their intuition. Although it didn’t seem time to sell parts of their businesses, two sold segments before they became worthless a year later. The other CPA made some personal investment decisions that generated funds for his early retirement which would not have been possible had he waited. Trusting their personal assessments of the immediate future, and their intuition, enabled them to prosper in difficult times. Management personnel of many smaller CPA firms have begun to look beyond media rhetoric and politicians’ words to consider the potential impact of the economic and political environment on their firms and clients. Having an intuitive feeling that the economy may not improve for a few years, some are changing their normal methods of operation. Here are a few changes CPA firms should be considering: 1. Pay daily attention to reliable news sources within our profession. For example, knowing that proposed changes to the Internal Revenue Code include the elimination of the LIFO method of accounting, the intangible drilling credit and percentage depletion may mean opportunities to help clients plan and respond to such changes to minimize tax burdens. 2. Consider the different services clients may need due to new legislation, changes in professional standards and the affects of economic downturn on their operations, customers and vendors. 3. Evaluate clients’ worth to the future of the firm and outplace those that have no or little potential benefit. Considering both client profitability and their potential in the future should be part of this decision making. 23 4. Reconsider the nature of services performed by the firm to minimize risk and meet emerging client needs. Look for opportunities to specialize in “niche” areas such as cash flow forecasting or accounting for certain proposed tax law changes. 5. Read, evaluate and respond to exposure drafts of new pronouncements that affect firm services. Current amendments to risk assessment SASs and compilation and review standards are important examples. It is time to get ready! 24