Financial statement audits are getting
more personal as auditors take a risk-based approach that requires getting to know a company inside and out.
“When auditors know more about their
clients and the business environments they
operate in, they can make intelligent assessments about where to spend their time conducting audits,” says Carol McNerney, CPA,
director of assurance services at SS&G
Financial Services, Inc. in Akron, Ohio.
A big-picture approach to the planning and
execution of financial statement audits will
involve benchmarking companies against
industry competitors, analyzing assets and
liabilities to tease out more high-risk areas in
an organization, and getting to know personnel who are intertwined in a company’s operational processes. The standards affect non-public companies and are applicable for calendar year 2007 audits. They are trickle-down measures from Sarbanes-Oxley and
result in more careful scrutiny over financial
reporting methods and internal controls.
“The standards should result in more effective and efficient audits, leading to more reliable financial statements,” McNerney says.
Smart Business spoke with McNerney
about the new risk assessment standards and
how they will change auditing in 2008.
What do the new standards entail?
The American Institute of Certified Public
Accountants issued the standards. The standards apply to all auditors performing financial statement audits for periods beginning
on or after Dec. 15, 2006. They require auditors to gain an enhanced understanding of
entities, including their internal controls and
the environments in which they operate.
That way, auditors can more accurately
assess any serious risks for financial mis-statement. By understanding potential high
risks, auditors can respond to these risks by
focusing attention on these areas and reducing the testing in less significant areas.
While many seasoned auditors may be
already intuitively performing their audits
using this risk-based approach, the new standards require them to thoroughly document
the process, providing enhanced information
about the entity’s financial reporting systems,
environment and internal controls. All of this takes more time and, therefore, business
owners may see a spike in auditing fees ranging from 15 to 25 percent. But the ultimate
result, more reliable financial statements, is
beneficial for owners, managers and third
parties, such as lending institutions.
What businesses will be affected?
The new risk assessment standards on fiscal 2007 financial statement audits apply to
nonpublic companies. Different audit standards apply to public companies as defined
by the Public Company Accounting Oversight Board. Typically, lenders’ agreements
are the trigger point for privately held companies to obtain financial statement audits.
Companies seek audits in response to
requirements set forth in loan agreements.
Audits are the bank’s way of performing due
diligence on its investment in a company,
ensuring the organization is operating in such
a way that the institution will realize returns.
What differences will businesses notice?
Rather than focusing on materiality calculations and relying on predetermined thresholds to decide whether an item or process
must be audited, a risk-based approach
allows auditors to hone in on items that pose
significant risks to accurate financial reporting. Traditionally, even areas that were not considered ‘high risk’ were scrutinized. If a
certain item the auditor reviews exceeds the
determined threshold, the auditor would
look for support for that number.
A more risk-based approach involves analyzing assets and liabilities to determine
which are higher risks, so auditors can allocate more time to those areas. For example,
if a company has inventory pricing issues due
to volatility in the industry, the auditor will
spend more time evaluating this area. On the
other hand, if a company typically prepays
insurance every year, and there is a slight
increase in the balance, the auditor may note
that the difference is due to inflation. This
area is then ‘low risk’ and the auditor can
concentrate on more significant issues.
Essentially, the new approach is more personalized and requires auditors to look at the
big picture of financial statements, resulting
in high-quality, effective audits.
How can business owners control costs?
The increase each company will incur
depends on factors including the complexity
of the organization, the volatility of the industry in which the company operates and the
degree of centralization of its financial reporting function. In other words, will the auditor
need to spend more time at more locations to
identify the significant reporting systems?
To control costs, managers should meet
with auditors to discuss the financial environment at their organizations. Have there
been policy changes? Has the company reorganized? Are there current events at the company or in the industry that warrant special
attention? A well-informed auditor can perform efficient assessments. Documenting
financial reporting procedures and internal
controls will not only assist auditors in implementing the new standards, but also will benefit companies in case of unexpected
turnover or employee departure. Without
defined financial reporting procedures, management will not have the tools to train the
new employee. Get those procedures documented, and be sure to educate managers so
key leaders understand all internal controls.
CAROL MCNERNEY, CPA, is a director in the assurance services practice area for SS&G Financial Services, Inc. Reach her at
(330) 668-9696 or [email protected].