So, Why Are We Having This Audit Done?
This sixth post in my Deciphering Financial Statements for Non-financial Professionals series addresses why a company may need to have its financial statements audited, key components of an audit and how to get the most out of your relationship with your auditor. In this series of posts, I provide insight into financial reporting and related topics geared toward non-financial professionals who need to understand financial statements as part of their professional roles. I encourage you to also read the other installments in the series, past and future, particularly the introduction as that post sets the scene for the series and includes a number of resources you may find useful as you go along.
Why would anyone ever choose to have an audit?
Audits cost a lot of money and they can be a real hassle with all those annoying questions the auditors ask. So why do companies have their financial statements audited? When it comes down to it, there’s only one reason – at least one of the company’s stakeholders is relying on the financial statements and needs comfort that the information is reliable. There can be many different types of stakeholders, each with different concerns, but some of the more common are as follows:
- Shareholders monitoring the company’s operations for investment purposes
- Banks or other major creditors who want to ensure the company can repay them
- The company’s directors who need to monitor the company’s operations and make internal decisions
- Extended management of the company, such as an overseas parent company, to monitor the company’s operations
Not all of these stakeholders will require audited financial statements in all situations. Some may be satisfied with a lesser form of assurance or none at all depending on their taste for risk and/or access to other internal information of the company - see my previous post on types of assurance reports for more information. Publicly accountable entities, such as companies listed on a stock exchange, are required by securities regulations to have an annual audit.
What’s important to who?
An auditor makes many judgments during the course of a financial statement audit, the quality of those judgments having a significant impact on the nature of the procedures performed by the auditor. One of the key judgments applied is around the concept of materiality. According to the Canadian Audit Standards: “Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.” With this definition in mind, the auditor attempts to assign a numeric level above which misstatements could be material to the reader of the financial statements. Which balances and transactions subject to significant audit scrutiny will be determined in the context of materiality. This means that if there is no risk of material misstatement around a particular balance or transaction then only minimal, or potentially no, audit procedures will be applied to that balance or transaction. This being the case, a clean auditor’s report does not mean that financial statements are entirely free of error; it means that they are free of material error. The reason for this approach is simple: an audit designed to detect any error, no matter how small, would be prohibitively expensive if it was even possible. The cost of such an audit would outweigh the benefit to the stakeholders, thus requiring a balance to be struck between the cost and the benefit.
Sounds like risky business to me…
Another concept key to audits is the identification of audit risks. Most audits are conducted using a “risk-based approach”, meaning that an auditor evaluates financial statements for balances and transactions for which there may be a risk of material misstatement and focuses an appropriate amount of time and effort to ensure that no such error exists within those amounts. Conversely, balances and transactions for which there is regarded to be no risk of material misstatement will receive an appropriately reduced amount of audit scrutiny. The determination of what may or may not constitute a risk of material misstatement requires the application of significant judgement on the part of the auditor with many factors considered including: the complexity of the transaction; the degree and subjectivity of management estimation applied; the size of the transaction in the context of materiality; the effectiveness of the company’s internal controls; and management’s expertise in relation to such transactions.
So, an audit guarantees the company is free of fraud, right?
One of the most common misconceptions about audits is that they guarantee that no fraud has occurred in the company. I’ve discussed this in a previous post, but the short story is that a standard financial statement audit is not designed to detect fraud and a well orchestrated fraud may pass undetected during a standard audit. Audits designed specifically to detect fraud are very expensive with an auditor being engaged to conduct such an audit only in specific circumstances, generally where fraud has been detected or where there is suspicion of such.
The most effective way for a company to prevent and detect fraud is to have a well designed and executed system of internal controls, which brings me to my next common misconception about audits – they don’t ensure a company’s internal controls are well designed or functioning properly. While an auditor is required to evaluate the company’s internal controls in order to determine whether a risk of material error exists due to a failure of those internal controls, the decision to actually test the controls in detail during the audit is somewhat discretionary and commonly a question of efficiency. If you have concerns about the occurrence of fraud or effectiveness of internal controls, you’ll need to look beyond a standard auditor’s report.
Why can’t we just do the audit ourselves?
Auditors love their checklists and they’re always referring their ‘handbook’ that tells them how to audit. So why can’t a company’s finance team just study up on this handbook, make a few checklists and do the audit of themselves? Isn’t that what internal auditors are for? There are a few reasons, but the primary one is independence. We’d like to think that everyone acts without bias, never makes a mistake and always behaves honestly and in the best interest of all involved, but unfortunately that isn’t always true. That being the case, an auditor is required to be independent of the companies that it audits, meaning there are specific independence restrictions in place to ensure the auditor is objective in their work.
Beyond independence, the issue boils down primarily to cost effectiveness and experience. Despite the myriad of checklists, auditing is a highly skilled profession requiring intimate knowledge of complex accounting standards, a multitude of complex accounting scenarios that may occur within the context of those standards and how to audit them effectively and efficiently. Maintaining this level of knowledge requires an enormous amount of ongoing training, part of which occurs through repetition gained through working on audits day in, day out – sometimes literally. Larger accounting firms have technical specialists who focus on highly complex and unusual issues, the experience for which can be gained only through exposure to many audits and hanging out with a bunch of other accounting savants like themselves. Even if a company were able to overcome the independence requirements, maintaining a team of staff with the qualifications to audit effectively would be more expensive than hiring an auditor and the experience from working on many audits would be impossible to gain by virtue of the fact they would audit only one company. As much as many companies would like to shed themselves of their auditor, they are necessary and valuable. So why not get the most out of the relationship with your auditor?
How can we make our audit easier?
In my experience, the audits that go well without last minute surprises or cost overages always involve good communication on both sides. A few key items that should be communicated between the auditor and the company’s management in a timely manner to improve audit logistics are as follows:
- Major or otherwise complex transactions, including management’s assessment of the accounting;
- Critical milestones for the audit timeline and related deliverables due from all involved;
- The auditor’s planned audit approach, including materiality, significant areas of audit focus and other scoping issues; and
- Audit fees and related assumptions.
Ideally, the auditor should discuss such issues with the company’s audit committee, board and/or senior management during the planning stage of the audit, with a follow up report upon the conclusion of the audit.
Management may consider requesting that the auditor consider major transactions throughout the year, applying audit procedures as such issues arise to provide early comfort to management and to avoid dealing with complex issues in the late stages of the audit. In many cases, quarterly or semi-annual meetings with the auditor to discuss ongoing and upcoming issues may help to identify issues and opportunities early.
Communication is, of course, a two way street but if you find your auditor isn’t communicating with you proactively, reach out and start the conversation – you’ll be glad you did.
Whaaat?! My auditor can provide value beyond just an auditor’s report?
Your relationship with your auditor can give you much more than just a painless and cost-effective audit. Many audit partners specialize in a particular industry, in which case they will likely audit many of your company’s peers and will be otherwise well versed on best practices and current events specific to your industry. Although auditors cannot discuss specifics of their clients for confidentiality reasons, they can provide valuable insight that will be useful to your company. For this reason, there is often value for senior management outside of the finance function to participate in meetings with the auditor.
Most accounting firms offer many valuable services beyond just audit, which you can access through your auditor. If you’re well matched with your audit firm, meaning you work well with them and they know how to service your industry and your company, then your auditor will be in a unique position to be your trusted advisor. Your auditor already understands your business and can help you identify the risks your business may be exposed to and how to mitigate those risks to the benefit of the company’s stakeholders. You’re setting up a new subsidiary in Guatemala? Call your auditor to discuss cross-border tax planning. You have intercompany transactions with international subsidiaries? Call your auditor to discuss transfer pricing considerations.
A really good auditor will proactively make suggestions to mitigate risks and generally improve your business based on observations made during the course of their audit. Such observations may include improvements to internal controls and processes or opportunities for tax planning and may be summarized in a letter upon the conclusion of the audit. In many cases an auditor may not be able to provide the non-audit service you require due to independence reasons, but they will be able to assist you in scoping critical issues and set you up with a referral to a trusted professional to attend to your needs.
Last but not least, many accounting firms offer complementary educational materials and presentations, many of which qualify for professional development credits required to maintain major accounting designations. Examples of such are those offered by my firm, BDO Canada LLP, including timely publications on a wide variety of topics through our online library as well as professional development training, which we refer to as MYPDR.
Don't forget to follow me so you don't miss my future posts.