Nonpublic companies receiving an annual financial statement audit may be seeing significant changes in the performance of their financial statement audits this year. To increase the effectiveness of financial statement audits, the American Institute of CPAs – the body that establishes standards for audits of nonpublic entities – issued a new suite of risk based auditing standards which will be effective for most December 31, 2007 audits. The new standards call for more of a “rifle” approach where the auditor identifies specific audit targets and acts as a financial statement sniper of sorts.
Many commentators believe these standards are the most significant changes to audits of nonpublic companies in over thirty years. The changes will be felt by both auditing firms and their clients.
A brief overview of the new audit standards
Though less in scope than the rules for public company audits, these new standards parallel many of the key themes of Sarbanes-Oxley and require that auditors:
- Obtain a more robust understanding about their clients’ operations, their business objectives and strategies, and their process for identifying and management risks to achieving those objectives.
- Gain a deeper understanding of their clients’ internal controls
- Perform a more rigorous assessment of risks of material misstatement of the financial statements, whether due to error or fraud, with clearly documented linkage of the risks of material misstatement to the audit work performed.
- Document their conclusions regarding internal controls regardless of whether they intend to rely on the client’s internal controls. No longer are they afforded the ability to default to a maximum risk assessment for internal controls without documenting the reasons for that conclusion.
What does this mean to you?
First, the additional work prescribed by the new standards will likely have a significant impact on audit costs, largely depending on how your auditing firm performed their audits in the past. If the auditing firm primarily used a “checklist” approach, the changes and potential increase in cost will be dramatic. If instead, the firm had already used a risk based approach combined with an intensive understanding and testing of controls, you will see less change in the audit approach and fees. In speaking with several auditing firms in the region, many estimate first year increases in audit fees ranging from 15-40 percent due to the new standards.
Second, you can expect your auditing firm to begin their audit much earlier in order to perform their risk assessment procedures so that they can plan the remainder of the audit. You can also expect to require more involvement from your staff. The auditing firm will be speaking to and interviewing more people in more departments and positions to gain a better understanding of how your business and industry works.
Third, the new auditing standards will clarify the responsibility of management versus external auditors. Many companies consider their external audits to be an integral part of their internal control or to perform many accounting and bookkeeping activities such as preparing year-end adjusting entries and drafting the year-end financial statements. However, professional standards prohibit the auditing firm from auditing their own work or being part of their clients’ internal control system. The new standards (as well as existing standards) require the auditor to evaluate the work performed and determine whether the client has sufficient procedures or controls in place in areas the auditors may have assisted with. If the auditor determines they do not, the auditor will be required to communicate that in writing as a significant internal control deficiency or material weakness.
What can you do?
Determine whether you really need to have an audit performed. If you are having an annual audit at the request of your bank, ask them whether they would allow you to submit reviewed financial statements. If reviewed statements are not adequate, propose to have certain agreed upon procedures performed by your CPA in addition to the review. For example, your accounting firm could perform certain procedures such as an observation of your inventory and confirmation of your accounts receivable to assist the bank in gaining confidence in your reviewed financials.
If you must have an audit performed, here are a few steps you can take to prepare your organization for the new standards.
- Meet with your auditing firm as soon as possible to gain a greater understanding of how they will perform their risk assessment phase.
- Formally document your internal control policies, procedures and controls.
- Analyze those procedures to determine whether they are designed effectively and functioning as designed.
- If you identify deficiencies in your controls, take measures to correct them prior to your year-end audit.
You can avoid any surprises and ensure a smoother audit at year end by beginning your efforts early.
