Learn the Basics: Auditing 101

By Paul Seach, Public Relations Associate

An audit can be compared to an annual checkup with the doctor. Just as the patient must pass certain exams to ensure a clean bill of health, a company’s financial “good health” standing relies on whether or not its financial statements abide by generally acceptable standard and accounting principles. While the audit does not guarantee a perfect financial statement, it does provide reasonable assurance that the statements are free of misstatements. In this case, the doctor is the auditor, and the company is the patient.

Almost every organization, whether it is a privately held business, a publicly owned corporation, or a nonprofit organization, must prepare financial reports. These reports are like the lifeline of a company and help owners and managers make decisions and help provide the company’s financial status to shareholders, employees, regulators, and the public.

The United States government enacted the Securities and Exchange of 1934 requiring publicly traded companies to disclose certain financial information that could be audited. The act also created the Securities and Exchange Commission (SEC) to enforce the audit requirements.

There are two kinds of audits: internal and external. An external audit is performed by an outside auditor who does not have any ties to the organization or its financial statements. The outside auditor, or Certified Public Accountant (CPA), examines financial statements prepared by management for a faired presentation as well as relevance and accuracy. Most importantly, an audit tests whether or not a company is adhering to professional standards and generally acceptable accounting principles (GAAP).

GAAP

Generally acceptable accounting principles are used by auditors to judge financial statements. Financial statements are considered to conform to the GAAP if the accounting principles used by management are generally accepted throughout the profession. There is also some room for judgment calls with the GAAP. If the accounting principles used by management are appropriate given special circumstances, the financial statements can confirm to the GAAP.

“Adequate disclosure” is another means of conformity to the GAAP. The disclosure of enough information –by parenthetical notation, special notes, or in the body of the statements- should enable the reader to understand the financial statements. Finally, “materialism” allows for some approximations in a reasonable range of tolerable error. According to the American Institute of Certified Public Accountants’ (AICPA) Understanding Audits and the Auditor’s Report (2001) example, a $5,000 misstatement of sales revenue for a company with $20,000 net income be material, however if the net income was for the company was $750,000, the misstatement may become immaterial. However, this small amount can become material depending on which parts of the financial statement it affects such as debt.

The External Audit

During an external audit, the independent CPA performs various testing techniques with a sense of professional skepticism. The CPA uses these techniques to test a sample of all the company’s transactions. From those samples, the CPA may gain reasonable assurance that the financial statements are free of any misstatements or fraud. When the audit is complete, the CPA prepares a report based on the findings. In this report, the CPA reaches one of four conclusions – Qualified, Unqualified, Disclaimer, Adverse.

An audit starts with an interim review which typically covers the first half of the financial year. It is an attempt to better understand the business of the company and its main issues. Next, the CPA must check for any audit risks such as conflict of interest, or companies overstating figures, which could lead to an abnormally high income.

At this point, the end of the audit usually takes place before the closing date. For example, if a company closed on December 31, the close could use numbers from the end of the preceding quarter or around November 30. Although this step does not appear on the final audit, it is intended to audit all movements from the beginning of the year to date.

The last step of the audit is called the “final,” and usually takes place weeks after the closing date. Here, the CPA audits movements to the closing.

Once the testing is complete, the CPA creates a report that states: the auditor’s responsibilities, the work performed by the CPA, and a conclusion. From this, the CPA ultimately reports if the company is able to stay in business. There are three parts in a final audit report: an introduction, a scope of the audit, and an opinion paragraph.

Based on the audit, the CPA can come to one of four conclusions:

• Unqualified – the audit is sound and no major deficiencies exist in the financial statements.
• Qualified – the auditor did not get a complete look at the audit or the statement does not completely satisfy the general accepted accounting principles
• Disclaimer – the auditor could not form an opinion on the fairness of the statements
• Adverse – the financial statements do not abide by GAAP and do not fairly represent the company

Internal Auditing

An important part of the interim review is the auditor’s assessment of the company’s internal controls.

Companies perform internal audits to ensure the management that the company is meeting internal and external goals. Internal goals include productivity, quality, compliance controls, consistency, and cost, while external goals deal with customer satisfaction and market share. Auditors check to make sure transactions are executed with management’s authorization in accordance with GAAP. Also, access to assets must have management’s authorization. Generally speaking, an internal auditor rates the company’s overall effectiveness.

Internal controls aim to prove that the company’s financial statements are accurate and reliable. Internal controls can be categorized into two areas – administrative and accounting. Administrative controls deal with the procedures and records that lead to management’s authorization of transactions. Accounting control is a set of procedures and records that involve safeguarding assets and the reliability of financial records.

Regulating the audit process

In an attempt to eliminate accounting fraud scandals such as WorldCom and Enron, the government in 2002 passed the Sarbanes-Oxley Act, placing more liability on management. Sarbanes Oxley requires audit committees of publicly traded companies to report to shareholders whether or not the company’s internal controls - the process in which a company ensures its financial records are fair and accurately reflect all transactions and dispositions that reflect the assets of the company- are sufficient.

Section 404 of the act requires management to include information about the company’s internal control and whether or not it is effective to shareholders in its annual report. Section 404 also gives power to the Public Company Accounting Oversight Board (PCAOB) to set standards for internal control and the independent auditor. Also, the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign off on the financial statement presentation.

The PCAOB is a private sector, non-profit corporation that has the authority to oversee the auditors of public companies. A public company is a company that: is registered with the Securities and Exchange Commission (SEC), raises money from the public, has more than 300 shareholders, and/or chooses to function as a public company. Also, any company with more than 500 or more public shareholders or with some shareholders and assets of $5 million are legally required to become a public company.

Should a violation allegedly occur, the public accounting firm and those related are expected to fully comply with the PCAOB. The accounting firm appears before a hearing and if the company is charged with violating the Sarbanes-Oxley Act, the PCAOB can impose sanctions. The severity of the sanctions can differ, being as light as training, new quality control procedures or the appointment of an independent monitor. Heavier sanctions include jail time, large fines, revoking a firm’s registration or barring individuals from participating in the audit process.

Auditing for Non-Profit Organizations

When Sarbanes-Oxley became a law, it was aimed at keeping publicly traded companies in check. Non-profit companies, although not completely targeted by Sarbanes-Oxley, adopted its own set of procedures to ensure sound financial health.

With publicly traded companies having to do financial audits, nonprofit organizations must perform a separate compliance audit. In order to understand the difference between the two, let’s create an example with a legitimate transaction. Suppose for all checks submitted, there must be two signatures required. This particular check has only one signature of approval. For a regular audit, the auditor can use common sense and approve the check based on the belief of its legitimacy. In a compliance audit, there are no exceptions. The check requires the dual signatures and cannot be approved.

Although all non-profits are legally required to conduct an audit, certain exclusions exist. In California, the Nonprofit Integrity Act (2004) requires charities that are registered with the attorney general and receive annual gross revenues of $2 million or more to form audit committees. Nonprofits that spend more than $500,000 of federal funds need to conduct an annual audit, while those participating in the Combined Federal Campaign must conduct an audit at $100,000.

Audit Committees

Most companies have audit committees that are responsible for hiring and overseeing an auditor. While an audit committee was once voluntary, the Sarbanes-Oxley Act introduced major changes to the regulation of financial practice and corporate governance and mandated that each audit committee must:

• Be independent.
• Contain at least one member that is considered a “financial expert” by the SEC.
• Be directly responsible for the appointment, compensation and oversight of the auditor.
• Preapprove all auditing services, as well as nonauditing services.
• Establish procedures to properly and confidentially handle complaints regarding accounting and auditing-related matters.

The audit committee also has the power to work with independent counsel and other advisors to perform its objectives.

The audit committee evaluates the accounting firm’s most recent peer review to determine how the firm operates. A peer review evaluates an accounting firm's auditing practice to see if it meets professional standards. It is an independent review by one's peers.

The audit committee also evaluates the firm’s strengths, the firm’s past partnerships, the firm’s large clients lost in recent years. These qualities all factor into the CPA auditor’s opinion of the status of the financial statements. It also finds out if any lawsuits against the firm exist or if it is sanctioned by the SEC or conducted non-audit services that may cause a conflict of interest.

Financial audits are an important process in providing credibility for any company. Starting as a check on a company’s finances, auditing practices have been well developed to track a company’s success status. An audit provides consumers, investors, and the general public confidence in the company. Also, it provides the media with the proper tools in serving as a watchdog against fraudulent and unfair activity. While it is nearly impossible to conduct a detailed audit, “Dr. Audit” is the best way for all to know whether or not a company has a clean bill of health of reasonable assurance that their financial records are free of any misstatements.