the Basics: Auditing 101
Seach, Public Relations Associate
audit can be compared to an annual checkup with the doctor. Just
as the patient must pass certain exams to ensure a clean bill of
health, a company’s financial “good health” standing
relies on whether or not
its financial statements abide by generally acceptable standard
and accounting principles. While the audit does not guarantee a
perfect financial statement, it does provide reasonable assurance
that the statements are free of misstatements. In this case, the
doctor is the auditor, and the company is the patient.
organization, whether it is a privately held business, a publicly
owned corporation, or a nonprofit
organization, must prepare financial reports. These reports are
like the lifeline of a company and help owners and managers make
decisions and help provide the company’s financial status
to shareholders, employees, regulators, and the public.
The United States
government enacted the Securities and Exchange of 1934 requiring
publicly traded companies to disclose certain financial information
that could be audited. The act also created the Securities and Exchange
Commission (SEC) to enforce the audit requirements.
There are two
kinds of audits: internal and external. An external audit is performed
by an outside auditor who does not have any ties to the organization
or its financial statements. The outside auditor, or Certified Public
Accountant (CPA), examines financial statements prepared by management
for a faired presentation as well as relevance and accuracy. Most
importantly, an audit tests whether or not a company is adhering
to professional standards and generally acceptable accounting principles
accounting principles are used by auditors to judge financial statements.
Financial statements are considered to conform to the GAAP if the
accounting principles used by management are generally accepted
throughout the profession. There is also some room for judgment
calls with the GAAP. If the accounting principles used by management
are appropriate given special circumstances, the financial statements
can confirm to the GAAP.
disclosure” is another means of conformity to the GAAP. The
disclosure of enough information –by parenthetical notation,
special notes, or in the body of the statements- should enable the
reader to understand the financial statements. Finally, “materialism”
allows for some approximations in a reasonable range of tolerable
error. According to the American Institute of Certified Public Accountants’
(AICPA) Understanding Audits and the Auditor’s Report (2001)
example, a $5,000 misstatement of sales revenue for a company with
$20,000 net income be material, however if the net income was for
the company was $750,000, the misstatement may become immaterial.
However, this small amount can become material depending on which
parts of the financial statement it affects such as debt.
During an external
audit, the independent CPA performs various testing techniques with
a sense of professional skepticism. The CPA uses these techniques
to test a sample of all the company’s transactions. From those
samples, the CPA may gain reasonable assurance that the financial
statements are free of any misstatements or fraud. When the audit
is complete, the CPA prepares a report based on the findings. In
this report, the CPA reaches one of four conclusions – Qualified,
Unqualified, Disclaimer, Adverse.
An audit starts
with an interim review which typically covers the first half of
the financial year. It is an attempt to better understand the business
of the company and its main issues. Next, the CPA must check for
any audit risks such as conflict of interest, or companies overstating
figures, which could lead to an abnormally high income.
At this point,
the end of the audit usually takes place before the closing date.
For example, if a company closed on December 31, the close could
use numbers from the end of the preceding quarter or around November
30. Although this step does not appear on the final audit, it is
intended to audit all movements from the beginning of the year to
The last step
of the audit is called the “final,” and usually takes
place weeks after the closing date. Here, the CPA audits movements
to the closing.
Once the testing
is complete, the CPA creates a report that states: the auditor’s
responsibilities, the work performed by the CPA, and a conclusion.
From this, the CPA ultimately reports if the company is able to
stay in business. There are three parts in a final audit report:
an introduction, a scope of the audit, and an opinion paragraph.
Based on the
audit, the CPA can come to one of four conclusions:
– the audit is sound and no major deficiencies exist in
the financial statements.
– the auditor did not get a complete look at the audit or
the statement does not completely satisfy the general accepted
– the auditor could not form an opinion on the fairness
of the statements
– the financial statements do not abide by GAAP and do not
fairly represent the company
part of the interim review is the auditor’s assessment of
the company’s internal controls.
internal audits to ensure the management that the company is meeting
internal and external goals. Internal goals include productivity,
quality, compliance controls, consistency, and cost, while external
goals deal with customer satisfaction and market share. Auditors
check to make sure transactions are executed with management’s
authorization in accordance with GAAP. Also, access to assets must
have management’s authorization. Generally speaking, an internal
auditor rates the company’s overall effectiveness.
aim to prove that the company’s financial statements are accurate
and reliable. Internal controls can be categorized into two areas
– administrative and accounting. Administrative controls deal
with the procedures and records that lead to management’s
authorization of transactions. Accounting control is a set of procedures
and records that involve safeguarding assets and the reliability
of financial records.
the audit process
In an attempt
to eliminate accounting fraud scandals such as WorldCom and Enron,
the government in 2002 passed the Sarbanes-Oxley Act, placing more
liability on management. Sarbanes Oxley requires audit committees
of publicly traded companies to report to shareholders whether or
not the company’s internal controls - the process in which
a company ensures its financial records are fair and accurately
reflect all transactions and dispositions that reflect the assets
of the company- are sufficient.
Section 404 of the act requires management to include information
about the company’s internal control and whether or not it
is effective to shareholders in its annual report. Section 404 also
gives power to the Public Company Accounting Oversight Board (PCAOB)
to set standards for internal control and the independent auditor.
Also, the Chief Executive Officer (CEO) and the Chief Financial
Officer (CFO) must sign off on the financial statement presentation.
The PCAOB is
a private sector, non-profit corporation that has the authority
to oversee the auditors of public companies. A public company is
a company that: is registered with the Securities and Exchange Commission
(SEC), raises money from the public, has more than 300 shareholders,
and/or chooses to function as a public company. Also, any company
with more than 500 or more public shareholders or with some shareholders
and assets of $5 million are legally required to become a public
Should a violation
allegedly occur, the public accounting firm and those related are
expected to fully comply with the PCAOB. The accounting firm appears
before a hearing and if the company is charged with violating the
Sarbanes-Oxley Act, the PCAOB can impose sanctions. The severity
of the sanctions can differ, being as light as training, new quality
control procedures or the appointment of an independent monitor.
Heavier sanctions include jail time, large fines, revoking a firm’s
registration or barring individuals from participating in the audit
for Non-Profit Organizations
became a law, it was aimed at keeping publicly traded companies
in check. Non-profit companies, although not completely targeted
by Sarbanes-Oxley, adopted its own set of procedures to ensure sound
traded companies having to do financial audits, nonprofit organizations
must perform a separate compliance audit. In order to understand
the difference between the two, let’s create an example with
a legitimate transaction. Suppose for all checks submitted, there
must be two signatures required. This particular check has only
one signature of approval. For a regular audit, the auditor can
use common sense and approve the check based on the belief of its
legitimacy. In a compliance audit, there are no exceptions. The
check requires the dual signatures and cannot be approved.
non-profits are legally required to conduct an audit, certain exclusions
exist. In California, the Nonprofit Integrity Act (2004) requires
charities that are registered with the attorney general and receive
annual gross revenues of $2 million or more to form audit committees.
Nonprofits that spend more than $500,000 of federal funds need to
conduct an annual audit, while those participating in the Combined
Federal Campaign must conduct an audit at $100,000.
have audit committees that are responsible for hiring and overseeing
an auditor. While an audit committee was once voluntary, the Sarbanes-Oxley
Act introduced major changes to the regulation of financial practice
and corporate governance and mandated that each audit committee
- Be independent.
at least one member that is considered a “financial expert”
by the SEC.
- Be directly
responsible for the appointment, compensation and oversight of
all auditing services, as well as nonauditing services.
procedures to properly and confidentially handle complaints regarding
accounting and auditing-related matters.
The audit committee
also has the power to work with independent counsel and other advisors
to perform its objectives.
The audit committee evaluates the accounting firm’s most recent
peer review to determine how the firm operates. A peer review evaluates
an accounting firm's auditing practice to see if it meets professional
standards. It is an independent review by one's peers.
The audit committee
also evaluates the firm’s strengths, the firm’s past
partnerships, the firm’s large clients lost in recent years.
These qualities all factor into the CPA auditor’s opinion
of the status of the financial statements. It also finds out if
any lawsuits against the firm exist or if it is sanctioned by the
SEC or conducted non-audit services that may cause a conflict of
are an important process in providing credibility for any company.
Starting as a check on a company’s finances, auditing practices
have been well developed to track a company’s success status.
An audit provides consumers, investors, and the general public confidence
in the company. Also, it provides the media with the proper tools
in serving as a watchdog against fraudulent and unfair activity.
While it is nearly impossible to conduct a detailed audit, “Dr.
Audit” is the best way for all to know whether or not a company
has a clean bill of health of reasonable assurance that their financial
records are free of any misstatements.