Prepare now for the new Audit Risk Assessment Standards
How much time you spend with your audit team this year will depend on what you are doing right now to prepare. That's not a warning or a threat. It's a fact of life, thanks to the new Audit Risk Assessment Standards that your external audit team will be implementing from now on.
Of course, preparation has always been the best way to streamline the audit process, but this year, it will be even more important for both auditors and the entities they audit. There is no time like the present to start analyzing, documenting, and if necessary, developing internal controls to reduce the risk of mistakes in financial statements.
The more time and focus you dedicate to internal controls now, the less stressful your audit will be in the future for all parties involved. This is probably not the first you have heard of the new audit procedures, and I'm sure it won't be the last.
New standards bring new challenges
This new audit methodology came about when the AICPA, which establishes "generally accepted auditing standards" for public accountants, issued eight statements on auditing standards concerning the assessment of risk in the audit of financial statements. These standards have three main objectives:
- To obtain a more thorough understanding of your information processing system.
- To evaluate the design effectiveness of the controls over the system.
- To obtain detailed knowledge of your operations, business objectives and strategies, and the risks to achieving those objectives.
Under the new standards, auditors must gain a more in-depth understanding of your business, identify procedures and operations where there is a risk of a misstatement, and evaluate the effectiveness of your internal controls in reducing those risks. They will do this by performing a variety of procedures that include reviewing relevant documentation, observing the performance of control procedures, and "walking through" transaction cycles.
Here's an example. Internal controls are designed with an objective in mind. For example, a control objective may be to ensure the proper valuation of accounts receivable. One risk to achieving that objective would be the unauthorized processing of returns, allowances and write-offs. Controls put in place to achieve the objective may include:
- Supervisory approval of all correspondence authorizing returns and allowances.
- Limiting an individual's ability to process a credit memo transaction.
- Regular review of a reconciliation of accounts receivable ledger activity with sale, cash receipts and adjustment reports.
- Comparison of adjustments to approved transactions.
To test the controls related to supervisory approval and authorization, the auditor may request a computer-generated report of returns and other documentation of transactions. The auditor would then select a sample of entries and determine if the transactions were properly authorized. The auditor may also test controls designed to limit who can process credit memos, and use computer-assisted techniques to search for exceptions. Any significant control deficiencies would be reported in writing to management and those charged with governance of the company.
How you can prepare
In some cases, certain elements of the work relating to understanding your business, its environment and its internal controls, will need to be completed well in advance. So don't be surprised if you receive a call from an audit professional earlier than you have in the past. You can prepare by:
- Documenting relevant business processes.
- Identifying and assessing the risks to obtaining accurate financial statements.
- Documenting all internal controls in writing.
- Reviewing your procedures over transactions to make sure there are controls in place for documenting authorization.
- Defining staff duties and responsibilities.
- Assuring adequate separation of duties.
- Looking beyond the controls in the accounting department to sales, operations, IT, human resources and other departments that can impact financial reporting.
What's in it for you?
The goal of the new standards is simple: to maintain the integrity of the audit process by responding to the evolving needs of financial statement users, like shareholders, partners, employees, lenders and other creditors.
The new standards are perhaps the most significant change to auditing in the last 30 years. I believe that, although they may initially seem burdensome, they are a tremendous improvement to the audit process that will strengthen the integrity and credibility of your financial statements.
- Beth Auterman, CPA, is a partner for Clifton Gunderson's Assurance Services. She can be reached at (217) 351-7400 or Beth.Auterman@cliftoncpa.com