44
Management vs. Auditor Responsibilities Whose Financial Statements are They Anyway? Nancy E. Shelmon, CPA Partner, PricewaterhouseCoopers, Los Angeles, CA Douglas K. Risser, CPA Global Controller, World Vision, Federal Way, WA AICPA National Not-for-Profit Industry Conference

AICPA Mgmt vs Auditor NFPIC June 2007

Embed Size (px)

Citation preview

Page 1: AICPA Mgmt vs Auditor NFPIC June 2007

Management vs. Auditor Responsibilities

Whose Financial Statements are They Anyway?

Nancy E. Shelmon, CPAPartner, PricewaterhouseCoopers, Los Angeles, CA

Douglas K. Risser, CPAGlobal Controller, World Vision, Federal Way, WA

AICPA National Not-for-Profit Industry Conference

Page 2: AICPA Mgmt vs Auditor NFPIC June 2007

AGENDA

1. Background leading to this discussion

2. Impact of SAS 112 on management’s responsibilities

3. Use of Estimates

4. Closing the Books

5. Other Tools Available

6. Role of Audit Committee

7. Questions

Page 3: AICPA Mgmt vs Auditor NFPIC June 2007

Top Ten Auditor Frustrations

10. The auditor’s room is like being in solitary confinement.

9. The client likens auditors to the Bermuda Triangle – anything lost, the auditor did it.

8. Last year’s adjustments were never made. 7. Each year, the auditors become the temporary

bookkeepers. 6. The Accounting department is told only to give

name, rank, and serial number to any questions asked.

Page 4: AICPA Mgmt vs Auditor NFPIC June 2007

Top Ten Auditor Frustrations, Cont’d.

5. The audit is a great time to schedule vacations. 4. The client contact is like Sergeant Shultz on

Hogan’s Heroes – “I know nothing.” 3. Typical response to management letter – “We’ll

consider it next year.” 2. Standard reconciling item – “unexplained

difference.” 1. Client’s perspective of fixed fees means “I can

cause unto you delays, inefficiencies, etc., but you cannot increase billings unto me.”

Page 5: AICPA Mgmt vs Auditor NFPIC June 2007

Top Ten Client Frustrations

10. Your Accountant’s definition of GAAP is a place where you

buy jeans.

9. The temporary employee filed the A/P invoices using the

Russian alphabet.

8. Auditor leaves the conference room looking like the streets of

New Orleans the day after Mardi Gras.

7. You exceed the FDIC insurance cash limit one day during the

entire year and it happens on the last day of the year.

6. Auditor won’t accept “plug” as an explanation for a journal

entry.

Page 6: AICPA Mgmt vs Auditor NFPIC June 2007

Top Ten Client Frustrations, Cont’d.

5. The auditor’s definition of lead time for requesting information

can be measured with the second hand of your watch.

4. Audit assistant’s materiality is based on their average college

checkbook balance.

3. Auditor’s definition of divisible is the parting of the Red Sea.

2. Audit Assistant appears younger than your teenage son who

just entered high school.

1. That same audit assistant drives a nicer car than you do.

Page 7: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

What is the most valuable asset of

any organization?

Page 8: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

What is the most valuable asset of any organization?

The typical response is “people,” “staff,” or

“employees.”

This is not correct, at least not totally correct.

Page 9: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

The most valuable asset of any organization is

Knowledge Capital.

However, Knowledge Capital is always invested in our

people, and maintained by our people.

Page 10: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Therefore, we find that in order to maximize Knowledge

Capital we must:

Continually develop and invest in our people, and

Document and maintain processes and procedures.

Take the opportunity we have in readying for SAS 112 to

create and/or enhance our documentation of Internal

Controls.

Page 11: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

What will change as a result of SAS 112:

More control deficiencies will be considered severe.

The auditor must consider the “potential” magnitude

of a control deficiency rather than the actual

magnitude as follows:

Does a control deficiency—or a combination of

deficiencies—constitute a significant deficiency or a

material weakness?

Page 12: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Would prudent officials with knowledge of the facts and

circumstances agree with the auditor’s assessment?

Are effective compensating or complementary controls in

place?

What is “material” to the financial statements from a

quantitative and qualitative perspective?

Page 13: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

In summary, under SAS 12:

More control deficiencies will likely be considered

significant and/or material and will be communicated

more broadly to stakeholders.

The auditor has less judgment and will require more

evidence and documentation from management to

support his conclusions about the effectiveness of

internal controls.

Page 14: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

See “SAS 112 internal controls readiness: a PwC

perspective” published by PricewaterhouseCoopers LLP

www.pwc.com/extweb/pwcpublications.nsf/docid/

0D87C5D88D5E10D5852571E6005A3E92

Page 15: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Internal Control Maturity Framework

Under SAS 112, controls must be documented in order for auditors to rely on them. Moving to the right on the maturity framework will take on greater urgency in the new environment.

UnreliableUnpredictableenvironment where control activities are not designed or in place

Informal Control activities are designed and in place, but are not adequately documented

Standardized Control activities are designed, in place and are adequately documented

Monitored Standardized controls with periodic testing for effective design and operation with reporting to management

Optimized Integrated Internal controls with real time monitoring by management and continuous improvement

Page 16: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

What should you do to prepare for the implementation of

SAS 112?

Educate your board.

Inventory the significant accounts, disclosures, and

components as well as the processes and cycles.

Year One: Consider documenting IT controls, Payroll

Controls and Preparation of Financial Statements

Page 17: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Information technology (IT) controls over significant

systems Are controls automated or manual? Are controls documented? Controls over program security, program access, program

changes? Monitoring or mitigating controls at the process level might

compensate for weaknesses in IT controls. Audit trail evidence that controls were executed.

Page 18: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Payroll (including for government grants) What controls are in place? Are controls automated or manual? Are controls documented? Are periodic reconciliations performed? Is the review and approval evidenced? Review written policies and procedures for pre-award and

post-award grants and contracts. Effort reporting.

Page 19: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

1. Preparation of Financial Statements What controls are in place? Who reviews estimates? What documentation exists? What adjustments does the auditor propose as a

result of the annual independent audit? Review adjustments and unadjusted differences

proposed over the last three to five years.

Page 20: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Preparation of Financial Statements (con’t) Consider developing a financial statement binder.

Work papers that support the financial statements

Accounting and disclosure checklists Proof of the accuracy and completeness of

“release of restrictions” transfer, etc.

Page 21: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

In the second year, consider reviewing controls over other areas, such as:

Contributions and fund-raising Revenue recognition Cut-off UBTI assessment

Endowment Board approval Spending formulas Honoring donor restrictions

Page 22: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

In the second year, consider reviewing controls over

other areas, such as (con’t):

Property, plant and equipment Capitalization of expenditures Evidence of compliance Capitalized interest, other borrowing-related

activities

Page 23: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

As you review the controls, consider the following

questions:

How do you know your controls are effective?

Is there adequate segregation of duties?

Are reviews documented?

Page 24: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

As you review the controls, consider the following questions (con’t):

Are spreadsheet controls in place for key management reports?

What constitutes good documentation? Are the estimates that management has made

documented? Does the documentation accurately depict what

happens on a daily basis?

Page 25: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

As you review the controls, consider the following questions (con’t):

Are all SAS 70 reports of outside service organizations reviewed and documented?

Is the level of communication among management, internal and external auditors, and the audit committee adequate?

Page 26: AICPA Mgmt vs Auditor NFPIC June 2007

Internal Controls and SAS 112

Time is rapidly passing since SAS 112 became effective for December 31, 2006 year-end audits and will be effective for all June 30, 2007 year ends

Page 27: AICPA Mgmt vs Auditor NFPIC June 2007

Use of Estimates

Where are the “estimates” in the financial statements of

most organizations?

Collectibility of pledges and/or accounts receivable Discount rate on pledges Estimated useful lives of fixed assets Fair value of other assets Allocation of joint costs Functional allocation of expenses

Page 28: AICPA Mgmt vs Auditor NFPIC June 2007

Use of Estimates

Auditor’s role with Estimates: Discuss with management the method of determining

balance;

Evaluate whether the assumptions used are

consistent with each other, the prior year, supporting

data, relevant historical data, and industry data;

Determine whether accounting estimates are in

compliance with GAAP;

Page 29: AICPA Mgmt vs Auditor NFPIC June 2007

Closing the Books

Closing the books is the process that an organization uses to reconcile, consolidate, and report financial information on a periodic basis.

Each organization defines the process a little differently; not all organizations complete the same list of tasks to close their books.

Among the tasks that organizations may include in the process are the following:

Ensuring validity and consistency in the company's charts of accounts 

Page 30: AICPA Mgmt vs Auditor NFPIC June 2007

Closing the Books

Among the tasks that organizations may include in the process are the following (con’t):

Completing journal entries.

Consolidating data from outlying business units.

Preparing trial balances

Correcting errors

Reconciling and analyzing accounts

Calculating taxes

Page 31: AICPA Mgmt vs Auditor NFPIC June 2007

Closing the Books

Among the tasks that organizations may include in the

process are the following (con’t): Preparing and distributing reports Supervising closing tasks and reviewing key accounts

and reports An investigation of the process of closing the books

usually reveals opportunities to improve speed and

accuracy.

Page 32: AICPA Mgmt vs Auditor NFPIC June 2007

Closing the Books

A fast, accurate close-the-books process provides

multiple benefits for the finance function and for the

organization.

Utilize a monthly and annual closing checklist to

document assignments, control points as well as

approvals

Page 33: AICPA Mgmt vs Auditor NFPIC June 2007

Closing the Books

Sample checklist provided in your book

Other tools may be found in the AICPA Not-for-Profit

Toolkit

Page 34: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Toolkit

Actionable tools (matrices,

questionnaires, RFPs,

evaluations, how-to, etc.)

Distributed in print

Customizable

Page 35: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Toolkit

Tools are available on

website

www.aicpa.org/Audcomm

ctr/toolkitsnpo/homepage

.htm

Page 36: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Toolkit

Administrative Tools Audit Committee Charter Matrix* Financial Expertise* Sample RFP for CPA Services Independence and Related Issues* Peer Review of CPA Firms Evaluating the Auditor’s Engagement Letter Hiring the Chief Audit Executive Hiring External Experts

Page 37: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Toolkit

Audit Process Tools Internal Control Fraud and the Audit Committee* Whistleblower Tracking Report* Conducting an Audit Committee Executive

Session* Issues Report From Management Discussions With the Independent Auditors*

Page 38: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Responsibilities As Related to Financial Statements

13. Inquire of the executive director and CFO regarding the sources of support and revenue of the organization from a subjective as well as an objective standpoint.

14. Review with the independent auditors and the CAE: The adequacy of the organization’s internal controls,

 Any related significant findings and recommendations

Page 39: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Responsibilities As Related to Financial Statements, Cont’d.

17. Review with each public accounting firm that performs an audit: All critical accounting policies and practices used by

the organization.

 All alternative treatments of financial information

18. Review all material written communications between the independent auditors and management, such as any management letter or schedule of unadjusted differences.

Page 40: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Responsibilities As Related to Financial Statements, Cont’d.

19. Review with management and the independent auditors: annual financial statements and related footnotes independent auditors’ audit of the financial statements and their report thereon judgments about the quality, not just the acceptability, of the organization’s accounting principles as applied in its financial reporting Any significant changes required in the independent auditors’ audit plan Any serious difficulties or disputes with management

Page 41: AICPA Mgmt vs Auditor NFPIC June 2007

Audit Committee Responsibilities As Related to Financial Statements, Cont’d.

20. Review with the general counsel and the CAE, legal and regulatory matters that, in the opinion of management, may have a material impact on the financial statements, related organization compliance policies, and programs and reports received from regulators.

Page 42: AICPA Mgmt vs Auditor NFPIC June 2007

Client Expectations

Qualified Staff Minimal Turnover Knowledgeable About Business Flexibility of Audit Schedule Formats More Value Out of Audit Keep Informed on Current Events Training of Client Personnel Effective and Timely Communication

Page 43: AICPA Mgmt vs Auditor NFPIC June 2007

Auditor Expectations

Take Ownership of Financial Statements

Adhere to Deadlines

Early Identification and Communication of

Accounting/Audit Issues

Proactive View of Internal Controls

Optimize Audit Process

Responsive to Auditor’s Concerns and Comments

Page 44: AICPA Mgmt vs Auditor NFPIC June 2007

QUESTIONS?????