Oct 7, 2008
The objective of an audit is to provide assurance that an assertion corresponds with some established criteria. An audit involves gathering and evaluating evidence to support the assertions and preparing a communication indicating the work done by the auditor and his or her opinion regarding the degree of correspondence between the assertions and established criteria.
Two primary types of audits are financial audits and compliance audits. In a financial audit, the management of a business asserts that the financial statements are prepared in accordance with generally accepted accounting principles (GAAP), which are the applicable criteria. The financial statement auditor attests to the degree of correspondence between those financial statements and GAAP. In a compliance audit, an individual or business asserts that it is complying with specific laws, regulations, policies or procedures. The compliance auditor provides assurance that the entity is, in fact, complying with those applicable criteria. More details are provided below.
Audits are related to a wide range of criteria. Operational, or performance, audits evaluate the effectiveness and/or efficiency of an organization. For example, an auditor may determine whether or not a recipient of government funds is performing the funded services in a cost-efficient manner. The term "attestation engagement" includes audits and other services in which an auditor is engaged to issue a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party. For example, an auditor may attest to the reliability of awards programs. The key components are an assertion made by one party with the expectation that a third party will rely on it and an attest or providing a written report on the assertion. Assurance services are independent professional services, including attestation services, that improve the quality of information or its context for decision makers. Developing areas for assurance services include Webtrust, which provides assurance regarding controls related to electronic commerce.
The three broad groups of auditors are external, internal, and governmental. Certified public accountants (CPAs) are external, independent auditors who are licensed by individual states to provide auditing services. The public accounting profession has played an active role in developing and providing attestation services. The American Institute of Certified Public Accountants (AICPA), a voluntary national professional organization, represents the accounting profession in the United States in general and the public ac counting profession in particular. The AICPA publishes books, journals, and other materials, manages a Web site (www.aicpa.org), lobbies legislators, and sets professional standards. State professional societies, such as the New York State Society of CPAs, provide support on a local level. The United States Securities and Exchange Commission (SEC), in requiring publicly held companies to have annual audits, promoted the role of the CPA in providing services of this nature (i.e. independent, professional, external verification). SEC requirements are discussed below.
Internal auditors are employees of organizations. In publicly owned companies, internal au ditors typically report to senior management and the board of directors, through its audit commit tee. Internal auditors are primarily involved in compliance and operational audits. The Institute of Internal Auditors (IIA), an international organization, is the professional organization repre-senting the internal auditing profession. The IIA publishes materials, encourages local chapter activities, offers certification as a certified internal auditor (CIA), and provides general support for practicing internal auditors. (For more information, go to http://nan.shh.fi/raw/iia/.)
Government auditors evaluate their own agencies and those for which they are responsible, including recipients of funds. These auditors exist on the national, state, and local levels. Internal Revenue Service (IRS) auditors and General Accounting Office (GAO) auditors are the most visible government auditors. IRS auditors examine tax returns. (For more information, go to http://www.irs.gov/.) The GAO is responsible for oversight, review, and evaluation of federal agencies and recipients of federal funds. The GAO reports to the U.S. Congress. (For more information, go to http://www.gao.gov/index.htm.)
The objective of a financial audit is to determine whether the financial statements are prepared in accordance with generally accepted accounting principles (GAAP). The management of an organization is responsible for preparing the financial statements. The auditor is responsible for rendering an opinion on the fairness of those financial statements based on his or her audit.
When preparing the financial statements, management must follow GAAP, which are the principles and practices that govern financial re porting. Formal Statements of Financial Ac counting Standards are issued by the Financial Accounting Standards Board (FASB), an independent standards-setting organization in the United States. (For more information, go to www.rutgers.edu/Accounting/raw/fasb/.) The Audit Committee of the company's board of directors acts as a liaison with the auditors who are per forming the financial statement audit.
The Securities and Exchange Act of 1934 requires publicly held companies to file Form 10-Ks with the Securities and Exchange Commission (SEC) within 90 days after the end of the fiscal year. This filing must include audited financial statements and an independent auditors report. The SEC was established to protect investors, and the requirement to publish audited annual financial statements plays a role in meeting that objective. (For more information, go to www.sec.gov.)
Nonpublic companies may have their financial statements audited for several reasons. The company may be planning to go public in the near future and will need audited financial statements for several years prior to an initial public offering. A bank or other creditor may require audited financial statements annually. A business may voluntarily hire an auditor to provide the owners with assurance that its financial statements are reliable.
Audited financial statements that will be submitted to the SEC or to others are audited by CPAs. These CPAs practice in public accounting firms, many of which are referred to as professional services firms. The largest firms are commonly referred to as "The Big Five." These five firms are: Arthur Andersen & Co. (http://www.arthurandersen.com/), Deloitte & Touche (http://www.dttus.com/), Ernst & Young (http://www.ey.com), KPMG Peat Marwick (http://www.kpmgcampus.com/), and Pricewaterhouse Cooper (http://www.pwcglobal.com/). These companies, and many other public accounting firms, operate as limited liability partnerships (LLPs) and thus carry LLP designation in their names. In addition to accounting and auditing services, many CPA firms offer tax and consulting services. These consulting services include systems design, litigation support, pension and benefits consulting, and financial planning.
The external, independent CPA must follow generally accepted auditing standards (GAAS) when performing the financial statement audit. These ten broad standards include three general requirements for the individual auditor, three standards for fieldwork, and four reporting standards. Authoritative guidance regarding the application of these ten general standards is provided in Statements on Auditing Standards (SASs), which are issued by the AICPA's Auditing Standards Board.
The general standards require the CPA to be proficient in accounting and auditing, to be independent from his or her client, and to exercise due professional care. Before accepting an audit client, the auditor must determine if he or she will be able to provide the necessary services on a timely basis and must have no financial or managerial relationship with the company whose financial statements are being audited.
The fieldwork standards address what is required when actually performing the audit work. The auditor must plan the engagement and supervise assistants. The auditor must obtain an understanding of the company's internal controls. The auditor must obtain sufficient competent evidence to support the financial statement assertions.
The reporting standards set requirements for the auditor's report. The report must explicitly refer to GAAP and must state an opinion on the financial statements as a whole. If there has been a change in accounting principles used by the company or inadequate disclosure of significant information, the auditor's report should address those issues.
The auditor can issue five types of reports on financial statements: unqualified opinion, unqualified opinion with explanatory language, qualified opinion, adverse opinion, or disclaimer of opinion.
If the financial statements present fairly, in all material respects, an entity's financial position (i.e., the balance sheet), results of operations (i.e., the income statement), and cash flows (i.e., the statement of cash flows) in conformity with GAAP, and if the audit is performed in accordance with GAAS, then a standard unqualified report can be issued. The standard unqualified report is as follows:
We have audited the accompanying balance sheets of X company as of December 31, 20X2 and 20X1, and the related statements of income, retained earnings, and cash flows for the years then ended. These financial statements are the responsibility of the Company's Management. Our responsibility is to express an opinion on these financial statements based on our audits.
We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of X Company as of [at] December 31, 20X2 and 20X1, and the results of its operations and its cash flows for the years then ended in conformity with generally accepted accounting principles.
Under certain circumstances, which are specified in the professional guidance, an auditor adds explanatory words or paragraph to a report in which an unqualified opinion is expressed. The unqualified opinion is not affected. There are nine situations in which such explanations are allowed. Among the most common are those instances in which there has been a change in accounting principle with which the auditor concurs. In such instances, the auditor adds a paragraph after the opinion paragraph. The additional paragraph identifies briefly the accounting change.
The auditor would issue a qualified opinion in situations where the auditor views a departure from GAAP as being material, but not pervasive or highly material relative to the entire set of financial statements; or when the auditor has not been able to obtain sufficient competent evidence pertaining to a material, but not pervasive or highly material, part of the financial statements. The auditor must add an explanatory paragraph before the opinion paragraph describing the reason for the qualification and then qualify the opinion paragraph. In the case of inadequate evidence, which is referred to as a scope limitation, the second paragraph of the report would also been modified.
If, in the auditor's judgment, pervasive or highly material deviation(s) from GAAP exist and the auditee cannot be persuaded to adjust the financial statements to the satisfaction of the auditor, then the auditor must express an adverse opinion. In this condition, the auditor expresses an opinion that the financial statements taken as a whole do not present fairly the financial position, results of operations, and cash flows of the company in accordance with GAAP.
A disclaimer of opinion, which basically means giving no opinion, is issued when the scope limitation (typically lack of evidence regarding financial statement assertions) is so pervasive or highly material that the auditor cannot draw conclusions as to the fairness of the financial statements, taken as a whole. A disclaimer is also issued when the auditor lacks independence from the auditee. Disclaiming an opinion is also permitted, but not required, in conditions of major uncertainty about the company's ability to continue as a going concern for a year following the date of the financial statements.
The AICPA Code of Professional Conduct guides the CPA in the performance of professional services, including audits. The code consists of principles, rules, interpretations, and rulings, going from the very broad to the very specific.
The six ethical principles of professional conduct provide the basis for the rest of the code. CPAs are expected to exercise professional and moral judgments in all their activities. CPAs should act in the public interest. CPAs should perform all their work with the highest sense of integrity. CPAs should be free of conflicts of interest when performing professional services. CPAs should observe the profession's technical and ethical standards. CPAs in public practice should observe these principles of the Code of Professional Conduct in determining the scope and nature of services to be provided.
The rules address more specific ethical concerns. CPAs are required to be independent, to act with integrity and objectivity, and to follow and comply with applicable standards. When expressing an opinion on financial statements, the CPA must use GAAP as the criteria for evaluating fairness. Client information is confidential. Contingent fees, commissions, or referral fees are not acceptable when providing audit services. CPAs shall not commit discreditable acts, advertise in deceptive ways, or practice in a form of organization that is not permitted by state law.
The interpretations provide more detail regarding the rules. The independence rule has the most interpretations. Interpretations give guidance on issues such as financial and managerial relationships with the client, honorary directorships, loans, litigation, and firm and family relationships. Interpretations of other rules address issues such as conflicts of interest, competency, departures from promulgated GAAP, disclosure of confidential client information, sale of a practice, contingent fees in tax matters, client's records, governmental requirements in attest services, and CPAs operating a separate business.
Rulings are answers to specific questions. They provide guidance to CPAs regarding particular concerns that surface in providing professional services. Examples include whether or not a CPA can accept a gift from a client, when an individual can refer to him- or herself as a CPA, and the recruiting of personnel to fill a client position.
The objective of a compliance audit is to determine whether the auditee is following prescribed laws, regulations, policies, or procedures. These audits can be performed within a business organization for internal purposes or in response to requirements by outside groups, particularly government. Compliance audits can also be performed on individuals, for example, a compliance audit of an individual's tax return.
Typically, internal auditors are involved with compliance audits, within an organization, although independent CPAs perform this work as well. A compliance audit may focus on internal controls and whether or not the organization is following the internally prescribed policies and procedures. As part of the compliance audit, the auditor will obtain evidence supporting the assertion that the controls are being followed. Based on the auditor's evaluation of the evidence, he or she will usually write a report discussing the findings and making recommendations for improvement. A compliance audit could also look at external laws and regulations. The auditor would assess whether or not the organization, or the applicable part of the organization such as the marketing department, is adhering to specific laws and regulations, such as the Foreign Corrupt Practice Act of 1977. This law prohibits business entities from bribing officials of other governments in order to win business contracts.
Standards to be used when auditing federal government agencies and recipients of federal funds are found in "Government Auditing Standards," issued by the Comptroller General of the United States. This publication, which is referred to as the "Yellow Book," includes additional auditing standards that must be followed, in addition to GAAS. As part of any Yellow Book audit, the auditor must evaluate compliance with laws and regulations.
The auditor must perform several steps. First, the auditor must identify pertinent laws and regulations. Then, the auditor assesses the risks of material noncompliance; in so doing, the auditor must consider and assess internal controls. Next, the auditor designs steps and procedures to test compliance with laws and regulations to provide reasonable assurance that both unintentional and intentional instances of material noncompliance are detected. The auditor must issue a report on the tests of compliance in which all instances of noncompliance or illegal acts must be reported.
Messier, William F. Jr., (1997). Auditing: A Systematic Approach. New York: Irwin McGraw-Hill.
©2000-2008
Enotes.com Inc.
All Rights Reserved