Posted on

Researching the future of public company audits — part two

Last week I discussed interesting research papers presented at the PCAOB’s Center for Economic Analysis third annual Economic Conference on Auditing and Capital Markets.  In order to make this topic a little more enjoyable, I have divided up the presented papers into two posts.  Today’s post, part two, will focus on the remaining three research papers presented at the conference.

Research presented

Following is the abstract from each research paper:

1. Assessing Initiatives to Improve the Quality of Group Audits Involving Other Auditors

One of the major current concerns of regulators internationally is the quality of the auditing of multinational groups, particularly those involving the coordination by the principal auditor of other auditors.  These concerns resulted in changes to the international auditing standard on group audits, International Standards on Auditing (ISA) No. 600, which are consistent with current initiatives being considered by the PCAOB.  The researchers examined audit quality pre and post-ISA 600 to help inform the International Auditing and Assurance Standards Board (IAASB) as to the efficacy of the ISA 600 amendments and inform the PCAOB with regard their similar initiatives under consideration.  The researchers made use of unique Australian disclosures which allowed them to identify the nature and extent of involvement of other auditors in group audits.  They found that the revisions to ISA 600 have contributed to an improvement in audit quality, specifically for clients of non-Big N (e.g., Big 4) auditors.  Further, they found that the quality of multi-national enterprise (MNE) group audits involving other auditors from the same network is lower, and this appears not to be affected by the ISA 600 revisions.  Consistent with regulatory concerns, the researchers also examined whether there are any incremental costs for group audits involving other auditors.  While the researchers found that group audits involving other auditors are more costly, they did not find evidence of an increase in audit fees associated with these regulatory initiatives.

2. The benefits and costs of Sarbanes-Oxley Section 404(b) exemption: Evidence from small firms’ internal control disclosures

The authors investigated the benefits and costs of exempting firms from auditor oversight of internal control effectiveness disclosures (Section 404(b) of the Sarbanes-Oxley Act of 2002), which I touched on in a previous post.  They measured the benefit of exemption with audit fee savings, which the authors estimated to be an aggregate $388 million from 2007 to 2014 for their sample of exempt firms.  The key concern of exemption is internal control misreporting (i.e., firms with ineffective internal controls disclose effective internal controls).  Misreporting imposes at least two measurable costs on current and prospective shareholders: lower operating performance due to non-remediation, and market values that fail to reflect a firm’s underlying internal control status.  The authors calculated the cost of 404(b) exemption from 2007 to 2014 to be an aggregate $856 million in lower future earnings due to non-remediation, and a $935 million delay in aggregate market value decline due to untimely internal control disclosure. Although the aggregate costs of exemption exceed the benefits, the costs are borne by shareholders of only a fraction of exempt firms, whereas the audit fee savings are shared by all.

In addition to yielding evidence on the benefits and costs of internal control disclosure regulation, their study provides a prediction model for identifying the firms most at risk of inaccurately disclosing internal controls.  The prediction model predicts that approximately 20.2% of exempt firms should disclose ineffective internal controls, whereas only 10.9% do so.  Thus, the authors infer that 46% of exempt firms that maintain ineffective internal controls fail to discover or disclose it.

3. Tell Me More: A Content Analysis of Expanded Auditor Reporting in the United Kingdom

This study examined the effect of expanded audit disclosures required by ISA 700 (UK and Ireland), The Independent Auditor’s Report on Financial Statements, on the communication value of the audit report.  Using content analysis measures, readability and tone, as proxies for communication value, the author found that in the post-ISA 700 period: 1) audit report readability improves and 2) audit report tone changes with a higher occurrence of negative and uncertain words.  The author also evaluated analyst behavior in response to the ISA 700 audit report and found that analyst forecast dispersion decreased in the post-ISA 700 period.  In additional analyses, the author showed that Big N and industry expert auditors wrote audit reports that are more readable.  The author also found that domain-specific word dictionaries, generated from SEC Form-10K’s and earnings press releases, have a lower frequency in audit reports in both the pre and post-ISA 700 period.

With the heightened global interest in improving the historical pass/fail audit report, these results show that expanded audit disclosures can be communicated in a manner that is accessible and meaningful to the financial statement user.

In summary

Again, we find similar take-aways from these academic papers, which shed light on the impact that professional standards have on audit firms and their clients.

Photo credit

Posted on

Researching the future of public company audits

A few weeks ago the PCAOB’s Center for Economic Analysis (CEA) held its third annual Economic Conference on Auditing and Capital Markets.  Some readers may be yawning by now.  In reality, this conference is an important way that the PCAOB brings together academic researchers and audit policymakers to look at the effectiveness of audit standards and practices.  Moreover, the academic research prepared for and presented at this conference helps to identify the economic impact of auditing on the capital markets.

Of interest is that there were six research papers presented at the conference, selected from a total of 83 papers submitted.  These six papers were selected for presentation following a review by a committee of leading academics assembled by the editorial board of the Journal of Accounting Research and Luigi Zingales, the Center’s Founding Director and the Robert C. McCormack Professor of Entrepreneurship and Finance and the David G. Booth Faculty Fellow at the University of Chicago Booth School of Business.

Today’s post will discuss some interesting research findings from three of these six research papers along with what this research might mean for the future auditing and audit standards.  In a future post I will discuss interesting findings from the remaining three research papers presented to make it a little more palatable.

Research presented

The authors of the following research papers include university professors both within and outside of the United States.  Following is the abstract from each research paper:

1. Is Audit Behavior Contagious? Teamwork Experience and Audit Quality by Individual Auditors

This paper discussed how bad audit behavior is transmitted through the teamwork experience of individual auditors.  The researchers found that auditors who have previously worked in a team (team auditors) with those who are sanctioned by the regulators for audit failure (contagious auditors) are more likely to issue lenient audit opinions, and their audited accounting numbers are more likely to be downward restated in the future, compared to those who have no overlap with contagious auditors in their teamwork experience.  This contagion effect is, however, absent among auditors who previously worked in the same audit firm but not in the same team (colleague auditors) as contagious auditors.  The researchers’ findings highlight the importance of analyzing social learning via teamwork experience in understanding how audit quality at the individual level is shaped.  To note is that the research populations were associated with Chinese individuals and businesses, including stock market activity of publicly traded firms listed in the Shanghai or Shenzhen Stock Exchanges and sanctions imposed by the China Securities Regulatory Commission.

Certainly, this research puts back in the spotlight the recently adopted PCAOB rule requiring audit firms to disclose the name of the engagement partner, among other things.  This PCAOB rule takes effect in 2017.

2. Do Auditors Correctly Identify and Assess Internal Control Deficiencies? Evidence from the PCAOB Data

The researchers found that auditors routinely fail to disclose material weaknesses prior to a material error (i.e., restatements).  One potential reason is that auditors misclassify the severity of identified internal control deficiencies due to complexity in judging the materiality and likelihood of potential related errors.  Another reason is that auditors face disincentives to report a material weakness without a clear indication of an existing error.  The paper evaluated these possibilities using a proprietary database on auditor-identified control deficiencies that are not deemed material weaknesses, hence not publicly disclosed.  The authors then compared the severity of the control deficiency with the severity of ex-post reporting errors.  Even though the authors found some evidence consistent with auditor and management incentives to misclassify material weaknesses as less serious deficiencies, the authors generally found that 1) the severity of identified control deficiencies is properly assessed and 2) the auditor is able to provide reasonable assurance about whether financial statements are materially misstated in the presence of identified deficiencies.  Their evidence indicates that the inability of auditors to properly identify relevant internal controls is a contributing reason why material weaknesses are not discovered and disclosed prior to material error restatements.

With this in mind, readers may find of interest a former blog post wherein I discussed the SEC cracking down on a publicly-traded company for ineffective ICFR, even though there were no material misstatements in its financial statements at the time.

To sum up a critical finding from this research, Martin Baumann, Chief Auditor at the PCAOB, stated in a 2010 speech:

It has been observed that disclosures of material weaknesses, which should be a leading indicator of potential financial reporting problems, have instead become a lagging indicator.  That is, Material Weaknesses seem to be reported, generally, only in connection with a restatement – where the material weakness is often obvious.  In many cases a material weakness likely existed before the restatement as well, but unfortunately the ICFR audits are often not identifying them.

3. Auditors With or Without Styles? Evidence from Unexpected Auditor Turnovers

Using unexpected auditor turnovers as a quasi-experiment, in this study the authors examined whether individual auditors exhibit a significant impact on audit quality.  More specifically, focusing on auditor turnovers precipitated by the incumbent auditor’s sudden death or by resignation due to health issues or a career change, they investigated audit quality changes surrounding these unexpected events.  While the authors found some evidences that unexpected auditor turnovers are associated with significant audit quality changes for non-Big 4 audit firms, this is not the case for auditor turnovers at Big 4 firms even though there are greater differences in personal characteristics between outgoing and successor auditors in Big 4 firms. This finding suggests that notwithstanding differences in auditors’ personal characteristics, standardized audit procedures and strong internal controls can constrain individual auditors in large audit firms from impacting audit quality.

Because data on disclosures of signing audit partners does exist in Taiwan, the authors relied on financial data and the names of signing audit partners for all public firms from the Taiwan Economic Journal.  In my view it will be interesting to research this topic using U.S. data once the PCAOB’s rule on audit firm disclosures is in full effect.

In summary

The take-aways from these academic papers impact a number of areas for auditors (including their audit clients).  These include, among other things, the timely identification and assessment of risks of material misstatement, internal control deficiencies, and audit team culture and influence.  Stay tuned for a future post wherein I will discuss interesting take-aways from the remaining three research papers.

Photo credit

Posted on

A Look-back: 12 years of SOX Section 404

Many companies became subject to the provisions of Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) beginning for fiscal years ending on or after November 15, 2004.  Specifically, Section 404(a) requires public companies’ annual reports to include the company’s own assessment of internal control over financial reporting (ICFR).  Section 404(b) requires an independent auditor’s report on the effectiveness of the company’s ICFR.

Since the implementation of SOX 12 years ago, we have seen some interesting trends in financial restatement statistics and SEC enforcement trends, which I have written about recently (here and here).  In fact, a recent Audit Analytics report has highlighted some key take-aways related to Section 404 disclosures.

Effectiveness of ICFR requiring auditor attestation

SOX Section 404(b) states that accelerated filers (including large accelerated filers) must provide an independent auditor’s report on the effectiveness of the filer’s ICFR.  The following chart shows adverse auditor reports as a percentage of total auditor reports on ICFR on an annual basis within the last 12 years.

% Adverse Auditor Attestations

For clarification, according to PCAOB Auditing Standard No. 5 (AS 5), An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, an adverse opinion signifies that at least one material weakness exists within a company’s ICFR.

Naturally, one would expect the first year of implementation, 2004, to yield the least favorable results.  To also note is that because the SOX Section 404 requirements went into effect in late 2004, only a portion of companies whose fiscal years ended in 2004 were required to implement these requirements (i.e., those whose fiscal years ended on or after November 15, 2004).  This means that a smaller number of companies filed auditor attestations related to fiscal 2004 when compared to fiscal 2005.

What I find interesting about the above chart, and the Audit Analytics report discusses, is the historical “low” in the rate in 2010.  In 2010, the PCAOB inspection program began determining if audit firms had obtained adequate evidence to substantiate the auditor’s attestation of management’s assessment regarding the effectiveness of ICFR.  The impetus for this was the implementation of AS 5, which became effective in late 2007.

After initially reviewing audit firms’ implementation of AS 5 in 2008 and 2009, the PCAOB’s inspections began in 2010 to focus on inspecting for and reporting on whether firms obtained sufficient evidence to support their audit opinions on the effectiveness of ICFR.  Although somewhat unclear, we might gather from the above chart that the PCAOB’s scrutiny of audit firm compliance with AS 5 in 2010 may have re-focused the emphasis of audit firms on improving audit quality in 2011 (when compared to 2010).

Key areas of adverse auditor reports

Among those auditor reports with an adverse audit opinion on ICFR, the Audit Analytics report identifies the following internal controls issues with the highest frequency in 2015:

Ineffective ICFR issues

Total number of attestations

As % of total attestations citing ineffective ICFR
Material and/or numerous auditor and/or management adjustments

118

58%
Inadequate accounting personnel resources, competency, and/or training

105

52%
IT, software, security, and access controls

60

30%
Segregation of duties and/or design of controls

50

25%
Controls related to non-routine transactions

39

19%

As illustrated in the table above, the top reason for ineffective ICFR in 2015 was due to accounting issues which were known to materially misstate the financial statements.  Said differently, without recording the necessary adjustments, the financial statements taken as a whole would have been materially misstated.  The remaining top five reasons for ineffective ICFR in 2015 were due to internal controls issues (which either did or “could have” contributed to material errors in the financial statements).

Moreover, the Audit Analytics report lists the following accounting-related ICFR issues as most commonly cited in adverse audit reports in 2015:

Ineffective ICFR issues related to accounting

 Total number of attestations

As % of total attestations citing ineffective ICFR
Revenue recognition 47

23%
Income taxes

36

18%
A/R, notes receivable, investments, and cash

34

17%
Fixed assets and/or intangible assets

29

14%
Related parties and/or affiliates/subsidiaries

27

13%

Effectiveness of ICFR not requiring auditor attestation

In contrast to the requirements in Section 404(b) for accelerated filers, non-accelerated filers and smaller reporting companies need not comply with this provision, thanks to the Dodd-Frank Act of 2010, but they must comply with Section 404(a).  Furthermore, non-accelerated filers were not required to implement Section 404 until late 2007.

For clarification, a non-accelerated filer, as defined by SEC Rule 12b-2, is public company whose public float (as opposed to market capitalization) does not exceed $75 million as of the last business day of the company’s most recently completed fiscal Q2.  Furthermore, smaller reporting companies are those companies that meet the definition of a non-accelerated filer and had annual revenues of less than $50 million during the most recently completed fiscal year for which audited financial statements are available.

Having said that, the following chart shows the percentage of adverse management-only assessments relative to total management-only assessments on an annual basis in the last 12 years.

% Mgmt-Only Reports

Interestingly, this chart shows a negative trend over the years, with a drop in 2015.

Key areas of adverse management-only assessments

The Audit Analytics report identifies the following internal controls issues with the highest frequency in 2015 in management-only assessments:

Ineffective ICFR issues

 Total number of assessments

As % of total assessments citing ineffective ICFR
Inadequate accounting personnel resources, competency, and/or training

985

79%
Segregation of duties and/or design of controls

893

72%
Ineffective, non-existent, or understaffed audit committee

388

31%
Inadequate accounting disclosure controls

246

20%
Material and/or numerous auditor and/or management adjustments

204

16%

To note is that two of the five top ICFR issues in the table above are also among the top five ICFR issues in adverse auditor attestations.  A key reason for the provision in the 2010 Dodd-Frank Act eliminating the requirement for non-accelerated filers and smaller reporting companies to comply with SOX Section 404(b) was due to cost of compliance.  Since we can see from the table above that overwhelmingly the two most common ICFR issues were inadequate accounting resources and segregation of duties/design of controls, it certainly seems reasonable to conclude that the cost of accounting resources is a relatively big factor for smaller public companies.  While understanding that these statistics describe ICFR issues for public companies, to my surprise is that the third most common issue deals with inadequacies of the audit committee.

With respect to accounting-related ICFR issues noted in management-only assessments, the Audit Analytics report lists the following most commonly cited in 2015:

Ineffective ICFR issues related to accounting

 Total number of assessments

As % of total assessments citing ineffective ICFR
A/R, notes receivable, investments, and cash

95

8%
Debt, quasi-debt, warrants and equity-related (beneficial conversion features)

53

4%
Income taxes

48

4%
Revenue recognition

38

3%
Related parties and/or affiliates/subsidiaries

24

2%

The above table demonstrates that the most frequently cited accounting-related issues in ICFR was similar between accelerated and non-accelerated filers and smaller reporting companies.  Furthermore, the Audit Analytics report indicates the top five accounting-related issues represented approximately two-thirds of the total accounting-related issues in 2015, both for adverse auditor reports and management-only assessments.

Summary

To put these findings into context for 2015, of those accelerated filers whose auditors issued an adverse SOX report, there was a pull toward ICFR failures due to accounting-related issues.  On the other hand, companies that issued management-only assessments citing ICFR failures experienced significantly higher rates of ICFR failures due to internal controls issues as opposed to accounting-related issues.

In addition, the ICFR failure rates reported by companies with management-only assessments were significantly higher than the ICFR failure rates reported by accelerated filers.  By applying a simple average over the last 12 years for accelerated filers and nine years for non-accelerated filers, the ICFR failure rates were 6.9% and 35.4%, respectively.

Finally, for additional context, I noted per review of the Audit Analytics report that in 2015 there were approximately 3,800 auditor attestations on SOX effectiveness filed with the SEC.  With regard to management-only assessments, there were approximately 3,500 management reports filed in 2015 with the SEC.  Therefore, the quantity of filings with the SEC between these two groups was comparable.

Source for charts:  Audit Analytics August 2016 report, SOX 404 Disclosures, a Twelve Year Review.

Photo credit

Posted on

PCAOB shares its playbook for 2016 audit inspections

Last month the Public Company Accounting Oversight Board (PCAOB) issued its staff inspection brief detailing the scope, focus, and objectives of its ongoing 2016 inspections of auditors of public companies and other issuers.  This brief is helpful for those who may be seeking better understanding of the PCAOB’s inspection process as well as identifying potential trends to take note of.

PCAOB’s Role

As a background, Mark Olson, former Chairman of the PCAOB, explained in 2007 that the Sarbanes-Oxley Act of 2002 (SOX) established the PCAOB as the independent auditor oversight body in the United States.  “The PCAOB’s mission,” he stated, “is to oversee the auditors of public companies, protect the interests of investors, and further the public interest in the preparation of informative, accurate, and independent audit reports.”  The PCAOB seeks to accomplish its goals through its standards setting, inspections, enforcement, and outreach programs.

Today, the PCAOB oversees over 2,100 registered firms that audit issuers.  Among these registered firms are the following 10 audit firms, which the PCAOB inspects annually:

  • Global network firm inspection program –  There are six firms in this program.  They include BDO International Limited, Deloitte Touche Tohmatsu Limited, Ernst & Young Global Limited, Grant Thornton International Limited, KPMG International Cooperative, and PricewaterhouseCoopers International Limited.
  • Non-affiliate firm inspection program – The PCAOB’s inspection program encompasses inspections of registered firms that are not covered by its global network firm program.  Many of the firms in this program are members of other international networks, alliances or affiliations.  Four of these non-affiliate firms, Crowe Horwath LLP, MaloneBailey, LLP, Marcum LLP, and RSM US LLP, are inspected annually by the PCAOB because they have historically, including in 2015, issued audit reports for more than 100 issuers.

Inspections

The PCAOB inspects these 10 firms and approximately 550 other registered public accounting firms to assess compliance with SOX, the rules of the PCAOB, the rules of the SEC, and professional standards, in connection with the firm’s performance of audits, issuance of audit reports, and related matters involving issuers.

When conducting inspections, the PCAOB inspects specific portions of a firm’s audits or aspects of a firm’s audits on a sample basis.  In addition, the PCAOB posts statistics of financial statement areas of focus in its inspections of audit firms.  To illustrate, in its most recent 2015 inspection cycle the PCAOB’s top five financial statement reporting areas of focus included the following:

Financial statement reporting area

Global network firms

(as % of total audits inspected in 2015)

Non-affiliate firms

(as % of total audits inspected in 2015)
Revenue and receivables

79%

58%
Non-financial assets

58%

30%
Inventory

36%

28%
Income taxes

20%

17%
Financial instruments

17%

15%

The PCAOB’s emphasis on revenue and receivables as the top financial statement reporting area is consistent with the level of risk typically inherent in revenue recognition.

First, Auditing Standard (AS) 12, Identifying and Assessing Risks of Material Misstatement, states that the auditor should presume that improper revenue recognition is a fraud risk (at ¶ 68).  The word “should” is deliberately used in this auditing standard to signify a presumptively mandatory responsibility.  In essence, a risk of fraud in revenue recognition is presumed to exist and the auditor must comply with requirements of this type specified in the PCAOB’s standards unless the auditor demonstrates that alternative actions he or she followed in the circumstances were sufficient to achieve the objectives of the standard.

Second, a key consideration with respect to audit risks in revenue recognition is the fact that revenue recognition has historically been key area for financial statement restatements.

To add to the table above, the PCAOB’s other commonly inspected financial reporting areas in the recent past have included:  allowance for loan losses, other liabilities (e.g., accounts payable and accrued liabilities), debt, other investments (e.g., equity method, joint ventures, variable interest entities, etc.) and others (e.g., discontinued operations, various income statement items, other assets, etc.).

2016 inspection cycle

With regard to its recently issued staff inspection brief, Helen Munter, PCAOB Director of Registration and Inspections, stated that the information in the brief “may help audit firms, investors, and others better understand the risk-based factors that the PCAOB considers when inspecting audits.”

Following are six key areas of focus by the PCAOB in its current inspection cycle:

  1. Audit areas where deficiencies have been identified in previous inspection cycles, including internal control over financial reporting, assessing and responding to risks of material misstatement, and accounting estimates, including fair value measurements.  Recurring audit deficiencies continue to be identified in the most frequently selected financial reporting areas, such as revenue, non-financial assets, inventory, financial instruments and other areas.
  2. Audit areas affected by economic trends, including the effect of the strengthening U.S. dollar, the increasing merger and acquisition activity, the search for higher-yielding investment returns in a low interest rate environment, and the effect of the fluctuations in oil and natural gas prices.
  3. Audits of certain areas that may involve significant judgment from management and/or auditors, including the auditor’s evaluation of segment identification and disclosures, the auditor’s consideration of an entity’s ability to continue as a going concern, and evaluation of income tax accounting and disclosures.
  4. The implementation of AS 2410, Related Parties (also known as AS 18).  This auditing standard was effective for audits of fiscal years beginning on or after December 15, 2014.
  5. Audit procedures involving IT, particularly auditors’ use of software tools, and procedures to assess and address risks of material misstatement posed by cyber security.
  6. An audit firm’s system of quality control, including its policies and procedures for (i) identifying the “root causes” of audit deficiencies and positive quality events, (ii) complying with required audit committee communications, including those communications related to independence, (iii) monitoring and maintaining independence, (iv) performing engagement quality reviews with due professional care, and (v) applying professional skepticism throughout the audit.

Historical inspection trends

According to its statistics, the PCAOB’s sweet spot for inspections of global network firm audits is companies with a market capitalization between $1 billion and $5 billion.  In contrast, more so than any other market capitalization, the PCAOB has historically inspected audits conducted by non-affiliate firms of companies with market capitalization up to $100 million.

As it relates to industry sector, the PCAOB’s inspections of global network firm audits have covered a variety of industries more evenly than its inspections of non-affiliate firm audits.  To illustrate, since 2013, approximately 80% of its inspections of global network firm audits have included four industry sectors:  (1) industrials and materials; (2) financial services, benefit plans, and miscellaneous; (3) IT and telecom; and (4) consumer discretionary and staples.  The remaining approximately 20% of its inspections of global network firm audits have included two other industry sectors (energy and utilities; healthcare).  This should come as no surprise as the S&P 500 sector weightings, which represent the distribution among industries of the 500 largest publicly-traded U.S. firms, most of which are audited by the Big 4, are consistent with the PCAOB’s emphasis on these four industry sectors.

On the other hand, since 2013, approximately one-third of the PCAOB’s inspections of non-affiliate firm audits have been in the financial services, benefit plans, and miscellaneous industry sector.  The remaining approximately two-thirds of inspections of non-affiliate firm audits have been evenly distributed among five other industry sectors.

Emphasis on quality

In summary, even though the PCAOB’s inspection program has evolved over time, we have experienced a declining historical trend of financial statement reissuance restatements.  This decline can be attributed to improvement in the quality of financial reporting and, at least in part, to the PCAOB’s focus on audit quality and compliance with auditing standards.

Photo credit

Posted on

Navigating the grey: Accounting judgments and estimates

Often times companies deal with business transactions that are subjective and require the use of judgment and accounting estimates.  For example, what is a reasonable useful life of a fixed asset for depreciation purposes?  What amount of warranty reserve should be booked for a new product?  Or, what accrued liability balance should be recorded at year-end related to repurchase obligations or guarantees?  The list goes on and on (see par 16 for some examples of accounting estimates).

FASB Statement of Financial Accounting Concepts No. 6 (CON 6) at ¶ 46 addresses the necessity of accounting estimates in financial statements:

A highly significant practical consequence of the features described in the preceding two paragraphs [regarding the effects of uncertainty in financial statements] is that the existence or amount (or both) of most assets and many liabilities can be probable but not certain. The definitions in this Statement are not intended to require that the existence and amounts of items be certain for them to qualify as assets, liabilities, revenues, expenses, and so forth, and estimates and approximations will often be required unless financial statements are to be restricted to reporting only cash transactions. (emphasis added)

Because an integral part of these accounting estimates are management’s judgments and estimates, which are susceptible to bias, error, and potentially fraud, it is imperative to understand how accounting estimates are established and what management considers in recording the estimates.

This may sound relatively straightforward; however, as an example public company auditors (who routinely review and audit accounting estimates as a profession) continue to struggle when it comes to adequately auditing and documenting their assessments of the reasonableness management’s accounting estimates and assumptions.  In fact, the PCAOB, the public company auditor’s regulatory body, summarized the results if its 2015 inspections, identifying certain recurring audit deficiencies, including (1) auditing internal control over financial reporting, (2) assessing and responding to risks of material misstatement, and (3) auditing accounting estimates, including fair value measurements.

Further, because accounting estimates are inherently susceptible to bias, error, and potentially fraud, they can often contribute to legal disputes.

Guidelines for assessing accounting estimates

From my experience as a former Big 4 auditor and as a forensic accountant on sometimes large, complex legal disputes, I have developed some questions that are helpful when assessing the reasonableness of significant assumptions or judgments used in accounting for estimates:

  1. What is the method used in making the accounting estimate, including model(s) used?
  2. What are the relevant key controls?
  3. Has management used an expert?  If so, what are the qualifications of the expert?
  4. What are the assumptions underlying the accounting estimates?  Are they based on reliable, relevant and accurate data?
  5. Did management consider alternative assumptions or outcomes?
  6. What was their reason for rejecting the other assumptions or outcomes?
  7. Has there been or ought there to be a change from prior period in the method(s) used for making the accounting estimates? If so, why?
  8. Has management performed a sensitivity analysis to assess the reasonableness of its assumptions?
  9. Did management assess the effect of estimation uncertainty? How so?
  10. Given the degree of uncertainty in their estimate, how did management get comfortable with their final conclusion?

While I don’t believe all of these questions need to be considered in all situations, they can be used as a guideline for assessing the reasonableness of accounting estimates.

Application

Once I assisted an expert in writing a report in a complex legal dispute.  The opposing expert opined that an error in accounting estimate in the defendant’s financial statements was material because of alleged reliance on inaccurate data in establishing the accounting estimate.  My team adapted some of the above guideline questions in the context of the dispute to rebut the opposing expert’s opinions.  By having a strong understanding of the assumptions employed by the opposing expert, we were able to decide (1) if they were based on reliable, relevant and accurate data or (2) if they were based on data that was not appropriate given the facts and circumstances of the dispute.

Ultimately my team constructed a strong position and our expert opined that number of the opposing expert’s assumptions were unreliable, irrelevant, and/or inaccurate.  In fact, to provide some insight into how drastically an accounting estimate could change depending on the assumptions and judgments applied, the opposing expert opined that the range of potential error caused by the alleged misstatement was from hundreds of millions to billions of dollars.  Our position was that the accounting estimate in the tens of millions of dollars was appropriate given the facts and circumstances.  Such a large range seems to be commonplace in legal disputes because of the grey area in applying assumptions and judgments.

In summary, reviewing accounting estimates requires professional judgment and experience.  Having a qualified professional who understands the accounting requirements and application of the standards can greatly assist a party to a legal dispute in protecting itself from potentially significant financial and reputational exposure.

Photo credit

Posted on

The power of walk throughs in investigations

As a former auditor, I performed walk throughs of certain key account processes or cycles to gain a complete understanding of a transaction from start to finish.  Sometimes it became quite cumbersome because certain processes were complex or lengthy.  However, after walking through a process I was able to gain a solid understanding of the areas of risk exposure and, most importantly, I could answer the question, “what could go wrong in this area.”  This informed me further in planning my audits and responding to risks.

As a basis for framing my post today, the PCAOB AU No. 5 at ¶ 37, describes a walkthrough as follows:

In performing a walkthrough, the auditor follows a transaction from origination through the company’s processes, including information systems, until it is reflected in the company’s financial records, using the same documents and information technology that company personnel use. Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and re-performance of controls.

Although this guidance is intended to apply to audits of internal controls over financial reporting, implemented by an entity in preparing its financial statements, the principles gathered from walk throughs can be applied to a variety of circumstances.

As basic as they may seem, walk throughs I believe are the bedrock to understanding the flow of transactions in accounts, particularly complex ones.  Following are some powerful things that can be gathered from a walk through:

  • Build rapport with the interviewee through conversation that can be transitioned from “formal” (early on in the walk through) to “informal” or more “relaxed” (once enough questions have been discussed and the anxiety of meeting someone for the first time can be overcome)
  • Identify “types” of documentation not previously known
  • Assess the competency of an account owner/interviewee
  • Assess the body language of the interviewee and gather relevant information therefrom
  • Identify improper segregation of duties (custody, record keeping, and authorization/verification)
  • Identify exposures to fraud and/or error

To do effective walk throughs, it’s critical that the person conducting the meeting have sufficient experience to understand what types of questions to ask and, maybe more importantly, if answers are satisfactory or if probing is necessary.  Depending on the risks/allegations, a walk through may encompass a portion of or an entire process, including: initiation, authorization, recording, processing, and reporting.

I’ve found the following types of questions to be helpful in a walk through (of course, adapting the questions to the relevant facts/allegations and circumstances is critical to an effective discussion):

  • Please describe your role in this process.
  • Who else is involved in this process (preparers, reviewers, approvers, etc.)?
  • What happens when a transaction is not approved?
  • What systems (internal or external) do you use or rely upon to perform your duties?  This type of questioning can assist in identifying the areas of manual intervention, which often times are the areas of highest exposure to fraud and/or error.
  • Where do you understand the areas of judgment or estimate to be?
  • Have you or anyone you know been asked to override any controls?
  • If there were a questionable transaction or request, who would you go to for guidance or advice?

Depending on the situation, I recommend two interviewers in attendance.  For example, in an investigative scenario, it may be appropriate to have two persons in attendance, one to ask the questions and interact with the interviewee and another to take notes, but also to stand as a “witness” should allegations come back against the interviewer.

Sometimes a walk through may not be possible because access to the person(s) may be restricted.  In these scenarios, the best available information should be considered and, using an experienced professional’s understanding of the flow of similar business transactions, one should formulate an “expectation” for how transactions are processed and then refine that “expectation” as new information becomes available.

As a reiterative point, having an experienced professional involved in the process greatly increases the odds of a successful outcome (“successful” of course being a relative term) and is critical in sorting through what is relevant, what is not, and what may be an intentional diversion.

Photo credit

Posted on

Proving out cash and revenues

For many small business owners, ensuring that revenue and cash make sense when compared to each other is a critical exercise since cash is the most liquid account in the financial statements (which means it can be highly susceptible to theft) and revenue is often times the largest and/or one of the most important accounts to measure business performance.  How does one know if all cash receipts have been properly entered into the accounting system?  How does one verify that all revenues have been reported in the ledger for the period?

One such exercise can greatly help businesses to answer these questions, called a “proof of cash and revenue.”  By proving out cash and revenue, businesses can get comfortable that either (1) the accounting accurately reflects all business transactions or (2) there are transactions not appropriately accounted for, triggering additional investigation.

A proof of cash and revenue exercise is rather simple, although differing degrees of complexity in a business could complicate the exercise.  In essence a proof of cash and revenue exercise takes all cash receipts from an entity’s bank account statement and removes any non-revenue deposits (such as cash transfers from one bank account to another, proceeds from sale of equipment, bank account interest received, insurance reimbursements, and so forth) to arrive at what I will call “revenue deposits.”

Next, beginning-of-the-period accounts receivable, gross (make it a positive number) is netted against end-of-the-period accounts receivable, gross (make it a negative number).  The result is added to revenues from the general ledger (“G/L”).  The theory in adding beginning accounts receivable and subtracting ending accounts receivable is that the beginning accounts receivable is “assumed” to have been collected within the period, meanwhile the ending accounts receivable has not yet been collected, and, therefore, it will not show up in the bank account statement for the period.  I will refer to this calculation as “adjusted revenue per G/L”.

The final step is to compare “revenue deposits” to “adjusted revenue per G/L” and investigate any variance that exceeds what is considered to be an acceptable variance.

When done right, this exercise can uncover errors in accounting, missing deposits, or even fraud.  Although this exercise is fruitful for businesses that have standard revenue recognition practices, one can see that when customer sales exist with multiple elements, whereby “delivering” a service or a product to a customer doesn’t necessarily result in revenues (but rather some or all deferred revenue), a proof of cash and revenue is not likely to yield meaningful results.

Having said this, I’ve assisted a number of clients in performing this proof of cash and revenue analysis and clients gain valuable insight into their business practices and controls that they otherwise may not be aware of.

Photo credit

Posted on

Substantial doubt in assessing going concern

Today’s post will focus on a hot topic for some business entities—that of the “going concern” assumption. Let’s start by setting the foundation. The “going concern” assumption isn’t explicitly discussed as much as it is applied in financial statements. People tend to invest in or lend money to entities that are expected to continue to operate for the foreseeable future. This expectation is what I discuss as the “going concern” assumption.

For decades financial statements have been prepared under this assumption. However, from time to time, entities may face significant operational, regulatory, legal, or other setbacks that raise substantial doubt about their ability to continue to operate as a going concern for a reasonable period of time (generally 12 months) after they issue their financial statements.

This distinction is important, because if an entity’s ability to continue as a going concern is substantially doubtful, then the entity must address this by disclosing details in its financial statements.

Up until 2014, there has not been a clear definition of the term “substantial doubt” in the accounting or auditing literature. As I will touch upon later in this post as well as in a subsequent post (because this will be a lengthy topic), due to the issuance of the FASB’s Accounting Standards Update (“ASU”) No. 2014-15 (issued in August 2014) we now have a clear definition, which I believe could prove problematic for audit firms, which are required to comply with auditing standards.

History

When we look back in history, we find that an entity’s external auditor has historically been responsible for assessing an entity’s ability to continue to operate as a going concern for a reasonable period of time. Said another way, management of the audited entity has typically not performed its own assessment, but has “outsourced” this responsibility to its external auditor. Possibly, this is due to management’s inherent bias that its business is not expected to fail in the near future and, therefore, the auditor should make this determination based on the audit evidence it has obtained.

Auditing Standards

U.S. GAAS defines the auditor’s responsibility in conducting this assessment.  However, the term “substantial doubt” has never been clearly defined in auditing standards. Therefore, the interpretation and application of the auditor’s requirements to assess an entity’s ability to continue as a going concern has been largely left to the audit firm industry.

Accounting Regulator Seeks Comment from Industry

Anytime something is left to an industry where important decisions need to be made by applying professional judgment, naturally diversity in practice arises.  As one would expect, over time diversity in practice became more and more prevalent.  One way to gauge this is to review correspondence between the FASB and various audit firms regarding this very issue.  In the FASB’s 2013 exposure draft (“ED”) related to what ultimately became ASU No. 2014-15, the FASB asked a series of questions, including the following:

Question 19: The Board notes in paragraph BC36 that its definition of substantial doubt most closely approximates the upper end of the range in the present interpretation of substantial doubt by auditors. Do you agree? Why or why not? Assuming it does represent the upper end of the range of current practice, how many fewer substantial doubt determinations would result from the proposed amendments? If the proposed amendments were finalized by the Board and similar changes were made to auditing standards, would the occurrence of audit opinions with an emphasis-of-matter paragraph discussing going concern uncertainties likewise decrease and be different from what is currently observed? If so, by how much? Is such a decrease an improvement over current practice? Why or why not?

For reference, paragraph BC36 in the ED states:

BC36.  The Board decided to define substantial doubt in U.S. GAAP to reduce problems currently caused by different interpretations of its meaning in the auditing literature.  The Board decided that substantial doubt about an entity’s going concern presumption should exist when information about conditions and events indicates that it is known or probable that the entity will be unable to meet its obligations within 24 months after the financial statement date, after considering the mitigating effect of all of management’s plans.  This difference in considering management’s plans outside the ordinary course of business would appropriately distinguish the initial disclosure threshold from the substantial doubt assertion, and the Board believes that this definition most closely approximates the upper end of the range in the present interpretation of substantial doubt.  Accordingly, if the proposed amendments were adopted by the Board and similar changes were made to auditing standards, the Board expects that there would be a lower incident of audit opinions with an emphasis of matter discussing going concern than is currently observed in practice.  The likelihood threshold of probable is intended to have a consistent meaning with Topic 450, Contingencies.

A number of audit firms submitted responses to the FASB during the ED comment letter period, stating their positions regarding what the then existing industry practice was for auditors to define the “substantial doubt” threshold, which had been developed over years of application.  Here is a sampling:

BDO USA, LLP

We do not believe the definition of substantial doubt in paragraph BC36 necessarily represents the upper range of the present interpretation of substantial doubt. In many instances, it appears consistent with the matters we currently consider in assessing the ability of an entity to continue as a going concern….

From this comment letter one implies a threshold under auditing standards that is equal to probable because it states the definition is consistent.

CohnReznick LLP

While we agree that the proposed definition is at the upper end of the range in the present interpretation of substantial doubt by auditors, we do not believe it will result in fewer substantial doubt determinations. Any disclosure of substantial doubt regarding an entity’s ability to continue as a going concern is viewed by users of financial statements as a dire assessment with severe consequences. Accordingly, auditors currently do not make such disclosures unless they consider them to be absolutely necessary. This is understandable since such disclosures could have adverse consequences on the entity’s ability to execute the actions it considers necessary to continue as a going concern.

From this comment letter one implies a threshold under the auditing standards of probable.

Crowe Horwath LLP

It is not readily apparent what evidence the Board considered in making the determination that the proposed definition of substantial doubt most closely approximates the upper end of the range in present interpretation of substantial doubt. Assuming similar changes were made to the auditing standards…we believe there will likely be fewer required substantial doubt emphasis-of-matter paragraphs in practice.

From this comment letter one implies a threshold under the auditing standards that is lower than probable, but does not indicate the threshold.

Deloitte & Touche LLP

The Board’s intention for the substantial-doubt definition to represent the “upper end range” in the present interpretation is not clear. If that is the Boards intent, the definition should be revised to clarify such. Without performing a specific analysis based on the proposed guidance, it is not clear how the frequency of disclosures or audit opinions with an emphasis-of-matter paragraph discussing going concerns would be impacted under the proposed definition compared to current practice. However, given the frequency of disclosure about an entity’s ability to continue as a going concern will most likely increase, we would expect the frequency of audit opinions with an emphasis-of-matter will most likely increase also (assuming the audit and accounting literature are aligned in such a manner).

From this comment letter one implies a threshold under the auditing standards that is other than “probable,” but one cannot make a determination as to what that threshold is.  Perhaps the reason Deloitte stated that the frequency of going concern opinions “will most likely increase” is due to the Board’s proposal in paragraph BC36 to extend the look-forward period to 24 months from 12 months.

Grant Thornton LLP

We believe that the definition of substantial doubt in the proposed amendments does align with the upper end of the present interpretation of that term by auditors. Currently, we believe the lower end of the range for the requirement of going concern disclosures is somewhere between more-likely-than-not and probable.

From this comment letter one understands that the audit firm’s interpretation of the auditing standards is a range between “more likely than not” and “probable”.

KPMG LLP

We do not believe the proposed substantial doubt definition most closely approximates the upper end of the range in the present interpretation by auditors, but our views are limited to our experience in making such judgments. Accordingly, if the auditing standards were revised to define substantial doubt as a “probable” likelihood that the entity will not meet its obligations, we do not believe there would be a decrease in audit opinions with an explanatory paragraph. As proposed, we believe there would likely be an increase of explanatory paragraphs resulting from extending the current 12-month assessment period to 24 months.

From this comment letter one understands that audit firm believes the auditing standards have a different threshold than the proposed threshold in the ED, but the audit firm does not clarify.

Moss Adams LLP

We agree that the Board’s proposed definition approximates, and may exceed, the upper end of the range in the present interpretation of substantial doubt by auditors.

From this comment letter one implies a threshold under the auditing standards that is lower than “probable,” but does not indicate the threshold.

PricewaterhouseCoopers LLP

The auditing standards do not define substantial doubt. Therefore, auditors apply judgment based upon each company’s facts and circumstances which may result in diversity in practice. Auditors also have the ability to use an emphasis of a matter paragraph, pursuant to SAS 58, to highlight liquidity or other significant matters in their opinion, even if the substantial doubt threshold is not met. Therefore, it is difficult to calculate the impact of the proposed standard on all audit reports.

From this comment letter one understands there is diversity in practice, because the auditing standards do not define substantial doubt.

FASB issues ASU 2014-15

As mentioned previously, on August 27, 2014, the FASB issued ASU No. 2014-15 to communicate amendments to the FASB’s ASC 205-40, Disclosure of Uncertainties about an Entity’s Ability to Continue as a Going Concern.  The FASB acknowledged that:

BC11. The [FASB] Board received input indicating that because of the lack of guidance in GAAP and the differing views about when there is substantial doubt about an entity’s ability to continue as a going concern, there is diversity in whether, when, and how an entity discloses the relevant conditions and events in its footnotes. The Board also received input indicating that if auditors are required by U.S. auditing standards to consider disclosures in the financial statement footnotes, then management should be provided with guidance in GAAP about those disclosures. The amendments in this Update provide guidance in GAAP about management’s responsibility to evaluate whether there is substantial doubt about an entity’s ability to continue as a going concern and to provide related footnote disclosures. In doing so, the amendments should reduce diversity in the timing and content of footnote disclosures.[1]

ASU 2014-15 clearly defines the term “substantial doubt” to exist “when conditions and events, considered in the aggregate, indicate that it is probable that the entity will be unable to meet its obligations as they become due within one year after the date that the financial statements are issued…”  The ASU also clarifies that the term “probable,” as used in ASU 2014-15, is to be used consistently with its use in ASC 450 (“ASC 450”), Contingencies.  (See ASU No. 2014-15, p. 7)

Auditing Standards – No clear definition!

The FASB’s clarification via ASU 2014-15 is good, reliable literature.  Unfortunately, the PCAOB has not clarified what “substantial doubt” means in the context of going concern opinions.

Conclusion

Because audit firms are required to comply with auditing standards in conducting their audits, I foresee a disconnect in how auditors and management may approach this subject matter during year-end audits.  To add to this, I believe the next downward economic cycle could likely bring this issue to surface for a number of companies and their auditors.

Stay tuned for an upcoming post where I will take this issue further and look more closely at this disconnect between accounting and auditing standards as practitioners weigh in.

Photo credit