Bridging the GAAP: improving communication between auditors and you
INSIGHT ARTICLE |
An accountant is someone who solves a problem you didn’t know you had, and in a way you don’t understand - Many people in corporate governance find that joke only a little bit funny, because for them it has a ring of truth. But it’s also true that auditors play a vital role in keeping organizations on track, and alerting them to potential problems and opportunities – and that is becoming more crucial than ever. That’s because audit services are constantly evolving – increasingly, they’re less about ‘just the numbers’ and more about problem solving and business insights.
For example, we are entering a world where audit opinions in Canada will be more tailored and transparent. Starting Dec. 15, 2018, auditing standards in Canada will require a new and enhanced auditor’s report. In these reports, there will be a new focus on the assessed risks, expanding on the responsibilities of the auditor, management and ‘Those Charged With Governance’ (TCWG), and providing other information not typically included in the past.
The value of this information means it is vital for you and your auditors to bridge the communication gap. However, that doesn’t happen by itself, as many organizations and auditors can attest. As well, there is no one size fits all when it comes to determining the best communication approach.
So how can TCWGs access actionable insights from auditors?
Firstly - while it is ideal for you to meet with the auditors twice a year – during audit planning process and at audit completion, this is not to say that there should be no informal communication in between. The key is not how many times you talk with your auditor, but rather the quality of the discussions held and takeaways from the materials presented during those meetings. Here are some of the success factors in good communication between you and your auditor:
Understand your audit plan
It is best practice for an auditor to prepare an audit plan before executing their fieldwork. It is a key document giving you insights into what to expect from the audit. It is also an opportunity for you to say what you want to learn from the audit, and avoid these common areas of misunderstandings:
What is the planned approach to the audit?
To what extent will the auditors be testing and relying on internal controls? Sometimes, TCWG mistakenly believe that the auditors will automatically test internal controls and report on their effectiveness.
If you have concerns about the sufficiency or operation of internal controls, the planning phase of the audit is a good time to discuss these and devise a plan of action, if needed.
What is the planned materiality to be used for the audit?
‘Materiality’ is an area that is often misunderstood – and it’s not surprising, as there are many ways to calculate materiality. In a nutshell, there are three levels of materiality used in an audit:
1. Overall materiality – This represents the threshold which could influence the economic decisions of a user of the financial statements. This can be determined using various benchmarks such as percentages of income before tax, total revenue, total expenses or total assets. The decision on what basis to use and what percentage to apply is driven by the users of the financial statements. Understanding the logic and assumptions used in making this determination can help you confirm your understanding of the business and its users.
2. Planning materiality (sometimes called performance materiality or “PM”) – Given that auditors do not test 100 per cent of balances but rather revert to sampling, PM is a modified version of overall materiality to account for what may not be tested; hence, the audit risk. It is therefore the maximum amount by which the auditor believes that the financial statements can be misstated without affecting the decisions of someone using the financial statements.
Again, there are ranges that can be used to determine this amount. Asking the auditor about how it is determined is a good way to gain insight into the auditor’s risk assessment, and whether that assessment is consistent with your understanding of the risks within the organization. The total value of errors and differences noted in the audit cannot exceed this threshold, or the financial statements would be deemed materially misstated.
3. SUM posting (sometimes called “de minimis” or “SUD” posting level) – This represents the threshold used by the auditor to quantify and communicate audit differences to TCWG. It is determined as a percentage of overall materiality. That percentage is a matter of professional judgment, but is based on the auditor’s history of errors with the client. Any identified differences below this threshold are deemed to be trivial and not communicated to you.
Note that only the planned levels are communicated upfront. Since they are often based on preliminary financial information, it is important for you to circle back when the audit is completed to confirm whether the actual materiality levels used were higher or lower than expected, and why.
Get the most from your audit completion report
While it is important to set the stage for what to expect during the planning phase, it is equally important to understand the results of the audit and what actions need to be taken. Some questions that you need to ask, in order to do your job effectively and avoid misunderstandings, are:
Internal control findings (if tested)
Did the audit turn up any significant findings about internal controls?
The common misconception here is that the auditor is required to report all deficiencies in internal control; however, this is not necessarily the case. Rather, the auditor is required only to report deficiencies that are deemed to be “significant”. The auditor assesses significance based on whether a financial statement error caused by the deficiency could be reasonably expected to have a magnitude between “inconsequential” and “material.” A significant deficiency can come from a control not being in place (design deficiency) or a control not operating as it should (operating effectiveness deficiency).
Understanding levels of materiality and the planned approach early in the process can make your conversations with the auditors more understandable. As well, understanding the planned approach can help put context on the number and types of recommendations the auditor provides.
What audit differences were noted and which, if any, were adjusted by management?
This information provides insight into what adjustments were made or proposed and how management views the organization by looking at the types and consistency of proposed adjustments.
For example, is management overly conservative in their estimates, or the opposite? Similarly, are there external factors driving which adjustments are booked, compared to those that are left unadjusted? For example, there may be a bank covenant that requires a given current ratio.
Understanding the big picture allows you to better assess this information and determine whether any remaining unadjusted items should be corrected.
What were the results of the procedures regarding the risk of fraud? Two common audit procedures designed to address the risk of fraud are:
Journal entry testing: This determines whether management have overridden any internal controls. It does not involve testing every journal entry, but rather is a risk-based test to segregate every entry that the auditor finds unusual or possibly high risk. Many audit firms use data analytics to gain insights into who is booking which entries, and to disaggregate the data in various useful ways.
It is important for you to understand what mechanisms and filters were used in these tests and whether any other insights into the business can be leveraged from that work. These data analytics tools can provide great insight into the organization.
Unpredictable procedures: To help foil potential fraudsters, the auditor is required to add an element of unpredictability into their procedures each year. If it is not explicitly stated, it is good practice to ask what that procedure was and the results of the test, as this can provide valuable insights into the operations of the company and potential areas for improvement.
The overall conclusion
What is the overall conclusion from the auditor – i.e. will it be a ’clean opinion’?
This section of the auditor’s report usually includes a draft of the financial statements. It is important to note that management is responsible for the information in the financial statements. That means that questions about the numbers should be directed to management.
However, auditors are usually happy to provide their insights and show their understanding of the business. So, if the auditors have not already done so, it is good for you to have them highlight changes to the financial statements from the previous year – whether those changes are to the accounting policies, or maybe due to significant transactions during the year that require special disclosure. Discussions can also center around new and upcoming changes to accounting standards that will have a significant impact on financial statements going forward.
The value of confidential ‘in-camera’ sessions
In-camera meetings between the auditors and TCWG are a chance for you to have a full and frank talk with the auditors, while members of management are out of the room. You can learn about difficulties the auditors experienced in their work, gain insights into management’s performance, and understand whether there are any areas of concern.
In this, you can benefit from the insights the auditors gained while working on your organization’s financials, but also the experience that the auditors have gained working at similar organizations. For example, the auditors may be able to tell when certain ratios are out of line with results they’ve seen at similar organizations.
Similar meetings between TCWG and management, with the auditors not present, also provide insights into whether the auditors have performed effectively, and whether they should be invited to continue the engagement next year.
As always, never be afraid to ask questions or to find ways to build a stronger relationship with your auditors. After all, they are there to help and to add value.