Chapter 18

Finding Out How Companies Find Errors: The Auditing Process

In This Chapter

Getting acquainted with audits

Checking out the auditing process

Discovering the role of generally accepted accounting principles

Exploring the present condition and the future of auditing

Most readers of financial reports don’t work for the company and, therefore, must depend on the truthfulness of the company’s management in reporting its financial statements. Can you depend on the numbers you see?

The question is valid, especially considering the corporate scandals that have rocked the City since the collapse of Barings Bank in 1995. The Barings case, and other financial reporting scandals such as those at Enron, the Maxwell Group or Parmalat, have led investors to be wary about the numbers companies report in their financial reports. (To find out more about what happened at Barings, Enron, The Maxwell Group, and Parmalat see Chapter 22.)

In this chapter, we explore how third parties get involved to keep company records on the up-and-up.

Meeting Mr or Ms Auditor

Company outsiders can’t be sure that the information that they see is an accurate reflection of a company’s financial situation unless a disinterested third party reviews the company’s operations and its financial statements and determines that the reports are free of fraud and misrepresentation. Called an audit, this process is crucial for verifying the accuracy of a company’s financial reports.

All companies, other than those which satisfy the legal definition of small, are required to have their results checked by a third party, called an auditor, to be sure the reports truthfully portray the financial health of the company.

Under the Companies Act, an individual or firm is eligible for appointment as a statutory auditor if the individual or firm is a member of a recognised supervisory body and eligible for appointment under the rules of that body.

At present, the UK government has approved five bodies as recognised supervisory bodies. These are:

Institute of Chartered Accountants in England and Wales (ICAEW)

Institute of Chartered Accountants in Scotland (ICAS)

Institute of Chartered Accountants in Ireland (ICAI)

Association of Chartered Certified Accountants (ACCA)

Association of Authorised Public Accountants (APA)

At the time of writing, all of the FTSE 100 companies – the biggest 100 companies in the country – are audited by one of the ‘Big Four’ firms of chartered accountants (PriceWaterhouseCoopers, KPMG, Ernst & Young, and Deloitte). This situation has arisen not because of any regulatory impediment which restricts other firms but simply as a result of the free choice of the companies concerned. There is ongoing discussion as to whether having all of the audits of this group of companies being undertaken by such a small number of audit firms is a good thing, but there is no obvious way to achieve greater diversification.

As suggested by the title ‘registered supervisory body’, the accountancy bodies must monitor the work of their members and discipline those who fall short. In addition, the auditors of listed companies are also subject to review by the Audit Inspection Unit (AIU). The AIU, which is part of the Professional Oversight Board (POB), was set up following the government’s post-Enron review of the regulation of the UK accounting profession. The Unit commenced visits to firms of auditors in June 2004 and, not surprisingly, started with the Big Four. So far, the AIU have not identified any major problems in UK auditing and in their latest available report, published in June 2007, they state ‘the AIU considers the quality of auditing in the UK to be fundamentally sound’.

It is essential that the auditors can express an independent view on the financial statements but auditors often provide other services to their clients such as tax planning and consulting. The Auditing Practices Board has developed a set of ethical standards which restrict what ‘other services’ auditors can provide to their audit clients. Where other services are permitted, the auditors must then consider how they can ensure their independence is not compromised and must discuss such issues with the audit client.

Despite this, there is still an uneasy feeling that auditors might use the audit as a way to identify other services they can sell to their clients. Immediately post-Enron, statistics showed that for every £1 that auditors earned from their listed clients, they earned £3 for other services. By 2006, that figure had improved to a ratio of £1:£1 – better, but still a cause for concern. In the future, auditors may possibly be banned from providing any non-audit services to audit clients.

The Auditing Practices Board

The body charged with setting the rules for auditors in the UK is the Auditing Practices Board (APB). The APB is itself answerable to the Financial Reporting Council (FRC). The APB (and their predecessors) had been setting standards in the UK for many years but in 2005, they decided to adopt International Standards on Auditing (ISAs). The reason for this was that the European Union had stated a desire to unify auditing standards across the European Economic Area and the way that this was to be achieved was by adopting the International Standards set by the International Auditing and Assurance Standards Board (IAASB) based in New York.

The APB was so enthusiastic about this development that they stated that ISAs would be compulsory for UK audits from the audit of years ended on or after December 2005.

Two problems:

First, the EU did not immediately go ahead with their plan and, at the time of writing, there is still no date by which the rest of Europe will follow the UK’s lead.

Second, when the APB reviewed the existing ISAs they discovered that, in some respects, the ISAs were not as good as the old UK auditing standards. Accordingly the APB set about upgrading the ISAs by adding in additional requirements taken from the old standards. To distinguish these amended documents from the original ISAs the standards in use in the UK are called International Standards on Auditing (UK and Ireland) or, in short ISA (UK&I).

As a result of these two problems, the UK is currently out of line with the rest of the world. This may well be fixed shortly because the IAASB is working on a revamp of their standards and presumably, when the upgrade has been completed, both the EU and the APB will be happy to converge on the revamped ISAs. It should be added, however, that this is not expected to be before 2010.

Delving Into the Auditing Process

If you’ve worked in a business, you know how nervous some managers become when auditors show up at their door. An audit isn’t a complete surprise to a business, however. Auditors sit down with top management and the audit committee to discuss the audit process and to schedule the audit for a time that’s least disruptive to the business. For example, a retail company certainly doesn’t want auditors checking out its stores during the end-of-year holiday rush.

Before auditors show up at a business’s door, they meet with key executives and board members who serve on the audit committee to discuss the scope and objectives of the audit. For example, an audit may include a complete review of the company’s operations or it could just be an audit of one aspect of the operation, such as collections from customers. The objectives of a full audit are to express an opinion on the company’s financial statements and that is the only sort of audit that we are concerned with in this book.

Even when a company has no desire to mislead investors and others, honest mistakes can happen. Sometimes errors occur because a company’s accounting system is flawed or isn’t capable of handling changing company conditions, especially when a company is growing rapidly. Other times, a company’s accountants might present wrong numbers because of the difficulties involved in accounting estimates or because they don’t have a good understanding of the latest accounting principles related to the presentation of some of the numbers.

Fraudulent financial reporting, on the other hand, results when management decides to deliberately distort the numbers to make the company’s financial results look better than they actually are. Sometimes companies withhold negative information to avoid an investor backlash and a drop in share value. Companies often deceive without the knowledge of the auditors, but sometimes the auditors are persuaded to permit interpretations of accounting standards that others consider to be bending the rules rather than breaking them. Turn to Chapter 21 to get the dirt on fraudulent financial reporting.

Getting an audit when it’s not required

Some partnerships or audit-exempt companies choose to pay for an audit, but they’re not required to do so. They do it primarily because the banks or financial institutions that lend them money request it. A partnership may also choose to pay for an audit if several partners are involved in the business but only one of the partners runs the day-to-day operations. The partners who are not involved in the day-to-day activities may want to have the books audited by an independent outsider to be sure the active partner is accurately reporting the company’s financial activities to them.

Gathering knowledge of the business

The audit is based on a thorough understanding of the business and the industry in which the company operates. The auditor therefore builds up a detailed permanent file which contains the auditor’s understanding of the client and its environment in regards to the following aspects:

Industry, regulatory, and other external factors, including the applicable financial reporting framework.

Nature of the entity, including the entity’s selection and application of accounting policies.

Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements. Business risks may lead to problems in the financial statements.

Measurement and review of the entity’s financial performance. The auditor is interested in the internal measures that the company uses to monitor performance – often known as key performance indicators or KPIs – because the existence of KPIs may put pressure on the client’s staff to manipulate the results in order to achieve financial targets.

Internal control including the information system and the control activities. Control activities are the policies and procedures that help ensure that management directives are carried out; for example, making sure that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives.

Examples of specific control activities include those relating to the following:

• Authorisation such as the checking of expense claims or invoices.

• Performance reviews such as budgetary control or the reviews of amounts due from customers.

• Information processing controls over data entry.

• Physical controls such as password controls and locking valuable assets in the safe.

• Segregation of duties which ensures that the work of one individual is checked by another.

The auditor places a heavy emphasis on understanding and testing the company’s controls. If controls are sound then the auditor is able to reduce the quantity of detailed audit work performed.

Planning

Armed with a thorough knowledge of the business, the auditor is now ready to plan the audit. This procedure involves a consideration of where errors are most likely to occur. The auditor describes this process as risk assessment.

The auditor also has a brainstorming meeting involving all of the members of the audit team when the issues of risk and fraud are considered. The auditor tries to identify where fraud or error could occur so that the work can be targeted appropriately.

Once all the knowledge has been gathered and risks assessed, the auditor designs procedures to respond to the risks. The auditor performs some work on all major areas of the accounts but the work is less in the areas considered to be at lower risk.

Performing fieldwork

Auditors perform fieldwork when they visit individual offices and locations operated by the company to determine whether the internal controls are actually being implemented properly. For example, if a company requires a certain type of coding when an order is charged to a customer’s account and that coding is not being used consistently, some customers may be getting merchandise for which they’re not billed.

In the field, auditors may watch a company’s employees carry out tasks being reviewed to be sure that they’re performing them correctly. However, observation may affect the employees’ behaviour so auditors prefer to rely on documentary evidence. For example, if the company requires a manager’s signature before a customer is given a refund, the auditor reviews company records of refunds randomly to be sure that signature process is being followed.

Although the top manager at a location probably knows when the auditors are due to arrive, the rest of the staff is usually surprised by their arrival. Any findings during the fieldwork become part of the draft report to management.

After the auditors review internal controls they test various financial transactions to be sure that the proper procedures are being followed. Auditors review records randomly to be sure the staff are completing transactions as specified by internal control procedures.

For example, when auditing the operations of a bank, the auditor wants to know if the bank’s procedures for approving a loan are being followed correctly. Random files are probably checked for loans to be sure all needed approvals are in place. When visiting retail stores where refunds of a certain size must be approved by the store’s general manager, auditors review the records of refunds to be certain that signature procedures are being followed. The various internal controls auditors decide to test are determined at the planning stage (see ‘Planning’ earlier in this chapter).

The type of fieldwork required depends on the type of business. Auditors for a bank visit offices in the corporate headquarters, as well as bank branches, to complete their fieldwork. Auditors for a corporation with retail stores do their fieldwork in the corporate headquarters, regional headquarters, and individual retail stores. As well as checking the operation of controls (compliance tests) the auditors also check the accuracy of the amounts in the financial statements (substantive tests). These substantive tests may involve checking that the amounts have been calculated in accordance with accounting standards – for example, that the value of inventory has been calculated using an acceptable method (go to Chapter 15 for more on calculating inventory values).

Substantive tests also involve a consideration of estimates and judgements made by the company’s accountants. The company needs ways of estimating what proportion of customers will fail to pay their accounts or what proportion of goods will be returned for credit after the end of the financial year. The auditors check on the estimation methods and assumptions used by the company’s management to see if the resulting amounts are reasonable.

As the auditors work in the field, they discuss any significant discrepancies with top management at the field locations. Usually auditors work with management to resolve any problems before they complete the audit report.

The auditors compile a written report to management which includes the issues identified during fieldwork. This report mainly consists of matters that will not be included in the audit report attached to the annual accounts.

Most companies work to fix problems internally and a by-product of the audit is that the auditors help their client to identify areas of weakness. Reports to management are not released publicly. However, if an issue was identified which indicated that the accounts were not true and fair then this would be reported in the audit report issued with the financial statements.

Creating an audit report

After the auditors complete their fieldwork, they finalise their audit report, which is attached to the published accounts.

The audit report follows a standard format in accordance with ISA (UK&I) 700. It usually has the following sections:

Introduction: Identifies the elements of the financial statements on which the auditors are commenting. Note that the auditors’ report never covers the narrative material such as the chairman’s report.

Respective responsibilities of directors and auditors: Usually includes a statement in which the auditors declare that their report has been prepared solely for the company’s members (shareholders) and therefore the auditors do not accept any liability to any other person who might see the report.

Basis of audit opinion: Includes a brief summary of what an audit involves. The wording includes phrases such as ‘examination, on a test basis, of evidence relevant to the amounts and disclosures in the financial statements’, and ‘assessment of the significant estimates and judgements made by the directors’, and ‘whether the accounting policies are appropriate’. These phrases are intended to cover the auditors’ backs in the event of later problems.

Opinion: Contains three bullet points in the standard unmodified opinion. First, a statement that the financial statements give a true and fair view in accordance with the relevant accounting framework; second, a statement that the financial statements have been prepared in accordance with the Companies Act; and third a statement that the information given in the directors’ report is consistent with the financial statements.

An audit report may be modified because the auditors wish to draw attention to a particular matter in the financial statements – this is not a qualified opinion. An audit report is qualified if the auditors disagree with the company’s treatment of a problem area or if the auditors are unable to get sufficient information to support the audit opinion. We discuss these issues more in Chapter 5.

Filling the GAAP

The auditors’ primary role is to make sure that a company’s financial statements are presented fairly and accurately. As part of this, they must ensure that Generally Accepted Accounting Principles (GAAP) are followed.

GAAP principles help a company determine the amount of financial information it must disclose and help the company measure its assets, liabilities, revenues, expenses, and equity. That information makes up the financial statements, including the balance sheet (refer to Chapter 6), the income statement (also known as profit and loss statement, look at Chapter 7 for more), and the statement of cash flows (refer to Chapter 8). The GAAP principles list the way in which a company must report the financial information on each line item of the financial statements – these principles fill bookshelves in an accountant’s office.

GAAP principles for an accountant are highly technical explanations of how the value of each asset, liability, or equity listed on the balance sheet is calculated. GAAP principles also provide technical detail on how to report revenue and expenses on each line item of the income statement.

Accounting standards: Four important qualities

The primary accounting-standard-setting body for listed companies in the UK is the International Accounting Standards Board (IASB). It’s responsible for developing GAAP principles, as well as updating the GAAP principles already developed to reflect changes in the ways companies operate. These changes occur as new ways of doing business become commonplace in the business world.

To be precise, UK listed companies must prepare their group accounts using International Standards as approved by the European Union (EU). In theory, therefore, it is the European Union who is the standard setter. In practice, the EU generally endorses the IASB’s standards and, so far, there has only been one standard where the EU has made a variation to the standards laid down by the IASB. This affects the treatment of certain sorts of financial instruments but should not concern you greatly in your reading of the accounts.

For UK companies that are not listed, the standard setting body is the UK Accounting Standards Board (ASB). There are a number of detailed differences between the standards set by the IASB and the standards set by the ASB. However, the ASB is working on converging with international methods and any remaining differences should be ironed out in the medium-term future (say five years or so).

The IASB specifies four qualitative characteristics that make the information provided in financial statements useful to users. These four characteristics form the basis for designing the technical GAAP requirements:

Understandability: Financial information should be readily understandable by users. However, users are assumed to have a reasonable knowledge of business and economic activities and accounting and a willingness to study the information with reasonable diligence. Not that easy then!

Relevance: To be useful, information must be relevant to the decision-making needs of users. Relevance of information is also affected by its nature and materiality. Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.

Reliability: Information has the quality of reliability when it’s free from material error and bias and can be depended upon by users to represent faithfully that which it purports to represent or could reasonably be expected to represent.

Comparability: Users must be able to compare the financial statements of an entity through time in order to identify trends in its financial position and performance. Users must also be able to compare the financial statements of different entities. Hence the measurement and disclosure of financial information must be carried out in a consistent way throughout an entity and over time for that entity and in a consistent way for different entities. Since companies may adopt different accounting policies, those policies must be clearly disclosed so that different approaches can be identified.

Changing principles: More work for the IASB

GAAP principles aren’t set in stone. As business needs and the way companies do business change, so must the principles. The various standard setters around the world have always addressed new issues as they arise and provided guidance.

But now, the driving force behind change is the desire for convergence. The EU has achieved convergence between the many various approaches used throughout Europe by the adoption of International Financial Reporting Standards (IFRS). This adoption has given the IASB standards a great boost and many other countries have followed the European lead. At the last count, over 90 countries were following IFRS.

The next big challenge is convergence with the US. The approach to accounting standards in the US is more detailed when compared with the UK and IASB approach which are more principles based. The standard setter in the US, the Financial Accounting Standards Board (FASB) has published well over 100 accounting standards compared with the IASB where the number stands at about 40.

The IASB and the FASB are now working together on a number of joint projects. Full convergence looks to be many years away but, at least, progress is being made.