Documentation suggestions for the small practitioner. (documentation practices)by Baggett, Walter
This article is designed to provide small practitioners with suggestions to efficiently and effectively document key matters in an audit of financial statements.
Organizing Work Papers
There is no one best way to prepare, organize, and store work papers. Many practitioners are using 8 1/2" by 11" letter-size working papers. Also, the use of computer spreadsheets; word processors and even database programs, is increasingly common. These, too, must be fit into the organization of work papers.
While many large firms have standardized binders, most small practitioners can fit their work papers into as few as three or four binders. I generally try this simple scheme. * Written memos such as audit program and engagement letter; * Trial balance and draft financial statements; * Cash and securities including all confirmations; * Schedules and audit work on all other accounts; * Fixed assets, a carryforward folder; and * Permanent file of important documents, a carryforward folder.
Clearly, the number of folders would expand if, for instance, you had a client that had a large inventory or some other asset, the documentation for which would take up an entire folder. Similarly, if a client had just one bank account, I would make a copy of the bank reconciliation, note the work done on my copy, attach the bank confirmation, and include these two work papers in with all of the other account schedules.
Since small clients usually have simple financial statements, there is normally no need for complex indexing systems. Still, some basic order should be maintained so it is easy to locate documents.
Small practitioners should obtain engagement letters every year for a number of reasons. Besides establishing the degree of responsibility to be taken and the fee arrangements, they can also help the client understand and plan for the audit.
To take the edge off of engagement letters, I have tried to make them more humane. The legalese, boiler plate language found in most reference works tends to scare the life out of accountants and clients alike.
There are two ways to correct this problem. One is to rewrite the letter completely. Since most of us are afraid of losing something the boiler plate language can provide, a second solution may be more agreeable.
My approach is to surround the boiler plate language with plain English. Sentences and paragraphs that explain what types of procedures you will perform, like sending out confirmations and counting inventories are helpful. Also, tell the client when you intend to start and finish and when they can expect to submit the report and tax returns. You might even consider pointing out problem areas and their impact on time and fees. None of this should modify the boiler plate. Rather, by stating simple facts, the letter gives the client a better understanding of the whole process, whether it be an audit or review. These neither supersede nor override the intent of the legal phrases.
One of the key documents that needs to be created in most audits is some sort of planning memo. In my view, it should contain three key elements. * Analytical procedures; * Materiality judgments; * Risk assessments. Let us look at each of these elements.
Analytical Procedures: Some of my clients do not even prepare monthly trial balances or any other form or interim financial statements. The only completely organized picture available is the audited financial statements. I prepare these statements in comparative form on an electronic spreadsheet using my personal computer. By using range and file names, I have been able to combine these so that I can have three or four years of income statements and balance sheets on one spreadsheet.
I next insert columns between these several years of financial data. In these columns I calculate a number of ratios. Principally they are based on percentages of totals such as total revenues, total expenses, and total assets.
Because the spreadsheet contains several years' data, it is easy to spot trends. For instance, insurance cost seems to be going up and interest income seems to be coming down. Both are trends that can be explained by environmental factors. The chief benefit of analytical procedures in planning is in helping to spot illogical trends that can not be easily explained and point to real problems.
In terms of audit planning, analytical procedures also highlight the areas of audit importance. Large accounts and significant changes in the relationships between the elements of the financial statements must be given appropriate attention. And remember, under SAS 56, the auditor is expected to use analytical procedures in the planning and final review stages of all audit engagements.
Materiality Judgment: Materiality is generally defined as a dollar amount or piece of disclosure information of such magnitude that the absence or presence thereof is likely to influence the user of the financial statements in making decisions with respect to the entity.
Materiality is first of all a tool that helps us decide how much detail we need to get into when examining the components of a client's financial statements. In this role materiality is used for planning. As the audit proceeds, materiality helps us decide when to investigate a matter further and whether to require adjustments to the financial statements or disclosure. In these roles materiality serves as a review device.
During the audit, the auditor must keep the concept of materiality in mind as information is obtained. He or she must always keep in mind that having found a misstatement, its relationship to materiality must be evaluated considering the possibility of additional undetected misstatements.
Risk Assessment: After performing analytical procedures and documenting planning materiality, the final step in the planning memo is to assess the risks associated with the engagement.
SAS 47 on materiality and audit risk built on the formula presented in SAS 39, on audit sampling. The current risk model looks something like this: AR = IR * CR * DR where DR = TD * AP In these formulas: AR is Allowable Audit Risk; IR is Inherent Risk; CR is Control Risk; DR is Detection Risk. Detection risk is composed of:
TD, the risk Tests of Details do not locate material misstatements;
AP, the risk analytical or other procedures do reveal material misstatements.
The auditor is not required to use these formulas or, even, to measure risk as a numerical factor. All these fancy formulas are really trying to say is that in order for an auditor to sign his or her name to a report on financial statements that are materiality misstated, a number of things must occur. By understanding each risk we can prevent disaster. The risk assessment part of the planning memo should review the following.
Inherent Risk: There should be a discussion of those transactions and balances that are difficult to handle. They may be subject to manipulation or require special judgment to properly value them.
Control Risk: Weakness in the control environment (the tone of management; their concern for good accounting), bad accounting records, and incompetent personnel are some of the most common problems encountered in small client audits. Naturally, some note will be made that, because of their size, very little segregation of duties or formal independent review and authorization will be found. On the other hand, the deep involvement of managers and officers in the day to day affairs, often assures better control than that found in large bureaucratic organizations.
Allowable Audit Risk: This is the amount of risk that the auditor is willing to accept, that the auditor gives a clean opinion when, in fact, the financial statements are materiality misstated. Allowable audit risk should be set relatively low to justify an unqualified opinion.
Detection Risk: With all the other parts of the equation filled in, we are now ready to derive the detection risk. The detection risk that is derived determines the amount of substance testing to be done to achieve the allowable audit risk, given the control and internal risks of the situation. The higher the derived detection risk, the less substantive testing that needs to be done. The lower the detection risk that is needed to satisfy the overall objective, the more substantive audit work to be done.
As the formulas indicate, detection risk can be satisfied by two types of work, test of details and analytical procedures. It is a matter of audit judgment as to how detection risk is assigned to the two types of procedures.
While these risk assessments may seem daunting, the memo can discuss them in very general terms. Numeric percentages need not be developed. Terms like high, low, and medium are totally acceptable.
Understanding the Internal Control Structure
The following approaches are alternative means of documenting the understanding of internal control structure.
The Internal Control Memo: All the major transactions of the entity, the related books and records should be described. In addition the various authorizations and segregation of duties should be mentioned and their adequacy evaluated. This can be quite time consuming.
The Internal Control Questionnaire (ICQ): There are some general ICQs around that may serve as background material. There are also some questionnaires for specific industries that may be useful for very specific, complex transactions. As a rule, ICQs have fallen into disfavor because they do not address specific client problems. Perhaps new programs for the personal computer will bring about their re- emergence in the form of automated internal control questionnaires. At any rate, even when an ICQ is completed, some sort of summary memo must to be written to evaluate the importance of the various strengths and weaknesses.
Flowcharts: Based on the premise that one picture is worth a thousand words, a flowchart is intended to present in graphic form a clear picture of a client's system. Like the ICQ though, it seems to be most effective in dealing with specific, complex accounting systems. Most auditors would not use it to document all client systems. The advent of good powerful flowcharting programs including Interactive Easyflow from Haventree Software Ltd. and Flow Charting II+ from Patton & Patton Software Corporation that run on personal computers make flowcharting even quicker and easier.
Client Documentation: Many clients, even small clients, have manuals that may prove useful. For instance, one of my clients is a summer camp. Much to my delight they have a staff manual. This describes the camp's organization and helps me get a clear handle on who can authorize what transactions. I am now working with the client to improve the system of travel advances and petty cash vouchers Not only will this improve the client's system of internal control, but a copy of the client's own documentation will be part of my documentation of my understanding of the internal control structure.
Client prepared organization charts and even telephone directories can also often enhance your documentation of the internal control structure.
The auditor has three general types of tests to choose from: tests of controls, test of details, and analytical procedures. The auditor should judiciously select from the alternatives to provide the highest level of assurance with the expenditure of the least amount of effort. This is audit efficiency.
Often audit procedures are not done because they are necessary to achieve audit objectives. They are done, like petty cash counts, because of client expectations. They may also be done for the convenience of the client. What they lack in efficiency and sophistication, they make up for with intuitive directness and simplicity. Often this provides a level of assurance beyond what is needed.
One area that I generally believe a small practitioner can cut down on in the audit program area is the amount of detail. After all, this work will be performed by an experienced CPA, not a first year out of college staff member. Accordingly, phrases such as "review for propriety" can take the place of step by step instructions. As long as the principal procedures for major audit areas are listed, the program will serve as a satisfactory description of the audit process. Remember, though, if the work program is general in its approach, the detailed steps performed will have to be shown on the individual work papers.
One of the keys to good audit work papers is recording why things were done. Clearly, when someone tries to second guess an auditor after the fact (such as a lawyer in court), the question will be, "Why was this decision made?" When an auditor can point to work papers created at the time, it becomes very simple to say, "Here were the facts known at the time, and they clearly support the decision I made." Under these circumstances it becomes much easier to prove that the auditor acted in accordance with professional standards.
Each work paper should document the work done. Appropriate tick mark legends should be present. It should also document the conclusions reached. There are a number of ways to do this. Sometimes all that is needed is a note across the bottom of the work paper stating that, based upon the work done, the account balance contains no material errors. At other times, a more extensive discussion may be called for. In those situations a cover memo for the work folder may be appropriate. A typical example of this is accounts receivable. In the folder may be a trial balance of receivable, confirmations, agings, and related analyses. A brief memo describing the work done and conclusions reached can serve to tie all of this together into an easily defended package of evidence.
One of the methods I have found useful in documenting the audit is a work memo. In it, I give a day to day account of what I did. This serves to document conversations with client personnel and show the general tenor of the audit. To make it an easily accessible document, I keep it in a memory resident pop up note pad on my computer. I also record all of my time and expense information in the same place.
Combining a description of who was talked to and when along with the procedures being performed on a day by day basis can create a clear picture of the audit. While it may be impractical to do this for large engagements, I find that, as a sole practitioner, it is easy and effective because it eliminates many questions as to what I did and why I did it.
For years larger auditing firms have had review memos prepared. These documents describe the auditing procedure and conclusions reached. They must be submitted, along with the draft report, to the firms' review departments. Small firms are not dealing with that type of a bureaucracy and such extensive summaries are not called for. It is a place to summarize the findings from the individual pieces of the audit. It also makes sense to include some discussion of the overall reasonableness of the financial statements and describe how any major problems were surmounted.
Neither the re-evaluation process nor the summary of conclusions need be lengthy. They should cover all significant issues. Since the completed financial statements have been prepared, key ratios and materiality can be re-calculated with the final audited balances and the final analytical procedures applied.
I have mentioned computers a number of times throughout this article. It might be helpful to suggest a number of tips for efficient computer use that highlights why I believe personal computers to be one of the best things ever to happen to small practitioners.
Word Processing. Many requirements for documentation can be met by preparing written memos. On a year-in year-out basis, this can be murderously time consuming. But, using a word processor, last year's memos can be quickly copied and updated. With just a little practice an auditor can learn to quickly replace the names of client personnel who have left with the names of the new hires. Dates can be changed. Whole new paragraphs can be inserted to describe new procedures. Old descriptions can be quickly eliminated. Summary paragraphs can be deleted and new conclusions inserted. Such editing can save the auditor a significant amount of time and produce documents that upgrade the quality of audit work.
Spreadsheets. Like word processor files, spreadsheet files from the previous year can also be updated. In addition, the graphics features of spreadsheets can often provide spectacular displays of information. Not only does this often help clients "see" problems, they can also serve to clearly document issues.
Mention has already been made of inserting columns so percentages can be calculated for analytical testing. The ability of the computer to readily do more complex calculations such as interest rates or quickly build large structures for declining balances and random sampling applications should not be overlooked.
Special Program. Flowcharting programs, note pads and database programs for accounting packages are among the most common tools found in audit computer kit bags. There are a number of other programs currently on the market for generating audit programs, keeping time budgets and preparing financial statements that seem to hold some real promise. Obviously, every practitioner owes it to him or herself to seek out those programs that will increase personal productivity.
Backup. There are two kinds of backup. The first is making copies of computer files. These files are then stored offsite. How and how often you do this depends on the computers you have available and your work routines.
When I am working on a project, whether it is a spreadsheet or a word processor application, I never let more than one half hour go by without saving what is in memory. Since I tend to keep all files (including spreadsheets, word processor files, flowcharts and note pad) for a client on one floppy disk, at the end of each day I copy the entire floppy onto a backup.
A more conservative approach to backup has been suggested in a study of micro-computer technology prepared for the National Association of Accountants by Price Waterhouse. Their method resembles the generation data set technique employed in mainframe computer environments. In it, at the end of work session one the data is transferred to a second floppy. This floppy is used in work session two. At the end of work session two, the data is transferred to a third floppy. Only at the end of work session three is the data on floppy disk one overwritten with data from work session three.
This method assures that there are always two work sessions of data backing up the current work. This means that, should a disaster occur during a backup, there will always be another generation available. It also evens out the wear and tear on disks. On the other hand, it means there are more diskettes floating around that need to be correctly identified as the most current working copy.
People who have a hard disk might consider keeping each client in a separate subdirectory and then backing up their subdirectories to floppies. Of course, large hard disks almost always demand some sort of tape streaming technology. Selecting and mastering the hardware and software associated with that technology is a subject beyond the bounds of this article. Still, it is an aspect of personal computer usage that must be addressed.
Hard Copy. The ultimate form of backup is to print out the content of client files. Since I often use clients floppies once a year, I make a habit of printing out all clients files at the completion of the audit. This eliminates any worry about the loss of records over the course of the next year. With compressed printing, even the largest spreadsheets are amenable to being printed out in a reasonable amount of time.
All auditors must comply with GAAS. As these standards have become more complex, compliance therewith often appears to be an insurmountable job for small practitioners. By judiciously using the following common auditing tools this challenge can be met: * Engagement Letter; * Memo on Understanding of Internal Control Structure; * Planning Memo; * Audit Program; * Work Memo; and * Summary Memo.
By judicious use I mean tailoring them to fit the needs of small accounting practices.
In addition, I have tried to show how a good filing system and proper use of personal computers can make audits of small entities by small practitioners efficient and effective.
Walter O. Baggett, PhD, CPA, Chairman, Accounting Department, Manhattan College
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.