Audits Articles

Article / Updated 09-15-2022

Financial statement fraud, commonly referred to as "cooking the books," involves deliberately overstating assets, revenues, and profits and/or understating liabilities, expenses, and losses. When a forensic accountant investigates business financial fraud, she looks for red flags or accounting warning signs that indicate suspect business accounting practices. These red flags include the following: Aggressive revenue recognition practices, such as recognizing revenue in earlier periods than when the product was sold or the service was delivered Unusually high revenues and low expenses at period end that can't be attributed to seasonality Growth in inventory that doesn't match growth in sales Improper capitalization of expenses in excess of industry norms Reported earnings that are positive and growing but operating cash flow that's declining Growth in revenues that's far greater than growth in other companies in the same industry or peer group Gross margin or operating margins out of line with peer companies Extensive use of off–balance sheet entities based on relationships that aren't normal in the industry Sudden increases in gross margin or cash flow as compared with the company's prior performance and with industry averages Unusual increases in the book value of assets, such as inventory and receivables Disclosure notes so complex that it's impossible to determine the actual nature of a particular transaction Invoices that go unrecorded in the company's financial books Loans to executives or other related parties that are written off A business that engages in such fraudulent practices stands to lose a tremendous amount of money when penalties and fines, legal costs, the loss of investor confidence, and a tarnished reputation are taken into account.

Cheat Sheet / Updated 02-18-2022

Enacted in the wake of corporate mismanagement and accounting scandals, Sarbanes-Oxley (SOX) offers guidelines and spells out regulations that publicly traded companies must adhere to. Sarbanes-Oxley guidelines offer best-practice principles for any company, especially those providing services to other businesses bound by SOX.

Cheat Sheet / Updated 02-09-2022

Auditing is the process of investigating information that’s prepared by someone else — such as a company’s financial statements — to determine whether the information is fairly stated and free of material misstatement. Having a certified public accountant (CPA) perform an audit is a requirement of doing business for many companies because of regulatory- or compliance-related matters. For example, potential investors or lenders use audited financial statements to decide whether they want to purchase stock or loan money to a business.

Article / Updated 05-13-2016

Every profession has its own lexicon. To communicate with your audit peers and supervisors, you must know key auditing phrases. Knowing these buzzwords is also helpful if you’re a business owner, because auditors sometimes forget to switch from audit-geek talk to regular language when speaking with you. Audit evidence: Facts gathered during the audit procedures that provide a reasonable basis for forming an opinion regarding the financial statements under audit. Audit risk: The risk of forming an inappropriate opinion on the financial statements under audit. Control risk: The risk that a company’s internal controls won’t detect or prevent mistakes. Due professional care: Taking the time to gather reasonable audit evidence to support the fact that the financial statements are free of material misstatement. Generally accepted accounting principles (GAAP): Standard U.S. accounting guidelines for reporting financial statement transactions. Generally accepted auditing standards (GAAS): Standard U.S. auditing guidelines for planning, conducting, and reporting on audits. Going concern: The expectation that a business will remain operating for at least another 12 months. Independence: Having an arm’s-length relationship — meaning no special or close relationship — with the client under audit. Inherent risk: The likelihood of arriving at an inaccurate audit conclusion based on the nature of the client’s business. Internal controls: The operating standards a client uses to prevent or uncover mistakes. Management assertions: Representations the managers of a company make on the financial statements. Materiality: The importance placed on an area of financial reporting based on its overall significance. Objectivity: The ability to evaluate client records with no preconceived notions or prejudices. Professional skepticism: Approaching an audit with a questioning mind-set. Sampling: Selecting a small but pertinent and representative number of records to represent the entire population of records.

Article / Updated 03-26-2016

In response to a loss of confidence among American investors reminiscent of the Great Depression, President George W. Bush signed the Sarbanes-Oxley Act into law on July 30, 2002. SOX, as the law was quickly dubbed, is intended to ensure the reliability of publicly reported financial information and bolster confidence in U.S. capital markets. SOX contains expansive duties and penalties for corporate boards, executives, directors, auditors, attorneys, and securities analysts. Although most of SOX's provisions are mandatory only for public companies that file a Form 10-K with the Securities and Exchange Commission (SEC), many private and nonprofit companies are facing market pressures to conform to the SOX standards. Privately held companies that fail to reasonably adopt SOX-type governance and internal control structures may face increased difficulty in raising capital, higher insurance premiums, greater civil liability, and a loss of status among potential customers, investors, and donors. The politics of SOX SOX passed through both houses of Congress on a wave of bipartisan political support not unlike that which accompanied the passage of the U.S. Patriot Act after the terrorist attacks of 2001. Public shock greased the wheels of the political process. Congress needed to respond decisively to the Enron media fallout, a lagging stock market, and looming reelections. SOX passed in the Senate 99–0 and cleared the House with only three dissenting votes. Because political support for SOX was overwhelming, the legislation was not thoroughly debated. Thus, many SOX provisions weren't painstakingly vetted and have since been questioned, delayed, or slated for modification. For the past 70 years, U.S. securities laws have required regular reporting of results of a company's financial status and operations. SOX now focuses on the accuracy of what's reported and the reliability of the information-gathering processes. After SOX, companies must implement internal controls and processes that ensure the accuracy of reported results. Prior to SOX, the Securities Act of 1933 was the dominant regulatory mechanism. The 1933 Act requires that investors receive relevant financial information on securities being offered for public sale, and it prohibits deceit, misrepresentations, and other fraud in the sale of securities. The SEC enforces the 1933 Act requiring corporations to register stock and securities they offer to the public. The registration forms contain financial statements and other disclosures to enable investors to make informed judgments in purchasing securities. The SEC requires that the information companies provide be accurate and certified by independent accountants. A loophole under prior law SOX provides that publicly traded corporations of all sizes must meet its requirements. However, not all securities offerings must be registered with the SEC. Some exemptions from the registration requirement include: Private offerings to a limited number of persons or institutions Offerings of limited size Intrastate offerings Securities of municipal, state, and federal governments The SEC exempts these small offerings to help smaller companies acquire capital more easily by lowering the cost of offering securities to the public. In contrast, SOX provides that publicly traded corporations of all sizes must meet certain specific requirements depending on the size of the corporation. New ammunition for aggrieved investors SOX now gives public companies specific directives as to how financial information offered to the public must be compiled, yet, it stops short of giving investors a right to sue companies privately for failing to meet these standards. Rather, with the exception of SOX Section 306 (dealing with stock trading during pension fund blackout periods), investors must wait for the SEC and Justice Department to bring actions against companies for SOX violations. Investors can't hire their own lawyers to initiate action on their behalf. Although there's no "private right" to sue directly under SOX, shareholders and litigants are in a much stronger position after SOX than under the old federal and state statutes. Prior to SOX, federal and state laws didn't establish specific standards for corporations in compiling the information they fed to the public in their financial reports. In the event that investors were damaged or defrauded, the investors themselves were responsible for persuading judges the information they had received wasn't truthful or accurate, without reference to any specific standards. Aggrieved investors had only an amorphous body of analogous facts from prior court cases to try to convince courts to apply their specific situation. Now plaintiffs may strengthen their claims and arguments by referencing the standards set forth in SOX.

Article / Updated 03-26-2016

Fraud, embezzlement, and misappropriation can occur in every size of business. Such illegal accounting practices require manipulation of a business’s accounts. Keep your eyes open for these kinds of illegal accounting practices in your small business: Sales skimming: Not recording all sales revenue, to deflate the taxable income of the business and its owner. Recording personal expenses through the business: To make these expenses deductible for income tax. Kickbacks and payoffs: The purchasing managers in any size business can be tempted to accept kickbacks and under-the-table payoffs from vendors and suppliers. For example, if a business pays a bribe, it doesn't record the amount in a bald-faced account called “bribery expense.” Rather, the business disguises the payment by recording it in a legitimate expense account (such as repairs and maintenance expense or, ironically, legal expense). Money laundering: Taking money from illegal sources (such as drug dealing) and passing it through a business to make it look legitimate — to give the money a false identity. This money can hardly be recorded as “revenue from drug sales” in the accounts of the business. If an employee embezzles money from the business, he has to cover his tracks by making false entries in the accounts or by not making entries that should be recorded. Manipulating accounts to conceal fraud, illegal activities, and embezzlement is generally called juggling the accounts. Another term you probably have heard is cooking the books. Although this phrase is sometimes used in the same sense of juggling the accounts, cooking the books more often refers to deliberate accounting fraud, in which the main purpose is to produce financial statements that tell a better story than are supported by the facts. When the accounts have been juggled or the books have been cooked, the financial statements of the business are distorted, incorrect, and misleading. Creditors who end up suffering losses have legal grounds to sue the business for damages suffered. And the IRS is on constant alert for fraud in federal income tax returns. Remember: Income tax evasion is a felony.

Article / Updated 03-26-2016

Audits provide the opportunity for a second set of eyes (usually those of a certified professional accountant) looking over your business’s accounts. An annual audit of your business may be a requirement of your business's investors and lenders as a condition of putting their money in the business. CPA auditors provide a couple of useful services for your business: Checking up: In a sense, CPA auditors give your business a yearly physical exam. The audit exam may uncover problems that your business wasn't aware of, and knowing that the auditors come in once a year to take a close look at things keeps your business on its toes. Reporting: After completing an audit examination, the CPA prepares a short report stating whether the business has prepared its financial report according to the appropriate U.S. or international accounting and reporting standards. The audit requirements are different, depending on whether your business is public or private: Public: Businesses whose ownership and debt securities (stock shares and bonds) are traded in public markets in the United States are required to have annual audits by an independent CPA firm. (The federal securities laws of 1933 and 1934 require audits.) Private: Although federal law doesn’t require audits for private businesses, banks and other lenders to private businesses may insist on audited financial statements. Of course, audits aren’t cheap. It’s hard to do an audit of even a small business in less than 100 hours. At $100 per hour (which is probably too low an estimate), the audit fee would be $10,000. Instead of a full-fledged audit, which they can’t realistically afford, many smaller businesses have a CPA come in regularly to look over their accounting methods and give advice on their financial reporting.

Article / Updated 03-26-2016

Your business's financial statement audit report can give your business a clean bill of health, or the auditor's report may state that your financial statements are misleading and should not be relied upon: The clean (unqualified) opinion: If the auditor finds no serious problems, the CPA firm gives your business’s financial statements an unqualified or clean opinion, which it expresses in a three-paragraph report. The qualified opinion: If the audit report is longer than three paragraphs, it’s never good news. For example, the auditor’s report may point out a flaw in the company’s financial statements but not a fatal flaw that would require an adverse opinion. The adverse opinion: In some cases, the auditor may see unmistakable signs that a business is in deep financial waters and may not be able to convince its creditors and lenders to give it time to work itself out of its present financial difficulties. If an auditor has serious concerns about whether the business is a going concern, these doubts are spelled out in the auditor’s report. The threat of an adverse opinion almost always motivates a business to give way to the auditor and change its accounting or disclosure in order to avoid getting the kiss of death of an adverse opinion. An adverse audit opinion says that the financial statements of the business are misleading. The Securities and Exchange Commission (SEC) does not tolerate adverse opinions by auditors of public businesses; it would suspend trading in a company's securities if the company received an adverse opinion from its CPA auditor.

Article / Updated 03-26-2016

The generally accepted auditing standards (GAAS) are the standards you use for auditing private companies. GAAS come in three categories: general standards, standards of fieldwork, and standards of reporting. Keep in mind that the GAAS are the minimum standards you use for auditing private companies. Additionally, the Public Company Accounting Oversight Board (PCAOB) has adopted these standards for public (traded on the open market) companies. Each audit engagement you work on may require you to perform audit work beyond what’s specified in the GAAS in order to appropriately issue an opinion that a set of financial statements is fairly presented. You need to use professional judgment and exercise due care in following all standards. General standards: The first three GAAS are general standards that address your qualifications to be an auditor and the minimum standards for your work product: As an auditor, you must have both adequate training and proficiency. You are independent in both fact and appearance. You exercise due professional care in performing your auditing tasks. Standards of fieldwork: The next three GAAS govern how you actually do your job: Your work is adequately planned, and all assistants are properly supervised. You gain an understanding of the client and its environment, including internal controls, to assess the risk of material misstatement in the financial statements and to plan your audit. The evidence you gather during the audit is appropriate and sufficient to evaluate management’s assertions on the financial statements. Standards of reporting: The last four GAAS concern information you must consider prior to issuing your audit report: You have to state whether the financial statements are prepared using generally accepted accounting principles (GAAP). Just as important is to report whether GAAP are consistently applied for all financial accounting. Should this not be the case, you have to report any departures. You also have to make sure that disclosures — any additional information needed to explain the numbers on the financial statements — are provided. Lastly, you have to include your opinion as to whether the financial statements present fairly in all material respects the financial position of the company under audit.

Article / Updated 03-26-2016

Audit evidence consists of the documents you use during an audit to substantiate your audit opinion. While working on an audit, you encounter many different types of evidence (written, oral, and so on). Documents can be prepared by employees of the client or by outside parties. To properly evaluate the strength of evidence you gather, you have to understand the four concepts of evidence: Nature: The form of the evidence — for example, oral, visual, or written. Appropriateness: The quality, relevancy, and reliability of the evidence. Sufficiency: The quantity of audit evidence — enough evidence to evaluate the audit client’s management assertions. Evaluation: A decision on whether the evidence is compelling enough to allow you to form an opinion.