Architects & Engineers Articles -
 New Audit Standards


Financial executives and their boards of directors have an added concern in the mix of regulations and practices they must navigate. The American Institute of Certified Public Accountants (AICPA) has issued 10 new auditing standards effective for fiscal years ending after December 15, 2006. While compliance with these standards will be the job of your auditors, the standards will have a direct and immediate impact on your organization's audit.

Statements on Auditing Standards (SAS) Nos. 103-112 affect the timing, risk assessment, documentation, and reporting requirements for all financial audits. These standards apply to all entities and all industries. When viewed in conjunction with the fraud-auditing standards (SAS No. 99) issued in the immediate aftermath of the Enron scandal, these new standards serve to further raise the bar for improved financial governance and oversight by organizations and their auditors.

SAS Nos. 104-111 deal primarily with an auditor's risk-assessment process and related internal-documentation process. The impact of these standards on management and volunteer leaders is expected to be felt primarily through increased information and documentation requests and, of course, higher annual audit fees. SAS No. 103 deals with timing requirements in wrapping up and issuing audit reports and will require organizations and their auditors to more vigorously plan and execute their audits to avoid the need for additional testing and delays in reporting results to audit committees and boards. SAS No. 112 completely redefines and sets lower thresholds for formally reporting weaknesses in an organization's internal controls.

Timing

Under existing auditor-reporting standards, the date for reports issued in conjunction with your annual audit (e.g., opinion on financial statements, required communications to audit committees, management letters, and so forth) is the date on which substantial audit fieldwork is completed. In reality, audit procedures typically extend well beyond this date and include such work as receiving, testing, and extracting the terms of contracts and agreements; receiving and reviewing legal and management representation letters; performing internal quality and technical review of drafts; resolving audit issues with management; late adjustments; and drafting and incorporating information for footnote disclosures.

For many audits, these additional procedures are completed in a matter of weeks; however, in some organizations, wrap-up can often drag on for months as a result of workload and program priorities. In an effort to improve the quality and timeliness of financial audits, SAS No. 103 requires audits to be dated as of the date when the auditor has received "sufficient appropriate audit evidence." When this date falls after your auditors have left your offices, as is often the case, SAS 103 requires that additional procedures be performed by the auditor through the report date. While such a process may seem routine on its face, consider the implications for such delays on rescheduling audit committee and board acceptance meetings, association staff workload (not just the finance department), bank and bond debt covenant compliance, government and foundation grant application and reporting requirements, auditor staff scheduling, and, of course, additional audit fees.

In addition to the report date requirements and the delays and additional procedures that may ensue, SAS 103 also requires audit workpapers to be "locked down" by the auditors 60 days from the delivery date of the reports. This requirement may also cause a change in the report dates, additional delays, and required procedures.

The New Risk Assessment Standards

The Risk Assessment Standards establish standards and provide guidance for the auditor’s assessment of risks of material misstatement (whether caused by fraud or error) in a financial statement audit. In developing the Risk Assessment Standards the Auditing Standards Board (“ASB”) of the AICPA had the overriding goal of improving audit quality. The ASB strived to accomplish this goal with the following three objectives for auditors:

  • obtain a more in-depth understanding of the audited entity and its environment, including internal control;
  • complete a more thorough assessment of the risk of where and how the financial statements could be materially misstated;
  • improve the relation between the auditor’s assessed risks and the nature, timing and extent of audit procedures performed in response to those risks.

Implementation of the Risk Assessment Standards in the first year will take additional time. However, the objective of the standards is to provide an effective and efficient audit focused on “identified risks.” To the extent the Organization has performed and documented a thorough risk assessment, including internal control components, we should be able to leverage off of your work. Additional audit time may be needed where we have to create documentation in the absence of Organization-generated documentation. Our goal as your auditors is to implement these standards in a manner which improves the audit process and results in a more efficient and effective audit.

The impact of the standards will require more time in the up-front planning phase of the audit. Prior to year-end, we will update our understanding of the Organization and its operating environment. This activity includes talking to employees in key positions, evaluating the design and implementation of internal controls, observing controls in operation, and inspecting relevant documentation.

Prior to year end we will also begin “risk assessment procedures” to assess the susceptibility of the Organization’s financial statements to material misstatement. These risk assessment procedures will identify business risks, environmental risks, and internal control risks as areas for focus during the audit. We will design our audit procedures to respond to the risks of misstatements in the financial statements identified during the risk assessment process.

We will spend additional time understanding and evaluating your internal controls. The standards require us to assess whether the design of controls is effective and whether those controls are implemented in the Organization. We will also, where appropriate, test select controls for operating effectiveness.

With the increase in time spent in the planning phase, we will strive for a reduction of time spent during field work subsequent to year-end. We will do this through a more focused audit plan based on the assessed levels of risk of misstatement. As a result you may notice us spending more time auditing certain areas and less time in others. The nature of our procedures may also change. You and your staff should expect requests for information and audit procedures that are different than those performed in prior years.

Exceptions

SAS No. 112 completely redefines and sets lower thresholds for formally (i.e., in writing) reporting weaknesses in an organization's internal controls and may result in many control exceptions for organizations that previously had no such findings. A "control deficiency" exists when the design or operation of a control does not allow management or employees in the normal course of performing their assigned functions to prevent or detect misstatements on a timely basis. A "significant deficiency" (replacing the term "reportable condition") is a control deficiency or a combination of control deficiencies that adversely affect the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with generally accepted accounting principles, such that there is more than a remote likelihood that a misstatement of the entity's financial statements, that is more than inconsequential, will not be prevented or detected. A "material weakness" is a significant deficiency or a combination of significant deficiencies that result in more than a remote likelihood that material misstatements of the financial statements will not be detected or prevented.

The evaluation of "more than inconsequential" will be made by the auditor based on qualitative and quantitative evidence and will follow a "reasonable person" standard. In evaluating the impact of a deficiency the timeframe for assessing its impact is projected beyond the audit period. For example, if an organization chooses to pass on an immaterial audit adjustment to capitalize a lease, and this adjustment is projected to become material at some point in the future, the association will have a reported material weakness or significant deficiency depending on the projected materiality of the item.

Examples of control deficiencies that will typically be considered significant:

  • Ineffective oversight of the entity's financial reporting and internal controls by those charged with governance, including (1) lack of sufficient expertise to properly apply accounting principles to the financial statements, (2) lack of control over nonroutine and systematic transactions such as journal entries, and (3) lack of timely financial statements;
  • Restatement of previously issued financial statements to reflect the correction of a material misstatement;
  • Identification by the auditor of a material misstatement in the financial statements that was not initially identified by the entity's internal controls;
  • Identification of fraud of any magnitude on the part of senior management;
  • Failure by management or those charged with governance to assess the effect of a significant deficiency previously communicated to them and either correct it or conclude that it will not be corrected.
  • A control deficiency is initially assumed to be a material weakness but may be downgraded to a significant deficiency or inconsequential deficiency based on a quantitative and qualitative evaluation by your auditors.

Recommendations:

Well-managed organizations looking to mitigate the potential negative impact of Statements on Auditing Standards Nos. 103-112 should take the following steps.

Provide education throughout the organization on these new standards and their potential impact. Auditors require information not only from the accounting department but from senior management, board members, membership, meetings, grants, and other areas. Make sure all internal and external parties affecting your audit adhere to the timeline for responding to information requests.

Become familiar with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control – Integrated Framework. This is considered the definitive measure of internal control against which to assess your internal control system. Understanding COSO will help you better understand how to assess risk related to your internal control. You can expect us to ask about and test the following five interrelated components of the Organization's system of internal control: (1) control environment, (2) the Organization's own risk assessment, (3) information and communication systems, (4) control activities and (5) monitoring.

Meet with your auditors to identify potential internal control deficiencies that may meet the new reporting threshold as "material weaknesses" or "significant deficiencies." Do you leave some entries for the auditors to make? Do you have staff vacancies or turnover that creates a lack of segregation of duties? Do you rely on your auditors to draft the year-end financial statements and footnotes? The answer to each of these and other questions involving your control environment will be critical in determining whether material weaknesses or significant deficiencies will result from your annual audit.

Schedule periodic audit status conference call meetings between the audit committee chair and the audit firm over the course of the engagement to avoid report surprises, delays, and cost overruns. The emergence of stronger organization audit committees over the last several years has begun to build meaningful communication between auditors and those charged with monitoring and reporting on the board's fiduciary duty. These new audit standards will make such regular communication essential to an efficient and cost-effective audit.

The drive for improved financial accountability in the public and nonpublic sectors has resulted in an unprecedented level of regulation affecting auditors and their clients. The issuance of Statements on Auditing Standards Nos. 103-112 will challenge organizations and their auditors to better plan and execute their audits for improved efficiency and effectiveness. Upfront planning and communication between organizations and their auditors is the key to complying with these standards while minimizing associated increases in audit costs and internal control exceptions.

We look forward to continuing our discussion on the new standards and how they will specifically affect you and your Organization.

Find out how our expertise in accounting for architects and engineers can add value to your business. Email us or call us at 1 (888) 875-9770.

related links

A&E Newsletters & Articles

Tax News and Business Updates

F&D Forensic Accounting Services

PODCAST: Overhead Rates, State Agency Updates and Best Practices for Engineers

Contact Us

First Name:
Last Name:
Company:
Address:
City:
State: Zip:
Phone:
Email:
Your Question / Comments:

Call Us

For Information, Please Call (888) 875-9770

RESOURCES

Auditing Standards and Procedure Updates Boston SEMINARS

VT, ME, CT, NY, NH, RI, MA - Podcasts and News PODCASTS

Mass CPA Feeley & Driscoll calculators CALCULATORS