Attest / Assurance & Nonattest Services Archives

Why Does an Auditor Do Risk Assessment, and What is It?

Risk assessment is critical for auditors because it lays the foundation for the entire audit by identifying and evaluating risks that could lead to material misstatements in financial statements. Here’s why it’s done:

Identifying Risks of Material Misstatement (RMM): Auditors aim to find areas in financial statements where there is a “reasonable possibility” of a material misstatement occurring. By identifying these risks, auditors can focus their efforts on the greatest potential for error or fraud.
Tailoring the Audit Approach: Risk assessment allows auditors to design audit programs and procedures that address identified risks. This ensures the audit is efficient and effective rather than generic and potentially inadequate.
Complying with Standards: Under SAS 145, auditors must gain an understanding of the entity, its environment, and its internal controls to comply with professional auditing standards. This process ensures that auditors perform their duties systematically and thoroughly.
Mitigating Audit Risk: By identifying risks, auditors can plan and perform procedures that reduce the risk of issuing an incorrect audit opinion. Proper risk assessment supports the overall objective of providing reasonable assurance that the financial statements are free of material misstatement.
Assessing IT and Environmental Risks: Modern audits emphasize understanding risks from IT systems and external factors. Evaluating IT risks, such as data loss or unauthorized access, ensures financial data integrity is maintained.

Risk assessment is the process auditors use to identify, evaluate, and respond to risks of material misstatement within financial statements. It involves:

Understanding the Entity and Its Environment: This includes assessing the entity’s operations, industry, regulatory environment, and IT systems to identify potential risk areas.
Evaluating Inherent Risk (IR): This is the susceptibility of an assertion to material misstatement due to the nature of the account or transaction without considering internal controls.
Evaluating Control Risk: This is the risk that internal controls fail to prevent or detect material misstatements in a timely manner. Together with IR, it contributes to the combined RMM.
Identifying Relevant Assertions: Assertions are representations by management about financial statement elements. Auditors determine which assertions are relevant (i.e., where risks of material misstatements exist).
Addressing Specific Risks: SAS 145 emphasizes specific risks, such as IT-related and fraud risks, at both the financial statement and assertion levels.
Designing Further Procedures: Based on assessed risks, auditors design substantive and control testing procedures to address identified RMMs.

By systematically understanding and addressing risks, auditors enhance the reliability of their opinion on the financial statements.

What Are Loss Contingencies?

How Are They Defined?

Loss contingencies are defined as existing conditions, situations, or circumstances involving uncertainty about possible losses that will be resolved when future events occur or fail to occur.

When Must They Be Recognized as a Loss?

The loss must be probable (75% or greater chance of occurring, and
The amount must be reasonably estimable.

What if They Do Not Meet the Above Criteria?

If the loss is only reasonably possible (more than remote but less than probable), loss recognition is not required, but the potential loss must be disclosure,
If the chance of loss is remote (10% or less), no recognition or disclosure is typically required.

What Exactly is The Statement of Cash Flows?

What is its Purpose

The purpose of the Statement of Cash Flows is to provide a detailed picture of a company’s cash inflows and outflows during a specific period. It demonstrates the organization’s ability to generate cash from its operations, investments, and financing activities and its capacity to meet short-term and long-term obligations. Presenting cash movements that may not be apparent in other financial statements offers valuable insights into a company’s financial health, operational efficiency, and potential issues. This statement complements accrual-based documents like the income statement and balance sheet, helping investors, analysts, and management make informed decisions about the company’s financial position and prospects.

What Are Some Common Pitfalls in Preparing the Statement of Cash Flows?

Misclassifying cash flows among operating, investing, and financing activities
Incorrectly including non-cash transactions in the main body of the statement
Improperly netting cash flows that should be reported at gross
Misreporting interest and taxes paid when using the indirect method
Improper handling of restricted cash.

How Should Non-cash Transactions be treated?

Non-cash transactions should not be included in the main body of the Statement of Cash Flows. Instead, they should be disclosed separately, either in a narrative at the bottom of the statement or in a separate footnote.

Can Similar Transaction Types be Netted?

Generally, reporting on a gross basis is preferred. However, netting is acceptable in certain circumstances:

Items with fast turnover rates, large amounts, and short maturities
Assets or liabilities with original maturities of three months or less.

Examples where netting is appropriate include:

Short-term treasury bills with less than three months maturity
Short-term loans due within three months
Short-term debt with original maturities of three months or less.

What is a “SAS 115” Letter?

The auditing standards require the auditor to obtain an understanding of the Company’s internal controls over financial reporting that is sufficient to enable the auditor to design appropriate audit procedures. This requirement is not for the purpose of expressing an opinion on the effectiveness of internal control but is a tool to assist the auditor in assessing the risk of a material misstatement in the financial statements. During the risk assessment process, the auditor may identify deficiencies in internal control that are of sufficient magnitude that they should be communicated to the Company’s management. That is done with a SAS 115 letter. (SAS 115 is the AICPA’s original standard that requires the auditor to communicate to management certain deficiencies in internal control identified during an audit.) Under the standard, two categories of internal control deficiencies merit reporting to management: 1) material weakness and 2) significant deficiencies. A material weakness is the most problematic. A material weakness means that the auditor identified a weakness in internal control whereby it is reasonably possible that a material misstatement of the financial statements will not be prevented or detected and corrected on a timely basis. A significant deficiency in the Company’s internal control is less severe than a material weakness yet important enough to merit the Company’s attention. This written communication aims to bring to management’s awareness the internal control weaknesses and the significance of those weaknesses so that management can remedy them.

What is a Management Representation Letter, and is it Necessary?

As odd as it may sound, the management representation letter is a letter on the Company’s letterhead, addressed to the auditor, that the auditor writes on behalf of the Company’s management. Even though written by the auditor, the letter is styled as a letter from management to the auditor. Once the letter’s contents are agreed to and signed by management, it becomes just that, a letter from the Company’s management to the auditor that confirms meaningful representations to the auditor. Those representations include management’s acknowledgment of their responsibilities regarding the preparation and fair presentation of the financial statements, the quality of the information provided to the auditors and the completeness of transactions, and many other representations critical to the fair presentation of the financial statements. The management representation letter provides the auditor with corroborating support for audit evidence obtained during audit fieldwork. Auditors are required under auditing standards to get this signed letter from management on every audit.

What is an Attorney Letter, and Is it Necessary?

An attorney letter is a letter of inquiry from the Company’s management to the Company’s external legal counsel. The letter requests that the attorney reply directly to the auditor regarding litigation and unasserted claims. The letter is mailed (or emailed) by the auditor. The attorney generally bills the Company for responding to this letter. Under auditing standards, the auditor must obtain an attorney letter (assuming an attorney has been consulted) if there is evidence that the Company has actual or potential litigation, claims, or assessments that may give rise to a risk of material misstatement. Additionally, many auditors find it prudent to send an attorney letter to the Company’s general counsel, even if there is no evidence of litigation.

Does the Tennessee Board for Licensing Contractors require that the financial statements submitted to the Board be audited, reviewed, or compiled?

The question of whether the financial statement submitted to the Tennessee Board for Contractors for licensing be audited, reviewed, or compiled depends primarily on two broad considerations: 1) Whether the request is for an original application for a license, a renewal, or a monetary limit increase request 2) the monetary limit of the license. Nevertheless, the financial statements presented to the Board must be less than 12 months old.

When you initially apply for a contractor’s license:

A review is required for a monetary limit request of $3,000,000 or less.
An audit is required for limits over $3,000,000 to unlimited.

You must renew your Tennessee Contractor’s license every two years. Due to a recent statute change, the rules have changed:

A compiled financial statement prepared by a public accountant or a certified public accountant is required to renew licenses with a monetary limit of over $1,500,000, including unlimited. A compilation of the balance sheet only is acceptable. No statute or rule requires financial statement disclosure, but it is preferred.
Any license renewed with a limit of $1,500,000 or less will only require a notarized statement from the contractor attesting that the financial statement is true and correct.

If you request an increase of the monetary limit on your existing contractor’s license, you must submit with the limit increase request a reviewed or audited financial statement for requests of $3,000,000 or less and an audited financial statement for any request over $3,000,000, including unlimited

Reviewed financial statements MUST include the following:

CPA signed report letter
Balance sheet based on GAAP
Notes to the financial statements

Audited financial statements MUST include the following:

CPA signed opinion letter
Balance sheet, income statement, and statement of cash flows based on GAAP
Notes to the financial statements

What services do you offer?

We offer various services as described above, with a concentration geared toward the construction/ real estate industry. Additionally, we are familiar with numerous state contractor licensing boards and contractor pre-qualification requirements and offer services in those areas. We provide related services to the owners of our business clients, such as personal financial statements.

How much will an audited or reviewed statement cost?

An audit requires substantially more procedures and documentation than a review engagement and is, therefore, more costly. Fees are set at our standard hourly rates for the professionals involved. Our initial audit or review engagement proposal will provide an estimated fee range based on the Company’s size and complexity.

How do I know if I should get an audit, review, or compilation of the financial statements?

The end users of the financial statements customarily drive the level of service. Most private companies choose compiled or reviewed financial statements; however, creditors, investors, and bonding companies may require an audit. We will typically talk a contractor out of an audit and instead perform a review if their bonding company, bank, or licensing board does not require an audit. Sureties often require an audit rather than a review engagement when the aggregate bonding program exceeds $30 million. Certain regulatory agencies, such as the Tennessee Board of Contractors, also have requirements for the level of service (see below for the Tennessee Board for Licensing Contractors requirements).