Every organization incorporated without share capital under the Ontario Corporations Act and the Canada Corporations Act must have an audit. There is no statutory exemption from audit for not-for-profit organizations incorporated under the acts. Also, many organizations must have an audit as a condition for receiving funding from government and private sources.

Market research by the accounting profession reveals that most people have only a vague idea of the scope and objectives of an audit. Fewer people have any idea of the limitations of the process. As a result, the public is often understandably surprised and disillusioned when learning of corporate failures such as Livent Inc., YBM and Philips Services. The question “Where were the auditors?” is often asked.

With this article we hope to shed some light on the audit process. We will examine some of the factors that affect the nature and extent of audit testing and we will look at what communication you might reasonably expect from your auditor.

The Concept and Process of Auditing
What is the concept and process of auditing? During the 1960’s and 1970’s, audit professionals in many countries independently developed theories of auditing that could be applied to examination of many different areas, including financial statements. While practitioners may have differences of opinion as to the application of certain of the underlying concepts, the basic framework is generally accepted by auditors and the public. This framework has been codified in many countries around the world and is often called Generally Accepted Auditing Standards (“GAAS”).

The fundamental responsibility of an auditor of a not-for-profit organization is to obtain evidence to determine the degree to which assertions in the financial statement under audit compare to established generally accepted accounting criteria. The four concepts in the above statement that require an explanation are:

    1. financial statement assertions
    2. established generally accepted accounting criteria
    3. obtaining evidence
    4. comparison of financial statement assertions with established accounting criteria.

To comprehend the audit process it is important to understand each of these concepts and the relationship between them.

Financial statement assertions
A set of financial statements is created by management to communicate information to a variety of readers about a series of financial transactions occurring in a prior period, most often a year. The information in the financial statements contains certain assertions made by management. Assertions include:

  • existence – that an asset or a liability of the organization exists at a given date
  • occurrence – that a recorded transaction took place involving the organization
  • completeness – that there are no unrecorded assets, liabilities or transactions
  • ownership – that an asset is owned or a liability is owed by the organization at a given date
  • valuation – that an asset or liability is recorded at an appropriate value
  • measurement – that a revenue or expense transaction is recorded in the proper amount and in the appropriate period
  • statement presentation – that an item is disclosed in accordance with generally accepted accounting principles (“GAAP”).

To help clarify the concept of an assertion, take as an example the caption “cash” in a statement of financial position. As cash is classified as an asset, the reader is entitled to assume that the cash both exists and is owned by the organization. Existence and ownership are key accounting assertions relating to the asset category of cash. As another example, the assertions for “accounts payable” and “accrued liabilities” would be those of completeness, that all the liabilities that should be recorded have been recorded, and valuation, that the liabilities recorded are valued correctly (i.e. they are not over or under stated). The assertions for a revenue item such as membership fees would include: occurrence, that the revenue was earned by the organization; ownership, that the fees did not belong to another organization; and completeness, that all the revenue that was earned was recorded.

The assertions contained in financial statements come from the accounting process. Accounting paints a picture of past financial transactions and communicates this to the reader. The auditing process, on the other hand, uses generally accepted criteria to provide an objective opinion as to whether the financial statements accurately reflect the accounting assertions.

Established Generally Accepted Accounting Criteria
The criteria used to generate financial statements have been developed through a quasi-legislative process over the last forty years in a number of countries including Canada, the UK , the USA and Australia. The criteria are called GAAP – Generally Accepted Accounting Principles. GAAP in Canada at the present time includes:

  • standards promoted by the Canadian Institute of Chartered Accountants’ (“CICA”) Accounting Standards Board
  • common principles and practices that have gained general acceptance in the spirit of existing standards for those areas where the CICA’s Accounting Standards Board is silent.

Obtaining evidence
The auditor’s job, in short, is to provide a professional opinion on the relationship between the assertions in the financial statements and those embodied by generally accepted accounting principles. The auditor must obtain evidence to support his or her opinion on these financial statement assertions. Evidence can come in many forms including:

Evidence Example
  • physical evidence
  • bank statements and cheques
  • testing of calculations to ensure accuracy
  • checking of payroll withholding tax calculations
  • internal documentary evidence
  • minutes of meetings
  • accounting records and reports
  • general ledger and trial balance
  • statements and representations by management and employees
  • the letter of representation
  • external documentary evidence
  • confirmation of accounts receivable with debtors
  • statements and representations by third parties
  • documents from lawyers
  • consistency with other evidence
  • ratios and comparisons with industry norms

An auditor does not obtain all of these types of evidence for every financial statement assertion. For example, when attempting to verify an amount receivable the auditor may rely on direct confirmation from the debtor and evidence of payment made after the year end to provide assurance that the receivable both existed and was collectable. The auditor might decide that additional evidence would not be required to prove the assertions.

Comparison of financial statement assertions with established accounting criteria
The auditor obtains evidence and subsequently evaluates whether that evidence is sufficient and appropriate. The evidence gathered must be sufficient and appropriate to permit the auditor to express an opinion on the financial statement assertions. Techniques used to gather evidence include:

Technique Example
  • physical examination of assets
  • an auditor might ask to see a centre’s new playground
  • testing of accounting routines/calculations
  • checking pricing on fee invoices
  • observation of activities performed by client personnel
  • observing an inventory count
  • vouching of source documents
  • examining paid invoices and cancelled cheques
  • analysis of financial statement information
  • analyzing the ratio of salaries to fee
  • inquiry
  • asking questions of management and employees
  • confirmation
  • sending out confirmations to debtors

The auditor will not necessarily employ all these verification techniques to establish whether financial statement assertions agree with generally accepted accounting principles for every assertion. The degree to which an auditor collects evidence and applies verification techniques is based on the auditors professional judgment. The auditor must use judgment to minimize the risk of arriving at an incorrect conclusion. This brings us to the concept of audit risk.

The Audit Risk Model
Audit risk can be thought of as the risk that the auditor will fail to express a reservation in his or her opinion on financial statements that are materially misstated. A misstated financial statement is one where the accounting assertions are not in accordance with those prescribed by generally accepted accounting principles. Take, as an example, a statement of financial position with a caption for term deposits with a value of $100,000 where the organization did not have any term deposits. The assertion regarding the existence of these assets implied by the statements would be false. If this is not brought to the reader’s attention in the auditor’s report as a result of the auditor’s negligence then an audit failure would have occurred.

An auditor’s goal is to reduce the risk of audit failure to an appropriately low level. Auditors must use professional judgment in selecting appropriate verification techniques to reach their goal all within an acceptable level of risk. Auditing procedures are designed to minimize three types of risk:

1. Inherent risk
Inherent risk relates to the nature of the transactions, assets and liabilities being audited. Some financial statement items are inherently more susceptible to error or fraud. For example, cash is more susceptible to theft than prepaid expenses or goodwill. Inherent risk is generally identified during the planning process by obtaining or updating knowledge of the organization’s business and industry and significant events and transactions occurring during the year under audit.

2. Control risk
Control risk relates to the effectiveness of the organization’s internal controls and financial reporting. The organization has the responsibility for establishing sufficient internal control to prevent or detect, on a timely basis, errors resulting from problems in the processing of transactions and the maintenance of accounting records. If the auditor identifies effective internal controls and performs tests to provide evidence of the effectiveness of those controls then he or she can reduce the amount of verification on detailed balances and transactions. The auditor will typically only test internal controls where doing so would reduce the cost of performing the audit or where testing of detailed transactions and balances is not feasible.

3. Detection risk
Detection risk is the risk that the auditor will not identify misstatements in the financial statements. An auditor only reviews a sample of transactions and balances as to test all would be both impractical and prohibitively expensive. Therefore, it is possible for an auditor to fail to identify misstatements despite having performed audit testing. Inadequate verification (i.e. drawing the wrong conclusion from evidence obtained or failure to obtain evidence identified as necessary in the planning process) can also cause a failure to detect misstatements.

The impact of fraud
One of the underlying axioms of auditing in Canada is that the auditor can assume, in the absence of evidence to the contrary, that management will act in good faith (i.e. management will not deliberately act to defraud the organization). Consequently, auditors in Canada do not carry out audit procedures designed specifically to uncover the existence of fraud as part of every audit engagement. However, if the auditor, in the course of an audit, does uncover evidence of fraud or evidence indicating that a fraud might exist then the auditor would expand his/her verification procedures to determine whether a fraud has occurred and has created a misstatement in the financial statements.

Financial statements are prepared by management using many judgmental evaluations. As a result it is not possible or economically feasible for an organization to produce financial statements that are absolutely precise. As an example, management estimates the collectability of accounts receivable and provides an allowance for doubtful accounts based, not on absolute certainty, but on management’s best estimate of the likelihood of collecting the accounts. Similar judgments are made when determining amounts of revenue unearned at a period end and in calculating over what period to amortize capital assets.

How precise should financial statements be? The concept of materiality is recognized in accounting literature. A misstatement in financial statements would be considered material if a person with a reasonable knowledge of the business and its economic activities would have reached a different opinion about the organization had he or she received a set of financial statements correcting for the material misstatement.

Auditors must recognize the concept of materiality in planning their audit. If an audit were designed to identify every possible misstatement in the financial statements, it would quickly become prohibitively expensive. Therefore, audits are generally designed to identify only material misstatements in the financial statements.

Setting materiality is a judgment call by the auditor. The auditor must consider both quantitative and qualitative measures in a arriving at a number. An appropriate level of audit materiality depends, in part, on the sensitivity of the readers to the accuracy of the financial statements. For many not-for-profit organizations a misstatement of 2% or more of gross revenue would be considered material. However, in many circumstances materiality is determined by qualitative rather than quantitative measures. For example, an organization having to return every dollar of unspent funding might consider an error of $1,000 material, even if their gross revenue is $650,000, if that error results in a dollar-for-dollar refund to the funding body.

Objectivity is critical to the audit process. Generally accepted auditing standards state that an audit must be performed by an auditor with an objective state of mind. An objective state of mind means that the auditor expressing an opinion must hold himself or herself free of any influence or relationship with the organization or any related party that might impair the auditor’s professional judgment or objectivity. A consequence of the objectivity standard is that audits generally may not be carried out by individuals who are directly involved with the not-for-profit organization in any capacity other than that of auditor. For example, a treasurer of a church congregation who is also a qualified auditor would not be permitted under professional regulations to perform the church’s audit. This is because a reasonable observer might view the treasurer-as-auditor’s judgment and objectivity as being impaired.

Reporting to users
Once the auditor has gathered sufficient and appropriate evidence, he or she will then conclude whether the assertions in the financial statements being audited are in accordance with GAAP. If the auditor concludes they are then he or she will issue an opinion without reservation . If, in the auditors opinion, the assertions are not in accordance with GAAP then the auditors report will state this, indicate what the differences are and, if possible, quantify the financial impact on the statements.

You will note that an auditor does not report on whether or not the organization is in good financial health. If an organization is in financial difficulty then the financial statements should reflect that; the auditor does not point it out separately. Except in the most serious circumstances an auditor’s job is not to comment directly on whether an organization is in financial difficulty. Rather, he or she will report whether the statements “tell it like it is” in accordance with GAAP.

During audits, issues are sometimes identified that may be of interest to management and Boards of Directors in discharging their responsibilities. At the conclusion of an audit the auditor may prepare a management letter to report on issues, including improvements in the safeguarding of assets, the improving of controls and increasing the efficiency and effectiveness of an organization’s financial systems. It is important to understand that preparation of the management letter is a by-product of the audit and is not an obligation of the auditor. An audit would not usually identify all matters that may be of interest to management in discharging their responsibilities. In other words, just because an auditor has not brought any recommendations to the attention of management does not mean that there is no room for improvement or that additional requirements are not needed for the safeguarding of assets. Organizations wanting a separate opinion as to the adequacy of internal control and procedures to safeguard assets would have to engage an auditor to expressly provide an opinion on that aspect of the organization.

In a formal management letter auditors will typically only comment on items they consider significant. An auditor will often communicate matters of lesser significance directly to persons responsible for financial systems (e.g. bookkeepers and accounting personnel) either orally or in writing during the audit. These items of a lesser nature are generally not communicated directly to an organization’s Board of Directors.

In summary, an audit is a cumulative process that starts with planning and moves to gathering and evaluating of evidence. In determining the amount of evidence to be obtained in the verification procedures, the auditor must specifically assess the risk that a material misstatement in the financial statements will not be identified during the audit process. Once the auditor has obtained sufficient evidence and performed sufficient verification then he or she will draw a conclusion as to whether the financial statements are, in all material respects, fairly presented in accordance with generally accepted accounting principles. This opinion will be presented to readers in the auditor’s report.

The following sources were essential for the preparation of this article:

  • Auditing: An Integrated Approach, W.M. Lemon, A.J. Arens & J.K. Loebbecke – 1997
  • The CICA Handbook
  • The IAASB Handbook http://web.ifac.org/publications
  • CICA Report of the Commission to Study the Public’s Expectations of Audits – 1988
  • The External Audit, R.J. Anderson – 1977
  • The Philosophy of Auditing, R.K. Mautz & H.A. Sharaf – 1961

Comments are closed.