See More: Publications
What an Auditor Does and Doesn’t Do
Small companies, in particular, often lacked the level of accounting sophistication necessary to carry out these tasks. Relying on the audit firm often made sense from the perspective of efficiency and cost containment.
But an increased focus on auditor independence has come about during the last decade in new requirements by the American Institute of CPAs and a host of related regulatory guidance issued by the Securities and Exchange Commission, the General Accounting Office and the U.S. Department of Labor.
The standards generally restrict the nonattest services – such as tax or consulting services – that auditors may perform and the circumstances under which those services may be allowed. The increased regulations serve to muddy an already often-misunderstood set of expectations.
What auditors do
The outside, independent auditor is engaged to render an opinion on whether a company’s financial statements are presented fairly, in all material respects, in accordance with financial reporting framework. The audit provides users such as lenders and investors with an enhanced degree of confidence in the financial statements. An audit conducted in accordance with GAASand relevant ethical requirements enables the auditor to form that opinion.
To form the opinion, the auditor gathers appropriate and sufficient evidence and observes, tests, compares and confirms until gaining reasonable assurance. The auditor then forms an opinion of whether the financial statements are free of material misstatement, whether due to fraud or error.
Some of the more important auditing procedures include:
✎ Inquiring of management and others to gain an understanding of the organization itself, its operations, financial reporting, and known fraud or error
✎ Evaluating and understanding the internal control system
✎ Performing analytical procedures on expected or unexpected variances in account balances or classes of transactions
✎ Testing documentation supporting account balances or classes of transactions
✎ Observing the physical inventory count
✎ Confirming accounts receivable and other accounts with a third party
At the completion of the audit, the auditor may also offer objective advice for improving financial reporting and internal controls to maximize a company’s performance and efficiency.
What auditors don’t do
For a clear picture of the role of external auditors, it helps to understand what you should not expect auditors to do. The emphasis is on “independent.”
First and foremost, auditors do not take responsibility for the financial statements on which they form an opinion. The responsibility for financial statement presentation lies squarely in the hands of the company being audited.
Auditors are not a part of management, which means the auditor will not:
✎ Authorize, execute or consummate transactions on behalf of a client
✎ Prepare or make changes to source documents
✎ Assume custody of client assets, including maintenance of bank accounts
✎ Establish or maintain internal controls, including the performance of ongoing monitoring activities for a client
✎ Supervise client employees performing normal recurring activities
✎ Report to the board of directors on behalf of management
✎ Serve as a client’s stock or escrow agent or general counsel
✎ Sign payroll tax returns on behalf of a client
✎ Approve vendor invoices for payment
✎ Design a client’s financial management system or make modifications to source code underlying that system
✎ Hire or terminate employees
This list is not all-inclusive. But, in short, the auditor may not assume the role and duties of management.
In practical terms, there are a number of tasks you should not expect your auditor to perform.
✎ Analyze or reconcile accounts
✎ “Close the books”
✎ Locate invoices, etc., for testing
✎ Prepare confirmations for mailing
✎ Select accounting policies or procedures
✎ Prepare financial statements or footnote disclosures
✎ Determine estimates included in financial statements
✎ Determine restrictions of assets
✎ Establish value of assets and liabilities
✎ Maintain client permanent records, including loan documents, leases, contracts and other legal documents
✎ Prepare or maintain minutes of board of directors meetings
✎ Establish account coding or classifications
✎ Determine retirement plan contributions
✎ Implement corrective action plans
✎ Prepare an entity for audit
Your external auditor may perform some of these duties under guidelines of the American Institute of CPAs, Department of Labor, Government Accountability Office, Securities and Exchange Commission or Public Company Accounting Oversight Board. However, these same guidelines may preclude the auditor from performing some of these functions.
Management’s responsibilities in an audit
The words, “The financial statements are the responsibility of management,” appear prominently in an auditor’s communications, including the audit report.
Management’s responsibility is the underlying foundation on which audits are conducted. Simply put, without management having responsibility for the financial statements, the demarcation line that determines the auditor’s independence and objectivity regarding the client and the audit engagement would not be as clear.
It is important for a company’s management to understand exactly what an audit is – and what an audit does and does not do. The auditor’s responsibility is to express an independent, objective opinion on the financial statements of a company. This opinion is given in accordance with auditing standards that require the auditors to plan certain procedures and report on the results of the audit, while considering the representations, assertions and responsibility of management for the financial statements.
As one of their required procedures, auditors ask management to communicate management’s responsibility for the financial statements to the auditor in a representation letter. The auditor concludes the engagement by using those same words regarding management’s responsibility in the first paragraph of the auditor’s report.
Auditors cannot require management to do anything or to make any representation. However, to conclude the audit with the hope of a “clean” unqualified opinion issued by the auditor, management has to assume the responsibility for the financial statements.
Auditing standards are very clear that management has the following responsibilities fundamental to the conduct of an audit:
1. To prepare and present the financial statements in accordance with an applicable financial reporting framework, including the design, implementation and maintenance of internal controls relevant to the preparation and presentation of financial statements that are free from material misstatements, whether from error or fraud
2. To provide the auditor with the following information:
✎ All records, documentation and other matters relevant to the preparation and presentation of the financial statements
✎ Any additional information the auditor may request from management
✎ Unrestricted access to those within the organization if the auditor determines it necessary to obtain audit evidence objectivity.
It is not uncommon for the auditor to make suggestions about the form and content of the financial statements, or even assist management by drafting them, in whole or in part, based on information provided by management. In those situations, management’s responsibility for the financial statements does not diminish or change.
Amy is more than an auditor for CFED. She is a valuable business advisor helping us navigate through complex regulations and opaque guidance.
Adnan Bokhari | Chief Financial Officer
The Corporation for Enterprise Development