Audit Skills, Texas State Auditor’s Office, Austin, Mar. 30-Apr. 1

Audit Skills, Texas State Auditor’s Office, Austin, Mar. 30-Apr. 1 To register, see www.sao.state.tx.us/training/

A Mandatory Group Meeting

December 2008

In my first year as an auditor, I was completely clueless about what I was doing and why. Yep—clueless. My audit supervisor handed me last years working papers and told me to repeat the same procedures. Through her actions and admonitions, I figured out that she didn’t want to be bothered with any questions, either.

“Just Do It”

Staff people were supposed to “Just Do It!” as the Nike ad says, without slowing down the process with an unnecessary neediness. The staff person doesn’t need to understand the big picture of what the audit is trying accomplish, do they? Heck yeah! They do.

I am sure that I ran across several process eating, accountant spewing dragons of risk but was unable to recognize them. They could have come up and hugged me and I wouldn’t have known what they were. I was too busy just ticking and tying. How dangerous was that?

And I hear supervisors complaining all of the time about how the staff doesn’t think about what they are doing. Well, if you treat them like drones, they will act like drones. And I also hear partners complain that they can’t keep good staff. Intelligent folks don’t want to do the work of monkeys. They want to understand what they are doing and why. Audit turnover is high because it can turn into a boring but at the same time confusing job if you don’t approach it with a bigger picture in mind.

The AICPA’s new motto is “Just Think About It”

The AICPA’s new risk assessment SASs (statements on auditing standards) are doing everything they can to make auditors think instead of just do. Auditors are supposed to design their audit procedures from scratch after assessing risk. Neither of these habits—designing procedures from scratch or performing a risk assessment—is ingrained in a typical audit team. Most audit teams would rather do it just like SALY—Same As Last Year.

One of the more thought provoking requirements of the new SAS’s is a mandatory meeting of all folks involved on the audit to discuss risk. Yes, all of the team, including the recent college graduate and the audit partner.

This meeting would have helped me immensely as a new person. No one ever treated me like a thinking adult or told me what I was really trying to accomplish with my audit tasks. Looking back, I suspect they didn’t want any questions because they didn’t really know what they were doing either, but I digress.

General requirements of the meeting

Somewhere around the gathering information or scoping phase of the audit and the risk assessment phase of the audit, it is time to have a meeting!

This is a very similar meeting to the SAS 99 meeting. SAS 99—commonly known as the Fraud SAS—requires audit teams to get together and discuss what kind of fraud the entity could suffer.

In the risk meeting required in SAS 109, all of the team members need to discuss the risks that the financial statements may be misstated. And then you must document the results of your meeting. You can even combine the meeting with the SAS 99 meeting if you like.

Here is what the SAS says:

SAS 109:
14. Members of the audit team, including the auditor with final responsibility for the audit, should discuss the susceptibility of the entity’s financial statements to material misstatements. This discussion can be held concurrently with the discussion specified in SAS 99 (Fraud SAS).
SAS 109:
17. The objective of the discussion is for members of the audit team to gain a better understanding of the potential for material misstatements of the financial statements resulting from fraud or error in the specific areas assigned to them AND to understand how the results of the audit procedures that they perform may affect other aspects of the audit, including decisions about the nature, timing, and extent of further audit procedures.
SAS 109:
18. The discussion provides an opportunity for:
•    More experienced team members to share insights based on prior experience.
•    Team members to exchange information about business risk.
•    How and where the entity’s financial statements may be susceptible to material misstatement and fraud.
SAS 109:
20. There may be multiple discussions…

And, true to form—not wanting us to come up with our own methodology—the AICPA pretty much spells out our meeting agenda:

SAS 109:
18. Auditors should discuss critical issues such as:
•    Susceptibility to fraud.
•    Areas of significant audit risk.
•    Areas susceptible to management override of controls.
•    Unusual accounting procedures used by the client.
•    Important control systems.
•    Materiality at the financial statement level and at the account level.
•    How materiality will be used to determine the extent of testing.
•    Application of GAAP to the entity’s facts and circumstances and in light of the entity’s accounting policies.

And you need to make a statement during the meeting to remind the audit team to remain skeptical. Skepticism is where you neither assume dishonesty or honesty—you gather facts to support your conclusions.

SAS 109:
19. Auditor should plan and perform the audit with an attitude of professional skepticism. The discussion among the audit team members should emphasize the need to:
•    exercise professional skepticism throughout the engagement.
•    be alert for information or other conditions that indicate that a material misstatement due to fraud or error.

While the GAO does not specifically require this meeting if you are conducting a performance audit or attestation engagement and the IIA does not require it, I would recommend you do it anyway because it is a best practice (‘best practice’ is a fancy way of saying it is a really, really good idea).

Document the meeting

And don’t forget to document that you followed the requirements. The bottom line documentation requirements are:

SAS 109:
122. The auditor should DOCUMENT:
•    The discussion among the audit team regarding the susceptibility of the entity’s financial statements to material misstatement due to error or fraud.
•    Including how and where the discussion occurred.
•    The subject matter discussed.
•    Audit team members participating.
•    Significant decisions reached concerning planned responses.