Better Understanding the Financial Statement Audit
For most local governments, the annual financial statement audit is as much a part of the yearly round of public finance as the approval of the operating budget. Despite its routine character, however, the financial statement audit appears to remain something of mystery to most outside the auditing profession. This article will attempt to dispel the cloud of mystery by first briefly reviewing the nature and purpose of the financial statement audit and then examining ten specific points of misunderstanding commonly encountered in practice.
Nature and Purpose
Anyone entrusted with responsibility for managing financial resources on behalf of others should provide a full accounting of that stewardship. For state and local governments, such an accounting ideally takes the form of financial statements prepared in conformity with generally accepted accounting principles (GAAP). It is easy, of course, to imagine circumstances where those giving an accounting of their stewardship might be tempted to be less than forthcoming, or worse. Accordingly, those who must rely on financial statements to make decisions have traditionally sought the assurance of a disinterested third party to justify that reliance. That third party, of course, is the independent auditor.
Role of Management. Since management is responsible for the stewardship of financial resources, it is also primarily responsible for preparing the financial statements that give an accounting of that stewardship. Even when management seeks outside help to prepare the financial statements, it remains responsible for their contents, just as taxpayers remain responsible for their tax returns, even if the returns are prepared by paid tax professionals. Thus, managers must take ownership of their financial reporting. Generally accepted auditing standards (GAAS) require that managers do so explicitly in the form of a management representation letter.
Role of Internal Control. It would be hard to place confidence in an approval process that amounted to little more than affixing initials to documents without first examining them. So too, it would hardly be meaningful for management to assume responsibility for the data presented in financial statements if management did not have some reasonable basis for doing so. That reasonable basis can be provided only by a comprehensive framework of internal control.
Role of the Governing Body. While management is primarily responsible for financial reporting (including the comprehensive framework of internal control used to generate the financial statements), the governing body remains ultimately responsible for ensuring that management meets its responsibilities in this regard. Typically, an audit committee, comprising members of the governing body, provides the necessary oversight.
Objective of Fair Presentation. Precision comes at a price. That price can be justified only if the resulting benefits exceed their cost. In real life, few decisions require that amounts in financial statements be exact “down to the penny." Thus, the goal of financial statements is fairness rather than absolute accuracy. That is, the objective of financial reporting is a presentation that is free from material misstatement (i.e., an error of such significance that it could affect decisions made based on it).
Concept of Reasonable Assurance. Considerations of cost benefit also affect the work of the independent auditor. It would typically be impractical for the independent auditor to examine each and every transaction. Instead, auditors seek reasonable assurance that amounts are fairly presented by testing samples of items.
Ten Common Points of Misunderstanding
No. 1: Fair presentation is not equivalent to financial health (i.e., a good picture is not necessarily a pretty picture). People frequently criticize the independent auditors when they find out that a government currently experiencing financial difficulties received an unqualified (i.e., “clean") opinion on the fair presentation of its financial statements. Yet there is no inconsistency between a government receiving an unqualified opinion on the fairness of its financial statements and that same government experiencing financial difficulties. The financial statement audit is designed to vouch for the reliability of the financial statements, not the soundness of the finances they portray. Just as the image of something unattractive in a photograph is no indication of a defective camera, poor financial condition is in no way inconsistent with fair financial statement presentation.
No. 2: Financial statement audits are not designed to detect all instances of fraud, abuse, and program noncompliance (i.e., smaller items may be expected to fly under the radar screen). Many people assume that the principal goal of a financial statement audit is to uncover fraud, abuse, and instances of program noncompliance. In fact, the discovery of such items is only incidental to the purpose of a financial statement audit.
As already explained, the true purpose of a financial statement audit is to achieve reasonable (rather than absolute) assurance that the financial statements are fairly (rather than accurately) presented. Accordingly, the audit is designed to detect only those instances of fraud, abuse, or program noncompliance that would be material (i.e., significant enough to affect decisions made based on the financial statements).
Needless to say, many, if not most, instances of fraud, abuse and program noncompliance fail to reach this threshold and thus “fall between the cracks" of a financial statement audit.
The independent auditors will, of course, report any instances of fraud, abuse, and program noncompliance that they do encounter while performing the audit (unless it is clearly inconsequential), regardless of materiality. Still, the financial statement audit is not designed to identify immaterial instances of fraud, abuse, and program noncompliance, nor is it likely to do so.
No. 3: Size is not the sole consideration in judging materiality (i.e., big things can come in small packages). Sometimes a government’s managers and its auditors will disagree as to whether a specific item should be treated as material. Such disagreements arise, as often as not, from a mistaken notion that size is the sole criterion for judging materiality. As discussed earlier, however, an item is considered to be material based on its potential for changing a decision. Clearly a relatively small amount could have just that effect in the right circumstances (e.g., the difference between a surplus and a deficit, the difference between a positive and a negative trend, a legal or contractual violation). That is, materiality has a qualitative as well as a quantitative dimension. Viewed another way, the very fact that the materiality of an item is being debated would seem to be an argument in favor of its importance (i.e., materiality) to someone.
No. 4: Quantitative materiality needs to be assessed in relation to individual major funds and to each of the government-wide activity columns (the big picture is not good enough). Private-sector business enterprises do not use fund accounting; therefore, quantitative materiality is assessed in relation to the enterprise’s financial statements “taken as a whole." Conversely, in the public sector, quantitative materiality is assessed separately for each major fund (and for nonmajor funds in the aggregate). It also is assessed separately for the governmental activities and business-type activities columns reported in the government-wide financial statements. As a result, an amount that might not have been material from the perspective of the government “taken as a whole" may be material from the narrower vantage point of an individual major fund or activity column.
No. 5: You cannot assess the reliability of data yet ignore the system that generates the data (it is risky to trust unreliable people, even when they appear to be telling the truth). There are two fundamental approaches an auditor can take to determine the reliability of data presented in financial statements. One approach is to directly test a given item (e.g., confirm the amount reported as cash on deposit with the bank).The other approach is to test the reliability of the underlying system that generates the data (e.g., validate the amount reported as vendor payables by testing the reliability of the processing of transactions in the purchasing system).Auditors describe the first approach as substantive testing and the second as the testing of controls.
There was a time in the not-so-distant past when auditors could choose to rely on the substantive testing to the virtual exclusion of tests of controls. More recently, the audit profession has concluded that auditors can never simply bypass the testing of controls. The basic notion behind the change is that no amount of substantive testing can counterbalance the unreliability inherent in data generated by a system that is fundamentally flawed (i.e., just as it would be hard to justify relying on the assertions of an individual known to be dishonest, incompetent, or otherwise unreliable). Thus, the independent auditor must always assess the reliability of the internal controls that support financial reporting.
No. 6: Auditors must report control weaknesses even if those weaknesses had no effect on the fair presentation of the financial statements (you cannot afford to ignore cracks in a dam). It is possible, of course, to leave the front door of the house open wide upon leaving for work in the morning and still come home at night to find that nothing has been stolen. Such an outcome does not diminish the seriousness of the risk posed by leaving the door of a house wide open all day long with everyone gone. Likewise, auditors are required to disclose significant deficiencies as part of the audit even if it can be clearly established that no harm actually resulted from those deficiencies.
No. 7: Auditors are not allowed to perform any task that would compromise their independence (you cannot be both judge and defense attorney). A government’s independent auditors possess a wealth of experience and expertise that managers understandably wish to draw upon. Accordingly, auditors routinely provide clients with professional advice on a broad range of topics. All the same, auditors must refrain from placing themselves in the position of having to audit their own work, which would occur if they were to perform managerial tasks (e.g., approving payroll, making journal entries) or a special assignment whose work product fell within the scope of the audit (e.g., selection or implementation of general ledger software). Thus, the independent auditors are severely restricted in the types of nonaudit work they may perform for a governmental client.
No. 8: Audit fees cannot be the principal factor in selecting an audit firm (you often get what you pay for). The quality of professional services will naturally vary with the professional that performs them. GAAP for state and local governments are substantially different from private-sector GAAP, just as public-sector auditing typically requires expertise well beyond GAAS (e.g., Government Auditing Standards, also known as the “Yellow Book" or generally accepted government auditing standards—GAGAS, and the Single Audit). Therefore, in the audit procurement process, it is essential that a government first determine whether a firm possesses the requisite expertise and experience to perform a quality audit before considering price. Unfortunately, it is easy for governments to allow price to trump all other considerations in the auditor selection process, which often has led to substandard audits. A substandard audit is not a bargain at any price.
No. 9: It is in the government’s best interest to sign a multi-year audit contract (why pay more for the same thing?). In an initial audit of a set of financial statements, the new auditors must incur substantial costs to gain an understanding of and document the environment in which the government operates and its framework of internal control. In subsequent years, the auditor typically needs only to update that understanding and documentation. In a competitive, multi-year audit contract process, proposing audit firms can spread the initial cost over the entire term of the contract to arrive at the lowest possible bid. Conversely, if a government contracts for the financial statement audit only one year at a time, proposing firms must include the entire initial cost as part of the fee for that year or risk incurring a loss should the firm’s contract not be renewed. Accordingly, the Government Finance Officers Association recommends that governments minimize potential audit costs by entering into multi-year audit contracts of no less than five years.
No. 10: Mandatory auditor rotation may pose special risks in the public sector (do not force yourself into a bad decision). Many people believe that periodically changing audit firms offers real advantages such as a fresh outlook and greater independence from management. Accordingly, many private-sector business enterprises and not-for-profits mandate that a new audit firm be selected periodically.
The potential benefits of auditor rotation depend on the presence of a sufficient number of qualified firms being interested in performing the audit. Unfortunately, such is often not the case in the public sector, where the highly specialized character of governmental GAAP and governmental auditing standards often severely restrict the number of qualified firms in a given location. Accordingly, a policy of mandatory auditor rotation, when applied to state and local governments, could force a government into the position of hiring a less-than fully qualified replacement for its current independent auditor.
Given these facts, the best course of action for most governments is to mandate an aggressive procurement effort at the end of the audit contract to maximize the possibility for auditor rotation, without precluding the current audit firm from participating. Furthermore, many of the potential benefits of auditor rotation could be achieved by rotating the personnel assigned to the engagement within the current auditing firm.
There is no reason for the financial statement audit to remain a mystery for managers and others outside the auditing profession. Gaining a better understanding of the financial statement audit and the principles that underlie it should help all concerned to better cooperate toward the common goal of greater accountability.
Stephen J. Gauthier is director of the Government Finance Officers Association’s (GFOA)Technical Services Center in Chicago, Illinois. This article was reprinted with permission of the GFOA, publisher of Government Finance Review, 203 N. LaSalle St., Suite 2700, Chicago, IL 60601-1210. (phone: 312.977.9700; fax: 312.977.4806; e-mail: GFR@gfoa.org; Web: www.gfoa.org). Annual subscriptions: $35.