READ Only If You Really Want to Know
The second paragraph of the auditors’ standard report follows:
"We conducted our audit in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe our audit provides a reasonable basis for our opinion.”
The key phrases are "reasonable assurance”, "material misstatement”, "test basis” and "reasonable basis”.
Auditing is a testing-samples-of-items business. That’s the way it must be because no one can afford a 100% comprehensive audit in which every transaction and every item of business would be audited. An audit of financial statements is entirely different from an audit by the IRS which may make the taxpayer prove with documentation every single item in a population of items. Also, unlike the IRS, which may assume at the outset that the taxpayer’s return is incorrect, the auditing CPA does not assume that management’s financial statements are incorrect.
Using generally accepted auditing procedures, the auditing CPA selects a sample, sometimes a very small sample, of the population, and tests that sample. If the sample is supported by evidence, then he can conclude that the entire population is supported by similar evidence.
It’s like sampling to predict the outcome of an election. Sometimes even a few minutes after an election, the outcome is known based on the returns of a minute portion (a sample) of the voters. That sample of voters is attributed to the entire population of voters.
In a test basis audit, the auditing CPA has to evaluate the effectiveness of certain matters (so-called risk assessments) and their consequent effect on the degree of his testing. Does management tend to override its own controls? Is the Company’s performance erratic? How stable is the industry? How inherently risky is an item (inventories vs. property)? How good are the system and controls?
There’s a pretty long list of matters to be evaluated and there is a substantial guidance in the profession’s Statements on Auditing Standards. Generally speaking, the greater the tendency of management to override, the more testing there need be. The better the system and controls, the less testing there need be.
Each auditor exercises his own judgement as to risk assessment. An auditing CPA’s evaluations may differ from another CPA's evaluations and still be within an acceptable range.
Assuming all these risk assessments turn out to be low-risk, then the auditor’s testing will be at the low end.
But the auditor can still only provide "reasonable assurance” because the audit is still based on tests of samples. Furthermore, for virtually the same reason, he can only provide reasonable assurance that the financial statements are free of "material” misstatements.
The auditor’s testing of inventories may show an inventory of $97,000 whereas the Company’s financial statements show $100,000. He may conclude, "that’s close enough”; i.e., that’s not a material misstatement. The same kind of conclusion may be reached with something like depreciation which is always an estimate so CPAs’ evaluations may differ and both of them can still be right.
Further, a misstatement may be material standing alone but not material in relation to the inventory but is not material in relation to the financial statements taken as a whole. For example, a $15,000 misstatement in a $100,000 inventory is material in relation to a $1,000,000 stockholders’ equity in the same statement. An undiscovered $25,000 embezzlement may sound like a material irregularity but may be immaterial in relation to both cash balance and stockholder’s equity.
The concept of reasonable assurance applies not only to errors but also to irregularities and illegal acts. Errors are unintentional mistakes whereas irregularities are intentional ones. An audit is designed to provide reasonable assurance of detecting material irregularities. However, because of the characteristics of irregularities, particularly those involving forgery and collusion, a properly designed and executed audit may not detect a material irregularity.
Here are some examples of irregularities that may well not be detected by an auditing CPA: Forged signatures (or the unauthorized use of a signature stamp) of key officials like check signers, credit approvers, or purchase order approvers. Collusion between a cashier and an accounts receivable clerk. Collusion among several individuals in ordering and maintaining inventory records and handling inventories.
These types of irregularities may never be detected or may not be caught until sometime after an engagement has been completed. That does not necessarily mean that the CPA performed inadequate audit procedures. Similarly, a material error may not be caught until sometime after. That also does not necessarily mean the CPA had not followed generally accepted auditing standards.