Over time the word audit has come to mean different things to different people. This has unfortunately diluted their true value and the important role they play in modern society.
Audit and assurance are a bit of a hot topic in the Not-for-Profit (NFP) sector at present with changes proposed to make this mandatory for some entities. As recognised and accredited specialists in this area we fully understand the audit process and the implications. However based on our experience, many of the users of audit and assurance services don’t have the luxury of our detailed professional understanding. The aim of this article is to correct some of misconceptions out there and help improve understanding for the benefit of all.
What is an audit?
If every detail relating to a NFP organisation’s financial transactions were correctly and accurately recorded and if the leaders and managers within them were entirely honest and sufficiently skilled in the areas of accounting and record keeping – then I’d be out of a job. However, human nature being as it is, there probably will always be a need for the auditor. So what is an audit?
From an auditor’s perspective an audit is a service defined by a detailed set of mandatory standards to provide a level of formal independent assurance to a defined group of people about the work of others. Phew, what a mouthful! Most commonly audits relate to financial matters, whereby the ‘work of others’ is presented in the form of a set of annual financial statements.
Dependable financial information is essential to the smooth running of our society. Financial statements are one of the most common forms of communicating financial information and the financial statements are the primary responsibility of the governing body of the entity that prepared them. What the auditor does is add credibility by providing an independent professional opinion as to the fairness of an organisation’s financial statements and the presentation of related historical information. The audit provides a high but not absolute level of assurance.
Before an auditor can form an opinion a lot of work needs to be done including, understanding the organisation being audited and the environment it operates in, assessing the risks it faces, then designing tests of controls and substantive documentation to help reduce the risks to an acceptably low level.
Frustratingly a common misconception among some of the users of audit services is that a financial statements audit provides a 100% clean bill of health about the entity concerned and all future activity. This is incorrect and often goes hand-in-hand with unrealistic assurance expectations guaranteeing that there has been no fraud, no errors, and that the entity will continue to operate in the future. This is obviously a much wider, and frankly, usually impossible, level of assurance.
An independent audit certainly adds to the credibility of the financial information, but it can never remove the primary responsibility of the governing body to prepare and present information that is true and fair.
This difference between the misconceptions outlined above and the true nature of an audit is called the “audit expectation gap”. Given the diversity of understanding, such a gap is serious and can sometimes be quite dangerous if users are relying on an incorrect understanding of what comfort they can take from an audit report.
How do we close the expectation gap?
Sadly some parties, such as the occasional grandstanding politician calling for an audit whenever something goes wrong, or media looking for a sensational sound-bite rather than providing an in-depth understanding only serve to reinforce such an expectations or understanding gap.
Many and on-going attempts have been made over the years to bridge this expectation gap through education. These initiatives have been led by a variety of players, but mostly from the auditing profession and the audit and assurance standard setters around the world.
Our Government recently formed an audit and assurance standard setter called the New Zealand Auditing and Assurance Standards Board (NZAuASB) being one of the two sub-boards of the External Reporting Board (XRB). The role of this board is to set auditing and assurance standards for all statutorily required audits in New Zealand. In doing so they closely follow the International Audit and Assurance Standards Board as audit and assurance standards become increasingly consistent internationally.
In recent years we have seen quite a bit of activity from the standard setters in setting mandatory standards to try and force better explanations from auditors to their clients and readers of their findings. This has resulted in more mandatory documentation such as more detailed letters of engagement, progressively longer audit reports, and accompanying letters to the governing body and its management team from the auditors explaining the features of the audit and various observations.
The most visible summary of an auditor’s work is the audit report. Audit reports have changed and evolved considerably over time. Go back 30 to 40 years and you would generally see a single paragraph audit report that would be something along the lines of “Audited and found correct”.
But as business practices and financial statements have progressively become more complex, and litigation more common, changes have been made to audit reports. These changes have made the reports much more explicit regarding what is being audited, the responsibilities of various parties, what reliance can be placed on them, the basis of opinion and the opinion itself.
This has resulted in the current audit report format which generally runs over two pages. While a standard format exists audit reports can also contain many differences. In a future article we will help explain some of these differences, what causes them, and their implications in more detail.