Written by Veronika Fritz, Partner, Vonya Global
Audit Overkill, CorpGov Necessity, or Value Add?
As we have discussed in previous articles, the PCAOB has come down hard on the public accounting firms for the adequacy of internal control testing when conducting the annual financial statement audit at their clients. The result in the current financial statement audit period has been significantly more testing by the public accounting firms than in years prior. This added testing is putting a burden on public registrants, and one specific area getting increased attention is Management Review Controls.
Management Review Controls
Management Review Controls monitor the results of operations and typically involve comparing recorded financial statement amounts to expected amounts to identify and investigate significant variances. A significant focus is placed on ensuring that the data that is being analyzed is complete and accurate. Examples could include:
- 10K/10Q reviews to ensure that Financial Statements and Disclosures reflect a complete and accurate view of the business operations
- Performing a variance analysis on the B/S where current month balances are compared to prior month and prior year
- Performing a detailed review of organizational costs where variances from comparative periods or budget are analyzed
- Peforming a detailed review of any material complex accounting treatment within the organization that might be proprietary to that industry
- Review management’s review of the legal accruals to determine that it is complete and accurate
The public accounting firm now must demonstrate that they have exhaustively tested the design and operating effectiveness of Management Review Controls. To do so, the auditor will gather evidence to evaluate whether management defined metrics or thresholds that would identify a material misstatement and document the resolution of any identified outliers. To ensure that the appropriate information is analyzed, management has to first ensure that the “Information produced by the Entity” (IPE) is complete and accurate. The auditor will also use their judgment to evaluate if the design of the MRC is effective in identifying a material misstatement and if the operating effectiveness of the design is in place.
In the past, auditors evaluated management’s sign-offs and re-performed sample reviews related to management’s review. Not this year. Due to the requirements of the PCAOB, auditors are requiring a level of precision and specificity for the MRCs beyond prior years and reviewing far more documentation. Instead of reviewing management signatures which signify approval, auditors are interrogating management to understand the metrics used for their review and the resolution of identified outliers that would be indicative of their approval. Relying on system reports and excel spreadsheets has taken on a much deeper dive to ensure that the information used in the review is complete and accurate.
Why Investors Should Care
Producing audited financial statements to the SEC is not cheap. The Financial Executives International stated that the average financial statement audit of a public company in 2012 took almost 17,000 hours to complete at a cost of $4.5 million. That number is certainly going up for the 2013 audit cycle.
So, what do you think? Is the added testing overkill? Or, is the added testing necessary to demonstrate proper corporate governance? Or, does the added testing provide a value that goes far beyond its cost?
Let us know in the comments.
This blog post was written by Veronika Fritz. Veronika is a Managing Partner with Vonya Global, a premier provider of internal audit consulting services. Veronika is a CPA with over 18 years of audit and management experience. Her experience covers all areas of business including compliance, financial, operational and IT. She has led the planning, development and successful execution of financial audits, Sarbanes-Oxley Engagements, pre- and post-implementation ERP system reviews, and business process evaluations. Veronika has expert knowledge in evaluating the design, integrity, effectiveness and reliability of internal controls for financial reporting processes and Enterprise Resource Planning software. She has been a trusted advisor to companies spanning various industries. If you would like more information about Vonya Global or if you have a questions for Veronika, you may contact her through this blog, the company website, twitter, or her LinkedIn Profile.