30 May 2023

So we have a typical small not for profit: poor division of duties, no real controls apart from two signatories for payments, a review of financial results at irregular board meetings, and the annual Performance Report prepared by external accountants.

We know we are not relying on controls for our audit work, but that pesky ISA 315 tells us that we still have to document controls, such as they are. We must – according to paragraph 25 – obtain an understanding of the entity’s information system and communication relevant to the preparation of the financial statements, including:

  • how information flows through the entity’s information system, including how transactions are initiated, and how information about them is recorded, processed, corrected as necessary, incorporated in the general ledger and reported in the financial statements, and
  • how information about events and conditions, other than transactions, is captured, processed and disclosed in the financial statements;
  • understanding how the entity communicates significant matters that support the preparation of the financial statements and related reporting responsibilities in the information system and other components of the system of internal control so that we may
  • evaluate whether the entity’s information system and communication appropriately support the preparation of the entity’s financial statements.

How do we obtain this information? Para A136 tells us it is through various ways that may include:

  • enquiries of relevant personnel about the procedures used to initiate, record, process and report transactions or about the entity’s financial reporting process;
  • inspection of policy or process manuals or other documentation of the entity’s information system;
  • observation of the performance of the policies or procedures by the entity’s personnel; or
  • selecting transactions and tracing them through the applicable process in the information system (i.e., performing a walk-through).

Optional or required?

So does this mean that walk-through tests are one option among many? Yes and no. We are required to document the identified controls that are relevant to inherent risks that we have identified. Paragraph A125 states that we must “evaluate the design and determine whether the controls have been implemented.” Here is the catch. How can we assess whether the controls have been implemented unless we perform some sort of walk-through test?

The client may complete our internal controls checklist, send us their procedures manual, and tell us sweet stories, but as we all know, what they say they do or think they do may not be what they actually do. These procedures may have existed at some point in the past, but internal controls, like most systems, are subject to entropy over time.

Part of our work is therefore to look for changes. Paragraph A41 states that we are required to determine whether information obtained from our previous experience with the entity and from audit procedures performed in previous audits remains relevant and reliable. If circumstances have changed information from prior periods may no longer be relevant or reliable. The standard suggests that enquiries and other appropriate audit procedures, such as walk-throughs of relevant systems should be carried out.

What form can a walk-through take?

We document the system at a level appropriate to the entity, especially noting the controls. Then we check to see if the system as described is actually what they do. For instance, journals must always be given close attention. How are they initiated? Who can create journals? Who approves them? What reviews are carried out? What other means are there of making adjustments to the ledger – editing transactions say?

In this case, we would document the process, then follow one journal through from initiation to ledger, ensuring that all levels of approval and checking have in fact been followed and there is evidence of this.

This is different to a test of controls which would be spread across the period. The walk-through does not give us reliance that the controls are effective, just that we have documented them correctly. In a simple small entity, we could add this walk-through test as a narrative comment. In a more complex entity, it would make sense to create a diagram and then perhaps a spreadsheet following the transaction through the key steps and controls.

You may wish to carry out the walk-through as you have someone explaining the system and you are documenting it. For instance, you are visiting the client – a sports club say – and you ask them – show me the process for recording a bar sale? Using your phone camera you could record how a sale is initiated, how it is recorded and batched, banked, and reconciled back to the bank details in their software, and the checks and approvals required at each step. Then you could use the photos to build a visual record of how the revenue system works, with suitable narration and assessment, and attach that to your systems documentation page.

As part of going through the system with a staff member remember to be curious and ask things like: What if the bar staff are away? Who does this approval when the manager is on holiday? Do those security cameras actually work? Why is the till left open? What is done when a transaction includes more than one revenue type?

Conclusion

ISA 315 (revised 2019) focuses first on inherent risk. However, control risk is also important, especially when it relates to journals and IT systems. These must be documented at an appropriate level for the entity whether we intend to rely on the controls or not. And describing controls is not enough – we must have confidence that we are describing what actually happens. In my view, walk-through tests are the only real way to achieve this, and many audit files are lacking this important element.

17 May 2023

So, you are preparing financial statements for a Tier 3 charity – or auditing them – and the board have come up with the bright idea that they will use a revalued amount for land and buildings. The financial position will look better, so funders and members will feel that the entity is secure. What could possibly go wrong?

Quite a bit, actually. I’ve been asked to review a few of these lately and there are a number of potential pitfalls to explore. If you are auditing these kinds of statements, I hope this is a helpful guide to what to look out for.

Tier 3 – the basic rules of engagement

Table 3 of PBE SFR-A (NFP) (the Tier 3 reporting standard) states that Property, Plant and Equipment are to be recorded when purchased or donated, at cost if purchased or at current value if donated. Impairment is to be recognised if the market price of the asset falls below its carrying (book) value, or when the value of the asset to the entity is less than its carrying value if the asset is to be retained.

It is anticipated that depreciation will be charged to spread the cost of the asset – we’re talking buildings – over its useful life. Land is not to be depreciated.

There is a common misconception that buildings are not required to be depreciated – probably a carry-over from tax accounting. But Charities don’t fall under tax rules. PBE SFR-A (NFP) assumes depreciation will be charged on buildings.

Tier 3 – what to do with revaluations

PBE SFR-A (NFP) Paragraph A113 says that ‘an entity may elect to revalue a class of property, plant and equipment.’ It suggests that this will be the case where there is the likelihood of increases in value over the asset’s life – i.e. for land and buildings. If this is to be done, PBE SFR-A (NFP) tells us that we must apply the relevant requirements of PBE IPSAS 17 Property, Plant and Equipment.

What is PBE IPSAS 17? It is an international standard that applies, in New Zealand, to Tier 1 and 2 entities. So we’re playing with the big boys now. We going to have to read a ‘proper’ accounting standard. The only slight exception from the full PBE allowed under PBE SFR-A (NFP) is that the entity may use the current rateable or government valuation rather than ‘fair value’ as required by PBE IPSAS 17 when revaluing.

What are the implications? Firstly that disclosure must be made that PBE IPSAS 17 has been adopted for land and buildings. There should also be a change in accounting policy note when first adopted. Auditors should also note in their report that the Performance Report is prepared using PBE SFR-A (NFP) with PBE IPSAS 17 applied to the revaluation of land and buildings.

PBE IPSAS 17 – what’s required?

Paragraph 44 tells us that the carrying value of a revalued asset shall be its revalued amount, less any subsequent depreciation and impairment losses. Revaluations are to be made ‘with sufficient regularity to ensure that the carrying amount does not differ materially from that which would be determined using fair value at the reporting date.’

As we have said, many Tier 3 charities will use current rateable or government valuation. This is fine. If not the standard allows market-based appraisals to be used. In some cases depreciated replacement cost may be appropriate – say where there is a building on leasehold land. Some additional points to note:

  • If an item of property is revalued, the entire class of property to which that asset belongs shall be revalued. (para 51)
  • Land is one class, and Buildings are another class. (para 52)
  • This means that you can’t just value one bit of land or one building – you have to revalue all land holdings or all buildings at the same time. (para 53)
  • The increase from the revaluation must be recognised in ‘other comprehensive revenue and expense’ and accumulated in ‘net assets/equity’ under the heading of revaluation surplus. (para 54)

Remember that land is not to be depreciated, but buildings are – including depreciating the revaluation of buildings. So you will need to identify which part of the revaluation relates to land and which part to buildings.

The accounting treatment of the revaluation

A couple of problems arise here for Tier 3 entities. One is that they do not have an ‘other comprehensive revenue and expense’ category. The other relates to revaluation reserves.

PBE SFR-A (NFP) A143 states that there are two kinds of reserves; ‘Restricted reserves’ which may be used only for a particular purpose such as terms agreed with a donor, and ‘Discretionary reserves’ created by a transfer from accumulated funds to set aside resources for a particular purpose. Neither of these could pass as revaluation reserves.

There are two options. One is to bury the revaluation in accumulated funds. The second is to assume that if we are applying PBE IPSAS 17 it’s okay for us to break the letter of the Tier 3 law and make a revaluation reserve. I think this is the most sensible option, and the proposed changes to the Tier 3 standard obviously recognise the problem and assume the use of a revaluation reserve.

What about whether to record the revaluation through the Statement of Financial Performance or put it directly to Equity? Again I think that we are justified in adding to our Tier 3 rules by including an additional section in our Statement of Financial Performance – below the operating surplus or deficit – for the revaluation gain. Charities Services encourage this treatment. However, the updates to Tier 3 will allow the transfer of the surplus directly to reserves. So for now it is probably more correct to put through the Statement of Financial Performance – but ‘below the line.’

To revalue or not?

For entities who decide to use valuations for land and buildings, there will be some extra complexity and disclosure required. Extra notes will be needed, including details of the valuer, their qualifications, the date of valuation and the revaluation cycle. Depreciation will need to be calculated from the date of revaluation on the amount attributed to buildings. And auditors will need to assess all these things.

Note that there are proposed changes to the Tier 3 standard that do allow for revaluation to be done without having to move to PBE IPSAS 17. These are not far away.* See our commentary here. So if you are preparing financial statements for a Tier 3 entity you might want to consider waiting a while before revaluing, and just disclose the latest valuation by way of note.

*The new Tier 3 (NFP) Standard sets out the requirements that Tier 3 NFP entities are required to follow when preparing their annual performance reports. This Standard is required to be applied for accounting periods that begin on or after 1 April 2024. Earlier application is permitted for accounting periods that end after the Standard takes effect on 15 June 2023.

31 March 2023

In assisting a range of Audit firms with their Quality Control I get to see quite a few files for review, mostly Tier 3 charities. There are a number of common areas where improvements could be made. We explore some of these below:

Identification of Key Personnel

There is a question early in the workflow that asks the user to identify key personnel (directors/trustees and management people and anyone else with significant influence over the entity) – to be referred to when assessing independence, in related parties’ work and for identifying key contacts. It is common to just see the name of one key contact person here.

In order to be familiar with the client and be alert to potentially related parties or conflicts of interest all people involved in management and governance should be listed here, along with their roles. The names may be added to contacts in the sidebar.

Enquiries directed at a limited range of people

Some questionnaires are designed to be answered by someone from management, and some from governance. The fraud questionnaires are a good example. However, in small entities, I commonly see all enquiries directed to one person.

While this reflects something of the reality of small entities, it is an important control that governance is aware of and oversees what is happening at a managerial level. Gaining perspective from different people – as well as being requirements of the standards – helps build a wider ‘3D’ view of the entity.

Verbal enquiries neglecting to identify the entity contact

Sometimes instead of having an entity contact complete a checklist or answer a question online, it is more convenient to interview them and record their responses.

In these cases, it is essential to record the name of the person and the date of the interview.

Budget testing as an analytical review tool

It is common to have a client respond to the questionnaire that they do indeed prepare budgets. But it is uncommon to see these budget figures used in an Analytical Review test. Many times I see the Analytical Review option for budgets marked “no Budget.”

Comparing budgets to actual results can be a powerful analytical and risk identification tool in SME audits, where budgets define the expectation of governance. Even if budgets are not prepared for all the figures reflected in the TB, the budget column for key figures can be manually completed on the TB page, to flow through to the analysis pages.

Lack of follow-up on issues identified in the planning phase

Often I see key items or risks that are mentioned at the staff planning meeting, in information gathered from the client, or when discussing rebuttable presumptions around fraud, understatement of income, or risks associated with journals, that are not flagged and addressed specifically later in the file.

In the current iteration of Audit Assistant, the risk flag tool should be used in these cases, as all comments may be flagged as risks. This will ensure that the issue is not dropped, but is appropriately brought to the foreground in the audit work. There is also the “Key Issue” option which may be used to flag very important items intended for partner attention.

Lack of identification of risks

Risk identification is a bit of a moving target as we all adapt to ISA 315 (revised 2019), however, even under the old standard there was a requirement to identify risks of material misstatement and form the focus of our testing primarily around the most significant risks. I see many good examples of risk assessment, but also many where material items in the financial statements are not assessed as risk, presumably because the auditor has looked at the item and assessed it as low risk – but not documented that decision.

In Tier 3 entities, where there are a limited number of categories in the Statement of Performance and Statement of Financial Position, I would expect to see each category subtotalled in the TB, and a risk assessment for each subtotal, unless it is clearly immaterial or has no prospect of being material.

Lack of identification of significant risks

Many audit files have all their identified risks assessed as very much the same risk profile. I recently heard a reviewer describe a good audit file as one that resembled the Andes rather than rolling green hills.

In other words, we are trying to find which risks are significant to the entity and highlight those rather than just saying all risks are on the same level. Even in a very low-risk job, there will be some inherent risks that the entity faces that will stand out as the main threats to the entity – and these are where we need to focus our work. This will produce not only better audit work but more efficient work because we are putting our resources into the right areas. If we view “Significant” as a relative term rather than absolute, we will start to identify risks that are significant in the context of the job. This is especially important in complying with ISA 315 (revised 2019).

Materiality assessments for service performance

I often see files where the materiality assessment in the Service Performance area is regarded as “not applicable.” NZ AS1 requires us to assess Service Performance materiality, which in terms of ISA 320 is described as: “Misstatements, including omissions, if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.”

In the context of service performance, small misstatements or omissions will probably not influence the decision of the users, but a larger discrepancy may well do. It is up to us to identify where this level lies in terms of what is being measured by the service performance output we are considering. This might be in terms of say a 5% variance in a reported result.

Qualification for cash income

It is still common for audit reports for charities and clubs to qualify for cash income. However, with the reduction in the use of cash, this may not be given. In many jobs I see this unquestioningly adopted, without an attempt to quantify just how much of the income of donations say is actually represented by cash so subject to that risk. The audit report then may lead a reader to the conclusion that the potential understatement is much larger than it actually is.

When considering the risk of understatement of cash income and subsequent qualification, I suggest that work be documented to quantify the total amount represented by cash, and the potential understatement. this may not be material, in which case a qualification will not be necessary. Or it may be material and subject to qualification, but the audit report identifies the particular items where there may be an understatement instead of just a blanket statement.

Fixed asset valuation methods

When a Tier 3 entity opts to revalue their land and buildings – as many do – leaving behind the safe harbour of the Tier 3 standards and ventures into the deep waters of PBE IPSAS 17 there are many potential snares, as I discovered recently.

Don’t assume that the CA who prepared the financial statements got it right, and read the standard well. I would assume that any revaluation of this sort is a significant risk as it will likely be highly material. Also, remember to check the disclosures in the Performance Report – that they reference the standard – and include a mention of the use of PBE IPSAS 17 in the preparation of the financial statements in your audit report just to be safe.

Do you agree? Any comments or suggestions? Contact me here.

26 August 2022

Kaizen, also known as continuous improvement, is a long-term approach to work that systematically seeks to achieve small, incremental changes in processes in order to improve efficiency and quality.

Kaizen can be applied to any kind of work, but it is perhaps best known for being used in lean manufacturing and lean programming. If a work environment practices kaizen, continuous improvement is the responsibility of every worker, not just a selected few.

Kaizen can be roughly translated from Japanese to mean ‘good change.‘ The philosophy behind kaizen is often credited to Dr W. Edwards Deming. Dr Deming was invited by Japanese industrial leaders and engineers to help rebuild Japan after World War II. He was honoured for his contributions by Emperor Hirohito and the Japanese Union of Scientists and Engineers.

One version of the ten basic Kaizen principles is as follows (my comments are added in italics):

  1. Throw out all your old fixed ideas on how to do things. Start with a clean slate every day, don’t get stuck in your old assumptions.
  2. No blame – treat others as you want to be treated. Encourage and affirm others in the team including yourself.
  3. Think positive – don’t say can’t. Lean into grace – there is always a way forward.
  4. Don’t wait for perfection – 50% improvement now is fine. Don’t get stuck waiting for perfection, keep moving forward and over time results will come. A few mistakes show that you are taking risks and that’s okay.
  5. Correct mistakes as soon as they are found. Be willing to admit mistakes and fix them in a timely way. It keeps your clients happy, encourages feedback and makes a better product.
  6. Don’t substitute money for thinking – Creativity before Capital. When you have the money you may not be more creative. Limits are great for new ideas.
  7. Keep asking “why?” until you get to the root cause. Don’t settle for overly simplistic solutions, or you will be treating the fruit instead of the root.
  8. Better the wisdom of 5 people than the expertise of 1. Group wisdom will see through the simplistic answers – you can’t beat the wisdom of experience.
  9. Base decisions on data not opinions. Make sure you have real evidence not just hearsay or guesses – check out your hunches and feelings against reality.
  10. Improvement is not made from a conference room! Be out there among the people – staff and clients asking them where improvement can be made. Test theory in the real world.

Dr Deming was one of the key originators of these principles, and reading his original ideas is refreshing and somewhat surprising in their timelessness, bluntness and practicality – and also in their wide application to almost any kind of business enterprise. 

In his book Out of the Crisis, Dr Deming shared his philosophy of continuous improvement (again my comments are added in italics):

  1. Create constancy of purpose toward improvement of product and service, with the aim to become competitive and to stay in business and to provide jobs. Have a clear philosophy – not just about money but about sustainability and job creation.
  2. Adopt the new philosophy. We are in a new economic age. Western management must awaken to the challenge, must learn their responsibilities, and take on leadership for change. Just do it – keep revisiting.
  3. Eliminate the need for inspection on a mass basis by building quality into the product in the first place. Do it the right first time as much as possible.
  4. End the practice of awarding business on the basis of price tag. Instead, minimise total cost. Move towards a single supplier for any one item, on a long-term relationship of loyalty and trust. Use local firms where possible, and use organisations and people that fit well – the overall result will be lower cost.
  5. Improve constantly and forever the system of production and service to improve quality and productivity and thus constantly decrease costs. Be constantly aware of how processes and systems may be improved and write these things down.
  6. Institute training on the job. Give time to this – don’t rely on external training, learning on the job will give greater satisfaction to staff as their skills increase. Don’t expect them to ‘just know’.
  7. Institute leadership. The aim of supervision should be to help people and machines and gadgets to do a better job. Be present and give and receive feedback on a regular basis.
  8. Drive out fear so that everyone may work effectively for the company. Be approachable, admit fault, be fair and empower others – it will win respect.
  9. Break down barriers between departments. People in research, design, sales and production must work as a team to foresee problems of production and use of the product or service. Communicate with co-workers, and treat everyone as of equal value. It will encourage work satisfaction, and team cohesion and so honesty and creativity will increase.
  10. Eliminate slogans, exhortations, and targets for the work force asking for zero defects and new levels of productivity. Such exhortations only create adversarial relationships, as the bulk of the causes of low quality and low productivity belong to the system and thus lie beyond the power of the work force.
    • Eliminate work standards (quotas) on the factory floor. Substitute with leadership.
    • Eliminate management by objective. Eliminate management by numbers and numerical goals. Instead substitute with leadership.
    • Encourage one another and accept mistakes as normal to learning and developing new, good things.
  11. Remove barriers that rob the hourly worker of his right to pride of workmanship. The responsibility of supervisors must be changed from sheer numbers to quality. Quality comes from focus and teamwork, not just pumping out work.
  12. Remove barriers that rob people in management and in engineering of their right to pride of workmanship. This means, inter alia, abolishment of the annual or merit rating and of management by objectives. Let people enjoy coming up with their own solutions, and taking responsibility for projects themselves.
  13. Institute a vigorous program of education and self-improvement. Encourage everyone to take time to ‘sharpen their saw.’
  14. Put everybody in the company to work to accomplish the transformation. The transformation is everybody’s job. Involve everyone, as much as possible in the wide view – talk about sales and marketing with engineering people, and help salespeople understand the technical challenges.

I like to review these steps periodically. Adding my own twist on the basic principles helps me stick with my “why” – the values that define my personal business philosophy.

When we start losing our “why” we start feeling uncomfortable in our work. Reviewing this helps us see where we are perhaps getting pulled off the track and what we have been neglecting. I can see a couple right now I need to work on. A great reality check!