Category Archives: Auditing

How to Prepare for an Audit

binderby Lee Byrd

For many organizations, an audit is an annual process that requires the Organization’s personnel to devote additional time and effort above and beyond their day-to-day responsibilities. It can be tiresome and unwelcome to those assigned with task of handling the audit. However, there are many ways in which an Organization can prepare for an audit which could lead to less time the auditor’s spend on site, decreased stress around deadlines, and an overall more efficient audit process.

  • PBC List – PBC stands for “Prepared By Client” and this is a schedule of initial audit requests provided by the auditor, which are to be prepared by Organization personnel. Because the auditor’s schedule is often tight, it is essential that the items on the PBC List are prepared and ready for the auditor prior to the start of fieldwork. Items that are not completed timely could cause significant delays in the audit process.
  • Prepare throughout the year – If the Organization has been audited before, personnel likely have an idea of key information or schedules that will be requested by the auditor. Rather than waiting until the PBC List is received, it may be helpful to update these schedules periodically throughout the year. Such items include investment, debt or fixed asset rollforwards which must be prepared from underlying data and records. As these schedules are updated, be sure to keep those supporting documents in a file or folder to provide the auditor at year-end with the audit package.
  • Organization – Keeping your audit files and underlying support organized will be key to aiding the audit efficiency. Items from the PBC List should be accumulated in folders and labeled according to the PBC List numbering, if possible. This will aid the auditor in identifying and processing the information quickly. Additionally, having supporting documentation such as invoices and deposits filed in an orderly manner will allow Organization personnel to quickly pull support requested by the audit throughout fieldwork. The less time it takes to provide the auditor requested documentation, the less time the auditor must spend on site.
  • Designated Personnel – While it is important to delegate preparation of audit schedules and accumulation of other requested support to financial personnel throughout the organization, it is important to designate an individual, such as a controller or CFO, as the audit contact. This individual will be responsible for communicating deadlines and any delays to the audit team. More importantly, this individual should review all schedules and support prepared by other personnel prior to providing that information to the audit team. Ensuring that provided information is complete and accurate will prevent duplication of effort and audit findings.
  • Information is Key – Know what has happened within the organization during the year. The auditor will ask about significant events, variances from prior year, and variances from budget, just to name a few. Providing clear, concise explanations for these variances will allow the auditor to document appropriately. Additionally, any information that can be provided to the auditor prior to the start of fieldwork will allow the auditor to develop expectations and may reduce the number of variance inquiries made throughout the audit.
  • Communication – Your chosen auditor should always be open to communication from their clients, whether during the actual engagement or throughout the year. Be sure to reach out with questions so that issues can be resolved prior to the start of the audit. Additionally, if you feel that you will not have the requested information prepared by the designated date, notify the auditor immediately so that scheduling and deadlines can be addressed as soon as possible.

It is equally important to the audit firm and the Organization for the audit to be as efficient and seamless as possible. The above suggestions should aid in creating a pleasant audit experience for all parties involved.

Langdon & Company LLP’s audit team is here to help. Contact us with questions regarding your audit engagement. Lee Byrd ([email protected]) is an Audit Manager at our Firm and has over 7 years of experience with a variety of clients.

3 Ways to Protect Yourself and Organization Against Cyber Threats

by Meagan Bulloch

In light of recent data breaches at major retailers in the US, the public have been reminded just how vulnerable both their personal and organization’s data is to cyber-attacks.  This has left many companies scrambling to make sure the data they are entrusted with does not become the target of another round of headlines and lawsuits.identity_theft

While you are never 100% protected from hackers, here are five ways you can reduce your risk of falling victim to a cyber-attack:

  1. Strong Complex Passwords – It seems this advice has been given year after year and almost seems trite, however, for many; passwords are the first level of defense against a cyber-attack.  As such, it is ever more critical that passwords be lengthy, complex and changed often.  According to the SANS Institute’s sample password policy available at https://www.sans.org/security-resources/policies/general/pdf/password-protection-policy  a strong password is at least 15 characters in length.  For many, the deterrent to having a complex password or changing it often is the issue of remembering the complex password.  If this is a concern for you or your organization, you should consider implementing a password management tool such as RoboForm, Password Depot, and LastPass to assist in creating, storing and recalling passwords.
  2. Alternative Authentication Measures – If you have already tackled your passwords what else can you do?  As an additional layer of protection many are considering the use of alternative authentication measures such as fingerprint readers and key fobs.  Basic fingerprint readers can be purchased for only $35 in today’s market.  Using such devices can eliminate the need for a password to log in to a computer.  If the objective is to protect extremely sensitive data then the use of a multifactor authentication may be the best option.  This would involve an employee using both a password and something held in their possession – such as a code generated by a key fob- to log into a computer, application or website.   By requiring two forms of authentication you can greatly reduce the access a hacker could have to your system.
  3. Develop a formal policy for “BYOD.”  Often referred to today as “bring your own device” has created a new level of vulnerability for organizations.  In today’s environment it can be very beneficial for employees to be connected to an organization’s email and other network data through a mobile device.  The issue comes when this access is obtained informally by employees and not managed by the organization.  Often the organization has no way of knowing which devices are attached to their network and therefore, cannot take the necessary security measures to protect sensitive organizational data.  To protect your organization it is imperative to develop a formal BYOD policy that address security issues before an employee can connect their personal device to your network.  If devices have already been connected, you should implement a BYOD policy retroactively.  Regardless, each employee should agree to the policy and indicate so through a signature before they can access the organization’s network.  The BYOD policy should at a minimum include the following: the fact that the organization owns the data the employees will access, the procedure for erasing the organization’s data from the device in the event the employees leaves the organization, which type of websites and applications can be accessed, security measures the end user must implement as a condition of accessing the organization’s network, and the process for notifying appropriate organizational personnel in the vent a device is lost or stolen.  See sample policy template at http://www.itmanagerdaily.com/byod-policy-template/.

While each of these tools is important independently, a layered approach is truly the best defense against a cyber-attack for you or your organization.

Meagan Bulloch ([email protected]) is an audit manager at Langdon & Company LLP focused primarily on non-profit clients.

The Importance of Separation of Duties

by Katie Anthony

It is important to have levels of separation of duties in your business. You may say that you are a very small business and cannot afford to have many employees. That may be true, in which case you can add approval and double sign-offs on items of significance as well as review of certain processes. You may be in a situation where you do not even have enough employees to do this. In such a case, it might benefit your company to set up a monthly or quarterly review by an outside accounting firm.

You may be asking why separation of duties is so important. A big reason is that although a greater number of frauds are perpetrated by employees low on the ladder, greater amounts are stolen by employees at the management level. The ACFE Report to the Nations on Occupational Fraud and Abuse: 2014 Global Fraud Study reports that employees committed 42% of occupational frauds but caused a median loss of $75,000, while executives committed 19% of occupational frauds with a median loss of $500,000. These high level employees are trusted and intelligent, so they are able to get away with the fraudulent activities for a longer period of time, enabling them to steal larger amounts of money.fraud triangle

There are three elements to occupational fraud, which are opportunity, rationalization, and pressure, as credited to Donald Cressey. He believed that these three elements must all be present for an ordinary person to commit fraud (Fraud Examiners Manual: 2014 US Edition).

Let’s start with rationalization. You may not think you are able to influence someone else’s rationalization. However, some people rationalize fraudulent actions by saying that they are owed what they are stealing from the organization because they feel underappreciated. You need to take steps to make sure that you pay your employees appropriately for their roles and that you do things occasionally to show your employees that you appreciate them. Employees sometimes even rationalize their behavior based on what they see employees higher than themselves doing. That means you! Keep in mind that your employees are watching you to set the tone of the business.

While you cannot remove pressures employees feel from those outside of your organization, you can make sure that you don’t put too much pressure on them from within. This means doing evaluations that are not only one-sided, but rather structured so that your employees can give feedback about their workloads and stress levels. If you overwork your employees they may feel pressure to take shortcuts that eventually lead to fraudulent actions.

Last but not least, is opportunity. Separation of duties and reviews can really help with this element. If employees feel that no one looks at their work, they may take that opportunity to begin stealing, especially if the other two elements of the fraud triangle are present. By adding separation of duties and reviews, you are filling a gap that will help keep your business healthy. If, despite all your precautions, one of your employees IS stealing, separation of duties and reviews will help catch them. The ACFE Report to the Nations on Occupational Fraud and Abuse: 2014 Global Fraud Study goes on to show that review is second only to a tip in discovering frauds in small businesses.

While no plan to prevent and detect fraud is perfect, each step you take will help. Langdon and Company LLP knows that you want to keep your business healthy and thriving. L&C can help you define the duties in your processes that need separation as well as provide review services for your organization. Contact our office today with any questions or concerns you have.

Katie ([email protected]) is an Audit Staff at L&C and works with a variety of clients.

SSARS 21: Statement on Standards for Accounting and Review Services: Clarification and Recodification

by Lee Byrd

Representing the most significant changes to the compilation and review literature in decades, the AICPA Accounting and Review Services Committee recently issued Statement on Standards for Accounting and Review Services (SSARS) No. 21. The guidance aids in drawing a definitive line between preparation and reporting services and is composed of four sections as follows:

  • Section 60 – General Principles for Engagements Performed in Accordance With Statements on Standards for Accounting and Review Services, provides a foundation for the other three sections and guides professionals on their responsibilities related to engagements performed in accordance with SSARS.
  • Section 70 – Preparation of Financial Statements, applies when an accountant is engaged to prepare financial statements but is not engaged to perform an audit, review or a compliation on those financial statements. Professional judgment should be used in determining the type of engagement requested by the client (i.e. whether the CPA is engaged to prepare financial statements or simply assist in their preparation). A report is not required for a preparation engagement but the CPA should include a legend on each page of the financial statements stating, “no assurance is provided.”
  • Section 80 – Compilation Engagements, applies when an accountant is engaged to perform a compilation engagement. The guidance provides new compilation report language, distinguishing this report from an assurance engagement report for audit or review services. CPAs may add additional paragraphs for explanatory purposes.
  • Section 90 – Review of Financial Statements, applies when an accountant is engaged to perform a review of financial statements. The accountants’ review report has been updated to require the use of headings in the report and the name of the city and state of the CPA’s issuing office.

Successful business group.CPAs are required to begin using SSARS 21 for financial statements with periods ending December 15, 2015 and thereafter; however, the standard allows for early implementation. The standard also requires a signed engagement letter for all SSARSs engagements, signed by both the CPA and management or those charged with governance. Additionally, while audit, review and compilation engagements require participation in a peer review program, preparation services do not fall within any of the aforementioned categories and therefore, are not subject to peer review.

Langdon & Company LLP‘s accountants are very familiar with this new standard and would be happy to answer any questions you may have.  Please contact our office for additional information.

Lee Byrd ([email protected]) is an Audit Manager at our Firm and has over 7 years of experience with a variety of clients.

Spring Cleaning: Document Retention Policies for Non-Profits

by Brittany Powell spring-cleaning-office

Determining what documents and files you need to keep can be a daunting task and all too often turns into a case of “I’ll keep this…just in case.”  Establishing a formal document retention and destruction policy for your non-profit organization can help prevent clutter from piles of unneeded documents.  In fact, a document retention policy is one of several policies that the IRS Form 990 asks specifically if a nonprofit organization has.

The IRS Form 990 instructions define a document retention and destruction policy as a policy that “identifies the record retention responsibilities of staff, volunteers, board members, and outsiders for maintaining and documenting the storage and destruction of the organization’s documents and records.”  As the National Council of Nonprofits points out in its article, “Document Retention Policies for Nonprofits,” a written document retention policy provides consistency in the document retention/destruction habits of both staff and volunteers.

So, as your organization is spring cleaning, what documents should you keep and what can be tossed?  The following categories are derived from the AICPA’s sample document retention policy and provide a guideline for how long certain documents should be kept.

Documents that should be kept permanently:

–          Audit reports

–          Correspondence regarding legal and important matters

–          Deeds, mortgages, and bills of sale

–          Determination letter from the IRS

–          Tax returns

–          Articles of Incorporation, Bylaws, etc.

–          Minutes of board meetings and resolutions made by the board

–          Retirement and pension records

–          Trademark registrations and copyrights

Documents that should be kept for 7 years:

–          Expired contracts, mortgages, notes, and leases

–          Payroll records and summaries

–          Personnel files for terminated employees

–          Timesheets

–          Withholding tax statements

–          Invoices (to customers and from vendors)

Documents that should be kept for 2-3 years:

–          Bank reconciliations and statements

–          General correspondence

–          Duplicate deposit slips

–          Employment applications

–          Inventory records

–          Correspondence with customers and vendors

These guidelines can help your organization begin establishing its own document retention policy and guidelines.  However, as we become a more technologically-driven society, it is important to be consider documents stored in the cloud or on a server and to have a back-up plan in place for your electronic documents.  Additionally, the National Council of Nonprofits points out in its article that organizations should give consideration to email records and how they fit into the procedures defined in the document retention policy.

If you have additional questions or would like additional information, please contact our office.

Brittany Powell ([email protected]) is an audit senior at Langdon & Company LLP and has experience with a broad range of non-profit clients.

The Why, Who, What and How of an effective audit committee for nonprofit organizations

by Meagan Bullochhands

The establishing and maintaining an audit committee is considered a best practice for nonprofit organizations.  An audit committee can greatly help the governing board perform their fiduciary and oversight roles over financial reporting, reducing risk and maintaining donor confidence.  Some organizations may utilize their finance committee as an audit committee.  What is important is not the form of the committee but the substance.

Q: Why should a nonprofit consider forming an audit committee?

A: In addition to Sarbanes Oxley and state requirements imposed for organization’s soliciting funds within certain states, the Form 990 asks if an organization has an audit committee.  Although, such a committee is not a requirement, the establishment of one is considered a best practice by the IRS.  As the Form 990 is a public document, answering “no” to this question may lead to funders questioning why the organization is not following a suggested best practice.  The American Institute of Certified Public Accountants’ (AICPA) Audit Committee Toolkit: Not-for-Profit Organizations, 2nd Edition (available at AICPA Store) lists numerous reasons as to why a nonprofit organization should consider forming an audit committee, including providing better: financial results, decision-making in terms of accuracy and quality of financial reporting; ability to build stronger relationships with stakeholders; as well as facilitating transitions in leadership.

Q:  Who makes the best audit committee members?

A:  Audit committee’s typically consist of 3-6 members with diverse backgrounds and experience all of which are considered “financially literate.”  To be financially literate, members should be able to read and understand fundamental financial statements and recognize when the numbers along with associated disclosures to not make business sense.  Additionally, the best audit committee members are fully involved and engaged with the organization and ensure that two-way constructive dialogue occurs at all times between all parties involved.  Members should also be independent in both fact and appearance.  To be truly effective, the committee must be able to resist any attempt by management to compromise financial reporting.  The following relationships are considered to impair independence:

  1.  An audit committee member who is or has been an officer or employee of the organization during the past 3 years
  2. A member who is an immediate family member of an officer or someone in management
  3. A member who has a direct business relationship with the organization in the past three years; such as a consultant

Q:  Who can serve as a financial expert on the audit committee?

A:  The inclusion of at least one financial expert is a highly recommended best practice.  The following attributed are deemed essential components of a financial expert:

  1.  An understanding of generally accepted accounting principles (GAAP) and nonprofit financial statements
  2.   The ability to assess the general application of such principles in connection with the accounting for estimates, accruals and reserves
  3. Experience preparing, auditing, analyzing or evaluating financial statements that are comparable to those of the organization
  4. An understanding of internal controls and procedures for financial reporting
  5. An understanding of the audit committee function
  6. A general understanding of nonprofit financial issues and specific knowledge of the nonprofit industry in which the organization operates

It is worth noting that an audit committee financial expert has no greater obligations or liability than any other members of the audit committee and board of directors who are not designated as financial experts.

Q:  What should be the mission of an effective audit committee?

A:  Simply put, the mission should be oversight.  Specifically, the following areas should be their main focus:

  1.  Financial reporting
  2. Risk Management

Audit function – oversight of and communication with independent auditors, both internal and external

Langdon & Company LLP will be happy to assist with your audit needs.  Please contact our office!

Meagan Bulloch ([email protected]) is an audit manager at Langdon & Company LLP focused primarily on non-profit clients.

Audit Options

by Katie Anthony

You may think that since you are not a publicly held company that you don’t need an audit. However, audits are for private companies as well. Many non-profits are required to have audits in order to comply with federal and state grant requirements. Other companies just want to make sure that they are on the right track, and have an audit done in order to have an independent accountant take a look at their financial statements. In addition, there are different types of audits.

You may not think about it in your day to day activities, but your processes may be inefficient. Having an efficiency audit done can pinpoint areas that need work so that you can save money. All companies want to save money and being more efficient will allow your employees to either work less hours, or have time to accomplish more. Another factor could be that your employees are stressed out and don’t have time to get everything done. With just a few process changes, your employee satisfaction could go through the roof due to less job frustration. Happy employees make for a pleasant working environment and better employee retention.

working

Still don’t think you need an audit? Langdon & Company’s auditors can also perform Agreed-Upon-Procedures. With some direction from our Partners, you can take a look at your needs and tailor a report to the needs of your company. Maybe your industry has very particular regulations. Auditors can come in and make sure that you are complying with these regulations and are keeping the necessary documentation. A good example here is the trucking freight industry. CDL drivers and companies that employee these drivers are required to keep specific and detailed records regarding time spent driving, fuel bought and used across state lines, as well as annual checklists on driving records and other driver-specific information.

Give Langdon & Company LLP a call today to set up an appointment with a manager or partner concerning your company.

Katie Anthony ([email protected]) is an audit staff member at Langdon & Company LLP.  She enjoys working with a variety of clients and offering a fresh perspective on a multitude of issues.

On the Horizon: Revenue Recognition

by Lee Byrd

content updateOn May 28, 2014, Financial Accounting Standards Board’s (FASB) released Accounting Standards Update (ASU) 2014-09, Revenue from Contracts with Customers (Topic 606). The ASU replaces more than 600 pieces of current revenue recognition guidance with a five-step model. Under the current guidance, entities recognize revenue when earned and realizable. Under the new ASU, entities will recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services. As such, the application of the revenue recognition criteria is based on the terms of the contract with the customer rather than on industry specific guidance. The standard requires entities to make more estimates and use more judgment than current guidance.

The five-step model is as follows:

Step 1 – Identify Contracts with Customer

Step 2 – Identify Performance Obligations

Step 3 – Determine Transaction Price

Step 4 – Allocated Transaction Price to the Performance Obligations

Step 5 – Recognize Revenue When (or as) Performance Obligations are Satisfied

The standard becomes effective for public and private companies in 2017 and 2018, respectively. Early adoption is not permitted for public companies. While this gives entities time to become familiar with the new guidance, entities will need to use this time wisely to analyze the cost and benefits of the two approaches to implementation. Entities can choose the full retrospective method, which requires that the standard be applied retrospectively to each prior reporting period presented, or the modified retrospective method, which allows the cumulative effect of initially applying the update recognized at the date of initial application with disclosure of the amount by which each financial statement line item is affected in the current year. If the full retrospective method is chosen, the ASU allows some practical expedients to be used during implementation.

Langdon & Company LLP can provide further information or assist with implementation of ASU 2014-09. Please contact our office for more information.

Lee ([email protected]) is an audit manager focused primarily on single audit procedures associated with healthcare clients.

Upcoming NFP Changes: Accounting for Shared Services

by Brittany Powellaccountant-real deal

In April 2013, FASB issued ASU 2013-06 – Not-for-Profit Entities (Topic 958): Services Received from Personnel of an Affiliate which requires not-for-profit organizations to recognize contributed services received from an affiliate that directly benefit the not-for-profit entity.  This means that a not-for-profit entity may have to record services provided by an affiliate that the affiliate does not charge the recipient not-for-profit entity for.  According to ASU 2013-06, contributed services should be recognized if they meet one of the following criteria:

  1. The services provided “create or enhance nonfinancial assets”, or
  2. The services provided “require specialized skills, are provided by individuals possessing those skills, and typically need to be purchased if not provided by donations.”

Typically, in accordance with ASU 2013-06, the contributed services should be recorded “at the cost recognized by the affiliate for the personnel providing those services.”  However, if recording the services at cost would significantly misstate the value of the services received, ASU 2013-06 allows the not-for-profit entity to elect to record the contributed services at either cost or at fair value.

ASU 2013-06 will be effective for fiscal years beginning after June 15, 2014, or in other words beginning with fiscal year ended June 30, 2015 for not-for-profit entities with a June 30 year-end.  Early adoption of ASU 2013-06 is permitted.

With the approaching implementation date of ASU 2013-06, please contact our office with any questions regarding the application of ASU 2013-06 or its applicability to your not-for-profit organization.

Brittany Powell ([email protected]) is a Senior Accountant with Langdon & Company LLP.  She specializes in audit, serving a wide variety of nonprofit organizations.

The Fine Line: Debt vs. Equity

by Bennett Strickland

Distinguishing between debt and equity has long been debated in the accounting world and is one of the most complex issues in practice today.  Take an instrument like mandatorily redeemable preferred stock for example.  Is it classified as a liability or as equity?  This clearly affects reported amounts of liabilities and equity, and also things such as the debt-to-equity ratio and the asset-to-equity ratio.

debt equityThe line between liabilities and equity is also critical in measuring income.  So companies began to take advantage of manipulating their debt and equity and therefore manipulating their net income.  Neither changes in the values of a company’s outstanding equity instruments or transactions between a company and its owners, affect reported income.  Whereas, interest payments and at least some changes in the values of liabilities actually do affect reported income.

A lot of companies will try and classify their equity as debt and some may get away with it.  However, the consequences can be substantial if the IRS deems that the company needs to reclassify.  In Laidlow Transportation Inc. v. commissioner (TC Memo 1998-332), the taxpayer’s tax liability was increased by more than $55 million after the IRS made the company reclassify their debt as equity.  So when companies are walking the fine line of debt versus equity they must ask themselves, is it worth it?

The staff at Langdon & Company LLP are all too familiar with such an issue and would be happy to help your company decide which classification is proper.  Please contact our office for more information.

Bennett ([email protected]) is an auditor at Langdon & Company LLP.  He primarily focuses on healthcare and nonprofit organizations.