An audit is the systematic examination and verification of the accuracy and completeness of information presented in an entity’s financial statements by a certified public accountant (CPA).
During an audit, the CPA tests samples of transactions that occurred during the entity’s fiscal year. The CPA tests not only the amounts entered into the system, but the controls the entity has put in place to make sure that the financial statements are complete and correct. The CPA applies or projects the results of the tests to the entire population of transactions upon which the sample is based. This allows the CPA to determine, within a reasonable degree of certainty, whether the financial statements are materially correct.
Audit reports include a report, prepared by the CPA and referred to as the auditor’s opinion, that states whether the auditor believes the financial statements are materially correct.
Most of the local auditee audits submitted to the Louisiana Legislative Auditor are performed in accordance with generally accepted government auditing standards. An audit performed in accordance with government auditing standards includes another report (the Independent Auditor’s Report on Internal Control Over Financial Reporting and on Compliance and Other Matters Based on an Audit of Financial Statements Performed in Accordance with Government Auditing Standards), also prepared by the CPA, that describes any significant deficiencies or material weaknesses the auditor found in the local auditee’s internal controls, and any instances in which the local auditee did not comply with laws and regulations that are important or material for the local auditee to follow. This report is required by government auditing standards, which are promulgated in a document that is referred to as the Yellow Book; so this report is often called the Yellow Book report.
If the local auditee expended $750,000 or more in federal funds, the CPA includes another report in the audit report (the Independent Auditor’s Report on Compliance for Each Major Program and On Internal Control Over Compliance Required by the Uniform Guidance), that is often referred to as the Single Audit Report. The Single Audit report is similar to the Yellow Book report, but pertains to the tests the CPA performed on the federal funds the local auditee expended during the year.
There are differences or an expectation gap regarding what the users of audited financial statements believe that a CPA is responsible for when they perform an audit, and what the CPA is actually responsible for. For example, an audit with a clean or unmodified opinion and no findings –
- Does not ensure that there are no errors in the financial statements
- Does not ensure that the CPA found all instances of misappropriations or fraud that occurred during the year
It is the CPA’s responsibility to plan and perform his or her audit to obtain reasonable (but not absolute) assurance that the local auditee’s financial statements are free of material misstatement, whether caused by error or fraud. However, the CPA does not test every transaction that a local auditee entered into during a fiscal year. Testing every transaction is usually not necessary, and would cost most local auditees more than would be gained by performing such tests.
Persons who misappropriate funds often find ways to circumvent normally adequate controls and hide their activities in such a way that makes them difficult to detect. And, if two persons employed by a local auditee conspire or collude in an effort to misappropriate funds, or if the local auditee’s management is involved in the misappropriation, normally adequate controls may be overridden in a manner that may be almost impossible to detect by an auditor.
When errors or fraud occurs, a common public reaction is to ask, why didn’t the auditor catch it? A more appropriate question to ask is, what did the local auditee do to prevent the errors and fraud from occurring in the first place?
Did the local auditee identify the weak or risky areas in the receipt of cash and expenditure of funds that would make it possible for errors and fraud to occur? And, did they put deterrents or internal controls in place to ensure that it would be more difficult for errors and fraud to occur and not be caught?
When errors or fraud occur, the primary responsibility rests with the person who made the error or committed the fraud. Secondarily, it is the responsibility of the local auditee’s management, not the auditor, to assess the risk that errors in the financial statements and fraud will occur, and to put controls in place to prevent them from occurring.
Questions:
- If an auditor performs tests of transactions and finds out that some errors have been made; or that fraud may have occurred, what happens then?
- If a CPA cannot give absolute assurance that financial statements are error-free, or that no fraud occurred, what good are audited financial statements?
- I understand that because a CPA tests a sample of transactions, and not all of them, they may not catch immaterial errors in the financial statements, or immaterial instances of fraud. Are there repercussions for an auditor who does not catch material errors in the financial statements, or fails to report material fraud in an audit report?
- How can an auditor render a clean opinion on financial statements that report fraud or misappropriations?