Audit Redux

Practice considerations in accepting and performing reaudits.
BY DONALD K. JR. MCCONNELL AND GEORGE Y. BANKS

EXECUTIVE SUMMARY
AN INCREASE IN AUDITOR CHANGES HAS LED t o an increase in reaudits, raising unique practice considerations for the CPAs that perform them. Reauditors can use the guidance in SAS no. 84, Communications Between Predecessor and Successor Auditors and Practice Alert 02-3, Reauditing Financial Statements to help with these engagements.

REAUDITS OCCUR FOR A NUMBER OF REASONS, including concerns about audit quality and to facilitate initial public offerings. In deciding whether to accept these engagements, CPA firms will want to contact the predecessor auditor. This may present a problem in situations where that firm no longer employs the original engagement partner or other senior audit team members.

AS WITH ALL ENGAGEMENTS, FIRMS CONSIDERING doing a reaudit should follow the client acceptance procedures in Statement on Quality Control Standards no. 2, System of Quality Control for a CPA Firm’s Accounting and Auditing Practice. In the case of a reaudit, this includes reading the prior financial statements, speaking with company management and ensuring it will be able to obtain the necessary audit evidence.

AS A RESULT OF MAKING INQUIRIES AND REVIEWING the prececessor’s audit documentation, the reauditor will obtain information that is useful in planning the reaudit. The reauditor should corroborate that information through management inquiries, inspection of key documents and other audit procedures.

IF THE REAUDITOR IS UNABLE TO GATHER EVIDENCE by reading prior audited financial statements and reviewing the predecessor’s audit documentation, it should take appropriate alternative steps including analytical procedures and a review of post-balance-sheet transactions.

DONALD K. McCONNELL JR., CPA, PhD, CFE, is professor of accounting at the University of Texas at Arlington. His e-mail address is mcconnell@uta.edu . GEORGE Y. BANKS, CPA, is a partner of Grant Thornton LLP in Dallas. He is a member of the AICPA quality control inquiry committee. His e-mail address is gbanks@gt.com .

any companies that have changed auditors over the last year have elected to undergo a reaudit of prior-period financial statements. Corporate executives and boards of directors view reaudits in conjunction with an auditor change as a way to prove due diligence and satisfy the additional responsibilities imposed on them by the Sarbanes-Oxley Act of 2002. Other companies see reaudits as a way to assuage stockholder audit quality concerns and help restore investor confidence.

Reaudits raise some unique practice considerations for CPAs. For example, what does a potential successor auditor do when a company’s previous CPA firm no longer exists or a different firm now employs the original audit team? What if the company has made significant changes to its internal controls since the original audit? Does a reauditor have to redo confirmation and inventory observations? Further, what circumstances commonly necessitate reaudits?
Some companies switching auditors have elected to have the new audit firm reexamine prior-period financial statements because of concerns about the quality of the earlier audit.

In 1997 the AICPA auditing standards board (ASB) issued SAS no. 84, Communications Between Predecessor and Successor Auditors, replacing a previous statement of the same name. SAS no. 84

Clarified the definitions of predecessor and successor auditors.

Expanded the inquiries successor auditors must make and the audit documentation the predecessor must ordinarily make available.

Suggested firms use client consent and acknowledgment letters and successor auditor acknowledgment letters to improve communications between the company’s old and new audit firms.

The standard also addressed—for the first time—the concept of reaudits and provided CPAs with broad guidance on such assurance engagements.

In 2002 the AICPA professional issues task force (PITF) issued Practice Alert 02-3, Reauditing Financial Statements, covering these and other issues. This article addresses the concerns reaudit engagements raise for both predecessor and successor auditors. The reauditor is required to make inquiries of the predecessor to help it determine whether to accept a reaudit engagement. The flowchart shows some of the issues the reauditor should evaluate in making this decision, gathering evidence to perform a reaudit, coordinating a current period audit with a reaudit and communicating with a predecessor if it appears previously issued financial statements might need to be revised.

WHY A REAUDIT?
Several circumstances commonly lead to a reaudit. As a result of problems like those Enron and WorldCom experienced, some companies switching auditors have elected to have the new audit firm reexamine prior-period financial statements because of concerns about the quality of the earlier audit. Accounting firms also face reaudit issues when companies file registration statements for initial public offerings (IPOs). Underwriters may require the same auditor to have audited the company’s financial statements for the current and all prior periods, leading to a reaudit of its earlier statements. In addition the predecessor might not be independent under SEC rules, meaning another firm must do the reaudit.

In an IPO filing, the commission requires predecessor auditor reports to accompany a subsequent report. This means a company might have to ask a predecessor to reissue its audit report. In considering reissue requests, the firm is effectively being asked to reestablish a relationship with a former client, which it may choose not to do based on factors discussed in Practice Alert 97-3, Changes in Auditors and Related Topics. In some instances the predecessor audit firm might no longer exist or may be unwilling to reissue its report. This is because common law doctrine generally imposes a gross negligence or fraud standard for recovery by third parties in the event of auditor malfeasance; the Securities and Exchange Act of 1933 allows recovery simply for ordinary negligence. In reissuing a report in connection with an IPO, the predecessor is exposed to a risk that didn’t exist originally.

However, the SEC will allow the use of limited indemnification letters to protect the predecessor auditor from litigation provided

The letters would be void, and any advanced funds returned to the former client, if the predecessor is found liable for malpractice.

The parties entered into the indemnification agreement after a successor issued an audit report on the most recent financial statements included in the IPO registration statement.

CONTACTING PREDECESSOR AUDITORS
The flowchart shows the usual considerations CPAs face in contacting a predecessor auditor, such as making reasonable initial inquiries, responding when the predecessor’s responses are limited and gaining access to predecessor audit documentation. In addition, the reauditor must clearly indicate to the predecessor that the purpose of its initial inquiries is to obtain information about whether to conduct a reaudit. This process can give rise to several complications.

The predecessor firm might not be able to fully respond because it no longer employs key members of the original audit team. This would require the reauditor to make reasonable efforts to locate the predecessor engagement partner or other senior audit team members, who may now work for another CPA firm. While this firm is not a predecessor auditor under SAS no. 84, it would nevertheless be expected to help the reauditor gain access to those individuals. Questioning prior audit team members ordinarily requires the reauditor to get authorization from the prospective client for the team members to respond. The authorization would need to be in a form satisfactory to both the firm and the individual team members and should acknowledge the firm is not putting itself in the position of a predecessor auditor.

In making initial inquiries of a predecessor, successor auditors must gather information about management integrity, communications with audit committees about fraud, illegal acts or controls-related matters and any significant audit or accounting disagreements that may have arisen. The PITF suggests firms perform these additional initial inquiries:

Talk to bankers, lawyers, underwriters or others with knowledge of management.

Read any publicly filed Form 8-K reporting the auditor change, as well as the required predecessor auditor exhibit letter.

Examine any audit committee communications the predecessor issued.

Read prospective client copies of any correspondence with the predecessor auditor or regulators.

All of these inquiries have the same purpose: to assess management’s ethics or to find evidence of unusually aggressive management stances, both of which are fraud risk factors. They can also help the potential reauditor determine if it should accept the engagement.

The reauditor also should look at the predecessor’s management representation letters, including the summary of uncorrected financial statement misstatements, as SAS no. 85, Management Representations, recently required.

In cases where the predecessor can’t or won’t reissue an audit report, reauditors should determine why and the implications that refusal might have on its own decision to accept the engagement—especially when the predecessor restricts access to audit documentation or disagreed with management about accounting or audit issues.

CLIENT ACCEPTANCE PROCEDURES
To avoid unsatisfactory client relationships, all auditors should perform the client acceptance and continuation decision procedures described in Statement on Quality Control Standards no. 2, System of Quality Control for a CPA Firm’s Accounting and Auditing Practice. However, the PITF recommends auditors take these additional steps in deciding whether to perform a reaudit:

Do background checks of key company executives. National and large regional CPA firms should designate members of their senior management or technical groups to provide required consultation and approval before accepting any reaudit engagements.

Read the previously issued financial statements to be reaudited and interview management executives such as the CEO, the CFO and the audit committee to assess significant accounting policies, balances and transactions.

Consider advising the prospective client in advance that the reauditor may find material misstatements the predecessor did not previously identify. The reauditor’s judgments about the propriety of accounting principles or materiality of uncorrected financial statement misstatements may differ from the predecessor’s.

If the reaudit is a one-time engagement, the potential reauditor should ask itself why the company did not ask the reauditor to perform the current period audit and might, on that basis, decide not to accept the engagement.

Determine if the potential reauditor will be able to obtain third-party confirmations or other primary audit evidence as of the balance sheet date(s) or, alternatively, confirmation as of a subsequent date with appropriate tests of intervening transactions.

Determine if the potential reauditor will be able to obtain necessary audit evidence in significant areas such as inventory and revenue.

If client management has changed, the potential reauditor should see if the current management is willing—and has sufficient knowledge—to provide required management representations at the end of the reaudit. Management may believe it’s not responsible for prior financial statements; however, the reauditor still needs to get signed representations for all periods it reports on. Firms should discuss these issues with management early in the reaudit process.

If internal controls have changed significantly since the original audit, the potential reauditor should make sure it can get an adequate understanding of the internal controls in operation during the reaudit period to plan the engagement.

If the company processes significant amounts of information electronically, and no other documentation of those transactions exists, the potential reauditor should make certain it can gather sufficient audit evidence for material assertions.

PLANNING THE REAUDIT
Typically, a predecessor auditor will not make audit documentation available to a successor before that firm accepts the engagement. The reauditor should ask the client to authorize the predecessor to provide documentation for the period in question, as well as for prior periods. SAS no. 84 suggests access will be greater if the reauditor signs an acknowledgment letter concerning use of the documentation. This letter ordinarily says the reauditor will not comment orally or in writing about whether the predecessor did its work in accordance with GAAS nor will the reauditor provide expert testimony or litigation support on the quality of the predecessor’s work.

To avoid misunderstandings the predecessor auditor should obtain consent and acknowledgment letters from the client that will document client permission for the reauditor to examine the predecessor’s audit documentation and that the reauditor is undertaking the review solely to help plan its audit. SAS no. 84 expands prior guidance on the list of audit documentation the predecessor should ordinarily be allowed to look at to include planning, internal controls and audit results.

As a result of its inquiries and review of the predecessor’s audit documentation, the reauditor may find information useful in planning the reaudit. The reauditor should corroborate the information through management inquiries, inspecting key documents and other audit procedures. To maximize efficiency and effectiveness, the firm should coordinate reaudit planning with planning for the current audit. For example, transactions and events audited for the current year may well provide evidence concerning the reaudit year’s financial statements.

INTERNAL CONTROL ISSUES
The standards require a reauditor to obtain an understanding of the company’s internal controls for the periods on which it will report using one of two approaches. If the reauditor has gained an understanding at least in part by reviewing the predecessor’s audit documentation, it should perform procedures to corroborate that understanding, such as tracing transactions through each significant cycle in the accounting system. If the reauditor wishes to assess control risk below maximum, it must perform appropriate tests of key controls to evaluate operating effectiveness during the reaudit period.

Alternatively, the reauditor may test operating effectiveness of key controls during a current audit and also test significant changes, if any, in internal controls from the reaudit period(s). If it’s not feasible to test changes and the reauditor will assess control risk at maximum, the firm should evaluate whether it can design effective substantive tests to support assertions for a company that processes and reports a significant portion of its information electronically.

SUBSTANTIVE REAUDIT PROCEDURES
SAS no. 84 says the reauditor must obtain “sufficient competent evidential matter” and that information it gathers from inquiries and a review of predecessor audit documentation is not sufficient to express an opinion on the reaudited financial statements. However, in performing the reaudit CPAs may consider the results of current period audit procedures, in conjunction with an appropriate rollback. Rollback procedures involve applying substantive audit procedures to transactions that occur between a current period yearend or inventory observation date and the reaudit balance sheet date. In applying analytical procedures, the reauditor must independently develop expectations to use in identifying matters requiring further investigation. Successful review of predecessor audit documentation may affect the nature, timing and extent of procedures about opening balances and the consistency of accounting principles. Reaudits also raise issues in a number of other substantive testing areas.

Where inventory is material to the reaudit period(s), the reauditor should observe or perform physical inventory counts at a date subsequent to the reaudit period. To maximize audit efficiency, CPAs can do this in conjunction with a current period audit. This would require the reauditor to roll back inventory amounts to prior periods, test intervening transactions and perform analytical procedures.

CPAs may handle reaudit confirmation procedures in one of two ways. The reauditor may consider confirmation responses the predecessor obtained—provided it can get copies. Acceptable confirmations include cash, related party, accounts receivable and debt. However, the reauditor is responsible for conclusions on the adequacy of those responses, including number and quality, and for performing alternative procedures on nonresponding positive requests. Nevertheless the firm may wish to directly confirm significant matters where it is relying on predecessor confirmation procedures. For example, the reauditor should directly obtain attorneys’ letter confirmation responses about significant legal considerations.

Alternatively, if the reauditor cannot get copies of confirmation requests from the predecessor reconfirmation may be more effective. If the reauditor elects to directly perform confirmation procedures, it should either reconfirm amounts or terms of balances and transactions as of the balance sheet date of the reaudit period, or confirm as of a subsequent date and test intervening transactions. Further, the firm should perform appropriate subsequent events procedures, such as examining cash collection, to provide additional evidence on valuation assertions.

The reauditor must obtain evidence of opening balances for the financial statements being audited as well as how consistently the company applied accounting principles. It can do this by

Reading prior-period audited financial statements and the related auditor’s report.
Making inquiries of the predecessor auditors.
Reviewing the predecessor’s audit documentation.
Performing audit procedures in a subsequent year’s audit.

The reauditor ordinarily will have a greater degree of comfort about opening balances and consistency where the predecessor’s opinion was unqualified, there were few significant accounting issues or disagreements on accounting issues or audit scope and the predecessor auditor has a sound professional reputation. Practice Alert 97-3 provides further detailed guidance.

The reauditor may be unable to obtain evidence by reading prior-period audited financial statements and the related auditor’s report or accessing the predecessor’s audit documentation. In such instances the PITF suggests CPAs perform appropriate alternative procedures with respect to opening balances as of the beginning of the reaudit period and the consistency of accounting principles. This includes analytical procedures and a review of post-balance-sheet transactions. Performing audit procedures on transactions and significant journal entries during the reaudit period should give CPAs evidence on opening balances.

Recent pronouncements require auditors to evaluate the effects of uncorrected financial statement misstatements and to get appropriate management representations about them. The reauditor must consider the effects of such misstatements on both opening and closing reaudit period balances. However, the reauditor and the predecessor may have different ways of evaluating the effect of these uncorrected misstatements. As a result, the reauditor may not agree with the decisions the client and predecessor made on the materiality and disposition of the misstatements. The reauditor is solely responsible for getting sufficient evidence to evaluate the significance of uncorrected financial statement misstatements—identified by the predecessor or by the reauditor—including those at the beginning or end of the reaudit period.

REAUDIT REPORT ISSUES
The reauditor may use the work and reports of other auditors who have examined the financial statements of one or more of a company’s consolidated subsidiaries or divisions. Under these circumstances the reauditor should not issue an opinion reflecting divided responsibility without informing the predecessor that the reauditor will rely or refer to the predecessor’s report on those entities. Because the reaudit report is ordinarily dated as of the end of fieldwork, the reauditor must apply subsequent-events-review procedures through that date. The firm may conclude internal controls deficiencies prevent it from obtaining sufficient evidence to issue a standard report. This would require the reauditor to qualify or disclaim an opinion on the financial statements. As the SEC generally will not accept such reports, the reauditor may decide to resign from the engagement. For legal reasons, the firm’s engagement letter establishing an understanding with the client should address that possibility.

A PRESCIENT AUDIT STANDARD?
The ASB was seemingly forward-thinking in issuing broad guidance on reaudits in SAS no. 84. Once rather unusual, reaudits have become increasingly common as companies switching auditors have voluntarily elected such arrangements. Recent SEC disclosure requirements and passage of Sarbanes-Oxley have greatly expanded corporate governance responsibilities for CEOs, CFOs and, perhaps especially, for corporate board members and independent audit committees. CEOs and CFOs must now certify their 10-K and 10-Q filings and have expanded duties in communicating and coordinating with audit committees.

SPONSORED REPORT

Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

QUIZ

News quiz: IRS warning on cyberattacks and a change in pension rules

Once again, the IRS sounds the alarm about a threat from cyberthieves. See how much you know about this and other recent news with this short quiz.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.