External auditor

Last updated

An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. [1] Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.

Contents

The manner of appointment, the qualifications, and the format of reporting by an external auditor are defined by statute, which varies according to jurisdiction. External auditors must be members of one of the recognised professional accountancy bodies. [2] External auditors normally address their reports to the shareholders of a corporation. In the United States, certified public accountants are the only authorized non-governmental external auditors who may perform audits and attestations on an entity's financial statements and provide reports on such audits for public review. In the UK, [3] Canada and other Commonwealth nations Chartered Accountants and Certified General Accountants have served in that role.

For public companies listed on stock exchanges in the United States, the Sarbanes-Oxley Act (SOX) has imposed stringent requirements on external auditors in their evaluation of internal controls and financial reporting. In many countries external auditors of nationalized commercial entities are appointed by an independent government body such as the Comptroller and Auditor General. Securities and Exchange Commissions may also impose specific requirements and roles on external auditors, including strict rules to establish independence. [4]

Organization & services

In some countries, audit firms may be organized as LLCs or corporate entities. The organization of audit firms has been a subject of debate in recent years on account of liability issues. For example, there are rules in EU member states that more than 75% of the members of an audit firm must be qualified auditors. [5] In India, audit firms can only be partnerships of qualified members of The Institute of Chartered Accountants of India.

In the USA, the external auditor also performs reviews of financial statements and compilation. In review auditors are generally required to tick and tie numbers to general ledger and make inquiries of management. In compilation auditors are required to take a look at financial statement to make sure they are free of obvious misstatements and errors. An external auditor may perform a full-scope financial statement audit, a balance-sheet-only audit, an attestation of internal controls over financial reporting, or other agreed-upon external audit procedures. [6]

External auditors also undertake management consulting assignments. Under statute, an external auditor can be prohibited from providing certain services to the entity they audit. This is primarily to ensure that conflicts of interest do not arise. The independence of external auditors is crucial to a correct and thorough appraisal of an entity's financial controls and statements. Any relationship between the external auditors and the entity, other than retention for the audit itself, must be disclosed in the external auditor's reports. These rules also prohibit the auditor from owning a stake in public clients and severely limits the types of non-audit services they can provide.

The primary role of external auditors is to express an opinion on whether an entity's financial statements are free of material misstatements.

Difference from internal auditor

Internal auditors who are members of a professional organization would be subject to the same code of ethics and professional code of conduct as applicable to external auditors. They differ, however, primarily in their relationship to the entities they audit. Internal auditors, though generally independent of the activities they audit, are part of the organization they audit, and report to management. Typically, internal auditors are employees of the entity, though in some cases the function may be outsourced. The internal auditor's primary responsibility is appraising an entity's risk management strategy and practices, management (including IT) control frameworks and governance processes. [7] They are also responsible for the internal control procedures of an organization and the prevention of fraud. [8]

Detection of fraud

If an external auditor detects fraud, it is their responsibility to bring it to the management's attention and consider withdrawing from the engagement if management does not take appropriate actions. Normally, external auditors review the entity's information technology control procedures when assessing its overall internal controls. They must also investigate any material issues raised by inquiries from professional or regulatory authorities, such as the local taxing authority.

External Auditors' Liability to Third Parties

Auditors may be liable to 3rd parties who are damaged by making decisions based on information in audited reports. This risk of auditors' liability to third parties is limited by the doctrine of privity. An investor or creditor, for instance, can not generally sue an auditor for giving a favorable opinion, even if that opinion was knowingly given in error.

The extent of liability to 3rd parties is established (in general) by 3 accepted standards: Ultramares, restatement, and foreseeability.

Under the Ultramares doctrine, auditors are only liable to 3rd parties who are specifically named. The Restatement Standard opens up their liability to named "classes" of individuals. The foreseeability standard puts accountants at the most risk of liability, by allowing anyone who might be reasonably foreseen to rely on an auditor's reports to sue for damages sustained by relying on material information.

While the Ultramares doctrine is the majority rule, (to the relief of many new and budding accountants pursuing an auditing career!) the restatement standard is preferred in several states and is growing in popularity. The foreseeability standard will not likely be widely adopted anytime soon because the cost (time and financial) of litigation would be enormous.

CFOs, company accountants, and other employees are not provided the same luxuries of the doctrine of privity. Their material actions and statements open them (and their companies) up to liability from third parties damaged by relying on these statements.

See also

Related Research Articles

<span class="mw-page-title-main">Sarbanes–Oxley Act</span> United States law covering finance and accountability

The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations.

<span class="mw-page-title-main">Financial statement</span> Formal record of the financial activities and position of a business, person, or other entity

Financial statements are formal records of the financial activities and position of a business, person, or other entity.

<span class="mw-page-title-main">Audit</span> Systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Financial audit</span> Type of audit

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

An auditor is a person or a firm appointed by a company to execute an audit. To act as an auditor, a person should be certified by the regulatory authority of accounting and auditing or possess certain specified qualifications. Generally, to act as an external auditor of the company, a person should have a certificate of practice from the regulatory authority.

<span class="mw-page-title-main">Auditor's report</span> Type of written document

An auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit, as an assurance service in order for the user to make decisions based on the results of the audit.

Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial Statement Audit, commonly abbreviated as SAS 99, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in October 2002. The original exposure draft was distributed in February 2002. Please see PCAOB AS 2401.

<span class="mw-page-title-main">Generally Accepted Auditing Standards</span>

Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).

<span class="mw-page-title-main">Going concern</span>

A going concern is a business that is assumed will meet its financial obligations when they become due. It functions without the threat of liquidation for the foreseeable future, which is usually regarded as at least the next 12 months or the specified accounting period. The presumption of going concern for the business implies the basic declaration of intention to keep operating its activities at least for the next year, which is a basic assumption for preparing financial statements that comprehend the conceptual framework of the IFRS. Hence, a declaration of going concern means that the business has neither the intention nor the need to liquidate or to materially curtail the scale of its operations.

<span class="mw-page-title-main">Materiality (auditing)</span> Concept in auditing and accounting

Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework such as Generally Accepted Accounting Principles (GAAP).

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

<span class="mw-page-title-main">SOX 404 top–down risk assessment</span>

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.

Management assertions or financial statement assertions are the implicit or explicit assertions that the preparer of financial statements (management) is making to its users. These assertions are relevant to auditors performing a financial statement audit in two ways. First, the objective of a financial statement audit is to obtain sufficient appropriate audit evidence to conclude on whether the financial statements present fairly, in all material respects, the financial position of a company and the results of its operations and cash flows. In developing that conclusion, the auditor evaluates whether audit evidence corroborates or contradicts financial statement assertions. Second, auditors are required to consider the risk of material misstatement through understanding the entity and its environment, including the entity's internal control. Financial statement assertions provide a framework to assess the risk of material misstatement in each significant account balance or class of transactions.

<i>Ultramares Corp. v. Touche</i>

Ultramares Corporation v. Touche, 174 N.E. 441 (1932) is a US tort law case regarding negligent misstatement, decided by Cardozo, C.J. It contained the now famous line on "floodgates" that the law should not admit "to a liability in an indeterminate amount for an indeterminate time to an indeterminate class."

<span class="mw-page-title-main">Entity-level controls</span>

Entity-level controls are controls that help to ensure that management directives pertaining to the entire entity are carried out. They are the second level of a to understanding the risks of an organization. Generally, entity refers to the entire company.

Regulation S-X is a prescribed regulation in the United States of America that lays out the specific form and content of financial reports, specifically the financial statements of public companies. It is cited as 17 C.F.R. Part 210; the name of the part is "Form and Content of and Requirements for Financial Statements, Securities Act of 1933, Securities Exchange Act of 1934, Public Utility Holding Company Act of 1935, Investment Company Act of 1940, Investment Advisers Act of 1940, and Energy Policy and Conservation Act of 1975".

Whether providing services as an accountant or auditor, a certified public accountant (CPA) owes a duty of care to the client and third parties who foreseeably rely on the accountant's work. Accountants can be sued for negligence or malpractice in the performance of their duties, and for fraud.

The Model Audit Rule 205, Model Audit Rule, or MAR 205 are the commonly applied terms for the Annual Financial Reporting Model Regulation. Model Audit Rule is a financial reporting regulation applicable to insurance companies, and borrows significantly from the Sarbanes Oxley Act of 2002. The Model Audit Rule is co-developed by the American Institute of Certified Public Accountants (“AICPA”) and National Association of Insurance Commissioners (“NAIC”) and issued by NAIC with revisions in 2006 and has taken effect in 2010.

Statement on Standards for Attestation Engagements no. 18 is a Generally Accepted Auditing Standard produced and published by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board. Though it states that it could be applied to almost any subject matter, its focus is reporting on the quality of financial reporting. It pays particular attention to internal control, extending into the controls over information systems involved in financial reporting. It is intended for use by Certified Public Accountants performing attestation engagements, the preparation of a written opinion about a subject, and the client organizations preparing the reports that are the subject of the attestation engagement. It prescribes three levels of service: examination, review, and agreed-upon procedures. It also prescribes two types of reports: Type 1, which includes an assessment of internal control design, and Type 2, which additionally includes an assessment of the operating effectiveness of controls. Published April 2016, SSAE 18 and all previous standards it supersedes are represented in section AT-C of the AICPA Professional Standards, with most sections becoming effective on May 1, 2017.

References

  1. Institute of Internal Auditors Archived 2010-11-23 at the Wayback Machine
  2. Audit requirements for UK Companies
  3. Audit requirements for UK Companies
  4. Australian Securities Commission Act - Appointment & Independence of Auditors [www.treasury.gov.au/documents/294/RTF/chap07.rtf]
  5. Ownership rules of audit firms
  6. Internal and External Audits; Comptroller's Handbook Archived 2010-11-07 at the Wayback Machine
  7. Gramling, Audrey A.; Nuhoglu, Nur Irem; Wood, David A. (September 2013). "A Descriptive Study of Factors Associated with the Internal Audit Function Policies Having an Impact: Comparisons Between Organizations in a Developed and an Emerging Economy". Turkish Studies. 14 (3): 581–606. doi:10.1080/14683849.2013.833019. S2CID   145381015.
  8. Internal and External Audits; Comptrollers Handbook Archived 2010-11-07 at the Wayback Machine
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.