Model audit

Last updated

A model audit is the colloquial term for the tasks performed when conducting due diligence on a financial model, in order to eliminate spreadsheet error. Model audits are sometimes referred to as model reviews, primarily to avoid confusion with financial audit. A study in 1998 concluded that even MBA students with over 250 hours of spreadsheet development experience had a 24% chance of introducing spreadsheet error. [1] Model audits are typically requested by banking organizations, in order to reassure lenders and investors alike that the calculations and assumptions within the model are correct, and that the results produced by the model can be relied upon. When a comprehensive review of the model is required, the scope of review is often extended to include tax and accounting, sensitivity testing and the checking of data contained within the model back to the original financing and legal documentation.

Contents

Purpose

The purpose of a model audit is to provide assurance that the results can be relied upon. For this reason, the party conducting the review will provide a level of reliance on the form of an amount of liability. This may range from a multiple of the fee (2×, 3×, 4× fee, etc.) to a fixed amount, often up to US$20 million[ citation needed ]. In the event an error or omission is found in the model due to the model auditor's negligence, the organization relying on the report may choose to sue the model auditor in order to recover any loss.

The objective of the model audit should be to the reduce financial risk that is being taken on by under[ clarification needed ] the transaction to which the financial model relates. As such, it is more important to ensure that the model audit has the proper scope, and is undertaken using a robust methodology, to identify material errors than to negotiate a liability cap if material errors are not identified.[ citation needed ] The model audit is not, or at least not as a primary purpose, an insurance policy, it is for reducing the financial risk that is being taken on.[ citation needed ]

Typical scope

For a full-scope model audit, the following elements would usually be included:

Application

Model audit has predominately been related to project finance and infrastructure finance, including Public Private Partnership ("PPP") transactions (including PFI in the UK and P3 in the USA).

Model audits are applicable to any financial model that is used to support the taking on of any financial risk, e.g. valuation models, operational models, refinancing models, portfolio model, M&A models etc.

How it is conducted

Most financial models are produced using spreadsheet software. The model will routinely contain sheets for input data, formulas (the 'workings') which drive the model, and outputs, which are usually in the form of financial statements (balance sheet, income statement, cash flow statement, etc.).

Model auditors may undertake a detailed 'bottom-up' review (cell-by-cell checks) of each unique formula, and/or combine a 'top-down' analysis such as the performance of calculations based upon the project's documentation

There is some debate as to whether a "cell-by-cell" or performance approach is most appropriate. A model auditor may emphasize one or the other or use a combination of both approaches.

Competitive dialogue for PPPs

Procurement of public-private projects is often undertaken under a competitive dialogue regime. This requires bidders to commit earlier in the process, and the implication of not identifying errors in a financial model at any early stage could be that a bidder is unable to rectify the error.

As a result, financial models are being checked earlier in the bid process, not just at financial close – these are known as pre-preferred bidder reviews. In some cases, these will have almost the same scope as a financial close model audit (but with documentation review limited as this will still be being drafted), but in other cases, the pre-preferred bidder review will be limited to an agreed scope of procedures with the objective of maximizing risk mitigation whilst minimizing the fee. The benefits of a pre-preferred bidder review is that it should lead to a reduced model audit fee at financial close.

The introduction of this process to North America has been controversial. The City of Brampton, for instance, has faced lawsuits [2] and controversy [3] [4] about use of the process.

Cost and duration

A model audit may take between 1 and 5 weeks[ citation needed ], but this does not include the time taken by the model author to rectify the errors identified by the model auditor. The fee is largely dependent upon the scope of review, the number and complexity of the unique formulae in the model, the volume and complexity of the documentation and the number of versions of the model/documentation to be reviewed.

The cost will also depend on the seniority of staff undertaking the work[ citation needed ]. Planning of the model audit, as for a statutory audit, is vital to mitigating risk,[ citation needed ] and thus this needs to be undertaken by senior staff. In planning, the elements of the model audit should be allocated to staff with the appropriate level of experience, technical expertise (e.g. tax or accounting) and seniority. The senior staff needs to look at the big picture of the model to ensure that it makes sense as a whole.[ citation needed ]

Related Research Articles

<span class="mw-page-title-main">Spreadsheet</span> Computer application for organization, analysis, and storage of data in tabular form

A spreadsheet is a computer application for computation, organization, analysis and storage of data in tabular form. Spreadsheets were developed as computerized analogs of paper accounting worksheets. The program operates on data entered in cells of a table. Each cell may contain either numeric or text data, or the results of formulas that automatically calculate and display a value based on the contents of other cells. The term spreadsheet may also refer to one such electronic document.

<span class="mw-page-title-main">Audit</span> Independent examination of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Financial audit</span> Type of audit

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

<span class="mw-page-title-main">Auditor's report</span> Type of written document

An auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit, as an assurance service in order for the user to make decisions based on the results of the audit.

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

<span class="mw-page-title-main">External auditor</span> Person who audits an entitys financial statements and is independent of that entity

An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

A software audit review, or software audit, is a type of software review in which one or more auditors who are not members of the software development organization conduct "An independent examination of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria".

<span class="mw-page-title-main">Internal audit</span> Independent, objective assurance and consulting activity

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

<span class="mw-page-title-main">Materiality (auditing)</span> Concept in auditing and accounting

Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework, such as the Generally Accepted Accounting Principles (GAAP) which is the accounting standard adopted by the U.S. Securities and Exchange Commission (SEC).

Corrective and preventive action consists of improvements to an organization's processes taken to eliminate causes of non-conformities or other undesirable situations. It is usually a set of actions, laws or regulations required by an organization to take in manufacturing, documentation, procedures, or systems to rectify and eliminate recurring non-conformance. Non-conformance is identified after systematic evaluation and analysis of the root cause of the non-conformance. Non-conformance may be a market complaint or customer complaint or failure of machinery or a quality management system, or misinterpretation of written instructions to carry out work. The corrective and preventive action is designed by a team that includes quality assurance personnel and personnel involved in the actual observation point of non-conformance. It must be systematically implemented and observed for its ability to eliminate further recurrence of such non-conformation. The Eight disciplines problem solving method, or 8D framework, can be used as an effective method of structuring a CAPA.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

<span class="mw-page-title-main">SOX 404 top–down risk assessment</span>

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.

<span class="mw-page-title-main">Reconciliation (accounting)</span>

In accounting, reconciliation is the process of ensuring that two sets of records are in agreement. It is a general practice for businesses to create their balance sheet at the end of the financial year as it denotes the state of finances for that period. Reconciliation is used to ensure that the money leaving an account matches the actual money spent. This is done by making sure the balances match at the end of a particular accounting period.

<span class="mw-page-title-main">Continuous auditing</span>

Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.

<span class="mw-page-title-main">Entity-level control</span>

An entity-level control is a control that helps to ensure that management directives pertaining to the entire entity are carried out. These controls are the second level to understanding the risks of an organization. Generally, entity refers to the entire company.

The chief audit executive (CAE), director of audit, director of internal audit, auditor general, or controller general is a high-level independent corporate executive with overall responsibility for internal audit.

<span class="mw-page-title-main">Control self-assessment</span> Technique to assess process effectiveness

Control self-assessment is a technique developed in 1987 that is used by a range of organisations including corporations, charities and government departments, to assess the effectiveness of their risk management and control processes.

Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.

Artificial intelligence is used by many different businesses and organizations. It is widely used in the financial sector, especially by accounting firms, to help detect fraud.

References

  1. Panko, Raymond (1997–2005). "Errors During Spreadsheet Development Experiments". Study. Shidler College of Business, Hawaii. Archived from the original on 21 September 2008. Retrieved 17 July 2008.
  2. Grewal, San (13 July 2011). "He built city hall. Now he's suing it". The Brampton Guardian. Toronto ON. Retrieved 14 July 2011.
  3. Douglas, Pam (25 March 2010). "City plans under wraps". The Brampton Guardian. Brampton ON. Retrieved 14 July 2011.
  4. Douglas, Pam (29 March 2011). "Conflict allegations raised at city". The Brampton Guardian. Brampton ON. Retrieved 14 July 2011.