Dr Barry Jay Epstein, Accounting Expert at Epstein + Nach LLC

The author – a former auditor and longtime litigation consultant – has found that, like Tolstoy’s happy families, virtually all inadequately performed audits are alike. In the audit failure arena, they almost inevitably exhibit fatal flaws in their planning processes. Litigators seeking to establish accountant liability in malpractice cases – as well as those charged with the equally important task of defending the work of the auditors – would thus be well-advised to understand the fundamental role of audit planning, and the common missteps that plague it.

Proper planning is essential for an effectively conducted audit, and must be ongoing throughout the conduct of the audit. In its absence, the likelihood that an audit will be properly executed would be rendered remote. It is thus a threshold issue in evaluating the quality of any audit ostensibly performed under either U.S. GAAS or international auditing standards (ISA).

Litigators practicing accountants’ malpractice should become familiar with the following five elements of the planning process, which are of paramount importance. When these have not been addressed, it strongly implies that the audit did not comport with generally accepted auditing standards.

1. Understanding of the client’s business

Auditors are required to obtain an understanding of the client entity, including its business, environment, and internal control, sufficient to identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, and sufficient to design and perform further audit procedures. Indeed, this understanding establishes a frame of reference within which the auditors plan the audit, exercise professional judgment, design and execute tests, gather and evaluate evidence, and reach the ultimate conclusion regarding the financial statements’ conformity with GAAP, IFRS, or any other basis of presentation.

Prior experience with the client itself, and with business generally, is important to the planning process, but auditors err when continuity of past practices and conditions is assumed, because in a dynamic environment this will typically not hold true. There should be fresh documentation of an understanding reflecting the reporting entity’s current business activities and environmental conditions.

2. Analytical Procedures

Planning requires analytical procedures by the auditors. These essentially serve as a screening device to flag those areas that might warrant special, extended attention during the substantive phases of the audit. Importantly, planning stage analytical procedures cannot be of the simplistic “last year versus this year” variety, but must compare auditors’ expectations against the client entities’ preliminary financial data. Not doing so is frequently the reason for audit failures.

3. Risks assessments

A required part of the planning procedures for every audit is for the auditors to consider the various risks that are facing the client entity, as well as management’s processes for coping with those risks. Under current standards, this must include “brainstorming” by the audit team, flushing out the means by which financial reporting fraud could be perpetrated. Since this requirement was imposed, auditing has become more effective, if still not infallible, at detecting financial reporting fraud.

Although auditors are not responsible for identifying and understanding all business risks faced by the reporting entity, they must consider a range of so-called inherent risks, which relate not only to the client’s industry-specific complexities and exogenous factors such the economic environment in which it is currently operating, but also the complications posed by specific accounting principles that the reporting entity must, or has chosen to, comply with.

4. Internal Controls

Auditors must gain an understanding of an entity’s internal control structure sufficient to plan the audit, by performing procedures to understand the design of policies and procedures relevant to audit planning and whether they have been placed in operation. This understanding is required even if the auditors do not intend to rely on the reporting entity’s controls as a basis for modifying or truncating their auditing procedures.

Unfortunately, there historically has been a tendency to pay only lip service to internal controls, or to excuse clients from complying due to perceived unfavorable cost-benefit trade-offs. This not only puts the reporting entity at risk, but also greatly increases the risk that the audit will be improperly performed.

5. Planning Materiality

The determination of planning materiality is a required, and it establishes the threshold measure to be applied in a number of subsequent audit decisions. Setting a too-high threshold translates into reduced levels of required audit effort, resulting, potentially, in considering insufficient amounts of evidence upon which to formulate a professional opinion, and in the “passing” of audit adjustments that otherwise would have been strongly encouraged or demanded of the client.

Materiality determinations must consider qualitative factors as well as quantitative aspects. For example, certain accounts or transaction types, even if quantitatively not material, could be important in planning the audit, because they might indicate the presence of other risks that could have quantitatively material effects.

Implications for litigators

From the plaintiff attorneys’ perspective, determining that planning procedures failed to comply with GAAS or ISA provides a prima facie argument that audit failure occurred. A lack of proper planning would have made it problematic that a GAAS- or ISA-compliant audit could have been executed under the circumstances.

For defending attorneys, if planning was properly performed and the audit procedures designed were responsive to information obtained during the planning process, it might well be the case that deficiencies in the conduct of the audit could be excused as “random human errors,” not indicative of systemic audit failure comprising auditor malpractice.

Thus, the extent to which planning did or did not conform to professional auditing standards may well be of vital interest to both complainants and respondents in accountants’ liability matters. Therefore, these considerations need to be fully vetted by both sides to any such litigation.