Risk and Accounts Payable
For accounts payable, an entity’s accounting and internal control system over purchases, payables and cash disbursements will affect the nature, extent and timing of tests of balances procedures. Larger entities will normally have designed entity and activity-level controls that result in all accounts payable being recorded, at the proper amounts and in the proper period. Smaller entities may be expected to have a good accounting system and informal policies, procedures and, at the least, key internal controls. Most of these key controls are performed at the entity-level by management-level persons.
Entity-level and activity-level controls for smaller entities may consist of the following:
ACCOUNTS PAYABLE—ENTITY-LEVEL KEY CONTROLS
1. Owner or manger approves all vendors and accounts with creditors.
2. Owner or manager approves all vendor payments.
3. Owner or manger receives and reviews unpaid vendor invoices and statements monthly.
ACCOUNTS PAYABLE—ACTIVITY-LEVEL CONTROLS
1. Vendor invoices are entered in the purchases journal when received.
2. Vendor invoices and supporting documents are reviewed by the check signer.
3. Vendor invoices are cancelled when checks are signed.
4. Vendor invoices or receiving reports contain the date goods were received.
5. Unpaid vendor invoices are maintained in a file separate from paid invoices.
The design and operation of these controls will determine control risk for accounts payable. The assessed level of control risk is combined with the auditor’s assessment of inherent risk (usually low for accounts payable) to determine the assessed level of risk of material misstatement. When entity-level key controls are operating, control risk and risk of material misstatement are usually moderate. Moderate levels of risk of material misstatement will result in smaller amounts of tolerable misstatement and smaller lower limits for individually significant items at the financial statement and assertion levels.
An auditing absolute is that risk always affects materiality levels. Materiality levels always affect the amount of work necessary for the auditor to evaluate relevant financial statement assertions.
Risk and Accrued Expenses and Other Liabilities
Larger entities may design internal controls over the adjusting and closing entries at the end of a period, monthly or annually. These internal controls will ordinarily include the processes for determining the amounts of expense accruals and other liabilities to be recorded and the review of amounts proposed for adjustment. Qualified personnel operating these internal controls may reduce the assessed level of misstatement for accrued expenses.
On the other hand, smaller entities ordinarily would not have internal controls over the periodic accrual of expenses. They may not even prepare journal entries to accrue expenses! The auditor is often the person determining the propriety and amounts of accrued expenses at the entity’s year-end. Year-end tests of balances will normally include the determination of necessary accruals and their calculation. Since the end-of-year accruals should be part of management’s internal control over financial reporting, their inability to calculate appropriate adjustments would likely be at least a significant deficiency in the internal control communication letter. The proposed adjustments for expense accruals, along with others resulting from the audit, must be reviewed and approved by an employee of the reporting entity with suitable skill, knowledge or experience to prevent impairment of the auditor’s independence.
Efficient substantive procedures for accounts payable and other account classifications resulting from cost-beneficial audit strategies are discussed in my live and on-demand webcasts which can be accessed by clicking the applicable box on the left side of my home page, www.cpafirmsupport.com.