Most of us would quickly respond with a profound "yes" in answer to the title question. After all, cash is highly susceptible to misappropriation and falsifying cash disbursements is the means for perpetrating and covering most frauds. In spite of this, my answer would be, "not always!"
In 1995, I began instructing classes on risk-based auditing. As we all realize, the concepts of risk-based auditing underpin the risk assessment standards that became effective in 2007 and, in fact, have guided most auditors for decades. At one of my in-house seminars for a smaller CPA firm, a senior accountant shared that her previous employment was with an international CPA firm. She said that during her last three years with that firm as an in-charge accountant, none of the audits she ran contained detailed cash tests of balances procedures! Tests of controls, analytical procedures, and reasonableness reviews of reconciliations and bank transfers and bank confirmations were the extent of cash auditing procedures.
Most auditors of smaller entities would respond: "Yes, but her clients were big with good internal control systems. My small clients are small and have none!" Maybe you simply thought, "I could never NOT audit cash!" Let me seek middle ground by saying that, at a minimum, we probably don't need to audit cash to the extent most of us are accustomed! Why? Please read on.
Our audit strategies for both large and small engagements must include sufficient risk assessment procedures. These procedures normally include obtaining and documenting an understanding of a client's accounting and internal control systems (primarily its key controls). At a minimum, a systems walk-through procedure for 5 to 15 of each type of transaction would accompany flowcharts or memos describing transactions cycles. Larger or regulatory audits may include tests of controls for all assertions at the transaction level. Risk assessment procedures should also include documentation from reading the general ledger, either by sight or by using computer-assisted auditing techniques. At the completion of these procedures, an auditor should have a good understanding of a client's business and its accounting and internal control systems.
If the results of the risk assessment procedures indicate that the risk of material misstatement for cash is high, then detailed tests of balances for cash may be necessary.
In all but the worst cases, however, risk is usually some level less than high. Further, auditing procedures for most other financial statement classifications affect cash in some way. Finally, cash balances are often not significant when compared with other financial statement classifications.
So when risk of material misstatement for cash is less than high, what auditing procedures are normally necessary? Here are my suggestions when risk is slightly less than high:
• Always request confirmations of bank balances and cutoff statements (or inspect electronic statements on a bank's website). Significant frauds have been covered up by falsifying and reproducing bank statements.
• Request bank statements and reconciliations at yearend for the largest one or two bank accounts. Trace a few larger reconciling or unusual items, and the statement balance, to the cutoff statement and/or subsequent month's bank statement. Only trace additional reconciling items if errors are discovered.
• If no significant errors are discovered, compare bank balances on year-end statements to bank confirmations or electronic statements. Review remaining statements and reconciliations for reasonableness, looking for unusual items and evidence of significant interbank or intra-bank transfers. Review cutoff statements for evidence of such transfers.
• If significant errors are discovered, consider completing detailed auditing procedures for all bank reconciliations.
• Write a memo describing the audit procedures performed (or refer to the audit program), exceptions that were identified and resolved and how the cash audit objectives have been accomplished.
Do we always have to audit cash? Not always! Using our professional judgment based on the assessed level of risk can enable us to reduce auditing procedures to a minimum, even for cash!
Guest blogger, Larry Perry, CPA has over 40 years experience as a CPA practitioner. He is an author of accounting and auditing manuals, and an author/presenter of live staff training seminars, webcasts and self-study CPE programs.