Tag Archives: oversight

Stone

Hunger strikes and supporting documentation

One of the bigger news stories in Canada of late is the ongoing hunger strike of a First Nations chief, osten­sibly being carried out to force a meeting with the Prime Minister to discuss condi­tions on the remote northern Ontario Attawapiskat reservation.

The legacy of the “discovery” and settlement of North America by Europeans and their subse­quent relationship with natives is a topic far too complex for this blog, but the story took on an element of particular interest with the “leak” of a Deloitte audit report on the admin­is­tration of the community.

That report has been posted online in its entirety.

Deloitte sampled 400 trans­ac­tions from the G/L across the 6⅔ years in scope. Sixty per year and 40 for the eight month period ending November 30, 2011. Slightly less than 20% of the 400 had no issues. No supporting documen­tation was available for just over 60% of the sample, and the other 20% was either incom­plete or the occur­rence of the under­lying event was questionable. It should be noted though that in the most recent 20 months reviewed, only for 31 of the 100 samples was there no supporting documentation.

What the audit didn’t do (and wasn’t designed to) was determine whether $104M over that time period is adequate for the population on the reserve. It’d be an inter­esting analysis to look at the number of house­holds, average people per household, repairs and mainte­nance funding per household and per person, and figure out whether there is enough funding to support their needs or not. That’s the heart of the issue.

Audit committees recognize IT risks should be a focus

Dan Meyer at Tick Marks has brought my attention to a KPMG survey that reports audit committees are becoming more concerned about IT risks on financial reporting.

90% believed that IT oversight deserved more time at audit committee meetings. By constrast, 80% of committee members were satisfied with audit committee oversight of management judgments and estimates and 60% felt that committees were spending suffi­cient time on these issues.

Good to see audit committees are looking into this area with greater scrutiny. IT is often an area where firms of all sizes could benefit from increased focus and constantly thinking of ways to improve their controls and processes.

But what about the 20% that is satisfied with audit committee oversight of management judgments and estimates, but do not believe suffi­cient time is being spent on the issue? How can you feel an area needs more time and yet be satisfied with the oversight? This is why looking at surveys is fun.

The ACI survey findings demon­strate a huge gap between the impor­tance that audit committees place on IT risk and how much time they spend focused on it during their already busy meetings,” Smith said. “Since audit committees generally have only basic IT experience, there may be a reluc­tance to invite chief infor­mation officers and chief technology officers to their meetings, in part, because there is a lack of common vocabulary.”

Audit committees need to have at least one member who has a high level of knowledge in IT as it relates to financial reporting. There is no excuse for lacking someone with a good grasp on the IT risks the organi­zation faces. And CIOs and CTOs aren’t enough — CFOs need to have a more than basic under­standing, and even lower down in the accounting department.

I’m really pleased that the CICA has been so proactive towards training CAs on this topic. IT is one of the six topics covered in the profes­sional exam process. (The others are audit/assurance, perfor­mance measurement, tax, finance, and organi­za­tional effec­tiveness, control and risk management.) Clearly there is some overlap between the last compe­tency and IT.

An in-depth discussion of the six CA compe­tencies is published by the Institute and available here (pdf).

Canadian audit overseer reports problems and solutions

The Canadian audit oversight body, the Canadian Public Account­ability Board, announced Friday that last year they dereg­is­tered a small firm in Vancouver (which has since gone out of business) and prevented three other small firms from accepting new client due to deficiencies in their audits discovered upon inspection.

My initial thought was, these small firms have public company clients? The CPAB is charged with overseeing only firms that audit public companies, therefore I guess they must. Good on them. Generally public companies choose auditors with more expertise on board that a partner or two and a handful of staff. This is because of their often complex accounting needs and the greater security that comes with a firm that can take on higher liability.

CPAB said yesterday it reviewed 121 audits performed by Canada’s six largest accounting firms last year, and found five cases where the work was so deficient that the companies involved had to correct or restate their reported financial results.

Another nine of the files “had serious deficiencies” in the work done, but did not require restate­ments. In each case, the audit firm was required to do more work on the file or improve its documentation.

Overall the oversight board believes documen­tation is the biggest area of improvement for audit firms. We just don’t document our thought processes in enough detail to satisfy them, in particular when we consult inter­nally on compli­cated matters or judgment calls. I know my firm has recently rolled out what they’re calling the new “documen­tation standards”, which address this concerns.

I’d like to have a file that I worked on examined by the CPAB just to see whether my work is up to snuff. Something tells me it’ll happen sooner or later!

Canadian bank “shakes” Enron related audit rules

From the (Toronto) Star:

Banking author­ities in Canada and the United States have lifted an enforcement action that they imposed on the Canadian Imperial Bank of Commerce three years ago over its involvement with Enron Corp.

The action put restric­tions on CIBC and required it – for the past three years – to pay for an independent auditor to help author­ities on both sides of the border monitor how well it was complying with those rules.

The rules required the bank to create a financial trans­action oversight committee, to change its employee training program, and to stop carrying out “certain struc­tured finance trans­ac­tions,” among other things.

I’m not sure how the banks are respon­sible for the Enron debacle, but I guess when you’ve lost $40-billion in market value someone’s gotta pay. And I’m sure the banks don’t really need me to defend them, as they once again reported record profits this year and continue to charge me a buck and a half every time I use one of the other banks’ ATMs.

And what’s with the use of the word ‘shakes’ in the headline? Was this billion dollar lawsuit something they just had to get through like a cold or something?

The article also notes two other Canadian banks are still involved in the class action lawsuit brought on behalf of former Enron investors.