Hunger strikes and supporting documentation

One of the bigger news stories in Canada of late is the ongoing hunger strike of a First Nations chief, ostensibly being carried out to force a meeting with the Prime Minister to discuss conditions on the remote northern Ontario Attawapiskat reservation.

The legacy of the “discovery” and settlement of North America by Europeans and their subsequent relationship with natives is a topic far too complex for this blog, but the story took on an element of particular interest with the “leak” of a Deloitte audit report on the administration of the community.

That report has been posted online in its entirety.

Deloitte sampled 400 transactions from the G/L across the 6⅔ years in scope. Sixty per year and 40 for the eight month period ending November 30, 2011. Slightly less than 20% of the 400 had no issues. No supporting documentation was available for just over 60% of the sample, and the other 20% was either incomplete or the occurrence of the underlying event was questionable. It should be noted though that in the most recent 20 months reviewed, only for 31 of the 100 samples was there no supporting documentation.

What the audit didn’t do (and wasn’t designed to) was determine whether $104M over that time period is adequate for the population on the reserve. It’d be an interesting analysis to look at the number of households, average people per household, repairs and maintenance funding per household and per person, and figure out whether there is enough funding to support their needs or not. That’s the heart of the issue.

Audit committees recognize IT risks should be a focus

Dan Meyer at Tick Marks has brought my attention to a KPMG survey that reports audit committees are becoming more concerned about IT risks on financial reporting.

90% believed that IT oversight deserved more time at audit committee meetings. By constrast, 80% of committee members were satisfied with audit committee oversight of management judgments and estimates and 60% felt that committees were spending sufficient time on these issues.

Good to see audit committees are looking into this area with greater scrutiny. IT is often an area where firms of all sizes could benefit from increased focus and constantly thinking of ways to improve their controls and processes.

But what about the 20% that is satisfied with audit committee oversight of management judgments and estimates, but do not believe sufficient time is being spent on the issue? How can you feel an area needs more time and yet be satisfied with the oversight? This is why looking at surveys is fun.

“The ACI survey findings demonstrate a huge gap between the importance that audit committees place on IT risk and how much time they spend focused on it during their already busy meetings,” Smith said. “Since audit committees generally have only basic IT experience, there may be a reluctance to invite chief information officers and chief technology officers to their meetings, in part, because there is a lack of common vocabulary.”

Audit committees need to have at least one member who has a high level of knowledge in IT as it relates to financial reporting. There is no excuse for lacking someone with a good grasp on the IT risks the organization faces. And CIOs and CTOs aren’t enough – CFOs need to have a more than basic understanding, and even lower down in the accounting department.

I’m really pleased that the CICA has been so proactive towards training CAs on this topic. IT is one of the six topics covered in the professional exam process. (The others are audit/assurance, performance measurement, tax, finance, and organizational effectiveness, control and risk management.) Clearly there is some overlap between the last competency and IT.

An in-depth discussion of the six CA competencies is published by the Institute and available here (pdf).

Canadian audit overseer reports problems and solutions

The Canadian audit oversight body, the Canadian Public Accountability Board, announced Friday that last year they deregistered a small firm in Vancouver (which has since gone out of business) and prevented three other small firms from accepting new client due to deficiencies in their audits discovered upon inspection.

My initial thought was, these small firms have public company clients? The CPAB is charged with overseeing only firms that audit public companies, therefore I guess they must. Good on them. Generally public companies choose auditors with more expertise on board that a partner or two and a handful of staff. This is because of their often complex accounting needs and the greater security that comes with a firm that can take on higher liability.

CPAB said yesterday it reviewed 121 audits performed by Canada’s six largest accounting firms last year, and found five cases where the work was so deficient that the companies involved had to correct or restate their reported financial results.

Another nine of the files “had serious deficiencies” in the work done, but did not require restatements. In each case, the audit firm was required to do more work on the file or improve its documentation.

Overall the oversight board believes documentation is the biggest area of improvement for audit firms. We just don’t document our thought processes in enough detail to satisfy them, in particular when we consult internally on complicated matters or judgment calls. I know my firm has recently rolled out what they’re calling the new “documentation standards”, which address this concerns.

I’d like to have a file that I worked on examined by the CPAB just to see whether my work is up to snuff. Something tells me it’ll happen sooner or later!

Canadian bank “shakes” Enron related audit rules

From the (Toronto) Star:

Banking authorities in Canada and the United States have lifted an enforcement action that they imposed on the Canadian Imperial Bank of Commerce three years ago over its involvement with Enron Corp.

The action put restrictions on CIBC and required it – for the past three years – to pay for an independent auditor to help authorities on both sides of the border monitor how well it was complying with those rules.

The rules required the bank to create a financial transaction oversight committee, to change its employee training program, and to stop carrying out “certain structured finance transactions,” among other things.

I’m not sure how the banks are responsible for the Enron debacle, but I guess when you’ve lost $40-billion in market value someone’s gotta pay. And I’m sure the banks don’t really need me to defend them, as they once again reported record profits this year and continue to charge me a buck and a half every time I use one of the other banks’ ATMs.

And what’s with the use of the word ‘shakes’ in the headline? Was this billion dollar lawsuit something they just had to get through like a cold or something?

The article also notes two other Canadian banks are still involved in the class action lawsuit brought on behalf of former Enron investors.