Assessing the risk: new standards mean more time with your CPA.

[ILLUSTRATION OMITTED]

FEW INDIVIDUALS WHO commit fraud set out to do so intentionally However, when faced with financial hardship, some are tempted by poorly designed systems that allow them to "borrow" funds from accounts without being noticed. Identifying and eliminating the potential for such behavior can prevent serious problems from developing.

That's one example of a situation that can be corrected by a new set of assessment standards for private companies. The new rules are leading to more comprehensive audits, as accounting firms seek to better understand the procedures that shape financial reporting and identify potential areas of risk.

The risk assessment standards, which have now been in place for a full year, are an attempt by the accounting profession to avoid the problems that causes the downfall of large public companies and their auditors at the beginning of the decade.

Although less complicated than the Sarbanes-Oxley regulations that followed the Enron and Worldcom scandals, the new rules issued by the American Institute of Certified Public Accountants increase scrutiny of private companies, schools, non-profits and other organizations that have audited financial statements.

"The term 'risk assessment' refers to a focused audit approach in which we consider at a detailed level what can go wrong in your accounting records and in the preparation of your financial statements," explains Doug Hasler, chair of the executive committee at Blue & Co. in Carmel. "The purpose of this risk assessment is to identify areas where material errors or fraud are more likely to occur in your financial statements."

The official purpose of Statements on Auditing Standards No. 104-111 is to establish standards and provide guidance concerning the auditor's assessment of the risks of material misstatement (whether caused by fraud or error) in a non-issuer financial statement audit; design and performance of tailored audit procedures to address assessed risks; audit risk and materiality; planning and supervision; and audit evidence.

In other words, the new procedures require an audit of the business, not just the books.

That process begins with a planning session where audit procedures are designed specifically for the organization that will be reviewed. Such preparation seeks to design an audit process which considers the specific circumstances of an organization and the environment in which it operates, Hasler says.

"For example, one of the biggest changes in our audit process involves spending more up-front time planning the audit," he says. "That additional planning time will be spent performing new, required planning procedures, including conducting a brainstorming session among the personnel performing the audit about our risk assessment and the resulting audit procedures we plan to perform."

As a result, Hasler says those going through an audit under the new guidelines can expect:

* more questions about business risks, objectives and overall performance.

* more time spent gaining an understanding of internal controls, including observation of some procedures and controls.

* requests for information and documentation not provided in previous audits.

* new or different tests performed to identify risks.

* an increase in reported internal control deficiencies.

One of the major areas of focus is evaluating the type of internal controls that are in place to protect an organization's financial integrity And rather than accepting a verbal description of the process, the new audits include written documentation accompanied by a demonstration of how the actual transactions are handled.

"We asked about these things in the past, but this will be a more focused inquiry," Hasler says.

While a more rigorous review during the audit may take more time and increase its expense, Hasler suggests it may actually save money in the long run.

In addition to fraud, another example that Hasler cites is verifying the creditworthiness of new customers. In a slowing economy with increased pressure on sales, there may be a greater risk of signing new business that won't be able to pay Having appropriate controls in place to verify that can eliminate future bad debt.

Taking the time to consider such situations and how they might affect a company during the audit process makes the new standards an investment in an organization's future, Hasler says.

"They are important to us from an auditing standpoint for preparing financial statements, but also to strengthen the business operations," he says.

Write it down. Greg Arnott, director of accounting and auditing for BKD's Indianapolis office, agrees that the new risk assessment standards can mean major changes for how businesses deal with both the audit process and their regular operations.

He says one aspect of the new rules is greater documentation of all the practices and procedures that shape an organization's financial statements.

As a result, auditors may ask for such written information while they are in the planning stages of the audit and that may be a big change for companies who haven't implemented or documented their internal control procedures.

"We then use all that documentation to test the controls and plan the audit," he says. "If you have been following good business practices, things are much easier."

If an organization needs helps setting up systems or documenting procedures, then accounting firms can help to establish those in a way that assists the audit and helps the business.

"In general, it's helped to deepen our understanding and have more interaction with clients," Arnott says, noting that much of the increased burden of the new standards will be handled in the first year of their use, when better systems and controls are implemented.

One of the most common areas identified for improvement by the new standards is segregation of duties, Arnott explains. Especially in smaller organizations, one person may be doing more than they could or should be doing. Handling vendors, invoices, payroll and overseeing outsourced accounting services should not all be handled by one person without proper oversight and control. And even if there have been no problems to date with that situation, it is definitely a risk factor that will be noted.

Simple steps create stronger systems. Debra Waisnora, senior manager of audits at Terry McMahon and Co. in Munster, says the new standards are actually returning to an old way of doing business where accountants worked closely with their clients and had good understanding of the entire business.

"We're going back to this in an attempt to look at the whole process," she says. "In the long run, it's going to be a whole lot better for everyone."

Waisnora says the process of evaluating systems and looking for weakness in controls can make a big difference to companies that need improvements. For example, simple steps like having bank statements go to the owner or board of directors or requiring a second person to sign off on changes or additions to approved vendors can avoid serious problems.

"We assume that clients know these things, but often they aren't doing them," she says. In the new audit process, not only with the procedures be outlined and tested, but the auditor will spend time walking through the steps with the employees who are doing them. To help the process, Waisnora suggest that management set the appropriate tone for an audit by explaining that the review will be more comprehensive and encouraging employees to talk freely with auditors.

"Clients may have looked at audits as an evil necessity, but now they can look at it as something of value," she says.

Better audits, best practices. That is also the hope of the Indiana CPA Society, which expects the increased focus on audits to help both the individual companies and the overall business environment by creating financial statements that better reflect the current status while minimizing future risks.

"As a result of the risk assessment standards, we as a profession may have increased the value of the audit to investors and other stakeholders," says Anita Sherman, chair of the board and director of audit and other assurance services for Greenwalt Sponsel & Co. in Indianapolis. "The risk assessment standards and that increase in the value of the audit may be one of the reasons there is an increase in college students' interest in entering the accounting and auditing profession."

Since increase in time and money spent on audits using the new standards have been estimated from 10 to 30 percent, generating a lasting return from the process is an important consideration.

"Many of our clients are interested in doing what they can to control the audit costs that have been predicted to result from the risk assessment standards," Sherman says. "Most of them have appreciated the suggestions that we have for best practices that are resulting from a more in-depth understanding of their business risk."