In recent years, California public finance professionals have witnessed an alarming number of headlines about fiscal mismanagement in municipal governments. Among the more high-profile examples:

City of Pasadena: $6M embezzlement by a long-term employee
City of Stockton: Filed bankruptcy on June 28, 2012
City of San Bernardino: Filed bankruptcy on August 1, 2012
City of Bell: Massive corruption and misappropriation of public funds through salary scandal

The increasing frequency and severity of these cases raises a number of serious – and legitimate – questions for anyone involved in the stewardship of public funds: What can and should stakeholders expect from an annual audit?  Why were so many issues either not identified or overlooked in the aforementioned cases?  What process or measures were in place to evaluate the quality of the audit work performed?

Providing answers to these questions becomes crucial for the CPA profession, considering the reputational issues at stake. I would submit that the path leading to those solutions is well marked – assuming, of course, one chooses to follow it.

An audit is an independent examination of the books and records in order to ascertain that the financial statements presented reflect a fair financial picture of the organization. It should also provide an organization the reliable information needed to address operating issues and/or concerns. This requires financial statements to be in a format where users can easily follow – and, perhaps more important, fully comprehend — the data.

Beyond providing all the required disclosures, however, auditors should be sharing key ratio analyses and how those ratios compare to the industry. In addition, they should properly use the management letter to communicate their concerns. Unfortunately, this document in too many instances has become a form of self-protection, fulfilling reporting requirement under current auditing standards – but offering little in the way of substantive content.

Regulators have expressed concern that the economic downturn and pressure from organizations to reduce audit fees has had a negative impact on auditor efforts.  The fear is that many qualified practitioners may not have the budget necessary to properly complete the audit and must use their professional judgment to determine what is most important and, conversely, what can be relegated to second-tier status. It becomes an exercise in risk assessment.

The issue here is that professional judgment by definition is highly subjective. It provides an all too inviting loophole that audit firms use to circumvent well-established and vetted professional standards.

What is a “good” audit?

Auditors must begin with a 360-degree view of the organization, including management’s philosophy and how they operate.  Does leadership demonstrate commitment in terms of transparency, honesty, integrity, and ethical behavior?  The evaluation process must involve more than simply looking at a website or documents provided by management.  It must include a comprehensive interview process involving not only key operations personnel, but also stakeholders within the governing board, management, and accounting personnel.

Second, the process should include a comprehensive audit plan.  This document serves as a guideline for auditors to follow and helps each engagement team member to obtain sufficient evidence to accomplish pre-determined objectives.

Note that the audit plan should not be duplicated from one engagement to another.  Clients are different and auditors should avoid a one-size-fits all model – even when working with clients in the same industry.  Developing a good audit plan requires effort to fully recognize and understand any unusual circumstances, including unique transactions, new developments, and standards that are exclusively applicable to the a particular organization.

Third, auditors must perform effective internal control evaluations.  Standards require auditors to obtain an understanding of the internal controls and to identify those that are considered key.  Often, auditors will only focus on the significant transaction classes – cash receipts and revenues, cash disbursements and expenses, payroll and related liabilities – performing a walkthrough instead of testing internal controls.   It’s important to not only test the key control, but also test the attributes to ensure those internal controls are properly working.

Finally, there must be thorough communication regarding audit outcomes, addressing critical issues. In far too many cases today, we see this step replaced with a standardized boilerplate letter sent upon completion of the audit. This is inadequate.  Auditors who engage in this practice are merely meeting the minimum audit standards.

A more effective model involves open dialogue between the auditor and organization, including its governing body.  The discussion can be further strengthened through the use of relevant historical data and qualitative information.

The Takeaway

An annual audit of taxpayer-funded entities is mandated by California statute. However, by merely adhering to the letter of the law, rather than its spirit, the CPA profession runs the very real risk of turning the audit into a commodity. Avoiding that unintended consequence requires a deeper dialogue between the stakeholders involved.

Kenneth Pun, CPA, CGMA, is Managing Partner of The Pun Group, a full-service CPA firm headquartered in Orange County, California.