Reliance on the Owner/manager: Prudent Professional Behavior
Bainbridge, D. Raymond, Paul, Jack W., The CPA Journal
Under what circumstances and to what degree should the independent auditor rely on the owner-manager (O/M) of a smaller entity where the O/M is dominant? The professional literature is ambiguous while research results indicate a dichotomy in audit approaches exists. No one has rigorously addressed the circularity issue-placing reliance on the O/M whose representations the auditor is to scrutinize and then using that reliance as a basis for challenging the O/M's representations.
Some argue that it is impossible to gather evidence about the O/M's integrity and rely to any substantial degree on the O/M. If so, an audit would be superfluous--bankers and other close-at-hand creditors would not need audited financial statements. These practitioners would place little or no reliance on the O/M, opting for a primarily substantive approach. On the other hand, the argument is made in paragraph 12 of SAS No. 55, Consideration of the Internal Control Structure in a Financial Statement Audit, that O/M involvement can supplant extensive accounting procedures, sophisticated accounting records, and formal control procedures. Similarly, the argument is made that reliance on the O/M is proper, primarily because the auditor "gets to know and trust the O/M's integrity." Those practitioners espousing this view would rely on the O/M and adopt a lower assessment of control risk approach.
We believe that most auditors would agree that detecting errors and employee defalcations is primarily a matter of employing careful and extensive audit tests. The essential problem is one of detecting management fraud or defalcations. Although fraudulent financial statements are not the norm, the possibility of material irregularities perpetuated by the O/M is a significant source of consternation given the extant litigious environment.
We first analyze this issue in the context of current auditing standards with special attention given to the concepts of reasonable assurance, internal control structure, and audit risk. We then suggest a formal methodology to address the unique aspects of the small business audit.
SAS No. 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities, paragraph 5, requires an assessment of the risk that errors or irregularities have caused the financial statements to be materially misstated. Additionally the audit must be designed to provide reasonable assurance that such material errors or irregularities are detected. If irregularities can be subdivided into two categories: management fraud and defalcations. These subdivisions relate to the purpose behind the fraudulent activity. The ostensible purpose behind management fraud is to render the financial statements misleading. An example cited in SAS No. 53 is the intentional misapplication of accounting principles. In the context of the smaller business audit, management fraud is ascribed to the O/M.
Defalcations a described in SAS No. 53 as the misappropriation of assets. If defalcations are encountered, either the O/M or the entity's employees will be involved in these activities. Although the outcome of management fraud and defalcations by employees may be the same--materially misstated financial statements--it is argued that employee errors and defalcations can be detected by careful and extensive procedures conducted either by an O/M, who is deeply involved in the day-to-day accounting options, or by the auditor. The remaining concern, of course, is management fraud.
The Control Structure
In the audit of a smaller business, the condition of the accounting records can be a major concern. The books and records constitute evidence in support of the entity's financial statements. The professional literature suggests, and our research confirms, that in the absence of adequate accounting records auditors will conclude that an entity's financial statements are not auditable.
Because of the relatively small number of employees and informal procedures, the auditor may be tempted to ignore the control environment and the associated effect on the recording of transactions. …