SME auditing options explained

South African Institute of Professional Accountants

29 April 2014

One of the most important considerations for SMEs is the decision between having its financial results audited or subject them to an independent review. In general, the independent review is likely to cost less, but costs should not be the main determining factor when businesses decide which option to use.

As a rule of thumb, SMEs should approach this issue with the end in mind. Knowing what is to be achieved by the process, weighing up stakeholders’ demands and the degree of certainty required will assist greatly in making the right choice.

Public interest score* points aside, it all boils down to the level of assurance – that the company wishes to provide its stakeholders. Audits provide reasonable assurance and are regarded as being more credible, whereas independent reviews only provide a limited assurance. However, says Steven Firer, Technical Partner at Nkonki, the irony is that given the growing concern over liability, independent reviews are becoming a lot more like audits in practice, yet without the latter’s credibility.

“Due to its nature, an audit gives evidence with respect to the financial position of an organisation that carries a higher degree of certainty, whereas with an independent review the evidence is regarded as limited or moderate at best,” adds Faith Ngwenya, Technical and Standards Executive of the South African Institute of Professional Accountants (SAIPA).

Much the same, yet worlds apart

“The difference between the audit and the review is increasingly being defined by the level of skill and risk appetite of the person conducting the review,” says Firer, commenting on the fact that the initial stages of both require similar processes in order for the individual to acquire a sufficient understanding of the nature of the business to do an audit or review.

However, it is what happens next that has the potential to draw the sharpest contrast between the audit and the review. “Depending on the risk averseness of the reviewer, he or she may choose to conduct a deeper investigation of the organisation’s finances – depending on his or her skill level – in order to satisfy him- or herself that all is as it should be within the organisation. Interestingly, although this may in practical terms become more of an audit by an over-cautious reviewer than a review, it’ll still be called a review,” he says. Generally, the worse the state of the books, the more the review tends towards an audit.

So, even if a company opts for an independent review (according to the public interest score* (PIS) which guides this – see below for PIS summary) Firer says it’s still up to the company to decide whether the level of certainty offered by the review is adequate.

How ‘red flags’ should be handled in an independent review

Firer says there’s seldom an organisation whose review doesn’t result in so-called ‘red flags’ that indicate the need for further investigation. “Typically, the first 60% of both an audit and a review are the same,” he says. “But where the auditor would continue to dig deeper, say to the equivalent of another 20% of trawling the books, the reviewer is under no obligation to go further, or at least to the extent that the audit does – hence the credibility gap.”

Unfortunately, even international accounting bodies are unclear as to what the level of digging should be. However, Firer says he strongly recommends that reviewers do deal with the ‘red flags’ to the extent that their skills and the expectation of the client allow them. 

Why talking to the people understanding of the company is so important

In the final analysis, what really differentiates the audit and the review is the skill of the finance professional in finding the ‘red flags’. “If you’re only concerned at looking at the numbers, you’re going to miss them because anyone trying to hide something will be working hard to make the books look OK,” concludes Firer. “That’s why it’s important to get a deep understanding of the nature of the client’s business – and this only really happens by walking around the company, observing operations and, critically, talking to people.”

*Public Interest Score:

Under 100: Owner managed company requires no audit or review. Non-owner managed company requires an independent review.

100-349: Non-owner managed: Audit is required if internally compiled, or an independent review if externally compiled. Owner managed: Nothing is required if reports are externally compiled, but an audit will be needed if internally compiled.

350<: Audit is required whether company is owner-managed or not.

 

4.5
Your rating: None Average: 4.5 (2 votes)