Harold Aucoin CPA Inc.

Will a "Review Engagement" be enough?
In an effort to place themselves beyond reproach, many managers and board members believe that an audit of the financial statements will give them credibility where it is lacking. This sadly is often true. But is it warranted? When we consider that an audit is confined to its own “audit field”, that is, what management will make available to the auditor, you have to wonder!

An audit’s objective is to lend credibility to the financial statements. One cannot make a serious case for assurances where there is nothing to audit. This would be the case where a limited number of people control the transactions, or where the number of transactions are limited. Because we want to test whether the controls of accounting functions are working, auditors often have to expand the audit procedures that encompass third party confirmation of transaction amounts. These become necessary when the auditor faces a limited amount of transactions, when the risk of controls being compromised is great (such as directors “pre-signing” cheques), or both. The controls are established to mitigate probability of error (and of course fraud). In these cases all transactions are tested because no controls are present or sampling would not mitigate the “audit risk” but rather keep the “audit risk” at the same level as found at the beginning of the audit. If the “audit risk” has not been reduced we therefore have no greater assurance than what is gained in a “review engagement”. The objective of an audit is to decrease “audit risk”, thereby increasing assurance, that the financial statements give a true picture of the entity’s financial exercise. Clearly in many “small” audits this is failing. In addition conducting audit procedures on the entirety of the transactions does not necessarily reduce “audit risk”; in many cases it will either have no effect or increase it. Requesting an audit if your organization has a small number of people managing or a small number of transactions may be fatal! You could end up with an adverse opinion.

Audits can never be relevant where a division of clerical duties is lacking. We test if the controls for various aspects of the transactions and accounts are working. Many auditors will increase the extent and amounts of procedures where controls fail. While this usually works, in a small audit with limited transactions, the likelihood of success is small. That’s because there’s nothing to audit and the “audit field” usually includes transactions that can only find verification outside the entity. A good example of this is verifying the amount of revenues. It is unlikely that a customer of the firm being audited can or wants to acknowledge the amount of business conducted with the firm.

In audits of small organizations the level of assurance attained by the auditor is often no greater than that attained by a “review engagement”. This is not necessarily bad! Review engagements are very much appropriate for most small engagements.