Due diligence (DD) is research (comprehensive survey) or fact-finding of the Acquiring company for a targeted company. When the Acquiring company plans to buy the target company, the acquiring company will do DD to the target company.
DD can be done internally (internal audit team or the acquiring company recruit a team for specially perform DD) or externally (hire the external audit firm to perform).
The external audit firm can provide DD service to their existing client either as there was no conflict or against the code of ethics.
DD team will go to the target company to perform DD in the purpose of identifying good points and bad points of the target company in providing more information to Acquiring company to make a decision whether to buy the target company or not (because buying the wrong company can be a costly mistake).
In order to do DD, the Acquiring company needs to seek permission from the target company to do DD. If the target company really wants to sell, they will allow the Acquiring company to do DD because if the DD report discloses many good points, the cost of acquiring will be higher either.
The purpose of DD is:
Information gathering
The acquired company would like to gather as much information as possible in making a decision for purchase. That information can be positive and negative.
Verify target company representations.
DD team can verify on behalf of Acquiring company on the information that management provided. For example, if the management mentioned that the company has a profit of 20% each year then the DD team has to verify this for Acquiring a company in order to prove what the management is true or not or is it just a fake statement made by management to make the company looks healthy.
Identification of assets and liabilities of the company.
DD is also the identification of assets and liabilities of the target company. It is not much related to IFRS but it focuses on the one that beyond IFRS. For example, if the target company has competent management personnel then it is an asset of the company.
After acquiring the company, if the Acquiring company can persuade CEO to stay and make the profit for the company then CEO is an asset of the company, but if they leave then it is the liability of the company as the Acquiring company needs to recruit new CEO and train them about the target company. A demotivated employees can be a liability of the company in DD.
Identification of any Operational issues.
DD team need to visit target company, conducting research on the background of the target company. If it is too many negative operational issues can reduce the value of the company.
Post acquiring planning
After acquiring, the Acquiring company can start planning on what should they do to the target company.
II. Benefits of conducting DD by external audit
There are some benefits of conducting DD by external audit compare to Internally such as:
More independent facts and views can be share because the firm doesn’t have an emotional attachment to the decision.
The audit firm has more competent and skillful since the firm could have done DD for its clients.
Management will have more time to concentrate on its core business while hiring DD task to external audit.
III. What are the differences between DD and external audit?
Due Diligence
External audit
– It is a non-assurance engagement that has no opinion expression on the report.
– It is an assurance engagement that needs to have an opinion on the financial statements.
– DD Report is about the factual finding which is the result of doing research and survey on the target company.
– External audit report is a positive assurance which is about the opinion of an auditor whether the financial statements prepared by management are true and fair.
– DD is focus on the past and future equally
– External audit report is focus more on the past and little on future (assessing on going concern of the business)
– DD looks much more documents and evidence though it is not just related to financial statement. Example, forecasting, press release, operation document.
– External audit focus on the current financial statement and its related evidence only.
IV. Scope and procedure of DD (as compare to audit)
The audit is an assurance engagement (giving an opinion) while DD is a non-assurance engagement.
DD focuses on factual findings. And the investigation will draw in a much wider range of sources of information, including several years’ financial statements (prior years), management accounts, profit, cash flow, business plan. In summary, the firm will look at a wider range of evidence.
There was no detailed audit procedure been performed for DD unless it is requested by management.
DD will do a lot of Analytical procedures and a lot of inspections.
DD is more forward-looking than an audit
DD will not really look at the effectiveness of the internal control system, but the External audit will determine whether the internal control system whether is realizable.
V. Content of DD report:
Identification of the acquiring company and target company
The objective of DD for example factual finding and research.
There is no opinion on the DD report
All the fats that were found the need to disclose whether it is positives or negative.
Scopes of work. For example, the type of the procedures that were performed and evidence that were collected.
Cash includes cash equivalents. Cash is shown under the “current assets” of the balance sheet. These are the liquid assets of the company. The most important component for any audit is checking cash. The inherent risk and control risks are both high in the handling and management of cash.
Auditors should ask following questions while auditing the cash:
Who are authorized signatories to bank cheque?
What is the process and who prepares bank reconciliations?
Are all bank accounts reconciled?
Who and how they reconcile the bank account balances to all respective general ledgers?
How is the cut-off determined with respect to the accounting period for cash transactions?
Is there segregation of duties among persons handling cash, making payments, and reconciling the balances
Are there any cash equivalents?
How many cheques are in transit?
The inherent risk and control risk in the obligations form the risk of material misstatement with respect to cash. The risk of being susceptible to misstatement due to the nature of the cash is the inherent risk of the cash transactions. Control risk occurs when the internal control system of the client fails to prevent or detect material misstatement in the cash. Some risks associated with cash are unauthorized transactions, wrong recording of cash, and non-confirmation with cash policies of the company.
Fraud Risk in the Cash
Most of the financial frauds in the history of finance have occurred in cash. Basically, two types of cash frauds have existed. One would be stealing cash by collusion among staff and others would be to overstate cash in the balance sheet colliding with auditors. Incentive, opportunity, and rationalization form the triad of any cash fraud.
The person who does cash fraud may feel they are being paid little incentive and hence, they engage in stealing cash. When the staff is working closely with cash affairs, this provides them opportunity due to proximity to cash. Rationalization of cash fraud happens when the top management thinks it to do so. This creates an unethical company environment.
Inherent Risk for Cash
Inherent risks are outside the scope of auditors. However, auditors need to find and test controls in order to know what level of inherent risk the company is dealing with in case of cash. Cash has a high inherent risk because of its nature. The followings are the reason stating why cash is inherently risky:
Cash has the highest volume of transactions. All the business operations are done in cash. Hence, the high volume creates tilt in being more susceptible to error as compared to other items of the balance sheet.
Cash can be easily stolen and manipulated through accounting gimmicks. The staff can collude in order to steal cash from the accounts in a slow manner.
Cash is the most liquid current asset that a company can have. Hence, it is most susceptible to fraud and manipulations as it can be easily transferable from one account to another bank accounts.
Cash is received when debts are taken. Hence, it creates unnecessary pressure in the management towards handling of cash in the situation of liquidity crunch. When there is pressure, irrational decisions are high in number.
Control Risks for cash
Control risk is the risk that internal controls cannot prevent, detect, or correct material misstatement that could occur on financial statements. If the inherent risk is high, a test of controls needs to be done. Auditors need to assess the level of control risk the client has with cash. It would depend on how effective the internal controls exist in the client’s place. Control risks occur when the same person is handling cash as well as authorizing cash transactions.
It occurs when there is no proper authority in place to oversee the cash transactions that happen in the company. Control risks increase as a result of the inherent risk of cash transactions. Further, cash attracts fraud which can be observed from the history of accounting and finance.
The segregation of duties and responsibilities is the most important internal control mechanism for cash. Auditors shall try to lower the detection risk to a tolerable level. Some of the control procedures followed by auditors are:
Separate persons are hired for receiving cash, recording cash, and reconciling cash balances.
Only the person authorized to handle cash should have physical access to cash.
Authorization of cash transactions shall be done by the appropriate authority of the company.
Cash receipt journal is reconciled to accounts receivable daily
The cash receipts are pre-numbered and prepared chronologically.
Accounts receivables generally mean Trade receivables in the financial statement of large listed public companies. Accounts receivables are disclosed under the headings “Current Assets”. These are trade or non-Trade receivables that have been specified by the company or regulations and meet the criteria of being classified separately. Accounts receivables are characterized as common and significant.
Example:
The company is running an account of Accounts receivables. The company has made sales to the tune of $ 1000 to Kuman Inc. This transaction sales made on account will be recorded under Accounts receivables. Similarly, the fixed asset if sold on account, would also come under accounts receivable. However, the sales transactions on account are general and fixed assets disposal are rarely made.
Risk of material misstatement for accounts receivable
The risk for accounts receivable would be internal control risk and inherent risk. The risk of being susceptible to misstatement due to the nature of the debt is the inherent risk of the accounts receivable. Control risk occurs when the internal control system of the client fails to prevent or detect material misstatement in the accounts receivable. Some of the risks associated are unauthorized transactions, wrong recording, and non-compliance with accounting standards on assets and accounts receivables.
An unauthorized transaction is a case where someone other than a person authorized and responsible for accounts receivable deals with the related matters either within the entity or with outsiders. Such risks generally create the risk of fraud which is itself material misstatement. The audit client shall correctly record debtors as per applicable accounting standards.
The proper classification of debtors shall be done. Further, the breach of Sales terms and conditions may lead to material misstatements. Hence, the auditor needs to clearly understand the sales arrangements and check if they are complied with within time and in full.
Inherent Risk for Accounts Receivable
The inherent risk in the case of accounts receivable is high. Auditors need to perform a test of control as well for accounts receivable to get a clearer picture of the inherent risk of accounts receivables. The inherent risk for accounts receivable would relate to nature, size, and the complexity of the business of the auditee.
If the business is more inclined towards financial or special situations like hire purchase business, the inherent risks would be higher in such a scenario. The susceptibility of accounts receivable to misstatement is basically an inherent risk. Some of the scenarios that are inherent risks and procedures to be followed for accounts receivables are as follows:
The non-existence of accounts receivables. For instance, fictitious invoices are generated to increase sales, and receivables are recorded on the current year when they are actually made after the year-end
Accounts receivables do not reflect true economic value. This generally happens during the creation of allowance for doubtful accounts based on probabilities and aging analysis.
The auditee has no control over receivables. This scenario happens when the accounts receivables notes are pledged as collateral for loans from banks are given to financial institutions on factoring arrangements.
Accounts receivables are based on contingent events. This happens if the company does not follow the guidelines issued by their accounting bodies such as IFRS and GAAP or regulatory authorities.
Aging analysis is not correct and does not signify the true picture of the certainty of receivables.
Control Risks for accounts receivables
The risk that internal control cannot prevent or detect material misstatement in financial statements is called control risk. Control risk for accounts receivable is related to control procedures of accounts receivable which is not able to prevent or detect a misstatement that can occur in accounts receivable. In case the inherent risk is high, the auditors carefully assess the internal control procedures in such a case. In such cases, control risks are minimized due to initial work is done.
Auditors would however need to perform tests of controls to obtain assurance of sufficient appropriate audit evidence to support their assessment if they assess that control risk is low. Further, if auditors think otherwise that control risk is high, tests of controls need not be performed.
Auditors would directly perform substantive audit procedures taking on bigger samples. Some of the scenarios that are control risks and procedures to be followed for accounts receivables are as follows:
Accounts receivable should be recorded alongside sufficient supporting documents. Supporting documents include customer purchase order, letter of lading, and sale invoice to ensure the existence of accounts receivables
Reconciliation of accounts receivables by tracing supporting documents and invoices with beginning and closing balances.
Ensuring that documents purchase order, bill of lading, and sales invoice are serially or prenumbered. This is useful to avoid omission.
Computation of allowance for doubtful accounts is made properly.
The risk of material misstatement is the susceptibility of the financial statements, accounts, and assertions to material misstatement, and the risk that the client’s current internal controls would be ineffective in proactively identifying and correcting the misstatements. The inherent risk and control risk in the obligations form the risk of material misstatement. The risk of being susceptible to misstatement due to the nature of the debt is the inherent risk. Control risk occurs when the internal control system of the auditee fails to prevent or detect a material misstatement.
To name some risks, unauthorized transactions, wrong recording of debt, and non-confirmation with accounting standards are material misstatements. An unauthorized transaction is a case where someone other than a person authorized and responsible for transaction-related affairs deals with either within an entity or with outsiders.
Such risks generally create the risk of fraud which is itself material misstatement. The audit client shall correctly record transactions as per applicable accounting standards. The proper classification shall be done. Further, the breach of policies and covenants would also lead to material misstatements.
This risk is assessed by auditors at the following two levels:
At the assertion level: This is further divided into inherent risk and control risk. Inherent means the transaction already would be vulnerable to threats.
At the financial statement level: This would mean risk on the company as a whole. The risk of going concerned about being impacted and not disclosed may fall under this.
Risk of Material Misstatement at the financial statement level
Such risks mean that that certain risks can affect financial statements as a whole and potentially have a major impact on several assertions. Various factors affecting the risk of material misstatement include incompetent management, Inadequate accounting systems and records, Operation in a rapidly changing industry, and poor governance by the board of managers.
The following are some of the pervasive risks at financial statement level:
Absence of financial reporting expertise
Absence of segregation of duties and safeguarding assets
The decision to terminate or curtail the plan
Absence of oversight and monitoring of plan operations and service providers
Absence of communication about plan events between the preparer of the financial statements
Changes in key personnel
Plan transfers (plan mergers, spin-offs, or other transfers)
Risk of material misstatement at the assertion level
The various risks related to assertion level include the following:
Completeness
The financial transaction has been incurred and recorded up to date of reporting
Cut-off
Business transactions have been differentiated as per the accrual system and recorded in the proper accounting period.
Accuracy
Events are recorded accurately for the amount
Occurrence
The expenses, assets and liabilities have been actually incurred and related to the business.
Classification
The assets, liabilities, expenses, and income have been properly classified into their various sub-divisions. Assets need to be divided into current and non-current assets.
Existence
On the date of balance sheet, all the assets and obligations of the company have been reported.
Valuation
The balances of the assets and liabilities accounts correctly reflect the actual economic value.
Rights and obligation
The company owes sum of money on the date of reporting of balance sheet.
Presentation and disclosure
The applicable accounting standards are being followed to disclose all the transactions.
Let’s take a short example of how risks can be materially misstated in the case of accounts receivable. The risk for accounts receivable would be internal control risk and inherent risk. The risk of being susceptible to misstatement due to the nature of the debt is the inherent risk of the accounts receivable.
Control risk occurs when the internal control system of the client fails to prevent or detect material misstatement in the accounts receivable. Some of the risks associated are unauthorized transactions, wrong recording, and non-compliance with accounting standards on assets and accounts receivables.
An unauthorized transaction is a case where someone other than a person authorized and responsible for accounts receivable deals with the related matters either within the entity or with the outsiders. Such risks generally create the risk of fraud which is itself material misstatement. The audit client shall correctly record debtors as per applicable accounting standards. The proper classification of debtors shall be done. Further, the breach of Sales terms and conditions may lead to material misstatements.
There are two major risks of material misstatement associated with accounts receivables. The first would be the non-existence of accounts receivables. For instance, fictitious invoices are generated to increase sales, and receivables are recorded in the current year when they are actually made after the year-end. Another risk would be that accounts receivables do not reflect true economic value. This generally happens during the creation of allowance for doubtful accounts based on probabilities and aging analysis.
Internal control refers to all of the policies and procedures management uses to achieve the objectives of the organization. Internal controls ensure to provide timely, accurate, and complete information with respect to books of accounting in order to report business operations to users of financial statements. It also helps to ensure that the company complies with all the relevant company guidelines, relevant laws, regulations, and practices. It provides the framework on how the internal activities need to be done to strengthen the control of the organization.
Deviation from internal control
Deviation from internal control occurs when the company differs from the path it designed at the beginning of the accounting period. The client also takes transactions that may be outside the regular nature of operations. Such one-off transactions should be carefully audited especially if a large amount of money is involved. These transactions do not pre-defined guidelines on who to authorize and who shall be responsible. The board minutes should be looked up to know if any sanction for such transaction is made and procedures if any has been devised. This will require separate planning and audit performance.
Internal control helps to minimize risk and achieve the goals of the entity. It segregates the tasks into various responsibilities and affixes these tasks with authorization procedures. Hence, the designing of internal control would need special attention. The deviation from internal control includes the following:
business transaction that occurred that was not expected to occur
business transaction that was expected to happen did not happen
a control exists but did not operated effectively. It means internal control has not prevented or detected or made the necessary correction
absence of internal controls
Let’s take an elaborate example of deviation from internal control:
Sinra Inc supplies raw materials within the borders of the country. It has not dealt with any transaction beyond borders and does not plan to do so. With the increase in scale and popularity of quality of raw materials of Sinra Inc, a foreign company Kuman Inc held talks with officials of Sinra Inc.
In this scenario, the management of Sinra Inc does not have an established plan or internal control guidelines on how to proceed with transactions. So, they have to prepare new guidelines, report it under board minutes, authorize the personnel to handle the deal, and proceed.
The auditor would also need to look upon this carefully as new transactions previously out of the scope of client business have occurred. The auditor would need to prepare new planning and determine the extent of nature and timing of the transaction. Further details on auditing aspects are shown below.
Impact of deviations to the auditor
In the initial auditing stage, the auditor would require to understand the complications of the business operations of the client. They need to validate the process, understand it, and devise how internal control shall work and the way management has done and found out deficiencies that may happen. The auditor would test the controls to obtain sufficient and appropriate audit evidence to minimize substantive audit procedures as much as possible.
The auditor needs to assess the impact of such transactions on business and the amount of money involved. As the internal control may not be effective, the probability of misstatement impacting financial statements goes high. Auditors need to gather evidence to support his opinion on financial statements. The auditor would also need to test further the likelihood of similar transactions in the future so that when it happens, internal controls are in place and working effectively.
Talking about the above example, the auditor has to scrutinize any instances the company has faced in the past and what actions were taken. The auditor shall also determine the internal controls to be devised based on its professional experience and judgment. The auditor shall start checking major components of the transaction as authorization, recording, safeguards, and verification. The auditor shall study the board minutes to know who is responsible for the business transactions and the supporting documents aiding it.
They also need to know what authority is recording in the books of account and how they are being ratified later on. In case of assets deal related to physical nature, the auditor shall check if the proper safeguards have been employed by the management. The auditor may also need to physically verify the asset in case it is tangible in nature. If any issues exist, the auditor may raise this matter in a management letter to show the internal control weakness and provide proper recommendations.
There is no specific definition of materiality under U.S. Generally Accepted Accounting Principles (GAAP). However, the gist as per the Conceptual Framework for Financial Reporting under International Financial Reporting Standards states that information is to be considered material if it influences decisions of stakeholders who are depending on the financial information of the reporting entity. Materiality varies on nature or magnitude, or both, of which information relates to.
The materiality in the context of audit shall include:
Misstatements that can influence the decision of users of balance sheet
Professional judgement based on the nature and size of misstatement.
Determining the benchmark for materiality
The benchmark for materiality shall be based primarily on professional judgment. Some auditing bodies have prescribed recommendations for setting up benchmarks related to materiality. Then the general benchmark is basically an amount exceeding 5% of profit before tax from continuing operations for profit-oriented manufacturing business and 1% of total income or expenses in case of a not-for-profit entity. It does stress that higher or lower.
Auditors tend to use various ranges based on their personal experience. However, these ranges are more or less the same in the industry. Auditors base their decisions on the basis of the economic value of transactions.
Specific levels of materiality for individual balances, classes of transactions, or disclosures
Under select cases, balance, class of transaction, or disclosure in the financial statements would warrant a lower level of materiality is based on the amount, the users can be persuaded to make a different decision, one that may not be rational or without complete knowledge. The following factors need to be considered in order to assess materiality in the audit:
If all the relevant laws affect the expectations of users
Disclosure requirement in certain industries like research and development in pharmaceutical industries
Disclosure requirements in case of business combinations
Example:
The total value of investments in Equity scheme offered by the government is $ 100m and the total contributions receivable from active members is only $ 50,000.
In this case, applying any kind of percentage won’t be useful for such an investment company. Auditors shall determine materiality by setting a lower amount for such member contributions and similar debtors and creditors.
Determining performance materiality
“Performance materiality as the amount set by auditors at below overall materiality to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds overall materiality.” – Standards on Auditing 320
It serves two basis purposes as to reduce aggregation risk and providing some security against risk of internal control not detecting irregularities. The audit techniques require performance materiality to be as a percentage of overall materiality. The higher would be the level of assessed risk and lower the percentage. Performance materiality is used by auditors in two ways.
It can be used in the early auditing schedule to identify areas of special focus and how much time needs to be allocated thereon. The other would be to use it midway through the audit where necessary based on the judgment of the auditor. This would include sampling and how many items to include in the sampling. If lower materiality is set for some accounts and balances, auditors would also need to lower performance materiality in such cases.
Assessing materiality of misstatements
The auditor shall assess every misstatement and their impact on relevant classes of transactions, accounts balances or disclosures. This shall also include if materiality level that has been set has been included by such transaction.
The auditors need to assess if misstatements are material according to their size and nature. Auditors need to consider qualitative assessment, balance sheet classifications, disclosure of misstatements, and impact on prior period financial statements while assessing the materiality of misstatements.
Reassessing materiality during the audit
Auditors need to be proactive as well as reactive. They need to set the benchmarks at the beginning and when circumstances arise where it would be necessary to change the benchmark, they need to be reactive as well. Auditors should revise overall materiality during audit if they are aware during the audit procedures that is being carried on.
This may happen when they realize they have set a different benchmark with respect to the amount. This happens if the materiality is determined prior to year-end information. If the auditors realize that lower materiality is set than required in the present scenario, they have to reassess the materiality. Auditors would then revise performance materiality considering the impact on nature, time, and extent of audit procedures.
