“We need audited financial statements for your company.” Entrepreneurs often hear this when they are seeking financing for their technology company. From my experience, when people hear the term “audit,” the general impression is an intense review of all transactions for the time period that is being audited. If this truly was the audit process, then audits would always uncover any fraud or irregularities, as well as any errors. However, that is not really what is involved in an audit, which leads to the “expectation gap.”
Expectation gap is a term used to describe the difference between what people think auditors do during an audit and what auditors really do. Audits of privately held companies are performed following standards established by the American Institute of Certified Public Accountants, where standards for audits of public companies are set by the Public Company Accounting Oversight Board. Both sets of auditing standards require the auditors to require the auditor to find fraud. From the start of the audit engagement, the auditor sets the parameters for the audit in the engagement letter, which clearly states the objective of the audit is not to find fraud.
I recently ran across a blog post on the FEI website that clearly explains the expectation gap. “Mind the Expectation Gap” by Tracy Coenen does a great job of analyzing the public’s perspective of audits.
So what good is an audit if finding fraud is not the main objective? Cynics would say it just puts another party on the hook for litigation if something goes wrong with the company. So that takes us back to the purpose of an audit: to determine that the financial statements are in compliance with generally accepted accounting standards. To reach that conclusion, the auditor examines the critical transaction cycles that occur in the company being audited and what internal controls are in place to ensure that the transactions are properly reflected in the financial statements. The auditor understands the company’s business as well as how the company’s transactions should be recorded. These evaluations require examining transactions on a test basis but even for companies with limited transactions, audits do not begin to include testing every transaction recorded by the company.
Typically little attention has been given to internal controls for startup companies going through the first audit of their financial statements. A by-product of the audit will be a management letter that identifies what internal controls could be improved which will assist management in preventing and detecting fraud. This communication does not solve the expectation gap but hopefully does improve the control environment within the company.