We appreciate that it seems our role as auditors is cloaked in secrecy. We have rules and expectations about how not only we work but how others, who are not in our little clique, do their jobs. We don’t have a secret handshake though!
The rules for generally accepted auditing standards (GAAS) are published by the AICPA and, while dull and boring, they could help you understand what the auditor is doing, why it is being done, and its impact on your organization. And this includes the management representation letter and its importance to our work as auditors.
If you would like to follow along, you can search for AU-C 333 in your favorite web browser.
You need to understand that, whether you are management (employee or independent company) or governance (board of directors) you make what are known as assertions, or statements of fact, about information gathered during your audit. For instance, we inquire about the correctness of cash, to with management responds with a copy of the bank reconciliation and bank statement. That is management’s assertion that they have done the work correctly. Add in all the other documents and questions asked, both written and oral, and you can see that both management and the board make lots of assertions.
We gather all the information provided by everyone which supports those assertions. This is our audit documentation. We perform our procedures on those documents and these procedures form the basis for our opinion. And now we get the end game. We expect everyone to state in the affirmative that they understand their roles in the audit documentation process.
AU-C §333.02 states our professional expectation of management’s part in the audit. Management’s representations are part of our overall audit evidence because, after all, everything we have done is based upon what management wants us to know. Before you get your knickers in a knot, understand that this is a basic truth. We neither believe that management is dishonest nor do we assume management is completely honest and projectile vomits information we didn’t ask for but which would explain unusual transactions. Management, like all of us, fit on the integrity spectrum and while we would like to believe they are more towards the honest end, we cannot every really be certain.
First, what is management representing? Well, first, management must understand and state that they are responsible for the fair presentation of the financial statements in according to the appropriate accounting framework.
“But wait,” I hear you saying, “You as our auditor prepare the financial statement, don’t you?”
Yes in most instances the auditor does prepare the financial statement. The auditor does so mostly because it is the only way it is going to get prepared. But think about it, who controls the accounting records on which the financial statements are built? Who controls the general ledger, the source documents, the approval process, etc.? That’s right – management.
Next, management represents that they have provided us all information, including any correspondence from governmental agencies about non-compliance.
Management then represents they believe that any adjustments we have reviewed with them and which have not been posted would not cause a reader to scream in bloody terror. Honestly, as your auditor we probably never meet an owner within an association, except for those who serve on the board. Management knows (or should know) what the owner will accept. And if management believes that the owners won’t accept any level of possible deviation, it is on management to say so and ensure there are no adjustments to the financial statement – either during the year or at year-end.
Management acknowledges its responsibility for the design and implementation of programs and controls to prevent and detect fraud. Surprisingly, (or not depending upon where you sit in the conversation) this is one where we receive the greatest pushback and where we will stop as the rest is pretty straight forward.
We would honestly think that management would not want to take responsibility for the presentation of financial statements in accordance with the association’s accounting framework. After all, the actual preparation of the financial statement includes understanding how GAAP treats certain transactions and includes the identification of both required disclosure as well as disclosures which assists the reader in understanding the financial statements. But we get far more resistance to the concept that management is responsible for the effective operation of an internal control system designed to present and detect fraud.
Ignore the audit for the moment. Whether your association is being audited or not, isn’t there some fundamental belief by owners that someone in the chain of authority over association money has created a system to ensure that money isn’t simply evaporating? As an owner of a unit within the association, and even as a board member, when you put your trust in an organization to manage your money, isn’t there some expectation that management will try extremely hard to ensure your money is fully accounted for and that it is not being given to fake vendors or paid to employees who are lying on their timesheets?
This puzzles us. You see, we go out and read the marketing materials that management companies create and put on their webpage. They love tossing out the terms trust, partnership, looking out for you and more pithy slogans designed to make you feel warm and fuzzy.
And yet, when the rubber meets the road, at the moment of absolute clarity where they can state their positive control over your money and that they have taken the appropriate steps to protect it, they refuse to acknowledge that responsibility. Fascinating. And literally incomprehensible.
Back to being an auditor. We think boards should be completely dismayed whenever management attempts to weasel out of their responsibilities. And signing the representation letter is one of those moments where management must take responsibility. Failure by management to take responsibility means that you, as a board must take responsibility. You are going to state, in management’s stead, that you understand and approve of management’s control system – a system over which you have zero input and zero ability to verify its integrity. This should not sit well with you as a board.
It certainly doesn’t sit well with us as your auditor.
For the financial statements to be meaningful, someone is responsible for ensuring that all appropriate and necessary transactions are recorded or disclosed. Someone has to create the underlying system of controls which ensure that all necessary transactions are recorded and disclosed and can detect and prevent fraudulent transactions from entering the system. And that someone has to be management.
C.O.R.E. Services, LLC is here to help boards understand and rely upon their financial statements and management reports. We bring professional skepticism and a highly tuned focus on accounting and auditing for homeowner and condominium owner associations. If you would like more information or to request a quote to audit (or review) your Washington or Oregon financial statements, go to our webpage to learn more and to request a proposal.