Increasing in the number and use of complex derivative instruments and securities, coupled with the sometimes equally complex accounting guidance, have resulted in changes in the approaches to auditing the financial statements of many entities. For example, evaluating audit evidence related to assertions about derivative instruments frequently requires the use of considerable judgment, particularly for valuation assertions, which can be particularly sensitive to changes in underlying assumptions or based on highly subjective estimates.
Derivative instrument is a financial instrument or other contract with all three of the characteristics, which are the following:
a. Underlying, notional amount, payment provision. The contract has both of the following terms, which determine the amount of the settlement or settlements, and, in some cases, whether or not a settlement is required:
(1) One or more underlyings
(2) One or more notional amounts or payment provisions or both
b. Initial net investment. The contract requires no initial net investment or an initial net investment that is smaller than would be required for other types of contracts that would be expected to have a similar response to changes in market factors.
c. Net settlement. The contract can be settled net by any of the following means:
(1) Its terms implicitly or explicitly require or permit net settlement.
(2) It can readily be settled net by a means outside the contract.
(3) It provides for delivery of an asset that puts the recipient in a position not substantially different from net settlement.
The auditor may need special skill or knowledge to plan and perform auditing procedures for certain assertions about derivatives. Examples of such auditing procedures and the special skill or knowledge required include:
- Obtaining an understanding of an entity’s information system for derivatives, including services provided by a service organization, which may require that the auditor have special skill or knowledge with respect to computer applications when significant information about derivatives is transmitted, processed, maintained, or accessed electronically.
- Identifying controls placed in operation by a service organization that provides services to an entity that are part of the entity’s information system for derivatives, which may require that the auditor have an understanding of the operating characteristics of entities in a certain industry.
- Understanding the application of generally accepted accounting principles for assertions about derivatives, which might require that the auditor have special knowledge because of the complexity of those principles. In addition, a derivative may have complex features that require the auditor to have special knowledge to evaluate the measurement and disclosure of the derivative in conformity with generally accepted accounting principles. For example, features embedded in contracts or agreements may require separate accounting as a derivative, and complex pricing structures may increase the complexity of the assumptions used in estimating the fair value of a derivative.
- Understanding the determination of the fair values of derivatives, including the appropriateness of various types of valuation models and the reasonableness of key factors and assumptions, which may require knowledge of valuation concepts.
- Assessing inherent risk and control risk for assertions about derivatives used in hedging activities, which may require an understanding of general risk management concepts and typical asset/liability management strategies.
Audit Risk and Materiality
Audit standards section on Audit Risk and Materiality in Conducting an Audit, provides guidance on the auditor’s consideration of audit risk and materiality when planning and performing an audit of financial statements in accordance with generally accepted auditing standards. It requires the auditor to design procedures to obtain reasonable assurance of detecting misstatements of assertions about derivatives that, when aggregated with misstatements of other assertions, could cause the financial statements taken as a whole to be materially misstated. When designing such procedures, the auditor should consider the inherent risk and control risk for these assertions. The auditor may also consider the work performed by the entity’s internal auditors in designing procedures.
Inherent Risk Assessment – The inherent risk for an assertion about a derivative or security is its susceptibility to a material misstatement, assuming there are no related controls.
Control Risk Assessment – An understanding of internal control that will enable the auditor to identify risk of material misstatement at assertion level, assess the risk of material misstatement at the assertion level, and evaluate the design of internal controls and determine whether they are implemented.
Assessing Control Risk
After obtaining the understanding of internal control over derivatives transactions, the auditor should assess control risk for the related assertions. If the auditor plans to assess control risk at less than maximum for one or more assertions about derivatives, the auditor should identify specific controls relevant to the assertions that are likely to prevent or detect material misstatements and that have been placed in operation by either the entity or the service organization, and gather audit evidence about their operating effectiveness. Audit evidence about the operating effectiveness of a service organization’s controls may be gathered through tests performed by the auditor or by an auditor engaged by either the auditor or the service organization. Confirmations of balances or transactions from a service organization do not provide audit evidence about its controls.
The auditor should consider the size of the entity, the entity’s organizational structure, the nature of its operations, the types, frequency, and complexity of its derivatives transactions, and its controls over those transactions in designing auditing procedures for assertions about derivatives. For example, if the entity has a variety of derivatives that are reported at fair value estimated using valuation models, the auditor may be able to reduce the substantive procedures for valuation assertions by gathering audit evidence about the controls over the design and use of the models (including the significant assumptions) and evaluating their operating effectiveness.
In some circumstances, it may not be practicable or possible for the auditor to reduce audit risk to an acceptable level without identifying controls placed in operation by the entity or a service organization and gathering audit evidence about the operating effectiveness of those controls. For example, if the entity has a large number of derivatives transactions, the auditor likely would be unable to reduce audit risk to an acceptable level for assertions about the occurrence of earnings on those securities, including gains and losses from sales, without identifying controls over the authorization, recording, custody, and segregation of duties for those transactions and gathering audit evidence about their operating effectiveness.
Designing Substantive Procedures Based on Risk Assessments
The auditor should use the assessed levels of inherent risk and control risk for assertions about derivatives to determine the nature, timing, and extent of the substantive procedures to be performed to detect material misstatements of the financial statement assertions. Some substantive procedures address more than one assertion about a derivative or security. Whether one or a combination of substantive procedures should be used to address an assertion depends on the auditor’s assessment of the inherent and control risk associated with it as well as the auditor’s judgment about a procedure’s effectiveness. In addition, the auditor should consider whether the results of other audit procedures conflict with management’s assertions about derivatives. The auditor should consider the impact of any such identified matters on management’s assertions about derivatives. Additionally, the auditor should consider the impact of such matters on the sufficiency of the audit evidence evaluated by the auditor in support of the assertions.
The provision by a service organization of services that are part of an entity’s information system may affect the nature, timing, and extent of the auditor’s substantive procedures for assertions about derivatives in a variety of ways.
Financial Statement Assertions
Existence or Occurrence
Existence assertions address whether the derivatives reported in the financial statements through recognition or disclosure exist at the date of the statement of financial position. Occurrence assertions address whether derivatives transactions reported in the financial statements, as a part of earnings, other comprehensive income, or cash flows or through disclosure, occurred.
Completeness assertions address whether all of the entity’s derivatives are reported in the financial statements through recognition or disclosure. They also address whether all derivatives transactions are reported in the financial statements as a part of earnings, other comprehensive income, or cash flows or through disclosure. The extent of substantive procedures for completeness may properly vary in relation to the assessed level of control risk. In addition, the auditor should consider that since derivatives may not involve an initial exchange of tangible consideration, it may be difficult to limit audit risk for assertions about the completeness of derivatives to an acceptable level with an assessed level of control risk at the maximum.
One of the characteristics of derivatives is that they may involve only a commitment to perform under a contract and not an initial exchange of tangible consideration. Therefore, auditors designing tests related to the completeness assertion should not focus exclusively on evidence relating to cash receipts and disbursements. When testing for completeness, auditors should consider making inquiries, inspecting agreements, and reading other information, such as minutes of meetings of the board of directors or finance, asset/liability, investment, or other committees. Auditors should also consider making inquiries about aspects of operating activities that might present risks hedged using derivatives. For example, if the entity conducts business with foreign entities, the auditor should inquire about any arrangements the entity has made for purchasing foreign currency. Similarly, if an entity is in an industry in which commodity contracts are common, the auditor should inquire about any commodity contracts with fixed prices that run for unusual durations or involve unusually large quantities. The auditor also should consider inquiring as to whether the entity has converted interest-bearing debt from fixed to variable, or vice versa, using derivatives.
Derivatives may not involve an initial exchange of tangible consideration. If one or more service organizations provide services that are part of the entity’s information system for derivatives, the auditor may be unable to sufficiently limit audit risk for assertions about the completeness of derivatives without obtaining audit evidence about the operating effectiveness of controls at one or more of the service organizations. Since the auditor’s concern is that derivatives that do not require an initial exchange of tangible consideration may not have been recorded, testing reconciliations of information provided by two or more of the service organizations may not sufficiently limit audit risk for assertions about the completeness of derivatives.
Rights and Obligations
Assertions about rights and obligations address whether the entity has the rights and obligations associated with derivatives, including pledging arrangements, reported in the financial statements.
Assertions about the valuation of derivatives address whether the amounts reported in the financial statements through measurement or disclosure were determined in conformity with generally accepted accounting principles. Tests of valuation assertions should be designed according to the valuation method used for the measurement or disclosure. Generally accepted accounting principles may require that a derivative be valued based on cost, the investee’s financial results, or fair value. They also may require disclosures about the value of a derivative and specify that impairment losses should be recognized in earnings prior to their realization.
Valuation Based on Cost. Procedures to obtain evidence about the cost of securities may include inspection of documentation of the purchase price, confirmation with the issuer or holder, and testing discount or premium amortization, either by recomputation or analytical procedures. The auditor should evaluate management’s conclusion about the need to recognize an impairment loss for a decline in the security’s fair value below its cost that is other than temporary.
Valuation Based on an Investee’s Financial Results. For valuations based on an investee’s financial results, including but not limited to the equity method of accounting, the auditor should obtain sufficient appropriate audit evidence in support of the investee’s financial results. The auditor should read available financial statements of the investee and the accompanying audit report, if any. Financial statements of the investee that have been audited by an auditor whose report is satisfactory, for this purpose, to the investor’s auditor may constitute appropriate audit evidence.
Valuation Based on Fair Value. The auditor should obtain evidence supporting management’s assertions about the fair value of derivatives measured or disclosed at fair value. The method for determining fair value may be specified by generally accepted accounting principles and may vary depending on the industry in which the entity operates or the nature of the entity. Such differences may relate to the consideration of price quotations from inactive markets and significant liquidity discounts, control premiums, and commissions and other costs that would be incurred to dispose of the derivative or security. The auditor should determine whether generally accepted accounting principles specify the method to be used to determine the fair value of the entity’s derivatives and evaluate whether the determination of fair value is consistent with the specified valuation method.
Regardless of the valuation method used, generally accepted accounting principles might require recognizing in earnings an impairment loss for a decline in fair value that is other than temporary. Determinations of whether losses are other than temporary often involve estimating the outcome of future events. Accordingly, judgment is required in determining whether factors exist that indicate that an impairment loss has been incurred at the end of the reporting period. These judgments are based on subjective as well as objective factors, including knowledge and experience about past and current events and assumptions about future events.
The auditor should evaluate (a) whether management has considered relevant information in determining whether objective factors exist and (b) management’s conclusions about the need to recognize an impairment loss. That evaluation requires the auditor to obtain evidence about such factors that tend to corroborate or conflict with management’s conclusions. When the entity has recognized an impairment loss, the auditor should gather evidence supporting the amount of the impairment adjustment recorded and determine whether the entity has appropriately followed generally accepted accounting principles.
Presentation and Disclosure
Assertions about presentation and disclosure address whether the classification, description, and disclosure of derivatives in the entity’s financial statements are in conformity with generally accepted accounting principles. The auditor should evaluate whether the presentation and disclosure of derivatives are in conformity with generally accepted accounting principles.
For some derivatives, generally accepted accounting principles may prescribe presentation and disclosure requirements. For example:
- Whether changes in the fair value of derivatives used to hedge risks are required to be reported as a component of earnings or other comprehensive income depends on whether they are intended to hedge the risk of changes in the fair value of assets and liabilities or changes in expected future cash flows and on the degree of effectiveness of the hedge.
- Certain securities are required to be classified into categories according to management’s intent and ability, such as held-to-maturity.
- Specific information is required to be disclosed about derivatives.
In evaluating the adequacy of presentation and disclosure, the auditor should consider the form, arrangement, and content of the financial statements and their notes, including, for example, the terminology used, the amount of detail given, the classification of items in the statements, and the bases of amounts reported. The auditor should compare the presentation and disclosure with the requirements of generally accepted accounting principles. However, the auditor should also follow the guidance in SAS section, Adequacy of Disclosure in Financial Statements, in evaluating the adequacy of disclosure that is not specifically required by generally accepted accounting principles.
The auditor ordinarily should obtain written representations from management confirming aspects of management’s intent and ability that affect assertions about derivatives, such as its intent and ability to enter into a forecasted transaction for which hedge accounting is applied. In addition, the auditor should consider obtaining written representations from management confirming other aspects of derivatives transactions that affect assertions about them.